[Rpm-maint] [rpm-software-management/rpm] Add pgpVerifySignature2 (PR #2453)

Panu Matilainen notifications at github.com
Fri Mar 31 07:25:38 UTC 2023


@pmatilai commented on this pull request.



> @@ -276,7 +276,18 @@ rpmRC rpmKeyringVerifySig(rpmKeyring keyring, pgpDigParams sig, DIGEST_CTX ctx)
 	    pgpkey = key->pgpkey;
 
 	/* We call verify even if key not found for a signature sanity check */
-	rc = pgpVerifySignature(pgpkey, sig, ctx);
+        char *errormsg = NULL;
+	rc = pgpVerifySignature2(pgpkey, sig, ctx, &errormsg);
+        if (errormsg) {
+            if (rc) {
+                rpmlog(RPMLOG_ERR, "Error verifying signature: %s",
+                       errormsg);
+            } else {
+                rpmlog(RPMLOG_WARNING, "Warning verifying signature: %s",

Having now tested this, I wonder if even that is necessary because that context is already supplied by the Sequoia message:

> /home/pmatilai/Downloads/anydesk-6.1.1-1.el8.x86_64.rpm:
error: Error verifying signature: Verifying a signature using certificate D56311E5FF3B6F39D5A16ABE18DF3741CDFFDE29:
  No binding signature at time 2021-04-13T11:08:37Z
  error: Error verifying signature: Verifying a signature using certificate D56311E5FF3B6F39D5A16ABE18DF3741CDFFDE29:


-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/2453#discussion_r1154110865
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/pull/2453/review/1366392071 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20230331/739d27cf/attachment-0001.html>


More information about the Rpm-maint mailing list