From 72b7af4f2db04b1492fd95f19c704328e46d4a57 Mon Sep 17 00:00:00 2001
From: Bruce Leidl <bruce@subgraph.com>
Date: Thu, 17 Jan 2019 09:04:35 -0500
Subject: [PATCH] Separate errors for no public key and signature verify
 failure

---
 libcitadel/src/resource.rs | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/libcitadel/src/resource.rs b/libcitadel/src/resource.rs
index 6e89907..9467ed1 100644
--- a/libcitadel/src/resource.rs
+++ b/libcitadel/src/resource.rs
@@ -196,8 +196,14 @@ impl ResourceImage {
 
     pub fn setup_verity_device(&self) -> Result<PathBuf> {
         if !CommandLine::nosignatures() {
-            self.header.verify_signature()?;
-            info!("Image signature is valid for channel {}", self.metainfo.channel());
+            match self.header.public_key()? {
+                Some(pubkey) => {
+                    if !self.header.verify_signature(pubkey) {
+                        bail!("Header signature verification failed");
+                    }
+                }
+                None => bail!("Cannot verify header signature because no public key for channel {} is available", self.metainfo.channel())
+            }
         }
         info!("Setting up dm-verity device for image");
         if !self.has_verity_hashtree() {