From 53f6b714d7e1c81709932fade0b21d34c53ba4b7 Mon Sep 17 00:00:00 2001 From: Florian Festi Date: Fri, 20 Sep 2024 13:58:04 +0200 Subject: [PATCH] Add Key Fingerprints to rpmsinfoMsg() --- lib/rpmvs.c | 25 +++++++++++++++++++++---- tests/rpmsigdig.at | 38 +++++++++++++++++++------------------- tests/rpmvfylevel.at | 6 +++--- 3 files changed, 43 insertions(+), 26 deletions(-) diff --git a/lib/rpmvs.c b/lib/rpmvs.c index dd806e12a9..7c21c2be8e 100644 --- a/lib/rpmvs.c +++ b/lib/rpmvs.c @@ -305,13 +305,30 @@ const char *rpmsinfoDescr(struct rpmsinfo_s *sinfo) char *rpmsinfoMsg(struct rpmsinfo_s *sinfo) { char *msg = NULL; + char *fphex = NULL; + char *fpmsg = NULL; + if (sinfo->rc == RPMRC_OK && sinfo->key) { + uint8_t *fp = NULL; + size_t fplen = 0; + if (!rpmPubkeyFingerprint(sinfo->key, &fp, &fplen)) { + fphex = rpmhex(fp, fplen); + free(fp); + } + } + if (fphex) + rasprintf(&fpmsg, _(", key fingerprint: %s"), fphex); + else + rstrcat(&fpmsg, ""); + if (sinfo->msg) { - rasprintf(&msg, "%s: %s (%s)", - rpmsinfoDescr(sinfo), rpmSigString(sinfo->rc), sinfo->msg); + rasprintf(&msg, "%s%s: %s (%s)", + rpmsinfoDescr(sinfo), fpmsg, rpmSigString(sinfo->rc), sinfo->msg); } else { - rasprintf(&msg, "%s: %s", - rpmsinfoDescr(sinfo), rpmSigString(sinfo->rc)); + rasprintf(&msg, "%s%s: %s", + rpmsinfoDescr(sinfo), fpmsg, rpmSigString(sinfo->rc)); } + free(fphex); + free(fpmsg); return msg; } diff --git a/tests/rpmsigdig.at b/tests/rpmsigdig.at index 59ba1e973a..2dc66d87b2 100644 --- a/tests/rpmsigdig.at +++ b/tests/rpmsigdig.at @@ -353,13 +353,13 @@ Checking for key: Version : eb04e625 Checking package after importing key: /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm: - Header V4 RSA/SHA512 Signature, key ID 1f71177215217ee0: OK + Header V4 RSA/SHA512 Signature, key ID 1f71177215217ee0, key fingerprint: b6542f92f30650c36b6f41bcb3a771bfeb04e625: OK Header SHA256 digest: OK Payload SHA256 digest: OK 0 Checking package after importing key, no digest: /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm: - Header V4 RSA/SHA512 Signature, key ID 1f71177215217ee0: OK + Header V4 RSA/SHA512 Signature, key ID 1f71177215217ee0, key fingerprint: b6542f92f30650c36b6f41bcb3a771bfeb04e625: OK Payload SHA256 digest: NOTFOUND Payload SHA256 ALT digest: NOTFOUND RSA signature: NOTFOUND @@ -688,24 +688,24 @@ runroot rpmkeys -Kv --nosignature /data/RPMS/hello-2.0-1.x86_64-signed.rpm; echo 1 0 /data/RPMS/hello-2.0-1.x86_64-v3-signed.rpm: - Header V3 RSA/SHA256 Signature, key ID 4344591e1964c5fc: OK + Header V3 RSA/SHA256 Signature, key ID 4344591e1964c5fc, key fingerprint: 771b18d3d7baa28734333c424344591e1964c5fc: OK Header SHA256 digest: OK Payload SHA256 digest: OK - V3 RSA/SHA256 Signature, key ID 4344591e1964c5fc: OK + V3 RSA/SHA256 Signature, key ID 4344591e1964c5fc, key fingerprint: 771b18d3d7baa28734333c424344591e1964c5fc: OK 0 /data/RPMS/hello-2.0-1.x86_64-signed.rpm: - Header V4 RSA/SHA256 Signature, key ID 4344591e1964c5fc: OK + Header V4 RSA/SHA256 Signature, key ID 