diff --git a/src/libostree/ostree-sign-ed25519.c b/src/libostree/ostree-sign-ed25519.c index 4d984d1e..05fbe5eb 100644 --- a/src/libostree/ostree-sign-ed25519.c +++ b/src/libostree/ostree-sign-ed25519.c @@ -202,6 +202,9 @@ gboolean ostree_sign_ed25519_data_verify (OstreeSign *self, g_debug ("verify: data hash = 0x%x", g_bytes_hash(data)); + g_autoptr(GString) invalid_signatures = NULL; + guint n_invalid_signatures = 0; + for (gsize i = 0; i < g_variant_n_children(signatures); i++) { g_autoptr (GVariant) child = g_variant_get_child_value (signatures, i); @@ -230,8 +233,13 @@ gboolean ostree_sign_ed25519_data_verify (OstreeSign *self, public_key->data) != 0) { /* Incorrect signature! */ - g_debug("Signature couldn't be verified with key '%s'", - sodium_bin2hex (hex, crypto_sign_PUBLICKEYBYTES*2+1, public_key->data, crypto_sign_PUBLICKEYBYTES)); + if (invalid_signatures == NULL) + invalid_signatures = g_string_new (""); + else + g_string_append (invalid_signatures, "; "); + n_invalid_signatures++; + g_string_append_printf (invalid_signatures, "key '%s'", + sodium_bin2hex (hex, crypto_sign_PUBLICKEYBYTES*2+1, public_key->data, crypto_sign_PUBLICKEYBYTES)); } else { @@ -242,7 +250,17 @@ gboolean ostree_sign_ed25519_data_verify (OstreeSign *self, } } - return glnx_throw (error, "no valid ed25519 signatures found"); + if (invalid_signatures) + { + g_assert_cmpuint (n_invalid_signatures, >, 0); + /* The test suite has a key ring with 100 keys. This seems insane, let's + * cap a reasonable error message at 3. + */ + if (n_invalid_signatures > 3) + return glnx_throw (error, "ed25519: Signature couldn't be verified; tried %u keys", n_invalid_signatures); + return glnx_throw (error, "ed25519: Signature couldn't be verified with: %s", invalid_signatures->str); + } + return glnx_throw (error, "ed25519: no signatures found"); #endif /* HAVE_LIBSODIUM */ return FALSE; diff --git a/tests/test-pre-signed-pull.sh b/tests/test-pre-signed-pull.sh index ae4e26f9..20f2b597 100755 --- a/tests/test-pre-signed-pull.sh +++ b/tests/test-pre-signed-pull.sh @@ -48,5 +48,5 @@ ostree --repo=repo remote add badupstream --set=gpg-verify=false --sign-verify=e if ostree --repo=repo pull badupstream:testref 2>err.txt; then fatal "pulled with wrong key" fi -assert_file_has_content err.txt 'error:.* no valid ed25519 signatures found' +assert_file_has_content err.txt 'error:.* ed25519: Signature couldn.t be verified with: key' echo "ok pre-signed pull" diff --git a/tests/test-signed-commit.sh b/tests/test-signed-commit.sh index 4dcf38a4..6bdbfdd6 100755 --- a/tests/test-signed-commit.sh +++ b/tests/test-signed-commit.sh @@ -148,9 +148,10 @@ for((i=0;i<100;i++)); do gen_ed25519_random_public done > ${PUBKEYS} # Check if file contain no valid signatures -if ${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --verify --sign-type=ed25519 --keys-file=${PUBKEYS} ${COMMIT}; then - exit 1 +if ${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --verify --sign-type=ed25519 --keys-file=${PUBKEYS} ${COMMIT} 2>err.txt; then + fatal "validated with no signatures" fi +assert_file_has_content err.txt 'error:.* ed25519: Signature couldn.t be verified; tried 100 keys' # Check if no valid signatures provided via args&file if ${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --verify --sign-type=ed25519 --keys-file=${PUBKEYS} ${COMMIT} ${WRONG_PUBLIC}; then exit 1 diff --git a/tests/test-signed-pull-summary.sh b/tests/test-signed-pull-summary.sh index 6a240635..e953f2ea 100755 --- a/tests/test-signed-pull-summary.sh +++ b/tests/test-signed-pull-summary.sh @@ -226,7 +226,7 @@ cp ${test_tmpdir}/ostree-srv/gnomerepo/summary.sig{.2,} if ${OSTREE} --repo=repo pull origin main 2>err.txt; then assert_not_reached "Successful pull with old summary" fi -assert_file_has_content err.txt "no valid ed25519 signatures found" +assert_file_has_content err.txt "ed25519: Signature couldn't be verified with: key" assert_has_file repo/tmp/cache/summaries/origin assert_has_file repo/tmp/cache/summaries/origin.sig cmp repo/tmp/cache/summaries/origin ${test_tmpdir}/ostree-srv/gnomerepo/summary.1 >&2