diff options
| author | Justus Winter <justus@sequoia-pgp.org> | 2021-03-02 17:13:44 +0100 |
|---|---|---|
| committer | Justus Winter <justus@sequoia-pgp.org> | 2021-03-02 17:13:44 +0100 |
| commit | acf93a3fb512f350a870fff97ab9bcc42b8072a2 (patch) | |
| tree | b8eff178e6cb2eaae07b21d4d39c785af8d12f6a | |
| parent | 3ec712cfac2edff0928b182d3f3cf910f82afe0e (diff) | |
sq: Improve reporting of verification errors.
- We now explain the errors like sequoia-sop:
% sq verify --detached msg.sig --signer-cert ... < msg
Error verifying checksum from 39D100AB67D5BD8C04010205FB3751F1587DAEF1:
Policy rejected non-revocation signature (Binary) requiring collision resistance
because: MD5 is not considered secure since 1997-02-01T00:00:00Z
1 bad checksum.
Error: Verification failed
- Fixes #676.
| -rw-r--r-- | sq/src/commands/mod.rs | 19 | ||||
| -rw-r--r-- | sq/src/sq.rs | 6 |
2 files changed, 18 insertions, 7 deletions
diff --git a/sq/src/commands/mod.rs b/sq/src/commands/mod.rs index fd158ced..3a9630ed 100644 --- a/sq/src/commands/mod.rs +++ b/sq/src/commands/mod.rs @@ -264,13 +264,15 @@ impl<'a> VHelper<'a> { } fn print_sigs(&mut self, results: &[VerificationResult]) { + use crate::print_error_chain; use self::VerificationError::*; for result in results { let (issuer, level) = match result { Ok(GoodChecksum { sig, ka, .. }) => (ka.key().keyid(), sig.level()), Err(MalformedSignature { error, .. }) => { - eprintln!("Malformed signature: {}", error); + eprintln!("Malformed signature:"); + print_error_chain(error); self.broken_signatures += 1; continue; }, @@ -287,14 +289,16 @@ impl<'a> VHelper<'a> { continue; }, Err(UnboundKey { cert, error, .. }) => { - eprintln!("Signing key on {} is not bound: {}", - cert.fingerprint(), error); + eprintln!("Signing key on {} is not bound:", + cert.fingerprint()); + print_error_chain(error); self.bad_checksums += 1; continue; }, Err(BadKey { ka, error, .. }) => { - eprintln!("Signing key on {} is bad: {}", - ka.cert().fingerprint(), error); + eprintln!("Signing key on {} is bad:", + ka.cert().fingerprint()); + print_error_chain(error); self.bad_checksums += 1; continue; }, @@ -304,8 +308,9 @@ impl<'a> VHelper<'a> { 0 => "checksum".into(), n => format!("level {} notarizing checksum", n), }; - eprintln!("Error verifying {} from {}: {}", - what, issuer, error); + eprintln!("Error verifying {} from {}:", + what, issuer); + print_error_chain(error); self.bad_checksums += 1; continue; } diff --git a/sq/src/sq.rs b/sq/src/sq.rs index e2bdc42c..2fef196f 100644 --- a/sq/src/sq.rs +++ b/sq/src/sq.rs @@ -762,3 +762,9 @@ fn test_parse_iso8601() { parse_iso8601("2017031", z).unwrap(); // parse_iso8601("2017", z).unwrap(); // ditto } + +/// Prints the error and causes, if any. +pub fn print_error_chain(err: &anyhow::Error) { + eprintln!(" {}", err); + err.chain().skip(1).for_each(|cause| eprintln!(" because: {}", cause)); +} |