Do not hide errors from keyrings in verify.

- Fixes #492. Signed-off-by: Julian Andres Klode <jak@debian.org>
2024-12-05 20:44:33 +01:00 · 2024-12-05 20:44:33 +01:00 · 5adb325f88
commit 5adb325f88
parent f1c30786d7
2 changed files with 34 additions and 1 deletions
--- a/src/commands/verify.rs
+++ b/src/commands/verify.rs
@ -474,7 +474,7 @@ impl<'c, 'store, 'rstore> VerificationHelper for VHelper<'c, 'store, 'rstore>
        // Avoid initializing the certificate store if we don't actually
        // need to.
        if ! ids.is_empty() {
-            if let Ok(Some(cert_store)) = self.sq.cert_store() {
+            if let Some(cert_store) = self.sq.cert_store()? {
                for id in ids.iter() {
                    for c in cert_store.lookup_by_cert_or_subkey(id)
                        .unwrap_or_default()
--- a/tests/integration/sq_verify.rs
+++ b/tests/integration/sq_verify.rs
@ -75,6 +75,39 @@ fn sq_verify_bad() -> Result<()> {
    Ok(())
 }

+// Ensure bad/missing keyring produce errors
+#[test]
+fn sq_verify_bad_keyring() -> Result<()> {
+    let sq = Sq::new();
+    let msg = artifact("examples/document.pgp");
+
+    let error_doesnotexist = sq.verify_maybe(
+        &["--keyring", "doesnotexist"],
+        Verify::Message,
+        &msg,
+        None
+    );
+
+    assert!(format!("{error_doesnotexist:?}").contains("Open"));
+    assert!(format!("{error_doesnotexist:?}").contains("doesnotexist"));
+
+    // Just use the readme as an invalid keyring
+    let error_invalid = sq.verify_maybe(
+        &[
+            "--keyring",
+            &artifact("examples/README.md").display().to_string(),
+        ],
+        Verify::Message,
+        &msg,
+        None,
+    );
+
+    assert!(format!("{error_invalid:?}").contains("Parsing"));
+    assert!(format!("{error_invalid:?}").contains("examples/README.md"));
+
+    Ok(())
+}
+
 // Make sure --policy-as-of works
 #[test]
 fn sq_verify_policy_as_of() -> Result<()> {