From 21bee9eb56e1507825f57ea457cb0fb2f5d53125 Mon Sep 17 00:00:00 2001 From: Patrick Zheng Date: Fri, 25 Aug 2023 15:25:46 +0800 Subject: [PATCH 01/13] initial commits Signed-off-by: Patrick Zheng --- cmd/notation/verify.go | 18 +++++++++++++----- go.mod | 2 ++ go.sum | 4 ++-- 3 files changed, 17 insertions(+), 7 deletions(-) diff --git a/cmd/notation/verify.go b/cmd/notation/verify.go index cfad73159..56c9ca890 100644 --- a/cmd/notation/verify.go +++ b/cmd/notation/verify.go @@ -22,6 +22,7 @@ import ( "github.com/notaryproject/notation-go" "github.com/notaryproject/notation-go/verifier" "github.com/notaryproject/notation-go/verifier/trustpolicy" + "github.com/notaryproject/notation-go/verifier/truststore" "github.com/notaryproject/notation/cmd/notation/internal/experimental" "github.com/notaryproject/notation/internal/cmd" "github.com/notaryproject/notation/internal/ioutil" @@ -155,13 +156,20 @@ func runVerify(command *cobra.Command, opts *verifyOpts) error { func checkVerificationFailure(outcomes []*notation.VerificationOutcome, printOut string, err error) error { // write out on failure - if err != nil || len(outcomes) == 0 { - if err != nil { - var errorVerificationFailed notation.ErrorVerificationFailed - if !errors.As(err, &errorVerificationFailed) { - return fmt.Errorf("signature verification failed: %w", err) + if err != nil { + for _, outcome := range outcomes { + fmt.Printf("Failed to verify signature with digest %v,\n", outcome.SignatureManifestDescriptor.Digest) + var errorNonExistence truststore.ErrorNonExistence + if errors.As(outcome.Error, &errorNonExistence) { + fmt.Printf("%s. Use command 'notation cert add' to create and add trusted certificates to the trust store.\n", errorNonExistence) + } else { + fmt.Println(outcome.Error) } } + var errorVerificationFailed notation.ErrorVerificationFailed + if !errors.As(err, &errorVerificationFailed) { + return fmt.Errorf("signature verification failed: %w", err) + } return fmt.Errorf("signature verification failed for all the signatures associated with %s", printOut) } return nil diff --git a/go.mod b/go.mod index 65c98bfa4..773705a9c 100644 --- a/go.mod +++ b/go.mod @@ -29,3 +29,5 @@ require ( golang.org/x/sync v0.3.0 // indirect golang.org/x/sys v0.11.0 // indirect ) + +replace github.com/notaryproject/notation-go => github.com/Two-Hearts/notation-go v0.0.0-20230825065312-48e71bc7361c diff --git a/go.sum b/go.sum index 3b3a650cf..a2c440f28 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,7 @@ github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8= github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU= +github.com/Two-Hearts/notation-go v0.0.0-20230825065312-48e71bc7361c h1:3ciLIDf2bmFZShEyJ4S1y8VKBh0emMr1Wj39XvXieIw= +github.com/Two-Hearts/notation-go v0.0.0-20230825065312-48e71bc7361c/go.mod h1:NpfUnDt94vLSCJ8fAWplgTbf3fmq3JLSEnjDFl7j16U= github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74 h1:Kk6a4nehpJ3UuJRqlA3JxYxBZEqCeOmATOvrbT4p9RA= github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4= github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= @@ -18,8 +20,6 @@ github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/notaryproject/notation-core-go v1.0.0 h1:FgOAihtFW4XU9JYyTzItg1xW3OaN4eCasw5Bp00Ydu4= github.com/notaryproject/notation-core-go v1.0.0/go.mod h1:eoHFJ2e6b31GZO9hckCms5kfXvHLTySvJ1QwRLB9ZCk= -github.com/notaryproject/notation-go v1.0.0 h1:pH+0NVmZu1IhE8zUhK9Oxna3OlHNdy+crNntnuCiThs= -github.com/notaryproject/notation-go v1.0.0/go.mod h1:NpfUnDt94vLSCJ8fAWplgTbf3fmq3JLSEnjDFl7j16U= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.0-rc4 h1:oOxKUJWnFC4YGHCCMNql1x4YaDfYBTS5Y4x/Cgeo1E0= From 5243d1d2dc84865d5e86bd6f0fb32a11b9de5b0a Mon Sep 17 00:00:00 2001 From: Patrick Zheng Date: Fri, 25 Aug 2023 15:35:21 +0800 Subject: [PATCH 02/13] e2e test Signed-off-by: Patrick Zheng --- test/e2e/suite/trustpolicy/trust_store.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/test/e2e/suite/trustpolicy/trust_store.go b/test/e2e/suite/trustpolicy/trust_store.go index b918d489e..93efd2897 100644 --- a/test/e2e/suite/trustpolicy/trust_store.go +++ b/test/e2e/suite/trustpolicy/trust_store.go @@ -41,8 +41,7 @@ var _ = Describe("notation trust policy trust store test", func() { artifact := GenerateArtifact("e2e-valid-signature", "") notation.ExpectFailure().Exec("verify", "--allow-referrers-api", artifact.ReferenceWithDigest(), "-v"). - MatchErrKeyWords("authenticity validation failed", - "truststore/x509/ca/invalid_store\\\" does not exist", + MatchErrKeyWords("the trust store \"invalid_store\" of type \"ca\" doesn't exist", VerifyFailed) }) }) From ae3703ffe5698f75b856f56133198b981e7691a2 Mon Sep 17 00:00:00 2001 From: Patrick Zheng Date: Fri, 25 Aug 2023 15:43:50 +0800 Subject: [PATCH 03/13] fix Signed-off-by: Patrick Zheng --- cmd/notation/verify.