switch to printing a warning instead of failing

Author: dignifiedquire

src/dist/download.rs

@@ -151,6 +151,8 @@ impl<'a> DownloadCfg<'a> {
     /// Downloads a file, sourcing its hash from the same url with a `.sha256` suffix.
     /// If `update_hash` is present, then that will be compared to the downloaded hash,
     /// and if they match, the download is skipped.
+    /// Verifies the signature found at the same url with a `.asc` suffix, and prints a
+    /// warning when the signature does not verify, or is not found.
     pub fn download_and_check(
         &self,
         url_str: &str,
@@ -198,7 +200,11 @@ impl<'a> DownloadCfg<'a> {
 
         // No signatures for tarballs for now.
         if !url_str.ends_with(".tar.gz") && !url_str.ends_with(".tar.xz") {
-            self.check_signature(&url_str, &file)?;
+            if let Err(err) = self.check_signature(&url_str, &file) {
+                // TODO: this should probably be warn!, but log is not used in this part of the code
+                // at the moment.
+                println!("Invalid signature detected: {}", err);
+            }
         }
 
         Ok(Some((file, partial_hash)))