packaging
/
ostree
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

lib/gpg: Add _FINGERPRINT_PRIMARY to OstreeGpgVerifyResult 

Revert the switch of _FINGERPRINT to giving the primary key ID
rather than the signing key ID, and instead add the primary
key ID as a new attribute which is available if the key is not
missing.

Closes: https://github.com/ostreedev/ostree/issues/608

Closes: #1092
Approved by: cgwalters
This commit is contained in:
Robert McQueen 2017-08-03 10:00:42 +01:00 committed by Atomic Bot
parent 1e3f87c34c
commit 2d854368a8
3 changed files with 41 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
src/libostree/ostree-gpg-verify-result.c
View File

@ -63,7 +63,8 @@ static OstreeGpgSignatureAttr all_signature_attrs[] = {
OSTREE_GPG_SIGNATURE_ATTR_PUBKEY_ALGO_NAME,
OSTREE_GPG_SIGNATURE_ATTR_HASH_ALGO_NAME,
OSTREE_GPG_SIGNATURE_ATTR_USER_NAME,
OSTREE_GPG_SIGNATURE_ATTR_USER_EMAIL
OSTREE_GPG_SIGNATURE_ATTR_USER_EMAIL,
OSTREE_GPG_SIGNATURE_ATTR_FINGERPRINT_PRIMARY
};
static void ostree_gpg_verify_result_initable_iface_init (GInitableIface *iface);
@ -327,9 +328,9 @@ ostree_gpg_verify_result_get (OstreeGpgVerifyResult *result,
* (OSTREE_GPG_SIGNATURE_ATTR_KEY_MISSING). */
for (ii = 0; ii < n_attrs; ii++)
{
if (attrs[ii] == OSTREE_GPG_SIGNATURE_ATTR_FINGERPRINT ||
attrs[ii] == OSTREE_GPG_SIGNATURE_ATTR_USER_NAME ||
attrs[ii] == OSTREE_GPG_SIGNATURE_ATTR_USER_EMAIL)
if (attrs[ii] == OSTREE_GPG_SIGNATURE_ATTR_USER_NAME ||
attrs[ii] == OSTREE_GPG_SIGNATURE_ATTR_USER_EMAIL ||
attrs[ii] == OSTREE_GPG_SIGNATURE_ATTR_FINGERPRINT_PRIMARY)
{
(void) gpgme_get_key (result->context, signature->fpr, &key, 0);
break;
@ -372,11 +373,7 @@ ostree_gpg_verify_result_get (OstreeGpgVerifyResult *result,
break;
case OSTREE_GPG_SIGNATURE_ATTR_FINGERPRINT:
if (key != NULL && key->subkeys != NULL)
v_string = key->subkeys->fpr;
else
v_string = signature->fpr;
child = g_variant_new_string (v_string);
child = g_variant_new_string (signature->fpr);
break;
case OSTREE_GPG_SIGNATURE_ATTR_TIMESTAMP:
@ -417,6 +414,14 @@ ostree_gpg_verify_result_get (OstreeGpgVerifyResult *result,
child = g_variant_new_string (v_string);
break;
case OSTREE_GPG_SIGNATURE_ATTR_FINGERPRINT_PRIMARY:
if (key != NULL && key->subkeys != NULL)
v_string = key->subkeys->fpr;
if (v_string == NULL)
v_string = "";
child = g_variant_new_string (v_string);
break;
default:
g_critical ("Invalid signature attribute (%d)", attrs[ii]);
g_variant_builder_clear (&builder);
@ -534,6 +539,7 @@ ostree_gpg_verify_result_describe_variant (GVariant *variant,
gint64 exp_timestamp;
const char *type_string;
const char *fingerprint;
const char *fingerprint_primary;
const char *pubkey_algo;
const char *user_name;
const char *user_email;
@ -549,7 +555,7 @@ ostree_gpg_verify_result_describe_variant (GVariant *variant,
/* Verify the variant's type string. This code is
* not prepared to handle just any random GVariant. */
type_string = g_variant_get_type_string (variant);
g_return_if_fail (strcmp (type_string, "(bbbbbsxxssss)") == 0);
g_return_if_fail (strcmp (type_string, "(bbbbbsxxsssss)") == 0);
/* The default format roughly mimics the verify output generated by
* check_sig_and_print() in gnupg/g10/mainproc.c, though obviously
@ -563,6 +569,8 @@ ostree_gpg_verify_result_describe_variant (GVariant *variant,
"b", &key_missing);
g_variant_get_child (variant, OSTREE_GPG_SIGNATURE_ATTR_FINGERPRINT,
"&s", &fingerprint);
g_variant_get_child (variant, OSTREE_GPG_SIGNATURE_ATTR_FINGERPRINT_PRIMARY,
"&s", &fingerprint_primary);
g_variant_get_child (variant, OSTREE_GPG_SIGNATURE_ATTR_TIMESTAMP,
"x", &timestamp);
g_variant_get_child (variant, OSTREE_GPG_SIGNATURE_ATTR_EXP_TIMESTAMP,
@ -627,6 +635,21 @@ ostree_gpg_verify_result_describe_variant (GVariant *variant,
user_name, user_email);
}
if (!key_missing && (g_strcmp0 (fingerprint, fingerprint_primary) != 0))
{
const char *key_id_primary;
len = strlen (fingerprint_primary);
key_id_primary = (len > 16) ? fingerprint_primary + len - 16 :
fingerprint_primary;
if (line_prefix != NULL)
g_string_append (output_buffer, line_prefix);
g_string_append_printf (output_buffer,
"Primary key ID %s\n", key_id_primary);
}
if (exp_timestamp > 0)
{
date_time_utc = g_date_time_new_from_unix_utc (exp_timestamp);