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cmd/notation/verify.go b/cmd/notation/verify.go index 56c9ca890..380049b08 100644 --- a/cmd/notation/verify.go +++ b/cmd/notation/verify.go @@ -158,12 +158,12 @@ func checkVerificationFailure(outcomes []*notation.VerificationOutcome, printOut // write out on failure if err != nil { for _, outcome := range outcomes { - fmt.Printf("Failed to verify signature with digest %v,\n", outcome.SignatureManifestDescriptor.Digest) + fmt.Fprintf(os.Stderr, "Failed to verify signature with digest %v,\n", outcome.SignatureManifestDescriptor.Digest) var errorNonExistence truststore.ErrorNonExistence if errors.As(outcome.Error, &errorNonExistence) { - fmt.Printf("%s. Use command 'notation cert add' to create and add trusted certificates to the trust store.\n", errorNonExistence) + fmt.Fprintf(os.Stderr, "%s. Use command 'notation cert add' to create and add trusted certificates to the trust store.\n", errorNonExistence) } else { - fmt.Println(outcome.Error) + fmt.Fprintln(os.Stderr, outcome.Error) } } var errorVerificationFailed notation.ErrorVerificationFailed From e3ef191a3e222f94a5d75d6cc2516e8e8cb8abc9 Mon Sep 17 00:00:00 2001 From: Patrick Zheng Date: Mon, 28 Aug 2023 17:07:30 +0800 Subject: [PATCH 04/13] initial commits Signed-off-by: Patrick Zheng --- cmd/notation/verify.go | 2 +- go.mod | 4 ++-- go.sum | 8 ++++---- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/cmd/notation/verify.go b/cmd/notation/verify.go index 380049b08..38c2bbbac 100644 --- a/cmd/notation/verify.go +++ b/cmd/notation/verify.go @@ -158,7 +158,7 @@ func checkVerificationFailure(outcomes []*notation.VerificationOutcome, printOut // write out on failure if err != nil { for _, outcome := range outcomes { - fmt.Fprintf(os.Stderr, "Failed to verify signature with digest %v,\n", outcome.SignatureManifestDescriptor.Digest) + fmt.Fprintf(os.Stderr, "Error: Failed to verify signature with digest %v,\n", outcome.SignatureManifestDescriptor.Digest) var errorNonExistence truststore.ErrorNonExistence if errors.As(outcome.Error, &errorNonExistence) { fmt.Fprintf(os.Stderr, "%s. Use command 'notation cert add' to create and add trusted certificates to the trust store.\n", errorNonExistence) diff --git a/go.mod b/go.mod index 773705a9c..92318601f 100644 --- a/go.mod +++ b/go.mod @@ -24,10 +24,10 @@ require ( github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/veraison/go-cose v1.1.0 // indirect github.com/x448/float16 v0.8.4 // indirect - golang.org/x/crypto v0.11.0 // indirect + golang.org/x/crypto v0.12.0 // indirect golang.org/x/mod v0.12.0 // indirect golang.org/x/sync v0.3.0 // indirect golang.org/x/sys v0.11.0 // indirect ) -replace github.com/notaryproject/notation-go => github.com/Two-Hearts/notation-go v0.0.0-20230825065312-48e71bc7361c +replace github.com/notaryproject/notation-go => github.com/Two-Hearts/notation-go v0.0.0-20230828085804-7ff8f2bc3d6f diff --git a/go.sum b/go.sum index a2c440f28..b826df5ed 100644 --- a/go.sum +++ b/go.sum @@ -1,7 +1,7 @@ github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8= github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU= -github.com/Two-Hearts/notation-go v0.0.0-20230825065312-48e71bc7361c h1:3ciLIDf2bmFZShEyJ4S1y8VKBh0emMr1Wj39XvXieIw= -github.com/Two-Hearts/notation-go v0.0.0-20230825065312-48e71bc7361c/go.mod h1:NpfUnDt94vLSCJ8fAWplgTbf3fmq3JLSEnjDFl7j16U= +github.com/Two-Hearts/notation-go v0.0.0-20230828085804-7ff8f2bc3d6f h1:U8YxN+rzz+gMxe/DEn0VFJHjHFxvd9f3PF0fawUzbbk= +github.com/Two-Hearts/notation-go v0.0.0-20230828085804-7ff8f2bc3d6f/go.mod h1:nk9Wa8cwIkpajw3J+2axNzk/bOuIGa446gTyjjbalWs= github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74 h1:Kk6a4nehpJ3UuJRqlA3JxYxBZEqCeOmATOvrbT4p9RA= github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4= github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= @@ -49,8 +49,8 @@ github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5t golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= -golang.org/x/crypto v0.11.0 h1:6Ewdq3tDic1mg5xRO4milcWCfMVQhI4NkqWWvqejpuA= -golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio= +golang.org/x/crypto v0.12.0 h1:tFM/ta59kqch6LlvYnPa0yx5a83cL2nHflFhYKvv9Yk= +golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc= From 76d4c622c68e78e77b8e9f489a09b7f7272523c9 Mon Sep 17 00:00:00 2001 From: Patrick Zheng Date: Tue, 29 Aug 2023 09:48:21 +0800 Subject: [PATCH 05/13] go mod tidy Signed-off-by: Patrick Zheng --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 92318601f..c5f6f0529 100644 --- a/go.mod +++ b/go.mod @@ -30,4 +30,4 @@ require ( golang.org/x/sys v0.11.0 // indirect ) -replace github.com/notaryproject/notation-go => github.com/Two-Hearts/notation-go v0.0.0-20230828085804-7ff8f2bc3d6f +replace github.com/notaryproject/notation-go => github.com/Two-Hearts/notation-go v0.0.0-20230829013913-fcd8ca6c4475 diff --git a/go.sum b/go.sum index b826df5ed..0445b7469 100644 --- a/go.sum +++ b/go.sum @@ -1,7 +1,7 @@ github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8= github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU= -github.com/Two-Hearts/notation-go v0.0.0-20230828085804-7ff8f2bc3d6f h1:U8YxN+rzz+gMxe/DEn0VFJHjHFxvd9f3PF0fawUzbbk= -github.com/Two-Hearts/notation-go v0.0.0-20230828085804-7ff8f2bc3d6f/go.mod h1:nk9Wa8cwIkpajw3J+2axNzk/bOuIGa446gTyjjbalWs= +github.com/Two-Hearts/notation-go v0.0.0-20230829013913-fcd8ca6c4475 h1:U4v/Olg4RhrsmkVXuQt7ecvrvE7saactrvA86ahHaFs= +github.com/Two-Hearts/notation-go v0.0.0-20230829013913-fcd8ca6c4475/go.mod h1:nk9Wa8cwIkpajw3J+2axNzk/bOuIGa446gTyjjbalWs= github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74 h1:Kk6a4nehpJ3UuJRqlA3JxYxBZEqCeOmATOvrbT4p9RA= github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4= github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= From d818c0a92db0cde356eba9fee5a4db8a06bbcf15 Mon Sep 17 00:00:00 2001 From: Patrick Zheng Date: Tue, 29 Aug 2023 10:15:57 +0800 Subject: [PATCH 06/13] updated error message Signed-off-by: Patrick Zheng --- cmd/notation/verify.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/notation/verify.go b/cmd/notation/verify.go index 38c2bbbac..a1cbd3e3f 100644 --- a/cmd/notation/verify.go +++ b/cmd/notation/verify.go @@ -158,7 +158,7 @@ func checkVerificationFailure(outcomes []*notation.VerificationOutcome, printOut // write out on failure if err != nil { for _, outcome := range outcomes { - fmt.Fprintf(os.Stderr, "Error: Failed to verify signature with digest %v,\n", outcome.SignatureManifestDescriptor.Digest) + fmt.Fprintf(os.Stderr, "Error: Failed to verify signature with digest %v, ", outcome.SignatureManifestDescriptor.Digest) var errorNonExistence truststore.ErrorNonExistence if errors.As(outcome.Error, &errorNonExistence) { fmt.Fprintf(os.Stderr, "%s. Use command 'notation cert add' to create and add trusted certificates to the trust store.\n", errorNonExistence) From 920747bc13e0eda3227056713bee5e2011ce8e6f Mon Sep 17 00:00:00 2001 From: Patrick Zheng Date: Wed, 30 Aug 2023 13:01:31 +0800 Subject: [PATCH 07/13] updated notation-go Signed-off-by: Patrick Zheng --- cmd/notation/verify.go | 12 +++++++----- go.mod | 2 +- go.sum | 4 ++-- 3 files changed, 10 insertions(+), 8 deletions(-) diff --git a/cmd/notation/verify.go b/cmd/notation/verify.go index a1cbd3e3f..29aa9efae 100644 --- a/cmd/notation/verify.go +++ b/cmd/notation/verify.go @@ -16,6 +16,7 @@ package main import ( "errors" "fmt" + "io/fs" "os" "reflect" @@ -158,12 +159,13 @@ func checkVerificationFailure(outcomes []*notation.VerificationOutcome, printOut // write out on failure if err != nil { for _, outcome := range outcomes { - fmt.Fprintf(os.Stderr, "Error: Failed to verify signature with digest %v, ", outcome.SignatureManifestDescriptor.Digest) - var errorNonExistence truststore.ErrorNonExistence - if errors.As(outcome.Error, &errorNonExistence) { - fmt.Fprintf(os.Stderr, "%s. Use command 'notation cert add' to create and add trusted certificates to the trust store.\n", errorNonExistence) + var errTrustStore truststore.ErrorTrustStore + var errCertificate truststore.ErrorCertificate + if (errors.As(outcome.Error, &errTrustStore) && errors.Is(errTrustStore, fs.ErrNotExist)) || + (errors.As(outcome.Error, &errCertificate) && errors.Is(errCertificate, fs.ErrNotExist)) { + fmt.Fprintf(os.Stderr, "Error: %v. Use command 'notation cert add' to create and add trusted certificates to the trust store.\n", outcome.Error) } else { - fmt.Fprintln(os.Stderr, outcome.Error) + fmt.Fprintf(os.Stderr, "Error: %v\n", outcome.Error) } } var errorVerificationFailed notation.ErrorVerificationFailed diff --git a/go.mod b/go.mod index c5f6f0529..365790a6f 100644 --- a/go.mod +++ b/go.mod @@ -30,4 +30,4 @@ require ( golang.org/x/sys v0.11.0 // indirect ) -replace github.com/notaryproject/notation-go => github.com/Two-Hearts/notation-go v0.0.0-20230829013913-fcd8ca6c4475 +replace github.com/notaryproject/notation-go => github.com/Two-Hearts/notation-go v0.0.0-20230830040707-06b9ea427f0e diff --git a/go.sum b/go.sum index 0445b7469..9f3092aed 100644 --- a/go.sum +++ b/go.sum @@ -1,7 +1,7 @@ github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8= github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU= -github.com/Two-Hearts/notation-go v0.0.0-20230829013913-fcd8ca6c4475 h1:U4v/Olg4RhrsmkVXuQt7ecvrvE7saactrvA86ahHaFs= -github.com/Two-Hearts/notation-go