sign/ed25519: Output failed signatures in error message

To aid debuggability, when we find a commit that isn't signed
by our expected key, output a specific error message with the
key.

(And then add code to switch to just printing the count beyond 3
 because the test suite injects 100 keys and hopefully no one
 ever actually does that)

src/libostree/ostree-sign-ed25519.c

@@ -202,6 +202,9 @@ gboolean ostree_sign_ed25519_data_verify (OstreeSign *self,
 
   g_debug ("verify: data hash = 0x%x", g_bytes_hash(data));
 
+  g_autoptr(GString) invalid_signatures = NULL;
+  guint n_invalid_signatures = 0;
+
   for (gsize i = 0; i < g_variant_n_children(signatures); i++)
     {
       g_autoptr (GVariant) child = g_variant_get_child_value (signatures, i);
@@ -230,7 +233,12 @@ gboolean ostree_sign_ed25519_data_verify (OstreeSign *self,
                                            public_key->data) != 0)
             {
               /* Incorrect signature! */
-              g_debug("Signature couldn't be verified with key '%s'",
+              if (invalid_signatures == NULL)
+                invalid_signatures = g_string_new ("");
+              else
+                g_string_append (invalid_signatures, "; ");
+              n_invalid_signatures++;
+              g_string_append_printf (invalid_signatures, "key '%s'",
                                       sodium_bin2hex (hex, crypto_sign_PUBLICKEYBYTES*2+1, public_key->data, crypto_sign_PUBLICKEYBYTES));
             }
           else
@@ -242,7 +250,17 @@ gboolean ostree_sign_ed25519_data_verify (OstreeSign *self,
         }
     }
 
-  return glnx_throw (error, "no valid ed25519 signatures found");
+  if (invalid_signatures)
+    {
+      g_assert_cmpuint (n_invalid_signatures, >, 0);
+      /* The test suite has a key ring with 100 keys.  This seems insane, let's
+       * cap a reasonable error message at 3.
+       */
+      if (n_invalid_signatures > 3)
+        return glnx_throw (error, "ed25519: Signature couldn't be verified; tried %u keys", n_invalid_signatures);
+      return glnx_throw (error, "ed25519: Signature couldn't be verified with: %s", invalid_signatures->str);
+    }
+  return glnx_throw (error, "ed25519: no signatures found");
 #endif /* HAVE_LIBSODIUM */
 
   return FALSE;

tests/test-pre-signed-pull.sh

@@ -48,5 +48,5 @@ ostree --repo=repo remote add badupstream --set=gpg-verify=false --sign-verify=e
 if ostree --repo=repo pull badupstream:testref 2>err.txt; then
     fatal "pulled with wrong key"
 fi
-assert_file_has_content err.txt 'error:.* no valid ed25519 signatures found'
+assert_file_has_content err.txt 'error:.* ed25519: Signature couldn.t be verified with: key'
 echo "ok pre-signed pull"

tests/test-signed-commit.sh

@@ -148,9 +148,10 @@ for((i=0;i<100;i++)); do
     gen_ed25519_random_public
 done > ${PUBKEYS}
 # Check if file contain no valid signatures
-if ${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --verify --sign-type=ed25519 --keys-file=${PUBKEYS} ${COMMIT}; then
-    exit 1
+if ${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --verify --sign-type=ed25519 --keys-file=${PUBKEYS} ${COMMIT} 2>err.txt; then
+    fatal "validated with no signatures"
 fi
+assert_file_has_content err.txt 'error:.* ed25519: Signature couldn.t be verified; tried 100 keys'
 # Check if no valid signatures provided via args&file
 if ${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --verify --sign-type=ed25519 --keys-file=${PUBKEYS} ${COMMIT} ${WRONG_PUBLIC}; then
     exit 1

tests/test-signed-pull-summary.sh

@@ -226,7 +226,7 @@ cp ${test_tmpdir}/ostree-srv/gnomerepo/summary.sig{.2,}
 if ${OSTREE} --repo=repo pull origin main 2>err.txt; then
     assert_not_reached "Successful pull with old summary"
 fi
-assert_file_has_content err.txt "no valid ed25519 signatures found"
+assert_file_has_content err.txt "ed25519: Signature couldn't be verified with: key"
 assert_has_file repo/tmp/cache/summaries/origin
 assert_has_file repo/tmp/cache/summaries/origin.sig
 cmp repo/tmp/cache/summaries/origin ${test_tmpdir}/ostree-srv/gnomerepo/summary.1 >&2