8
src/libostree/ostree-gpg-verify-result.h
View File

@ -64,6 +64,11 @@ typedef struct OstreeGpgVerifyResult OstreeGpgVerifyResult;
* @OSTREE_GPG_SIGNATURE_ATTR_USER_EMAIL:
* [#G_VARIANT_TYPE_STRING] The email address of the signing key's primary
* user
* @OSTREE_GPG_SIGNATURE_ATTR_FINGERPRINT_PRIMARY:
* [#G_VARIANT_TYPE_STRING] Fingerprint of the signing key's primary key
* (will be the same as OSTREE_GPG_SIGNATURE_ATTR_FINGERPRINT if the
* the signature is already from the primary key rather than a subkey,
* and will be the empty string if the key is missing.)
*
* Signature attributes available from an #OstreeGpgVerifyResult.
* The attribute's #GVariantType is shown in brackets.
@ -80,7 +85,8 @@ typedef enum {
OSTREE_GPG_SIGNATURE_ATTR_PUBKEY_ALGO_NAME,
OSTREE_GPG_SIGNATURE_ATTR_HASH_ALGO_NAME,
OSTREE_GPG_SIGNATURE_ATTR_USER_NAME,
OSTREE_GPG_SIGNATURE_ATTR_USER_EMAIL
OSTREE_GPG_SIGNATURE_ATTR_USER_EMAIL,
OSTREE_GPG_SIGNATURE_ATTR_FINGERPRINT_PRIMARY,
} OstreeGpgSignatureAttr;
_OSTREE_PUBLIC

2
tests/test-gpg-verify-result.c
View File

@ -173,7 +173,7 @@ test_attribute_basics (TestFixture *fixture,
tuple = ostree_gpg_verify_result_get_all (fixture->result, ii);
type_string = g_variant_get_type_string (tuple);
g_assert_cmpstr (type_string, ==, "(bbbbbsxxssss)");
g_assert_cmpstr (type_string, ==, "(bbbbbsxxsssss)");
/* Check attributes which should be common to all signatures. */