v0.0.0-20230829013913-fcd8ca6c4475/go.mod h1:nk9Wa8cwIkpajw3J+2axNzk/bOuIGa446gTyjjbalWs= +github.com/Two-Hearts/notation-go v0.0.0-20230830040707-06b9ea427f0e h1:CS85l8f1kPkq5uwfFLtLl9kLK16RfoeepSR2jnZqA3U= +github.com/Two-Hearts/notation-go v0.0.0-20230830040707-06b9ea427f0e/go.mod h1:nk9Wa8cwIkpajw3J+2axNzk/bOuIGa446gTyjjbalWs= github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74 h1:Kk6a4nehpJ3UuJRqlA3JxYxBZEqCeOmATOvrbT4p9RA= github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4= github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= From 04a1525ccafebfce70acbbed38cfad456d75cd22 Mon Sep 17 00:00:00 2001 From: Patrick Zheng Date: Thu, 14 Sep 2023 14:58:33 +0800 Subject: [PATCH 08/13] updated based on notation-go Signed-off-by: Patrick Zheng --- cmd/notation/verify.go | 24 ++++++++++++++++-------- go.mod | 2 +- go.sum | 4 ++-- 3 files changed, 19 insertions(+), 11 deletions(-) diff --git a/cmd/notation/verify.go b/cmd/notation/verify.go index 29aa9efae..58969c9bc 100644 --- a/cmd/notation/verify.go +++ b/cmd/notation/verify.go @@ -158,16 +158,24 @@ func runVerify(command *cobra.Command, opts *verifyOpts) error { func checkVerificationFailure(outcomes []*notation.VerificationOutcome, printOut string, err error) error { // write out on failure if err != nil { - for _, outcome := range outcomes { - var errTrustStore truststore.ErrorTrustStore - var errCertificate truststore.ErrorCertificate - if (errors.As(outcome.Error, &errTrustStore) && errors.Is(errTrustStore, fs.ErrNotExist)) || - (errors.As(outcome.Error, &errCertificate) && errors.Is(errCertificate, fs.ErrNotExist)) { - fmt.Fprintf(os.Stderr, "Error: %v. Use command 'notation cert add' to create and add trusted certificates to the trust store.\n", outcome.Error) - } else { - fmt.Fprintf(os.Stderr, "Error: %v\n", outcome.Error) + // reference: https://pkg.go.dev/errors#Join + if joinedError, ok := err.(interface{ Unwrap() []error }); ok { + errArray := joinedError.Unwrap() + // if err is a joined error, then there are at least 2 errors in the + // array, always starting with a general error message followed by + // indivisual notation.VerificationOutcome errors. + for _, outcomeError := range errArray[1:] { + var errTrustStore truststore.ErrorTrustStore + var errCertificate truststore.ErrorCertificate + if (errors.As(outcomeError, &errTrustStore) && errors.Is(errTrustStore, fs.ErrNotExist)) || + (errors.As(outcomeError, &errCertificate) && errors.Is(errCertificate, fs.ErrNotExist)) { + fmt.Fprintf(os.Stderr, "Error: %v. Use command 'notation cert add' to create and add trusted certificates to the trust store.\n", outcomeError) + } else { + fmt.Fprintf(os.Stderr, "Error: %v\n", outcomeError) + } } } + var errorVerificationFailed notation.ErrorVerificationFailed if !errors.As(err, &errorVerificationFailed) { return fmt.Errorf("signature verification failed: %w", err) diff --git a/go.mod b/go.mod index 365790a6f..14fa3605f 100644 --- a/go.mod +++ b/go.mod @@ -30,4 +30,4 @@ require ( golang.org/x/sys v0.11.0 // indirect ) -replace github.com/notaryproject/notation-go => github.com/Two-Hearts/notation-go v0.0.0-20230830040707-06b9ea427f0e +replace github.com/notaryproject/notation-go => github.com/Two-Hearts/notation-go v0.0.0-20230914064925-33af9c76fdc9 diff --git a/go.sum b/go.sum index 9f3092aed..51a21de6d 100644 --- a/go.sum +++ b/go.sum @@ -1,7 +1,7 @@ github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8= github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU= -github.com/Two-Hearts/notation-go v0.0.0-20230830040707-06b9ea427f0e h1:CS85l8f1kPkq5uwfFLtLl9kLK16RfoeepSR2jnZqA3U= -github.com/Two-Hearts/notation-go v0.0.0-20230830040707-06b9ea427f0e/go.mod h1:nk9Wa8cwIkpajw3J+2axNzk/bOuIGa446gTyjjbalWs= +github.com/Two-Hearts/notation-go v0.0.0-20230914064925-33af9c76fdc9 h1:19UPfblLCIl7z240rY+jHeJ9BkYCN2M/uT+VcJm/MCs= +github.com/Two-Hearts/notation-go v0.0.0-20230914064925-33af9c76fdc9/go.mod h1:nk9Wa8cwIkpajw3J+2axNzk/bOuIGa446gTyjjbalWs= github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74 h1:Kk6a4nehpJ3UuJRqlA3JxYxBZEqCeOmATOvrbT4p9RA= github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4= github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= From 4747695f8cee63bf568f5f730815fc64b9363ab4 Mon Sep 17 00:00:00 2001 From: Patrick Zheng Date: Mon, 18 Sep 2023 13:44:20 +0800 Subject: [PATCH 09/13] updated notation-go Signed-off-by: Patrick Zheng --- cmd/notation/verify.go | 10 +++++----- go.mod | 10 +++++----- go.sum | 20 ++++++++++---------- 3 files changed, 20 insertions(+), 20 deletions(-) diff --git a/cmd/notation/verify.go b/cmd/notation/verify.go index 58969c9bc..bc34b02e4 100644 --- a/cmd/notation/verify.go +++ b/cmd/notation/verify.go @@ -161,12 +161,12 @@ func checkVerificationFailure(outcomes []*notation.VerificationOutcome, printOut // reference: https://pkg.go.dev/errors#Join if joinedError, ok := err.(interface{ Unwrap() []error }); ok { errArray := joinedError.Unwrap() - // if err is a joined error, then there are at least 2 errors in the - // array, always starting with a general error message followed by - // indivisual notation.VerificationOutcome errors. + // if err is a joined error, then it always starts with a general + // error message followed by indivisual notation.VerificationOutcome + // errors. for _, outcomeError := range errArray[1:] { - var errTrustStore truststore.ErrorTrustStore - var errCertificate truststore.ErrorCertificate + var errTrustStore truststore.TrustStoreError + var errCertificate truststore.CertificateError if (errors.As(outcomeError, &errTrustStore) && errors.Is(errTrustStore, fs.ErrNotExist)) || (errors.As(outcomeError, &errCertificate) && errors.Is(errCertificate, fs.ErrNotExist)) { fmt.Fprintf(os.Stderr, "Error: %v. Use command 'notation cert add' to create and add trusted certificates to the trust store.\n", outcomeError) diff --git a/go.mod b/go.mod index 14fa3605f..f6199df54 100644 --- a/go.mod +++ b/go.mod @@ -11,8 +11,8 @@ require ( github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.7.0 github.com/spf13/pflag v1.0.5 - golang.org/x/term v0.11.0 - oras.land/oras-go/v2 v2.2.1 + golang.org/x/term v0.12.0 + oras.land/oras-go/v2 v2.3.0 ) require ( @@ -24,10 +24,10 @@ require ( github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/veraison/go-cose v1.1.0 // indirect github.com/x448/float16 v0.8.4 // indirect - golang.org/x/crypto v0.12.0 // indirect + golang.org/x/crypto v0.13.0 // indirect golang.org/x/mod v0.12.0 // indirect golang.org/x/sync v0.3.0 // indirect - golang.org/x/sys v0.11.0 // indirect + golang.org/x/sys v0.12.0 // indirect ) -replace github.com/notaryproject/notation-go => github.com/Two-Hearts/notation-go v0.0.0-20230914064925-33af9c76fdc9 +replace github.com/notaryproject/notation-go => github.com/Two-Hearts/notation-go v0.0.0-20230918053234-a1e4faf1a800 diff --git a/go.sum b/go.sum index 51a21de6d..f41d2815c 100644 --- a/go.sum +++ b/go.sum @@ -1,7 +1,7 @@ github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8= github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU= -github.com/Two-Hearts/notation-go v0.0.0-20230914064925-33af9c76fdc9 h1:19UPfblLCIl7z240rY+jHeJ9BkYCN2M/uT+VcJm/MCs= -github.com/Two-Hearts/notation-go v0.0.0-20230914064925-33af9c76fdc9/go.mod h1:nk9Wa8cwIkpajw3J+2axNzk/bOuIGa446gTyjjbalWs= +github.com/Two-Hearts/notation-go v0.0.0-20230918053234-a1e4faf1a800 h1:24MkqdLmDCY15hH+Lr1R7tq9z7fvkOwh5EXR6J6pmHY= +github.com/Two-Hearts/notation-go v0.0.0-20230918053234-a1e4faf1a800/go.mod h1:xi9jpMgVjoeKF7sCgJy+8g1r+YsvK9kkbYr/5A3/9OU= github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74 h1:Kk6a4nehpJ3UuJRqlA3JxYxBZEqCeOmATOvrbT4p9RA= github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4= github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= @@ -49,8 +49,8 @@ github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5t golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= -golang.org/x/crypto v0.12.0 h1:tFM/ta59kqch6LlvYnPa0yx5a83cL2nHflFhYKvv9Yk= -golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw= +golang.org/x/crypto v0.13.0 h1:mvySKfSWJ+UKUii46M40LOvyWfN0s2U+46/jDd0e6Ck= +golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc= @@ -73,14 +73,14 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM= -golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.12.0 h1:CM0HF96J0hcLAwsHPJZjfdNzs0gftsLfgKt57wWHJ0o= +golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= -golang.org/x/term v0.11.0 h1:F9tnn/DA/Im8nCwm+fX+1/eBwi4qFjRT++MhtVC4ZX0= -golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU= +golang.org/x/term v0.12.0 h1:/ZfYdc3zq+q02Rv9vGqTeSItdzZTSNDmfTi0mBAuidU= +golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= @@ -95,5 +95,5 @@ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -oras.land/oras-go/v2 v2.2.1 h1:3VJTYqy5KfelEF9c2jo1MLSpr+TM3mX8K42wzZcd6qE= -oras.land/oras-go/v2 v2.2.1/go.mod h1:GeAwLuC4G/JpNwkd+bSZ6SkDMGaaYglt6YK2WvZP7uQ= +oras.land/oras-go/v2 v2.3.0 h1:lqX1aXdN+DAmDTKjiDyvq85cIaI4RkIKp/PghWlAGIU= +oras.land/oras-go/v2 v2.3.0/go.mod h1:GeAwLuC4G/JpNwkd+bSZ6SkDMGaaYglt6YK2WvZP7uQ= From 215dddf07cc56708c7637dc450977b994d62cba1 Mon Sep 17 00:00:00 2001 From: Patrick Zheng Date: Mon, 18 Sep 2023 15:45:34 +0800 Subject: [PATCH 10/13] updated notation-go Signed-off-by: Patrick Zheng --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index f6199df54..ff5a8eb94 100644 --- a/go.mod +++ b/go.mod @@ -30,4 +30,4 @@ require ( golang.org/x/sys v0.12.0 // indirect ) -replace github.com/notaryproject/notation-go => github.com/Two-Hearts/notation-go v0.0.0-20230918053234-a1e4faf1a800 +replace github.com/notaryproject/notation-go => github.com/Two-Hearts/notation-go v0.0.0-20230918074034-2606b29ba9dc diff --git a/go.sum b/go.sum index f41d2815c..c3ccfef9b 100644 --- a/go.sum +++ b/go.sum @@ -1,7 +1,7 @@ github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8= github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU= -github.com/Two-Hearts/notation-go v0.0.0-20230918053234-a1e4faf1a800 h1:24MkqdLmDCY15hH+Lr1R7tq9z7fvkOwh5EXR6J6pmHY= -github.com/Two-Hearts/notation-go v0.0.0-20230918053234-a1e4faf1a800/go.mod h1:xi9jpMgVjoeKF7sCgJy+8g1r+YsvK9kkbYr/5A3/9OU= +github.com/Two-Hearts/notation-go v0.0.0-20230918074034-2606b29ba9dc h1:SziYR8nrMvapbuqHLvwDPDw4ohPECOidIixMT4TFMME= +github.com/Two-Hearts/notation-go v0.0.0-20230918074034-2606b29ba9dc/go.mod h1:xi9jpMgVjoeKF7sCgJy+8g1r+YsvK9kkbYr/5A3/9OU= github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74 h1:Kk6a4nehpJ3UuJRqlA3JxYxBZEqCeOmATOvrbT4p9RA= github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4= github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= From aea48fea52cf29b2db02252ce68826d7261d0f6f Mon Sep 17 00:00:00 2001 From: Patrick Zheng Date: Tue, 19 Sep 2023 15:03:47 +0800 Subject: [PATCH 11/13] updated per code review Signed-off-by: Patrick Zheng --- cmd/notation/verify.go | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/cmd/notation/verify.go b/cmd/notation/verify.go index bc34b02e4..a955cc482 100644 --- a/cmd/notation/verify.go +++ b/cmd/notation/verify.go @@ -157,21 +157,22 @@ func runVerify(command *cobra.Command, opts *verifyOpts) error { func checkVerificationFailure(outcomes []*notation.VerificationOutcome, printOut string, err error) error { // write out on failure - if err != nil { + if err != nil || len(outcomes) == 0 { // reference: https://pkg.go.dev/errors#Join if joinedError, ok := err.(interface{ Unwrap() []error }); ok { errArray := joinedError.Unwrap() - // if err is a joined error, then it always starts with a general - // error message followed by indivisual notation.VerificationOutcome - // errors. - for _, outcomeError := range errArray[1:] { - var errTrustStore truststore.TrustStoreError - var errCertificate truststore.CertificateError - if (errors.As(outcomeError, &errTrustStore) && errors.Is(errTrustStore, fs.ErrNotExist)) || - (errors.As(outcomeError, &errCertificate) && errors.Is(errCertificate, fs.ErrNotExist)) { - fmt.Fprintf(os.Stderr, "Error: %v. Use command 'notation cert add' to create and add trusted certificates to the trust store.\n", outcomeError) - } else { - fmt.Fprintf(os.Stderr, "Error: %v\n", outcomeError) + if len(errArray) > 1 { + // the joined error always starts with a general error message + // followed by indivisual notation.VerificationOutcome errors. + for _, outcomeError := range errArray[1:] { + var errTrustStore truststore.TrustStoreError + var errCertificate truststore.CertificateError + if errors.Is(outcomeError, fs.ErrNotExist) && + (errors.As(outcomeError, &errTrustStore) || errors.As(outcomeError, &errCertificate)) { + fmt.Fprintf(os.Stderr, "Error: %v. Use command 'notation cert add' to create and add trusted certificates to the trust store.\n", outcomeError) + } else { + fmt.Fprintf(os.Stderr, "Error: %v\n", outcomeError) + } } } } From a97e8b278ccfc0f4e5dbce1b550fe8d4021f12ae Mon Sep 17 00:00:00 2001 From: Patrick Zheng Date: Fri, 27 Oct 2023 11:26:32 +0800 Subject: [PATCH 12/13] updated notation-go Signed-off-by: Patrick Zheng --- go.mod | 9 +++++---- go.sum | 30 +++++++++++++++++------------- 2 files changed, 22 insertions(+), 17 deletions(-) diff --git a/go.mod b/go.mod index 18caa9ae2..17cf92976 100644 --- a/go.mod +++ b/go.mod @@ -18,16 +18,17 @@ require ( require ( github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect github.com/fxamacker/cbor/v2 v2.4.0 // indirect - github.com/go-asn1-ber/asn1-ber v1.5.4 // indirect - github.com/go-ldap/ldap/v3 v3.4.5 // indirect + github.com/go-asn1-ber/asn1-ber v1.5.5 // indirect + github.com/go-ldap/ldap/v3 v3.4.6 // indirect github.com/golang-jwt/jwt/v4 v4.5.0 // indirect + github.com/google/uuid v1.3.1 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/veraison/go-cose v1.1.0 // indirect github.com/x448/float16 v0.8.4 // indirect golang.org/x/crypto v0.13.0 // indirect - golang.org/x/mod v0.12.0 // indirect + golang.org/x/mod v0.13.0 // indirect golang.org/x/sync v0.3.0 // indirect golang.org/x/sys v0.13.0 // indirect ) -replace github.com/notaryproject/notation-go => github.com/Two-Hearts/notation-go v0.0.0-20230918074034-2606b29ba9dc +replace github.com/notaryproject/notation-go => github.com/Two-Hearts/notation-go v0.0.0-20231026060435-28b581b83f0c diff --git a/go.sum b/go.sum index 282293405..5da7a7f2b 100644 --- a/go.sum +++ b/go.sum @@ -1,7 +1,7 @@ github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8= github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU= -github.com/Two-Hearts/notation-go v0.0.0-20230918074034-2606b29ba9dc h1:SziYR8nrMvapbuqHLvwDPDw4ohPECOidIixMT4TFMME= -github.com/Two-Hearts/notation-go v0.0.0-20230918074034-2606b29ba9dc/go.mod h1:xi9jpMgVjoeKF7sCgJy+8g1r+YsvK9kkbYr/5A3/9OU= +github.com/Two-Hearts/notation-go v0.0.0-20231026060435-28b581b83f0c h1:gVjr3p1ahDwWolGRN9flJYFt1MwTBi40c7yQUJl+3Nk= +github.com/Two-Hearts/notation-go v0.0.0-20231026060435-28b581b83f0c/go.mod h1:DpC/nyoz/8buNUauyAQAeuXcNQpq54HAHmv3t/wJBXo= github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74 h1:Kk6a4nehpJ3UuJRqlA3JxYxBZEqCeOmATOvrbT4p9RA= github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4= github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= @@ -10,12 +10,14 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/fxamacker/cbor/v2 v2.4.0 h1:ri0ArlOR+5XunOP8CRUowT0pSJOwhW098ZCUyskZD88= github.com/fxamacker/cbor/v2 v2.4.0/go.mod h1:TA1xS00nchWmaBnEIxPSE5oHLuJBAVvqrtAnWBwBCVo= -github.com/go-asn1-ber/asn1-ber v1.5.4 h1:vXT6d/FNDiELJnLb6hGNa309LMsrCoYFvpwHDF0+Y1A= -github.com/go-asn1-ber/asn1-ber v1.5.4/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0= -github.com/go-ldap/ldap/v3 v3.4.5 h1:ekEKmaDrpvR2yf5Nc/DClsGG9lAmdDixe44mLzlW5r8= -github.com/go-ldap/ldap/v3 v3.4.5/go.mod h1:bMGIq3AGbytbaMwf8wdv5Phdxz0FWHTIYMSzyrYgnQs= +github.com/go-asn1-ber/asn1-ber v1.5.5 h1:MNHlNMBDgEKD4TcKr36vQN68BA00aDfjIt3/bD50WnA= +github.com/go-asn1-ber/asn1-ber v1.5.5/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0= +github.com/go-ldap/ldap/v3 v3.4.6 h1:ert95MdbiG7aWo/oPYp9btL3KJlMPKnP58r09rI8T+A= +github.com/go-ldap/ldap/v3 v3.4.6/go.mod h1:IGMQANNtxpsOzj7uUAMjpGBaOVTC4DYyIy8VsTdxmtc= github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg= github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= +github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4= +github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/notaryproject/notation-core-go v1.0.0 h1:FgOAihtFW4XU9JYyTzItg1xW3OaN4eCasw5Bp00Ydu4= @@ -48,18 +50,17 @@ github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcY github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= golang.org/x/crypto v0.13.0 h1:mvySKfSWJ+UKUii46M40LOvyWfN0s2U+46/jDd0e6Ck= golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc= -golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.13.0 h1:I/DsJXRlw/8l/0c24sM9yb0T4z9liZTduXvdAWYiysY= +golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= -golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= +golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -72,20 +73,23 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= -golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= +golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= +golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek= golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= +golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= +golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= From e3776e861c575c5e0df1a26d6e85d844dcbda204 Mon Sep 17 00:00:00 2001 From: Patrick Zheng Date: Fri, 27 Oct 2023 14:48:42 +0800 Subject: [PATCH 13/13] updated errMsg Signed-off-by: Patrick Zheng --- cmd/notation/inspect.go | 2 +- cmd/notation/list.go | 2 +- cmd/notation/manifest.go | 5 ++++- cmd/notation/registry.go | 6 ++++-- cmd/notation/sign.go | 2 +- cmd/notation/verify.go | 41 ++++++++++++++++++++-------------------- 6 files changed, 32 insertions(+), 26 deletions(-) diff --git a/cmd/notation/inspect.go b/cmd/notation/inspect.go index a92b0c083..c9b49fa3d 100644 --- a/cmd/notation/inspect.go +++ b/cmd/notation/inspect.go @@ -94,7 +94,7 @@ Example - [Experimental] Inspect signatures on an OCI artifact identified by a d Long: longMessage, Args: func(cmd *cobra.Command, args []string) error { if len(args) == 0 { - return errors.New("missing reference") + return errors.New("missing reference to the artifact. Expecting /: or /@") } opts.reference = args[0] return nil diff --git a/cmd/notation/list.go b/cmd/notation/list.go index e06215821..8296fa3e3 100644 --- a/cmd/notation/list.go +++ b/cmd/notation/list.go @@ -50,7 +50,7 @@ func listCommand(opts *listOpts) *cobra.Command { Long: "List all the signatures associated with signed artifact", Args: func(cmd *cobra.Command, args []string) error { if len(args) == 0 { - return errors.New("no reference specified") + return errors.New("missing reference to the