diff --git a/isoimagewriter/isoverifier.cpp b/isoimagewriter/isoverifier.cpp --- a/isoimagewriter/isoverifier.cpp +++ b/isoimagewriter/isoverifier.cpp @@ -153,18 +153,34 @@ GpgME::VerificationResult result = job->exec(signatureData, isoData.data()); GpgME::Signature signature = result.signature(0); - if (signature.summary() == GpgME::Signature::None - && signature.fingerprint() == keyFingerprint) { - m_isIsoValid = true; - } else if (signature.summary() & GpgME::Signature::Valid) { - m_isIsoValid = true; - } else if (signature.summary() & GpgME::Signature::KeyRevoked) { - m_error = i18n("Key is revoked."); - } else { - m_error = i18n("Uses wrong signature."); - } + for (const auto &signature: result.signatures()) { + qDebug() << "signature summary" << signature.summary() << "status err code" << signature.status() << signature.status().asString() + << "validity" << signature.validity() << "fingerprint" << signature.fingerprint(); - emit finished(m_isIsoValid, m_error); + if (signature.summary() == GpgME::Signature::None && signature.summary() == GpgME::Signature::None) { + m_isIsoValid = true; + } + else if (signature.summary() & GpgME::Signature::Valid) { + + m_isIsoValid = true; + + } else if (signature.summary() & GpgME::Signature::KeyRevoked) { + m_error = i18n("Key is revoked."); + } else { + switch (signature.validity()) { + case GpgME::Signature::Full: + case GpgME::Signature::Ultimate: + case GpgME::Signature::Never: + m_error = i18n("Uses wrong signature."); + break; + case GpgME::Signature::Unknown: + case GpgME::Signature::Undefined: + + m_isIsoValid = true; + } + } + } + emit finished(m_isIsoValid, m_error); } void IsoVerifier::verifyWithSha256SumsFile(const QString &keyFingerprint)