gpg-verify-result: try to display the primary key ID from signatures

The fingerprint associated with each signature can be different to
the primary key ID (the normal one that people use to identify a
GPG key) if the signature is from a signing subkey. Try to find the
primary key and print this ID in preference to the subkey signature.

https://github.com/ostreedev/ostree/issues/608

Closes: #1036
Approved by: cgwalters

diff --git a/src/libostree/ostree-gpg-verify-result.c b/src/libostree/ostree-gpg-verify-result.c
index 059b3d562bb097c9becd21dcd14c4a116f7b2a74..7cee6c2818c8cdd5506d065023885e80a4a87e0d 100644 (file)
--- a/src/libostree/ostree-gpg-verify-result.c
+++ b/src/libostree/ostree-gpg-verify-result.c
@@ -334,7 +334,8 @@ ostree_gpg_verify_result_get (OstreeGpgVerifyResult *result,
    * (OSTREE_GPG_SIGNATURE_ATTR_KEY_MISSING). */
   for (ii = 0; ii < n_attrs; ii++)
     {
-      if (attrs[ii] == OSTREE_GPG_SIGNATURE_ATTR_USER_NAME ||
+      if (attrs[ii] == OSTREE_GPG_SIGNATURE_ATTR_FINGERPRINT ||
+          attrs[ii] == OSTREE_GPG_SIGNATURE_ATTR_USER_NAME ||
           attrs[ii] == OSTREE_GPG_SIGNATURE_ATTR_USER_EMAIL)
         {
           (void) gpgme_get_key (result->context, signature->fpr, &key, 0);
@@ -378,7 +379,11 @@ ostree_gpg_verify_result_get (OstreeGpgVerifyResult *result,
             break;
 
           case OSTREE_GPG_SIGNATURE_ATTR_FINGERPRINT:
-            child = g_variant_new_string (signature->fpr);
+            if (key != NULL && key->subkeys != NULL)
+              v_string = key->subkeys->fpr;
+            else
+              v_string = signature->fpr;
+            child = g_variant_new_string (v_string);
             break;
 
           case OSTREE_GPG_SIGNATURE_ATTR_TIMESTAMP: