package.el: Display output sent to stderr, when verification failed

* emacs-lisp/package.el (package--display-verify-error): New function.
(package--check-signature): Use it to display output sent to stderr.

2 files changed, 28 insertions, 7 deletions

diff --git a/lisp/ChangeLog b/lisp/ChangeLog
index 7dc4786aff5..1e447d446db 100644
--- a/lisp/ChangeLog
+++ b/lisp/ChangeLog
@@ -1,3 +1,8 @@
+2014-11-06  Daiki Ueno  <ueno@gnu.org>
+
+        * emacs-lisp/package.el (package--display-verify-error): New function.
+        (package--check-signature): Use it to display output sent to stderr.
+
 2014-11-06  Stefan Monnier  <monnier@iro.umontreal.ca>
 
         * subr.el (pop): Don't call the getter twice (bug#18968).
diff --git a/lisp/emacs-lisp/package.el b/lisp/emacs-lisp/package.el
index e375a1e2301..436cd1940a9 100644
--- a/lisp/emacs-lisp/package.el
+++ b/lisp/emacs-lisp/package.el
@@ -812,6 +812,18 @@ buffer is killed afterwards.  Return the last value in BODY."
 (declare-function epg-signature-status "epg" (signature))
 (declare-function epg-signature-to-string "epg" (signature))
 
+(defun package--display-verify-error (context sig-file)
+  (unless (equal (epg-context-error-output context) "")
+    (with-output-to-temp-buffer "*Error*"
+      (with-current-buffer standard-output
+        (if (epg-context-result-for context 'verify)
+            (insert (format "Failed to verify signature %s:\n" sig-file)
+                    (mapconcat #'epg-signature-to-string
+                               (epg-context-result-for context 'verify)
+                               "\n"))
+          (insert (format "Error while verifying signature %s:\n" sig-file)))
+        (insert "\nCommand output:\n" (epg-context-error-output context))))))
+
 (defun package--check-signature (location file)
   "Check signature of the current buffer.
 GnuPG keyring is located under \"gnupg\" in `package-user-dir'."
@@ -821,7 +833,11 @@ GnuPG keyring is located under \"gnupg\" in `package-user-dir'."
          (sig-content (package--with-work-buffer location sig-file
                         (buffer-string))))
     (setf (epg-context-home-directory context) homedir)
-    (epg-verify-string context sig-content (buffer-string))
+    (condition-case error
+        (epg-verify-string context sig-content (buffer-string))
+      (error
+       (package--display-verify-error context sig-file)
+       (signal (car error) (cdr error))))
     (let (good-signatures had-fatal-error)
       ;; The .sig file may contain multiple signatures.  Success if one
       ;; of the signatures is good.
@@ -835,12 +851,12 @@ GnuPG keyring is located under \"gnupg\" in `package-user-dir'."
           (unless (and (eq package-check-signature 'allow-unsigned)
                        (eq (epg-signature-status sig) 'no-pubkey))
             (setq had-fatal-error t))))
-      (if (and (null good-signatures) had-fatal-error)
-          (error "Failed to verify signature %s: %S"
-                 sig-file
-                 (mapcar #'epg-signature-to-string
-                         (epg-context-result-for context 'verify)))
-        good-signatures))))
+      (when (and (null good-signatures) had-fatal-error)
+        (package--display-verify-error context sig-file)
+        (error "Failed to verify signature %s: %S"
+               sig-file
+               ))
+      good-signatures)))
 
 (defun package-install-from-archive (pkg-desc)
   "Download and install a tar package."