From: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon, 11 Mar 2019 17:33:16 +0000 (+0000)
Subject: libpakfire: Add more debugging to archive verification
X-Git-Tag: 0.9.28~1285^2~1077
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=98394ca419c357041f7336c2cc642d03aefeedce;p=pakfire.git

libpakfire: Add more debugging to archive verification

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/libpakfire/archive.c b/src/libpakfire/archive.c
index 405cd1969..08ce25f34 100644
--- a/src/libpakfire/archive.c
+++ b/src/libpakfire/archive.c
@@ -830,30 +830,38 @@ PAKFIRE_EXPORT PakfireArchiveSignature* pakfire_archive_get_signatures(PakfireAr
 }
 
 static pakfire_archive_verify_status_t pakfire_archive_verify_checksums(PakfireArchive archive) {
+	DEBUG(archive->pakfire, "Verifying checksums of %p\n", archive);
+
 	pakfire_archive_verify_status_t status = PAKFIRE_ARCHIVE_VERIFY_INVALID;
 
 	// Cannot validate anything if no signatures are available
 	PakfireArchiveSignature* signatures = pakfire_archive_get_signatures(archive);
 	if (!signatures) {
-		DEBUG(archive->pakfire, "Archive %p does not have any signatures\n", archive);
+		ERROR(archive->pakfire, "Archive %p does not have any signatures\n", archive);
 		return PAKFIRE_ARCHIVE_VERIFY_OK;
 	}
 
-	char* data = NULL;
+	const char* data = NULL;
 	size_t size = 0;
 	gpgme_error_t error;
 
 	// Load the checksums file
 	int r = pakfire_archive_read(archive, PAKFIRE_ARCHIVE_FN_CHECKSUMS,
 		(void *)&data, &size, 0);
-	if (r)
+	if (r) {
+		ERROR(archive->pakfire, "Could not read %s from archive %p\n",
+			PAKFIRE_ARCHIVE_FN_CHECKSUMS, archive);
 		return status;
+	}
 
 	// Convert into gpgme data object
 	gpgme_data_t signed_text;
 	error = gpgme_data_new_from_mem(&signed_text, data, size, 0);
-	if (error != GPG_ERR_NO_ERROR)
+	if (error != GPG_ERR_NO_ERROR) {
+		ERROR(archive->pakfire, "Could not load signed text: %s\n%s\n",
+			gpgme_strerror(status), data);
 		return -1;
+	}
 
 	// Get GPG context
 	gpgme_ctx_t gpgctx = pakfire_get_gpgctx(archive->pakfire);
@@ -864,8 +872,12 @@ static pakfire_archive_verify_status_t pakfire_archive_verify_checksums(PakfireA
 
 		gpgme_data_t sigdata;
 		error = gpgme_data_new_from_mem(&sigdata, signature->sigdata, strlen(signature->sigdata), 0);
-		if (error != GPG_ERR_NO_ERROR)
+		if (error != GPG_ERR_NO_ERROR) {
+			ERROR(archive->pakfire, "Could not load signature:\n%s\n", signature->sigdata);
 			continue;
+		}
+
+		DEBUG(archive->pakfire, "Validating signature %p\n", signature);
 
 		// Perform verification
 		error = gpgme_op_verify(gpgctx, sigdata, signed_text, NULL);
@@ -1005,6 +1017,8 @@ FAIL:
 }
 
 PAKFIRE_EXPORT pakfire_archive_verify_status_t pakfire_archive_verify(PakfireArchive archive) {
+	DEBUG(archive->pakfire, "Verifying archive %p\n", archive);
+
 	// Verify that checksums file is signed with a valid key
 	pakfire_archive_verify_status_t status = pakfire_archive_verify_checksums(archive);
 	if (status)