From 4cd90e0920fd2c7c112d3a098c822934fef444aa Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Thu, 6 Nov 2014 12:44:52 +0900
Subject: [PATCH] package.el: Display output sent to stderr, when verification
 failed

* emacs-lisp/package.el (package--display-verify-error): New function.
(package--check-signature): Use it to display output sent to stderr.
---
 lisp/ChangeLog             |  5 +++++
 lisp/emacs-lisp/package.el | 30 +++++++++++++++++++++++-------
 2 files changed, 28 insertions(+), 7 deletions(-)

diff --git a/lisp/ChangeLog b/lisp/ChangeLog
index 7dc4786aff5..1e447d446db 100644
--- a/lisp/ChangeLog
+++ b/lisp/ChangeLog
@@ -1,3 +1,8 @@
+2014-11-06  Daiki Ueno  <ueno@gnu.org>
+
+	* emacs-lisp/package.el (package--display-verify-error): New function.
+	(package--check-signature): Use it to display output sent to stderr.
+
 2014-11-06  Stefan Monnier  <monnier@iro.umontreal.ca>
 
 	* subr.el (pop): Don't call the getter twice (bug#18968).
diff --git a/lisp/emacs-lisp/package.el b/lisp/emacs-lisp/package.el
index e375a1e2301..436cd1940a9 100644
--- a/lisp/emacs-lisp/package.el
+++ b/lisp/emacs-lisp/package.el
@@ -812,6 +812,18 @@ buffer is killed afterwards.  Return the last value in BODY."
 (declare-function epg-signature-status "epg" (signature))
 (declare-function epg-signature-to-string "epg" (signature))
 
+(defun package--display-verify-error (context sig-file)
+  (unless (equal (epg-context-error-output context) "")
+    (with-output-to-temp-buffer "*Error*"
+      (with-current-buffer standard-output
+	(if (epg-context-result-for context 'verify)
+	    (insert (format "Failed to verify signature %s:\n" sig-file)
+		    (mapconcat #'epg-signature-to-string
+			       (epg-context-result-for context 'verify)
+			       "\n"))
+	  (insert (format "Error while verifying signature %s:\n" sig-file)))
+	(insert "\nCommand output:\n" (epg-context-error-output context))))))
+
 (defun package--check-signature (location file)
   "Check signature of the current buffer.
 GnuPG keyring is located under \"gnupg\" in `package-user-dir'."
@@ -821,7 +833,11 @@ GnuPG keyring is located under \"gnupg\" in `package-user-dir'."
          (sig-content (package--with-work-buffer location sig-file
 			(buffer-string))))
     (setf (epg-context-home-directory context) homedir)
-    (epg-verify-string context sig-content (buffer-string))
+    (condition-case error
+	(epg-verify-string context sig-content (buffer-string))
+      (error
+       (package--display-verify-error context sig-file)
+       (signal (car error) (cdr error))))
     (let (good-signatures had-fatal-error)
       ;; The .sig file may contain multiple signatures.  Success if one
       ;; of the signatures is good.
@@ -835,12 +851,12 @@ GnuPG keyring is located under \"gnupg\" in `package-user-dir'."
 	  (unless (and (eq package-check-signature 'allow-unsigned)
 		       (eq (epg-signature-status sig) 'no-pubkey))
 	    (setq had-fatal-error t))))
-      (if (and (null good-signatures) had-fatal-error)
-          (error "Failed to verify signature %s: %S"
-                 sig-file
-                 (mapcar #'epg-signature-to-string
-                         (epg-context-result-for context 'verify)))
-        good-signatures))))
+      (when (and (null good-signatures) had-fatal-error)
+	(package--display-verify-error context sig-file)
+	(error "Failed to verify signature %s: %S"
+	       sig-file
+	       ))
+      good-signatures)))
 
 (defun package-install-from-archive (pkg-desc)
   "Download and install a tar package."
-- 
2.39.5