# HG changeset patch
# User mas90
# Date 1233767444 0
#      Wed Feb 04 17:10:44 2009 +0000
# Node ID 2e6a451687f7185f739453442900d1e070c6da5e
# Parent  985b950c66bd642a4669d28e10dfaf59759fd810
Rearrange order of checks; let gpg test for presence of signature for us

diff --git a/fetch-sanesecurity-sigs b/fetch-sanesecurity-sigs
--- a/fetch-sanesecurity-sigs
+++ b/fetch-sanesecurity-sigs
@@ -203,15 +203,14 @@
 		continue
 	fi
 
-	# Check that there actually is a GnuPG signature
-	# (there should be, and its absence could be due to tampering)
-	if [ ! -e "$db.sig" ]
+	# Zero-length databases have no value and confuse the test below
+	if [ ! -s "$db" ]
 	then
-		echo "SECURITY ERROR: $db_name is missing a GnuPG signature; discarding" >&2
+		echo "$db_name is zero-length; discarding"
 		continue
 	fi
 
-	# Check that the GnuPG signature is correct
+	# Check that the GnuPG signature is present and correct
 	if ! gpg_out=$(gpg --homedir "$gpg_homedir" $gpg_extra_opts --verify "$db.sig" "$db" 2>&1)
 	then
 		echo "SECURITY ERROR: $db_name has a bad GnuPG signature; discarding:" >&2
@@ -219,13 +218,6 @@
 		continue
 	fi
 
-	# Zero-length databases have no value and confuse the test below
-	if [ ! -s "$db" ]
-	then
-		echo "$db_name is zero-length; discarding"
-		continue
-	fi
-
 	# Test the database by asking ClamAV to check something with it
 	if ! clamscan --quiet --tempdir="${TMPDIR:-/tmp}" --database="$db" - < /dev/null
 	then