Use new detached signature verification

diff --git a/gatekeeper.pl b/gatekeeper.pl
index 280068e993e91c7e702f5ab5aea44614749360b1..b2efe1067f451a31decf87daa536d35c3c17ef89 100755 (executable)
--- a/gatekeeper.pl
+++ b/gatekeeper.pl
@@ -2419,18 +2419,10 @@ sub check_files {
     summary => "no keyring for package $header->{package}"
       unless @keyrings;
 
-  my $valid = 0;
-  foreach my $keyring (@keyrings) {
-    # Verify that the file has been correctly signed with a valid signature.
-    my @gpgv_args = ('--keyring' => $keyring, $sig_file, $upload_file);
-    if (0 == system { GPGV_BIN } 'gpgv', @gpgv_args) {
-      $valid = 1;
-      last;
-    }
-  }
+  my $sig_info = verify_detached_signature($upload_file, $sig_file, @keyrings);
   throw signature_error => sig_info => undef,
     summary => "gpg verify of upload file ($header->{filename}) failed"
-      unless $valid;
+      if $sig_info->{exitcode} != 0 || defined $sig_info->{TILT};
 
   check_vulnerabilities($upload_file);