Merge pull request #571 from csaf-poc/fingerprint-no-breaking

Improve PGP fingerprint handling
2025-12-22 11:55:40 +01:00 · 2024-09-09 11:51:09 +02:00 · 2024-09-09 11:51:09 +02:00 · 464e88b530
commit 464e88b530
parent 108c2f5508 5231b3386b
2 changed files with 5 additions and 5 deletions
--- a/cmd/csaf_checker/processor.go
+++ b/cmd/csaf_checker/processor.go
@ -1447,9 +1447,9 @@ func (p *processor) checkWellknownSecurityDNS(domain string) error {
 }

 // checkPGPKeys checks if the OpenPGP keys are available and valid, fetches
-// the the remotely keys and compares the fingerprints.
-// As a result of these a respective error messages are passed to badPGP method
-// in case of errors. It returns nil if all checks are passed.
+// the remote pubkeys and compares the fingerprints.
+// As a result of these checks respective error messages are passed
+// to badPGP methods. It returns nil if all checks are passed.
 func (p *processor) checkPGPKeys(_ string) error {

 	p.badPGPs.use()
@ -1517,7 +1517,7 @@ func (p *processor) checkPGPKeys(_ string) error {
 		}

 		if !strings.EqualFold(ckey.GetFingerprint(), string(key.Fingerprint)) {
-			p.badPGPs.error("Fingerprint of public OpenPGP key %s does not match remotely loaded.", u)
+			p.badPGPs.error("Given Fingerprint (%q) of public OpenPGP key %q does not match remotely loaded (%q).", string(key.Fingerprint), u, ckey.GetFingerprint())
 			continue
 		}
 		if p.keys == nil {
--- a/cmd/csaf_downloader/downloader.go
+++ b/cmd/csaf_downloader/downloader.go
@ -367,7 +367,7 @@ func (d *downloader) loadOpenPGPKeys(
 		if !strings.EqualFold(ckey.GetFingerprint(), string(key.Fingerprint)) {
 			slog.Warn(
 				"Fingerprint of public OpenPGP key does not match remotely loaded",
-				"url", u)
+				"url", u, "fingerprint", key.Fingerprint, "remote-fingerprint", ckey.GetFingerprint())
 			continue
 		}
 		if d.keys == nil {