gpg_signing: handle early termination of gpg command in verify path

Also fixes missing wait() on I/O error. We have the same problem in several
places. I'll fix them in another batch.

lib/src/gpg_signing.rs

@@ -18,7 +18,7 @@ use std::ffi::OsString;
 use std::fmt::Debug;
 use std::io::Write;
 use std::process::{Command, ExitStatus, Stdio};
-use std::str;
+use std::{io, str};
 
 use thiserror::Error;
 
@@ -82,9 +82,15 @@ fn run_sign_command(command: &mut Command, input: &[u8]) -> Result<Vec<u8>, GpgE
 
 fn run_verify_command(command: &mut Command, input: &[u8]) -> Result<Vec<u8>, GpgError> {
     let process = command.stderr(Stdio::null()).spawn()?;
-    process.stdin.as_ref().unwrap().write_all(input)?;
+    let write_result = process.stdin.as_ref().unwrap().write_all(input);
     let output = process.wait_with_output()?;
-    Ok(output.stdout)
+    match write_result {
+        Ok(()) => Ok(output.stdout),
+        // If the signature format is invalid, gpg will terminate early. Writing
+        // more input data will fail in that case.
+        Err(err) if err.kind() == io::ErrorKind::BrokenPipe => Ok(vec![]),
+        Err(err) => Err(err.into()),
+    }
 }
 
 #[derive(Debug)]

lib/tests/test_gpg.rs

@@ -200,8 +200,16 @@ fn invalid_signature() {
 
     super duper invalid
     -----END PGP SIGNATURE-----";
+
+    // Small data: gpg command will exit late.
     assert_matches!(
-        backend.verify(b"hello world", signature),
+        backend.verify(b"a", signature),
+        Err(SignError::InvalidSignatureFormat)
+    );
+
+    // Large data: gpg command will exit early because the signature is invalid.
+    assert_matches!(
+        backend.verify(&b"a".repeat(100 * 1024), signature),
         Err(SignError::InvalidSignatureFormat)
     );
 }