diff options
author | Konstantin Ryabitsev <konstantin.ryabitsev@linux.dev> | 2021-06-02 17:14:20 -0400 |
---|---|---|
committer | Konstantin Ryabitsev <konstantin.ryabitsev@linux.dev> | 2021-06-02 17:14:20 -0400 |
commit | d37d358c9ddd4d0972fbcd392ce26df852767948 (patch) | |
tree | 61d9e1838d3513c0ccc99d9bb6c4d9c7ecf58f03 | |
parent | 1fc7ed529fc07036072b79c040f083b1db1c668a (diff) | |
download | patatt-d37d358c9ddd4d0972fbcd392ce26df852767948.tar.gz |
Throw a NoKeyError when no matching PGP key
Fix a problem where we incorrectly reported a missing public key for a
failing signature for the cases when the public key is in the default
keyring.
Signed-off-by: Konstantin Ryabitsev <konstantin.ryabitsev@linux.dev>
-rw-r--r-- | patatt/__init__.py | 22 |
1 files changed, 16 insertions, 6 deletions
diff --git a/patatt/__init__.py b/patatt/__init__.py index b4018ab..f5e0fd9 100644 --- a/patatt/__init__.py +++ b/patatt/__init__.py @@ -47,7 +47,7 @@ OPT_HDRS = [b'message-id'] KEYCACHE = dict() # My version -__VERSION__ = '0.4.4' +__VERSION__ = '0.4.5-dev' MAX_SUPPORTED_FORMAT_VERSION = 1 @@ -69,6 +69,12 @@ class ValidationError(Exception): self.errors = errors +class NoKeyError(ValidationError): + def __init__(self, message: str, errors: Optional[list] = None): + super().__init__(message) + self.errors = errors + + class BodyValidationError(ValidationError): def __init__(self, message: str, errors: Optional[list] = None): super().__init__(message, errors) @@ -346,6 +352,8 @@ class DevsigHeader: ecode, out, err = gpg_run_command(vrfyargs, stdin=bsigdata) if ecode > 0: + if err.find(b'[GNUPG:] NO_PUBKEY '): + raise NoKeyError('No matching key found') raise ValidationError('Failed to validate PGP signature') good, valid, trusted, signkey, signtime = DevsigHeader._check_gpg_status(err) @@ -952,12 +960,14 @@ def validate_message(msgdata: bytes, sources: list, trim_body: bool = False) -> attestations.append((RES_VALID, i, signtime, keysrc, algo, errors)) except ValidationError: if keysrc is None: - # Not in default keyring - errors.append('%s/%s no matching openpgp key found' % (i, s)) - attestations.append((RES_NOKEY, i, t, None, algo, errors)) - continue - errors.append('failed to validate using %s' % keysrc) + errors.append('failed to validate using default keyring') + else: + errors.append('failed to validate using %s' % keysrc) attestations.append((RES_BADSIG, i, t, keysrc, algo, errors)) + except NoKeyError: + # Not in default keyring + errors.append('%s/%s no matching openpgp key found' % (i, s)) + attestations.append((RES_NOKEY, i, t, None, algo, errors)) return attestations |