gpg-verify-result: try to display the primary key ID from signatures

The fingerprint associated with each signature can be different to
the primary key ID (the normal one that people use to identify a
GPG key) if the signature is from a signing subkey. Try to find the
primary key and print this ID in preference to the subkey signature.

https://github.com/ostreedev/ostree/issues/608

Closes: #1036
Approved by: cgwalters
This commit is contained in:
Robert McQueen 2017-07-30 17:44:35 +01:00 committed by Atomic Bot
parent 156cf23576
commit e8a9172daa

View File

@ -334,7 +334,8 @@ ostree_gpg_verify_result_get (OstreeGpgVerifyResult *result,
* (OSTREE_GPG_SIGNATURE_ATTR_KEY_MISSING). */
for (ii = 0; ii < n_attrs; ii++)
{
if (attrs[ii] == OSTREE_GPG_SIGNATURE_ATTR_USER_NAME ||
if (attrs[ii] == OSTREE_GPG_SIGNATURE_ATTR_FINGERPRINT ||
attrs[ii] == OSTREE_GPG_SIGNATURE_ATTR_USER_NAME ||
attrs[ii] == OSTREE_GPG_SIGNATURE_ATTR_USER_EMAIL)
{
(void) gpgme_get_key (result->context, signature->fpr, &key, 0);
@ -378,7 +379,11 @@ ostree_gpg_verify_result_get (OstreeGpgVerifyResult *result,
break;
case OSTREE_GPG_SIGNATURE_ATTR_FINGERPRINT:
child = g_variant_new_string (signature->fpr);
if (key != NULL && key->subkeys != NULL)
v_string = key->subkeys->fpr;
else
v_string = signature->fpr;
child = g_variant_new_string (v_string);
break;
case OSTREE_GPG_SIGNATURE_ATTR_TIMESTAMP: