OSTREE_GPG_SIGNATURE_ATTR_PUBKEY_ALGO_NAME,
OSTREE_GPG_SIGNATURE_ATTR_HASH_ALGO_NAME,
OSTREE_GPG_SIGNATURE_ATTR_USER_NAME,
- OSTREE_GPG_SIGNATURE_ATTR_USER_EMAIL
+ OSTREE_GPG_SIGNATURE_ATTR_USER_EMAIL,
+ OSTREE_GPG_SIGNATURE_ATTR_FINGERPRINT_PRIMARY
};
static void ostree_gpg_verify_result_initable_iface_init (GInitableIface *iface);
* (OSTREE_GPG_SIGNATURE_ATTR_KEY_MISSING). */
for (ii = 0; ii < n_attrs; ii++)
{
- if (attrs[ii] == OSTREE_GPG_SIGNATURE_ATTR_FINGERPRINT ||
- attrs[ii] == OSTREE_GPG_SIGNATURE_ATTR_USER_NAME ||
- attrs[ii] == OSTREE_GPG_SIGNATURE_ATTR_USER_EMAIL)
+ if (attrs[ii] == OSTREE_GPG_SIGNATURE_ATTR_USER_NAME ||
+ attrs[ii] == OSTREE_GPG_SIGNATURE_ATTR_USER_EMAIL ||
+ attrs[ii] == OSTREE_GPG_SIGNATURE_ATTR_FINGERPRINT_PRIMARY)
{
(void) gpgme_get_key (result->context, signature->fpr, &key, 0);
break;
break;
case OSTREE_GPG_SIGNATURE_ATTR_FINGERPRINT:
- if (key != NULL && key->subkeys != NULL)
- v_string = key->subkeys->fpr;
- else
- v_string = signature->fpr;
- child = g_variant_new_string (v_string);
+ child = g_variant_new_string (signature->fpr);
break;
case OSTREE_GPG_SIGNATURE_ATTR_TIMESTAMP:
child = g_variant_new_string (v_string);
break;
+ case OSTREE_GPG_SIGNATURE_ATTR_FINGERPRINT_PRIMARY:
+ if (key != NULL && key->subkeys != NULL)
+ v_string = key->subkeys->fpr;
+ if (v_string == NULL)
+ v_string = "";
+ child = g_variant_new_string (v_string);
+ break;
+
default:
g_critical ("Invalid signature attribute (%d)", attrs[ii]);
g_variant_builder_clear (&builder);
gint64 exp_timestamp;
const char *type_string;
const char *fingerprint;
+ const char *fingerprint_primary;
const char *pubkey_algo;
const char *user_name;
const char *user_email;
/* Verify the variant's type string. This code is
* not prepared to handle just any random GVariant. */
type_string = g_variant_get_type_string (variant);
- g_return_if_fail (strcmp (type_string, "(bbbbbsxxssss)") == 0);
+ g_return_if_fail (strcmp (type_string, "(bbbbbsxxsssss)") == 0);
/* The default format roughly mimics the verify output generated by
* check_sig_and_print() in gnupg/g10/mainproc.c, though obviously
"b", &key_missing);
g_variant_get_child (variant, OSTREE_GPG_SIGNATURE_ATTR_FINGERPRINT,
"&s", &fingerprint);
+ g_variant_get_child (variant, OSTREE_GPG_SIGNATURE_ATTR_FINGERPRINT_PRIMARY,
+ "&s", &fingerprint_primary);
g_variant_get_child (variant, OSTREE_GPG_SIGNATURE_ATTR_TIMESTAMP,
"x", ×tamp);
g_variant_get_child (variant, OSTREE_GPG_SIGNATURE_ATTR_EXP_TIMESTAMP,
user_name, user_email);
}
+ if (!key_missing && (g_strcmp0 (fingerprint, fingerprint_primary) != 0))
+ {
+ const char *key_id_primary;
+
+ len = strlen (fingerprint_primary);
+ key_id_primary = (len > 16) ? fingerprint_primary + len - 16 :
+ fingerprint_primary;
+
+ if (line_prefix != NULL)
+ g_string_append (output_buffer, line_prefix);
+
+ g_string_append_printf (output_buffer,
+ "Primary key ID %s\n", key_id_primary);
+ }
+
if (exp_timestamp > 0)
{
date_time_utc = g_date_time_new_from_unix_utc (exp_timestamp);
* @OSTREE_GPG_SIGNATURE_ATTR_USER_EMAIL:
* [#G_VARIANT_TYPE_STRING] The email address of the signing key's primary
* user
+ * @OSTREE_GPG_SIGNATURE_ATTR_FINGERPRINT_PRIMARY:
+ * [#G_VARIANT_TYPE_STRING] Fingerprint of the signing key's primary key
+ * (will be the same as OSTREE_GPG_SIGNATURE_ATTR_FINGERPRINT if the
+ * the signature is already from the primary key rather than a subkey,
+ * and will be the empty string if the key is missing.)
*
* Signature attributes available from an #OstreeGpgVerifyResult.
* The attribute's #GVariantType is shown in brackets.
OSTREE_GPG_SIGNATURE_ATTR_PUBKEY_ALGO_NAME,
OSTREE_GPG_SIGNATURE_ATTR_HASH_ALGO_NAME,
OSTREE_GPG_SIGNATURE_ATTR_USER_NAME,
- OSTREE_GPG_SIGNATURE_ATTR_USER_EMAIL
+ OSTREE_GPG_SIGNATURE_ATTR_USER_EMAIL,
+ OSTREE_GPG_SIGNATURE_ATTR_FINGERPRINT_PRIMARY,
} OstreeGpgSignatureAttr;
_OSTREE_PUBLIC
projects / ostree.git / commitdiff