diff options
author | Colin Walters <walters@verbum.org> | 2020-04-12 18:04:06 +0000 |
---|---|---|
committer | Colin Walters <walters@verbum.org> | 2020-04-15 22:07:11 +0000 |
commit | 8e7aea4473375a12ad479d910a1e20fabe23ed18 (patch) | |
tree | 4167df4652fc0857a810c2b1dec7631016c2e09b /src/libostree/ostree-sign-ed25519.c | |
parent | fd55deb0f7f604d8866024540eef25fa370620bb (diff) | |
download | ostree-8e7aea4473375a12ad479d910a1e20fabe23ed18.tar.gz |
Change signature opts to include type, cleanup error handling
Previously we would pass the `verification-key` and `verification-file`
to all backends, ignoring errors from loading keys until we
found one that worked.
Instead, change the options to be `verification-<engine>-key`
and `verification-<engine>-file`, and then
rework this to use standard error handling; barf explicitly if
we can't load the public keys for example. Preserve
the semantics of accepting the first valid signature. The
first signature error is captured, the others are currently
compressed into a `(and %d more)` prefix.
And now that I look at this more closely there's a lot of
duplication between the two code paths in pull.c for verifying;
will dedup this next.
Diffstat (limited to 'src/libostree/ostree-sign-ed25519.c')
-rw-r--r-- | src/libostree/ostree-sign-ed25519.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/libostree/ostree-sign-ed25519.c b/src/libostree/ostree-sign-ed25519.c index 8df61aed..4d984d1e 100644 --- a/src/libostree/ostree-sign-ed25519.c +++ b/src/libostree/ostree-sign-ed25519.c @@ -242,7 +242,7 @@ gboolean ostree_sign_ed25519_data_verify (OstreeSign *self, } } - return glnx_throw (error, "Not able to verify: no valid signatures found"); + return glnx_throw (error, "no valid ed25519 signatures found"); #endif /* HAVE_LIBSODIUM */ return FALSE; |