diff --git a/isoimagewriter/verifyiso.cpp b/isoimagewriter/verifyiso.cpp index 61d68bb..dd60a06 100644 --- a/isoimagewriter/verifyiso.cpp +++ b/isoimagewriter/verifyiso.cpp @@ -1,109 +1,109 @@ /* * - * Copyright (C) 2017 Jonathan Riddell + * Copyright 2017 Jonathan Riddell * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . * */ #include #include #include #include #include #include "verifyiso.h" #include #include #include #include #include VerifyISO::VerifyISO(QString filename): m_filename(filename) { } bool VerifyISO::verifyFileExists() { if (!QFile::exists(getFilename())) { m_error = i18n("ISO File %1 does not exist", getFilename()); return false; } return true; } bool VerifyISO::verifySignatureFileExists(QString filename) { qDebug() << "verifySignatureFileExists" << filename; QFileInfo fileInfo(filename); QString sigFileName = fileInfo.fileName(); qDebug() << "verifySignatureFileExists sigFileName" << sigFileName; if (!QFile::exists(filename)) { m_error = i18n("Could not find %1, please download PGP signature file to same directory.", sigFileName); return false; } return true; } bool VerifyISO::verifyFileMatches(QString startsWith) { QFileInfo fileInfo(getFilename()); QString fileName = fileInfo.fileName(); if (!fileName.startsWith(startsWith)) { m_error = i18n("Filename does not match %1 ISO files", m_humanReadableDistroName); return false; } return true; } bool VerifyISO::importSigningKey(QString keyFilename) { QString signingKeyFile = QStandardPaths::locate(QStandardPaths::AppDataLocation, keyFilename); if (signingKeyFile.isEmpty()) { qDebug() << "error can't find signing key" << signingKeyFile; return false; } QFile signingKey(signingKeyFile); if (!signingKey.open(QIODevice::ReadOnly)) { qDebug() << "error" << signingKey.errorString(); return false; } QByteArray signingKeyData = signingKey.readAll(); QGpgME::ImportJob *importJob = QGpgME::openpgp()->importJob(); GpgME::ImportResult importResult = importJob->exec(signingKeyData); qDebug() << "numConsidered " << importResult.numConsidered(); qDebug() << "numImported " << importResult.numImported(); qDebug() << "numUnchanged " << importResult.numUnchanged(); if (!(importResult.numConsidered() == 1 && (importResult.numImported() == 1 || importResult.numUnchanged() == 1))) { qDebug() << "Could not import gpg signature"; return false; } return true; } QString VerifyISO::getFilename() const { return m_filename; } QString VerifyISO::getError() const { return m_error; } void VerifyISO::setFilename(const QString& filename) { if (m_filename == filename) { return; } m_filename = filename; } diff --git a/isoimagewriter/verifyneoniso.cpp b/isoimagewriter/verifyneoniso.cpp index cda487c..d7e2de0 100644 --- a/isoimagewriter/verifyneoniso.cpp +++ b/isoimagewriter/verifyneoniso.cpp @@ -1,85 +1,85 @@ /* * * Copyright (C) 2017 Jonathan Riddell * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . * */ #include #include #include #include #include #include #include #include #include #include "verifyneoniso.h" VerifyNeonISO::VerifyNeonISO(QString filename) : VerifyISO(filename) { m_humanReadableDistroName = "KDE neon"; } bool VerifyNeonISO::canVerify() { if (!verifyFileMatches("neon-")) { return false; } if (!importSigningKey("neon-signing-key.gpg")) { return false; } return true; } bool VerifyNeonISO::isValid() { if (!verifyFileExists()) { return false; } if (!verifySignatureFileExists(m_filename+".sig")) { return false; } QFile signatureFile(m_filename + ".sig"); if (!signatureFile.open(QIODevice::ReadOnly)) { qDebug() << "error",signatureFile.errorString(); } QByteArray signatureData = signatureFile.readAll(); QFile isoFile(m_filename); if (!isoFile.open(QIODevice::ReadOnly)) { qDebug() << "error",isoFile.errorString(); } - QByteArray isoData = signatureFile.readAll(); + QByteArray isoData = isoFile.readAll(); QGpgME::VerifyDetachedJob *job = QGpgME::openpgp()->verifyDetachedJob(); GpgME::VerificationResult result = job->exec(signatureData, isoData); qDebug() << "numSignatures " << result.numSignatures(); qDebug() << "filename " << result.fileName(); GpgME::Signature signature = result.signature(0); qDebug() << "fingerprint " << signature.fingerprint(); - if (strcmp(signature.fingerprint(), "DEACEA00075E1D76") == 0) { + if (strcmp(signature.fingerprint(), "348C8651206633FD983A8FC4DEACEA00075E1D76") == 0) { qDebug() << "Uses right signature!"; } else { qDebug() << "Uses wrong signature!!"; m_error = i18n("Uses wrong signature."); return false; } if (signature.summary() & GpgME::Signature::KeyRevoked) { qDebug() << "Key is revoked" << signature.summary(); m_error = i18n("Key is revoked."); return false; } return true; }