diff --git a/src/libostree/ostree-gpg-verify-result.c b/src/libostree/ostree-gpg-verify-result.c index 8b0c0b17..ad160bc9 100644 --- a/src/libostree/ostree-gpg-verify-result.c +++ b/src/libostree/ostree-gpg-verify-result.c @@ -63,7 +63,8 @@ static OstreeGpgSignatureAttr all_signature_attrs[] = { OSTREE_GPG_SIGNATURE_ATTR_PUBKEY_ALGO_NAME, OSTREE_GPG_SIGNATURE_ATTR_HASH_ALGO_NAME, OSTREE_GPG_SIGNATURE_ATTR_USER_NAME, - OSTREE_GPG_SIGNATURE_ATTR_USER_EMAIL + OSTREE_GPG_SIGNATURE_ATTR_USER_EMAIL, + OSTREE_GPG_SIGNATURE_ATTR_FINGERPRINT_PRIMARY }; static void ostree_gpg_verify_result_initable_iface_init (GInitableIface *iface); @@ -327,9 +328,9 @@ ostree_gpg_verify_result_get (OstreeGpgVerifyResult *result, * (OSTREE_GPG_SIGNATURE_ATTR_KEY_MISSING). */ for (ii = 0; ii < n_attrs; ii++) { - if (attrs[ii] == OSTREE_GPG_SIGNATURE_ATTR_FINGERPRINT || - attrs[ii] == OSTREE_GPG_SIGNATURE_ATTR_USER_NAME || - attrs[ii] == OSTREE_GPG_SIGNATURE_ATTR_USER_EMAIL) + if (attrs[ii] == OSTREE_GPG_SIGNATURE_ATTR_USER_NAME || + attrs[ii] == OSTREE_GPG_SIGNATURE_ATTR_USER_EMAIL || + attrs[ii] == OSTREE_GPG_SIGNATURE_ATTR_FINGERPRINT_PRIMARY) { (void) gpgme_get_key (result->context, signature->fpr, &key, 0); break; @@ -372,11 +373,7 @@ ostree_gpg_verify_result_get (OstreeGpgVerifyResult *result, break; case OSTREE_GPG_SIGNATURE_ATTR_FINGERPRINT: - if (key != NULL && key->subkeys != NULL) - v_string = key->subkeys->fpr; - else - v_string = signature->fpr; - child = g_variant_new_string (v_string); + child = g_variant_new_string (signature->fpr); break; case OSTREE_GPG_SIGNATURE_ATTR_TIMESTAMP: @@ -417,6 +414,14 @@ ostree_gpg_verify_result_get (OstreeGpgVerifyResult *result, child = g_variant_new_string (v_string); break; + case OSTREE_GPG_SIGNATURE_ATTR_FINGERPRINT_PRIMARY: + if (key != NULL && key->subkeys != NULL) + v_string = key->subkeys->fpr; + if (v_string == NULL) + v_string = ""; + child = g_variant_new_string (v_string); + break; + default: g_critical ("Invalid signature attribute (%d)", attrs[ii]); g_variant_builder_clear (&builder); @@ -534,6 +539,7 @@ ostree_gpg_verify_result_describe_variant (GVariant *variant, gint64 exp_timestamp; const char *type_string; const char *fingerprint; + const char *fingerprint_primary; const char *pubkey_algo; const char *user_name; const char *user_email; @@ -549,7 +555,7 @@ ostree_gpg_verify_result_describe_variant (GVariant *variant, /* Verify the variant's type string. This code is * not prepared to handle just any random GVariant. */ type_string = g_variant_get_type_string (variant); - g_return_if_fail (strcmp (type_string, "(bbbbbsxxssss)") == 0); + g_return_if_fail (strcmp (type_string, "(bbbbbsxxsssss)") == 0); /* The default format roughly mimics the verify output generated by * check_sig_and_print() in gnupg/g10/mainproc.c, though obviously @@ -563,6 +569,8 @@ ostree_gpg_verify_result_describe_variant (GVariant *variant, "b", &key_missing); g_variant_get_child (variant, OSTREE_GPG_SIGNATURE_ATTR_FINGERPRINT, "&s", &fingerprint); + g_variant_get_child (variant, OSTREE_GPG_SIGNATURE_ATTR_FINGERPRINT_PRIMARY, + "&s", &fingerprint_primary); g_variant_get_child (variant, OSTREE_GPG_SIGNATURE_ATTR_TIMESTAMP, "x", ×tamp); g_variant_get_child (variant, OSTREE_GPG_SIGNATURE_ATTR_EXP_TIMESTAMP, @@ -627,6 +635,21 @@ ostree_gpg_verify_result_describe_variant (GVariant *variant, user_name, user_email); } + if (!key_missing && (g_strcmp0 (fingerprint, fingerprint_primary) != 0)) + { + const char *key_id_primary; + + len = strlen (fingerprint_primary); + key_id_primary = (len > 16) ? fingerprint_primary + len - 16 : + fingerprint_primary; + + if (line_prefix != NULL) + g_string_append (output_buffer, line_prefix); + + g_string_append_printf (output_buffer, + "Primary key ID %s\n", key_id_primary); + } + if (exp_timestamp > 0) { date_time_utc = g_date_time_new_from_unix_utc (exp_timestamp); diff --git a/src/libostree/ostree-gpg-verify-result.h b/src/libostree/ostree-gpg-verify-result.h index f5fadd59..3064ed8e 100644 --- a/src/libostree/ostree-gpg-verify-result.h +++ b/src/libostree/ostree-gpg-verify-result.h @@ -64,6 +64,11 @@ typedef struct OstreeGpgVerifyResult OstreeGpgVerifyResult; * @OSTREE_GPG_SIGNATURE_ATTR_USER_EMAIL: * [#G_VARIANT_TYPE_STRING] The email address of the signing key's primary * user + * @OSTREE_GPG_SIGNATURE_ATTR_FINGERPRINT_PRIMARY: + * [#G_VARIANT_TYPE_STRING] Fingerprint of the signing key's primary key + * (will be the same as OSTREE_GPG_SIGNATURE_ATTR_FINGERPRINT if the + * the signature is already from the primary key rather than a subkey, + * and will be the empty string if the key is missing.) * * Signature attributes available from an #OstreeGpgVerifyResult. * The attribute's #GVariantType is shown in brackets. @@ -80,7 +85,8 @@ typedef enum { OSTREE_GPG_SIGNATURE_ATTR_PUBKEY_ALGO_NAME, OSTREE_GPG_SIGNATURE_ATTR_HASH_ALGO_NAME, OSTREE_GPG_SIGNATURE_ATTR_USER_NAME, - OSTREE_GPG_SIGNATURE_ATTR_USER_EMAIL + OSTREE_GPG_SIGNATURE_ATTR_USER_EMAIL, + OSTREE_GPG_SIGNATURE_ATTR_FINGERPRINT_PRIMARY, } OstreeGpgSignatureAttr; _OSTREE_PUBLIC diff --git a/tests/test-gpg-verify-result.c b/tests/test-gpg-verify-result.c index 62b05e33..6d11fac6 100644 --- a/tests/test-gpg-verify-result.c +++ b/tests/test-gpg-verify-result.c @@ -173,7 +173,7 @@ test_attribute_basics (TestFixture *fixture, tuple = ostree_gpg_verify_result_get_all (fixture->result, ii); type_string = g_variant_get_type_string (tuple); - g_assert_cmpstr (type_string, ==, "(bbbbbsxxssss)"); + g_assert_cmpstr (type_string, ==, "(bbbbbsxxsssss)"); /* Check attributes which should be common to all signatures. */