diff options
| author |   Fabian Groffen <grobian@gentoo.org> | 2019-06-06 10:10:48 +0200 |
|---|---|---|
| committer | Fabian Groffen <grobian@gentoo.org> | 2019-06-06 10:10:48 +0200 |
| commit | 0ccae5a9f063ed2dc112340e70f4593d696aa0a5 (patch) | |
| tree | 900044a1bf1db8007a55733b1c6a1f762ba3d3fb | |
| parent | libq/atom: really fix retaining input in atom_format_r (diff) | |
| download | portage-utils-0ccae5a9f063ed2dc112340e70f4593d696aa0a5.tar.gz portage-utils-0ccae5a9f063ed2dc112340e70f4593d696aa0a5.tar.bz2 portage-utils-0ccae5a9f063ed2dc112340e70f4593d696aa0a5.zip | |
qmanifest: improve verification error descriptions
try and report fingerprint being checked (which can be copy/pasted into
gpg --list-keys) and use gpgme_strerror in case we don't handle the
specific error, such that we still throw a possible hint at the user
Signed-off-by: Fabian Groffen <grobian@gentoo.org>
| -rw-r--r-- | TODO.md | 1 | ||||
| -rw-r--r-- | qmanifest.c | 16 |
2 files changed, 12 insertions, 5 deletions
@@ -90,6 +90,7 @@ # qmanifest - use openat in most places +- parse timestamps and print in local timezone # qlop - guestimate runtime based on best-matching pkg (e.g. with gcc) diff --git a/qmanifest.c b/qmanifest.c index 541ab34..551f54c 100644 --- a/qmanifest.c +++ b/qmanifest.c @@ -899,13 +899,18 @@ verify_gpg_sig(const char *path, verify_msg **msgs) if ((sig = vres->signatures) != NULL) { ret = xmalloc(sizeof(gpg_sig)); - if (sig->status != GPG_ERR_NO_PUBKEY) { - ret->algo = xstrdup(gpgme_pubkey_algo_name(sig->pubkey_algo)); + if (sig->fpr != NULL) { snprintf(buf, sizeof(buf), "%.4s %.4s %.4s %.4s %.4s %.4s %.4s %.4s %.4s %.4s", sig->fpr + 0, sig->fpr + 4, sig->fpr + 8, sig->fpr + 12, sig->fpr + 16, sig->fpr + 20, sig->fpr + 24, sig->fpr + 28, sig->fpr + 32, sig->fpr + 36); + } else { + snprintf(buf, sizeof(buf), "<fingerprint not found>"); + } + + if (sig->status != GPG_ERR_NO_PUBKEY) { + ret->algo = xstrdup(gpgme_pubkey_algo_name(sig->pubkey_algo)); ret->fingerprint = xstrdup(buf); ret->isgood = sig->status == GPG_ERR_NO_ERROR ? 1 : 0; ctime = gmtime((time_t *)&sig->timestamp); @@ -955,13 +960,14 @@ verify_gpg_sig(const char *path, verify_msg **msgs) free(ret); ret = NULL; printf("the signature could not be verified due to a " - "missing key\n"); + "missing key for:\n %s", buf); break; default: free(ret); ret = NULL; - printf("there was some other error which prevented the " - "signature verification\n"); + printf("there was some error which prevented the " + "signature verification:\n %s: %s\n", + buf, gpgme_strerror(sig->status)); break; } } |