4344591e1964c5fc, key fingerprint: 771b18d3d7baa28734333c424344591e1964c5fc: OK Header SHA256 digest: OK Payload SHA256 digest: OK - V4 RSA/SHA256 Signature, key ID 4344591e1964c5fc: OK + V4 RSA/SHA256 Signature, key ID 4344591e1964c5fc, key fingerprint: 771b18d3d7baa28734333c424344591e1964c5fc: OK 0 /data/RPMS/hello-2.0-1.x86_64-v3-signed.rpm: - Header V3 RSA/SHA256 Signature, key ID 4344591e1964c5fc: OK - V3 RSA/SHA256 Signature, key ID 4344591e1964c5fc: OK + Header V3 RSA/SHA256 Signature, key ID 4344591e1964c5fc, key fingerprint: 771b18d3d7baa28734333c424344591e1964c5fc: OK + V3 RSA/SHA256 Signature, key ID 4344591e1964c5fc, key fingerprint: 771b18d3d7baa28734333c424344591e1964c5fc: OK 0 /data/RPMS/hello-2.0-1.x86_64-signed.rpm: - Header V4 RSA/SHA256 Signature, key ID 4344591e1964c5fc: OK - V4 RSA/SHA256 Signature, key ID 4344591e1964c5fc: OK + Header V4 RSA/SHA256 Signature, key ID 4344591e1964c5fc, key fingerprint: 771b18d3d7baa28734333c424344591e1964c5fc: OK + V4 RSA/SHA256 Signature, key ID 4344591e1964c5fc, key fingerprint: 771b18d3d7baa28734333c424344591e1964c5fc: OK 0 /data/RPMS/hello-2.0-1.x86_64-v3-signed.rpm: Header SHA256 digest: OK @@ -754,7 +754,7 @@ RPMOUTPUT_SEQUOIA([ because: Signature appears to be created by a non-confo RPMOUTPUT_SEQUOIA([ because: Malformed MPI: leading bit is not set: expected bit 1 to be set in 0 (0))])dnl Header SHA256 digest: OK Payload SHA256 digest: OK - V4 RSA/SHA256 Signature, key ID 4344591e1964c5fc: OK + V4 RSA/SHA256 Signature, key ID 4344591e1964c5fc, key fingerprint: 771b18d3d7baa28734333c424344591e1964c5fc: OK ], []) RPMTEST_CLEANUP @@ -856,7 +856,7 @@ runroot rpmkeys -Kv /tmp/${pkg} V4 RSA/SHA256 Signature, key ID 4344591e1964c5fc: BAD MD5 digest: NOTFOUND /tmp/hello-2.0-1.x86_64-signed.rpm: - Header V4 RSA/SHA256 Signature, key ID 4344591e1964c5fc: OK + Header V4 RSA/SHA256 Signature, key ID 4344591e1964c5fc, key fingerprint: 771b18d3d7baa28734333c424344591e1964c5fc: OK Header SHA256 digest: OK Payload SHA256 digest: BAD (Expected 84a7338287bf19715c4eed0243f5cdb447eeb0ade37b2af718d4060aefca2f7c != bea903609dceac36e1f26a983c493c98064d320fdfeb423034ed63d649b2c8dc) Payload SHA256 ALT digest: NOTFOUND @@ -896,7 +896,7 @@ dorpm -Kv MD5 digest: OK /data/RPMS/hello-2.0-1.x86_64-corrupted.rpm: DIGESTS SIGNATURES NOT OK /data/RPMS/hello-2.0-1.x86_64-corrupted.rpm: - Header V4 RSA/SHA256 Signature, key ID 4344591e1964c5fc: OK + Header V4 RSA/SHA256 Signature, key ID 4344591e1964c5fc, key fingerprint: 771b18d3d7baa28734333c424344591e1964c5fc: OK Header SHA256 digest: OK Payload SHA256 digest: NOTFOUND Payload SHA256 ALT digest: NOTFOUND @@ -939,8 +939,8 @@ runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64.rpm|grep -v digest V4 RSA/SHA256 Signature, key ID 4344591e1964c5fc: NOKEY POST-IMPORT /tmp/hello-2.0-1.x86_64.rpm: - Header V4 RSA/SHA256 Signature, key ID 4344591e1964c5fc: OK - V4 RSA/SHA256 Signature, key ID 4344591e1964c5fc: OK + Header V4 RSA/SHA256 Signature, key ID 4344591e1964c5fc, key fingerprint: 771b18d3d7baa28734333c424344591e1964c5fc: OK + V4 RSA/SHA256 Signature, key ID 4344591e1964c5fc, key fingerprint: 771b18d3d7baa28734333c424344591e1964c5fc: OK POST-DELSIGN /tmp/hello-2.0-1.x86_64.rpm: ], @@ -967,7 +967,7 @@ runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64.rpm|grep -v digest Header V4 RSA/SHA256 Signature, key ID 4344591e1964c5fc: NOKEY POST-IMPORT /tmp/hello-2.0-1.x86_64.rpm: - Header V4 RSA/SHA256 Signature, key ID 4344591e1964c5fc: OK + Header V4 RSA/SHA256 Signature, key ID 4344591e1964c5fc, key fingerprint: 771b18d3d7baa28734333c424344591e1964c5fc: OK POST-DELSIGN /tmp/hello-2.0-1.x86_64.rpm: ], @@ -1118,7 +1118,7 @@ runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64.rpm|grep -v digest Header V4 RSA/SHA512 Signature, key ID 4344591e1964c5fc: NOKEY POST-IMPORT /tmp/hello-2.0-1.x86_64.rpm: - Header V4 RSA/SHA512 Signature, key ID 4344591e1964c5fc: OK + Header V4 RSA/SHA512 Signature, key ID 4344591e1964c5fc, key fingerprint: 771b18d3d7baa28734333c424344591e1964c5fc: OK POST-DELSIGN /tmp/hello-2.0-1.x86_64.rpm: ], @@ -1199,7 +1199,7 @@ runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64.rpm|grep -v digest Header V4 EdDSA/SHA512 Signature, key ID b0645aec757bf69e: NOKEY POST-IMPORT /tmp/hello-2.0-1.x86_64.rpm: - Header V4 EdDSA/SHA512 Signature, key ID b0645aec757bf69e: OK + Header V4 EdDSA/SHA512 Signature, key ID b0645aec757bf69e, key fingerprint: 152bb32fd9ca982797e835cfb0645aec757bf69e: OK ], []) gpgconf --kill gpg-agent @@ -1232,7 +1232,7 @@ runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64.rpm|grep -v digest Header V4 ECDSA/SHA256 Signature, key ID 7f1c21f95f65bbe8: NOKEY POST-IMPORT /tmp/hello-2.0-1.x86_64.rpm: - Header V4 ECDSA/SHA256 Signature, key ID 7f1c21f95f65bbe8: OK + Header V4 ECDSA/SHA256 Signature, key ID 7f1c21f95f65bbe8, key fingerprint: e8a62c0512b06b5d2183ba207f1c21f95f65bbe8: OK ], []) diff --git a/tests/rpmvfylevel.at b/tests/rpmvfylevel.at index 03fbad8119..66412e320f 100644 --- a/tests/rpmvfylevel.at +++ b/tests/rpmvfylevel.at @@ -319,7 +319,7 @@ done [0], [nopls /data/RPMS/hello-2.0-1.x86_64-signed.rpm: - Header V4 RSA/SHA256 Signature, key ID 4344591e1964c5fc: OK + Header V4 RSA/SHA256 Signature, key ID 4344591e1964c5fc, key fingerprint: 771b18d3d7baa28734333c424344591e1964c5fc: OK Header SHA256 digest: OK Header SHA1 digest: OK Payload SHA256 digest: OK @@ -327,7 +327,7 @@ done 0 noplds /data/RPMS/hello-2.0-1.x86_64-signed.rpm: - Header V4 RSA/SHA256 Signature, key ID 4344591e1964c5fc: OK + Header V4 RSA/SHA256 Signature, key ID 4344591e1964c5fc, key fingerprint: 771b18d3d7baa28734333c424344591e1964c5fc: OK Header SHA256 digest: OK Header SHA1 digest: OK Payload SHA256 digest: NOTFOUND @@ -341,7 +341,7 @@ nohdrs Header SHA256 digest: OK Header SHA1 digest: OK Payload SHA256 digest: OK - V4 RSA/SHA256 Signature, key ID 4344591e1964c5fc: OK + V4 RSA/SHA256 Signature, key ID 4344591e1964c5fc, key fingerprint: 771b18d3d7baa28734333c424344591e1964c5fc: OK MD5 digest: OK 0 nosig