commit: 0ccae5a9f063ed2dc112340e70f4593d696aa0a5 Author: Fabian Groffen <grobian <AT> gentoo <DOT> org> AuthorDate: Thu Jun 6 08:10:48 2019 +0000 Commit: Fabian Groffen <grobian <AT> gentoo <DOT> org> CommitDate: Thu Jun 6 08:10:48 2019 +0000 URL: https://gitweb.gentoo.org/proj/portage-utils.git/commit/?id=0ccae5a9
qmanifest: improve verification error descriptions try and report fingerprint being checked (which can be copy/pasted into gpg --list-keys) and use gpgme_strerror in case we don't handle the specific error, such that we still throw a possible hint at the user Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org> TODO.md | 1 + qmanifest.c | 16 +++++++++++----- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/TODO.md b/TODO.md index 14bd6eb..61f1c98 100644 --- a/TODO.md +++ b/TODO.md @@ -90,6 +90,7 @@ # qmanifest - use openat in most places +- parse timestamps and print in local timezone # qlop - guestimate runtime based on best-matching pkg (e.g. with gcc) diff --git a/qmanifest.c b/qmanifest.c index 541ab34..551f54c 100644 --- a/qmanifest.c +++ b/qmanifest.c @@ -899,13 +899,18 @@ verify_gpg_sig(const char *path, verify_msg **msgs) if ((sig = vres->signatures) != NULL) { ret = xmalloc(sizeof(gpg_sig)); - if (sig->status != GPG_ERR_NO_PUBKEY) { - ret->algo = xstrdup(gpgme_pubkey_algo_name(sig->pubkey_algo)); + if (sig->fpr != NULL) { snprintf(buf, sizeof(buf), "%.4s %.4s %.4s %.4s %.4s %.4s %.4s %.4s %.4s %.4s", sig->fpr + 0, sig->fpr + 4, sig->fpr + 8, sig->fpr + 12, sig->fpr + 16, sig->fpr + 20, sig->fpr + 24, sig->fpr + 28, sig->fpr + 32, sig->fpr + 36); + } else { + snprintf(buf, sizeof(buf), "<fingerprint not found>"); + } + + if (sig->status != GPG_ERR_NO_PUBKEY) { + ret->algo = xstrdup(gpgme_pubkey_algo_name(sig->pubkey_algo)); ret->fingerprint = xstrdup(buf); ret->isgood = sig->status == GPG_ERR_NO_ERROR ? 1 : 0; ctime = gmtime((time_t *)&sig->timestamp); @@ -955,13 +960,14 @@ verify_gpg_sig(const char *path, verify_msg **msgs) free(ret); ret = NULL; printf("the signature could not be verified due to a " - "missing key\n"); + "missing key for:\n %s", buf); break; default: free(ret); ret = NULL; - printf("there was some other error which prevented the " - "signature verification\n"); + printf("there was some error which prevented the " + "signature verification:\n %s: %s\n", + buf, gpgme_strerror(sig->status)); break; } }