Add pgpVerifySignature2() and pgpPrtParams2()

Add new functions pgpVerifySignature2() and pgpPrtParams2(), which are
like their earlier versions, but optionally return descriptive error
messages (in the case of failure) or lints (in the case of success).
Adjust tests accordingly.

This requires rpm-sequoia 1.4 or later.

See https://github.com/rpm-software-management/rpm-sequoia/issues/39
and
https://github.com/rpm-software-management/rpm/issues/2127#issuecomment-1482646398

Fixes #2483.

1 files changed, 16 insertions, 3 deletions

diff --git a/lib/rpmvs.c b/lib/rpmvs.c
index a1425ea17..9b2106927 100644
--- a/lib/rpmvs.c
+++ b/lib/rpmvs.c
@@ -193,10 +193,23 @@ static void rpmsinfoInit(const struct vfyinfo_s *vinfo,
     }
 
     if (sinfo->type == RPMSIG_SIGNATURE_TYPE) {
-	if (pgpPrtParams(data, dlen, PGPTAG_SIGNATURE, &sinfo->sig)) {
-	    rasprintf(&sinfo->msg, _("%s tag %u: invalid OpenPGP signature"),
-		    origin, td->tag);
+	char *lints = NULL;
+        int ec = pgpPrtParams2(data, dlen, PGPTAG_SIGNATURE, &sinfo->sig, &lints);
+	if (ec) {
+	    if (lints) {
+		rasprintf(&sinfo->msg,
+			("%s tag %u: invalid OpenPGP signature: %s"),
+			origin, td->tag, lints);
+		free(lints);
+	    } else {
+		rasprintf(&sinfo->msg,
+			_("%s tag %u: invalid OpenPGP signature"),
+			origin, td->tag);
+	    }
 	    goto exit;
+	} else if (lints) {
+	    rpmlog(RPMLOG_WARNING, "%s\n", lints);
+	    free(lints);
 	}
 	sinfo->hashalgo = pgpDigParamsAlgo(sinfo->sig, PGPVAL_HASHALGO);
 	sinfo->keyid = pgpGrab(pgpDigParamsSignID(sinfo->sig)+4, 4);