artifact. Expecting /: or /@") } opts.reference = args[0] return nil diff --git a/cmd/notation/manifest.go b/cmd/notation/manifest.go index af2e3e921..c598d0543 100644 --- a/cmd/notation/manifest.go +++ b/cmd/notation/manifest.go @@ -48,7 +48,10 @@ func resolveReference(ctx context.Context, inputType inputType, reference string case inputTypeRegistry: ref, err := registry.ParseReference(reference) if err != nil { - return ocispec.Descriptor{}, "", fmt.Errorf("failed to resolve user input reference: %w", err) + return ocispec.Descriptor{}, "", fmt.Errorf("%q: %w. Expecting /: or /@", reference, err) + } + if ref.Reference == "" { + return ocispec.Descriptor{}, "", fmt.Errorf("%q: invalid reference: no tag or digest. Expecting /: or /@", reference) } tagOrDigestRef = ref.Reference resolvedRef = ref.Registry + "/" + ref.Repository diff --git a/cmd/notation/registry.go b/cmd/notation/registry.go index 2526e144a..7ef069f21 100644 --- a/cmd/notation/registry.go +++ b/cmd/notation/registry.go @@ -74,9 +74,11 @@ func getRemoteRepository(ctx context.Context, opts *SecureFlagOpts, reference st logger := log.GetLogger(ctx) ref, err := registry.ParseReference(reference) if err != nil { - return nil, err + return nil, fmt.Errorf("%q: %w. Expecting /: or /@", reference, err) + } + if ref.Reference == "" { + return nil, fmt.Errorf("%q: invalid reference: no tag or digest. Expecting /: or /@", reference) } - // generate notation repository remoteRepo, err := getRepositoryClient(ctx, opts, ref) if err != nil { diff --git a/cmd/notation/sign.go b/cmd/notation/sign.go index 784647695..977dc009f 100644 --- a/cmd/notation/sign.go +++ b/cmd/notation/sign.go @@ -90,7 +90,7 @@ Example - [Experimental] Sign an OCI artifact identified by a tag and referenced Long: longMessage, Args: func(cmd *cobra.Command, args []string) error { if len(args) == 0 { - return errors.New("missing reference") + return errors.New("missing reference to the artifact. Expecting /: or /@") } opts.reference = args[0] return nil diff --git a/cmd/notation/verify.go b/cmd/notation/verify.go index a955cc482..66516dd49 100644 --- a/cmd/notation/verify.go +++ b/cmd/notation/verify.go @@ -75,7 +75,7 @@ Example - [Experimental] Verify a signature on an OCI artifact identified by a t Long: longMessage, Args: func(cmd *cobra.Command, args []string) error { if len(args) == 0 { - return errors.New("missing reference") + return errors.New("missing reference to the artifact. Expecting /: or /@") } opts.reference = args[0] return nil @@ -158,28 +158,29 @@ func runVerify(command *cobra.Command, opts *verifyOpts) error { func checkVerificationFailure(outcomes []*notation.VerificationOutcome, printOut string, err error) error { // write out on failure if err != nil || len(outcomes) == 0 { - // reference: https://pkg.go.dev/errors#Join - if joinedError, ok := err.(interface{ Unwrap() []error }); ok { - errArray := joinedError.Unwrap() - if len(errArray) > 1 { - // the joined error always starts with a general error message - // followed by indivisual notation.VerificationOutcome errors. - for _, outcomeError := range errArray[1:] { - var errTrustStore truststore.TrustStoreError - var errCertificate truststore.CertificateError - if errors.Is(outcomeError, fs.ErrNotExist) && - (errors.As(outcomeError, &errTrustStore) || errors.As(outcomeError, &errCertificate)) { - fmt.Fprintf(os.Stderr, "Error: %v. Use command 'notation cert add' to create and add trusted certificates to the trust store.\n", outcomeError) - } else { - fmt.Fprintf(os.Stderr, "Error: %v\n", outcomeError) - } + if err != nil { + var errTrustStore truststore.TrustStoreError + if errors.As(err, &errTrustStore) { + if errors.Is(err, fs.ErrNotExist) { + return fmt.Errorf("%w. Use command 'notation cert add' to create and add trusted certificates to the trust store", errTrustStore) + } else { + return fmt.Errorf("%w. %w", errTrustStore, errTrustStore.InnerError) } } - } - var errorVerificationFailed notation.ErrorVerificationFailed - if !errors.As(err, &errorVerificationFailed) { - return fmt.Errorf("signature verification failed: %w", err) + var errCertificate truststore.CertificateError + if errors.As(err, &errCertificate) { + if errors.Is(err, fs.ErrNotExist) { + return fmt.Errorf("%w. Use command 'notation cert add' to create and add trusted certificates to the trust store", errCertificate) + } else { + return fmt.Errorf("%w. %w", errCertificate, errCertificate.InnerError) + } + } + + var errorVerificationFailed notation.ErrorVerificationFailed + if !errors.As(err, &errorVerificationFailed) { + return fmt.Errorf("signature verification failed: %w", err) + } } return fmt.Errorf("signature verification failed for all the signatures associated with %s", printOut) }