mirror of
https://github.com/ostreedev/ostree.git
synced 2025-01-09 01:18:35 +03:00
sign/ed25519: Output failed signatures in error message
To aid debuggability, when we find a commit that isn't signed by our expected key, output a specific error message with the key. (And then add code to switch to just printing the count beyond 3 because the test suite injects 100 keys and hopefully no one ever actually does that)
This commit is contained in:
parent
fa70ab417b
commit
1f3c8c5b3d
@ -202,6 +202,9 @@ gboolean ostree_sign_ed25519_data_verify (OstreeSign *self,
|
||||
|
||||
g_debug ("verify: data hash = 0x%x", g_bytes_hash(data));
|
||||
|
||||
g_autoptr(GString) invalid_signatures = NULL;
|
||||
guint n_invalid_signatures = 0;
|
||||
|
||||
for (gsize i = 0; i < g_variant_n_children(signatures); i++)
|
||||
{
|
||||
g_autoptr (GVariant) child = g_variant_get_child_value (signatures, i);
|
||||
@ -230,8 +233,13 @@ gboolean ostree_sign_ed25519_data_verify (OstreeSign *self,
|
||||
public_key->data) != 0)
|
||||
{
|
||||
/* Incorrect signature! */
|
||||
g_debug("Signature couldn't be verified with key '%s'",
|
||||
sodium_bin2hex (hex, crypto_sign_PUBLICKEYBYTES*2+1, public_key->data, crypto_sign_PUBLICKEYBYTES));
|
||||
if (invalid_signatures == NULL)
|
||||
invalid_signatures = g_string_new ("");
|
||||
else
|
||||
g_string_append (invalid_signatures, "; ");
|
||||
n_invalid_signatures++;
|
||||
g_string_append_printf (invalid_signatures, "key '%s'",
|
||||
sodium_bin2hex (hex, crypto_sign_PUBLICKEYBYTES*2+1, public_key->data, crypto_sign_PUBLICKEYBYTES));
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -242,7 +250,17 @@ gboolean ostree_sign_ed25519_data_verify (OstreeSign *self,
|
||||
}
|
||||
}
|
||||
|
||||
return glnx_throw (error, "no valid ed25519 signatures found");
|
||||
if (invalid_signatures)
|
||||
{
|
||||
g_assert_cmpuint (n_invalid_signatures, >, 0);
|
||||
/* The test suite has a key ring with 100 keys. This seems insane, let's
|
||||
* cap a reasonable error message at 3.
|
||||
*/
|
||||
if (n_invalid_signatures > 3)
|
||||
return glnx_throw (error, "ed25519: Signature couldn't be verified; tried %u keys", n_invalid_signatures);
|
||||
return glnx_throw (error, "ed25519: Signature couldn't be verified with: %s", invalid_signatures->str);
|
||||
}
|
||||
return glnx_throw (error, "ed25519: no signatures found");
|
||||
#endif /* HAVE_LIBSODIUM */
|
||||
|
||||
return FALSE;
|
||||
|
@ -48,5 +48,5 @@ ostree --repo=repo remote add badupstream --set=gpg-verify=false --sign-verify=e
|
||||
if ostree --repo=repo pull badupstream:testref 2>err.txt; then
|
||||
fatal "pulled with wrong key"
|
||||
fi
|
||||
assert_file_has_content err.txt 'error:.* no valid ed25519 signatures found'
|
||||
assert_file_has_content err.txt 'error:.* ed25519: Signature couldn.t be verified with: key'
|
||||
echo "ok pre-signed pull"
|
||||
|
@ -148,9 +148,10 @@ for((i=0;i<100;i++)); do
|
||||
gen_ed25519_random_public
|
||||
done > ${PUBKEYS}
|
||||
# Check if file contain no valid signatures
|
||||
if ${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --verify --sign-type=ed25519 --keys-file=${PUBKEYS} ${COMMIT}; then
|
||||
exit 1
|
||||
if ${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --verify --sign-type=ed25519 --keys-file=${PUBKEYS} ${COMMIT} 2>err.txt; then
|
||||
fatal "validated with no signatures"
|
||||
fi
|
||||
assert_file_has_content err.txt 'error:.* ed25519: Signature couldn.t be verified; tried 100 keys'
|
||||
# Check if no valid signatures provided via args&file
|
||||
if ${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --verify --sign-type=ed25519 --keys-file=${PUBKEYS} ${COMMIT} ${WRONG_PUBLIC}; then
|
||||
exit 1
|
||||
|
@ -226,7 +226,7 @@ cp ${test_tmpdir}/ostree-srv/gnomerepo/summary.sig{.2,}
|
||||
if ${OSTREE} --repo=repo pull origin main 2>err.txt; then
|
||||
assert_not_reached "Successful pull with old summary"
|
||||
fi
|
||||
assert_file_has_content err.txt "no valid ed25519 signatures found"
|
||||
assert_file_has_content err.txt "ed25519: Signature couldn't be verified with: key"
|
||||
assert_has_file repo/tmp/cache/summaries/origin
|
||||
assert_has_file repo/tmp/cache/summaries/origin.sig
|
||||
cmp repo/tmp/cache/summaries/origin ${test_tmpdir}/ostree-srv/gnomerepo/summary.1 >&2
|
||||
|
Loading…
Reference in New Issue
Block a user