Inconsistent output between invalid signature and valid signature outputs

[dustymabe]

In one case I see E08E7E629DB62FB1 and in the other case I see 128CF232A9371991C8A65695E08E7E629DB62FB1. Do these need to be the same or was this change intentional?

[root@cloudhost ~]# rpm-ostree status
State: idle
Deployments:
● fedora-atomic:fedora/rawhide/x86_64/atomic-host
                   Version: Rawhide.20170919.n.0 (2017-09-19 11:16:58)
                    Commit: 793e03681e06e772912e3cb4517397b54bdad7e6b2f34b127d8036bb152bb1ee
              GPGSignature: Invalid signature by E08E7E629DB62FB1
[root@cloudhost ~]# 
[root@cloudhost ~]# 
[root@cloudhost ~]# systemctl restart rpm-ostreed.service
[root@cloudhost ~]# rpm-ostree status
State: idle
Deployments:
● fedora-atomic:fedora/rawhide/x86_64/atomic-host
                   Version: Rawhide.20170919.n.0 (2017-09-19 11:16:58)
                    Commit: 793e03681e06e772912e3cb4517397b54bdad7e6b2f34b127d8036bb152bb1ee
              GPGSignature: Valid signature by 128CF232A9371991C8A65695E08E7E629DB62FB1

[dustymabe]

FYI - I changed the gpgkeypath ostree remote config setting in between running the two status commands.

[jlebon]

This is probably an ostree issue. Will check.

[jlebon]

Hmm, so I think that's just a consequence of how commits are signed and verified. The commit signature only includes the short id of the signing fingerprint. If the public key is not provided, then ostree (really, GPGme) can only provide the short id from the signature. OTOH, if the key is given, we can use its full fingerprint.

I'll let @cgwalters confirm this in case I'm missing something.

[puiterwijk]

So, I would also be interested why rpm-ostree status (Without -v) gives the key ID/fingerprint by default, rather then the UID (GPGSignature: Valid signature by Fedora 27 <fedora-27@fedoraproject.org> probably says more to users than a key ID/fingerprint).