From 133e9ae7338503d3143d172c92a7cac618e6735c Mon Sep 17 00:00:00 2001
From: Matthew Leeds <mwleeds@protonmail.com>
Date: Mon, 2 Oct 2017 22:35:17 -0700
Subject: [PATCH] lib/gpg: Print debug info when reading GPG keys

This commit adds debug output whenever libostree reads GPG keys, which
can come from different locations in the file system. This is especially
helpful in debugging "GPG signatures found, but none are in trusted
keyring" errors, which in my case was caused by OSTree looking in
/usr/local/share/ostree/trusted.gpg.d/ rather than
/usr/share/ostree/trusted.gpg.d/.

Closes: #1241
Approved by: cgwalters
---
 src/libostree/ostree-gpg-verifier.c | 12 +++++++++++-
 src/libostree/ostree-gpg-verifier.h |  3 ++-
 src/libostree/ostree-repo.c         |  2 +-
 3 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/src/libostree/ostree-gpg-verifier.c b/src/libostree/ostree-gpg-verifier.c
index 660a5b7c..17655c1a 100644
--- a/src/libostree/ostree-gpg-verifier.c
+++ b/src/libostree/ostree-gpg-verifier.c
@@ -272,6 +272,9 @@ _ostree_gpg_verifier_add_keyring_file (OstreeGpgVerifier  *self,
 {
   g_return_if_fail (G_IS_FILE (path));
 
+  g_autofree gchar *path_str = g_file_get_path (path);
+  g_debug ("Adding GPG keyring file %s to verifier", path_str);
+
   self->keyrings = g_list_append (self->keyrings, g_object_ref (path));
 }
 
@@ -280,8 +283,11 @@ _ostree_gpg_verifier_add_keyring_file (OstreeGpgVerifier  *self,
  */
 void
 _ostree_gpg_verifier_add_keyring_data (OstreeGpgVerifier  *self,
-                                       GBytes             *keyring)
+                                       GBytes             *keyring,
+                                       const char         *data_source)
 {
+  g_debug ("Adding GPG keyring data from %s to verifier", data_source);
+
   g_ptr_array_add (self->keyring_data, g_bytes_ref (keyring));
 }
 
@@ -289,6 +295,8 @@ void
 _ostree_gpg_verifier_add_key_ascii_file (OstreeGpgVerifier *self,
                                          const char        *path)
 {
+  g_debug ("Adding GPG key ASCII file %s to verifier", path);
+
   if (!self->key_ascii_files)
     self->key_ascii_files = g_ptr_array_new_with_free_func (g_free);
   g_ptr_array_add (self->key_ascii_files, g_strdup (path));
@@ -319,6 +327,8 @@ _ostree_gpg_verifier_add_keyring_dir_at (OstreeGpgVerifier   *self,
                                     &dfd_iter, error))
     return FALSE;
 
+  g_debug ("Adding GPG keyring dir %s to verifier", path);
+
   while (TRUE)
     {
       struct dirent *dent;
diff --git a/src/libostree/ostree-gpg-verifier.h b/src/libostree/ostree-gpg-verifier.h
index d0f02dbd..09c01b6c 100644
--- a/src/libostree/ostree-gpg-verifier.h
+++ b/src/libostree/ostree-gpg-verifier.h
@@ -65,7 +65,8 @@ gboolean      _ostree_gpg_verifier_add_global_keyring_dir (OstreeGpgVerifier  *s
                                                            GError            **error);
 
 void _ostree_gpg_verifier_add_keyring_data (OstreeGpgVerifier *self,
-                                            GBytes            *data);
+                                            GBytes            *data,
+                                            const char        *data_source);
 void _ostree_gpg_verifier_add_keyring_file (OstreeGpgVerifier *self,
                                             GFile             *path);
 
diff --git a/src/libostree/ostree-repo.c b/src/libostree/ostree-repo.c
index 1e336e90..a3cfd6f5 100644
--- a/src/libostree/ostree-repo.c
+++ b/src/libostree/ostree-repo.c
@@ -4328,7 +4328,7 @@ _ostree_repo_gpg_verify_data_internal (OstreeRepo    *self,
 
       if (keyring_data != NULL)
         {
-          _ostree_gpg_verifier_add_keyring_data (verifier, keyring_data);
+          _ostree_gpg_verifier_add_keyring_data (verifier, keyring_data, remote->keyring);
           add_global_keyring_dir = FALSE;
         }