gpg-verify-result: try to display the primary key ID from signatures

The fingerprint associated with each signature can be different to the primary key ID (the normal one that people use to identify a GPG key) if the signature is from a signing subkey. Try to find the primary key and print this ID in preference to the subkey signature. https://github.com/ostreedev/ostree/issues/608 Closes: #1036 Approved by: cgwalters
2025-03-17 14:50:35 +03:00 · 2017-07-30 17:44:35 +01:00 · 2017-07-30 17:44:35 +01:00 · e8a9172daa
commit e8a9172daa
parent 156cf23576
1 changed files with 7 additions and 2 deletions
--- a/src/libostree/ostree-gpg-verify-result.c
+++ b/src/libostree/ostree-gpg-verify-result.c
@ -334,7 +334,8 @@ ostree_gpg_verify_result_get (OstreeGpgVerifyResult *result,
   * (OSTREE_GPG_SIGNATURE_ATTR_KEY_MISSING). */
  for (ii = 0; ii < n_attrs; ii++)
    {
-      if (attrs[ii] == OSTREE_GPG_SIGNATURE_ATTR_USER_NAME ||
+      if (attrs[ii] == OSTREE_GPG_SIGNATURE_ATTR_FINGERPRINT ||
+          attrs[ii] == OSTREE_GPG_SIGNATURE_ATTR_USER_NAME ||
          attrs[ii] == OSTREE_GPG_SIGNATURE_ATTR_USER_EMAIL)
        {
          (void) gpgme_get_key (result->context, signature->fpr, &key, 0);
@ -378,7 +379,11 @@ ostree_gpg_verify_result_get (OstreeGpgVerifyResult *result,
            break;

          case OSTREE_GPG_SIGNATURE_ATTR_FINGERPRINT:
-            child = g_variant_new_string (signature->fpr);
+            if (key != NULL && key->subkeys != NULL)
+              v_string = key->subkeys->fpr;
+            else
+              v_string = signature->fpr;
+            child = g_variant_new_string (v_string);
            break;

          case OSTREE_GPG_SIGNATURE_ATTR_TIMESTAMP: