From f9a188259f83b4cfbabf0f7b32d8becb27e1d7bf Mon Sep 17 00:00:00 2001 From: Adam Toy Date: Fri, 4 Apr 2025 17:51:26 -0400 Subject: [PATCH] fix tlog verification error/warning output (#428) * fix tlog verification error/warning output * extend error msg to avoid ambiguity --- pkg/cosign/cosign.go | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/pkg/cosign/cosign.go b/pkg/cosign/cosign.go index 2297930..d114f8b 100644 --- a/pkg/cosign/cosign.go +++ b/pkg/cosign/cosign.go @@ -3,6 +3,10 @@ package cosign import ( "context" "fmt" + "os" + "strings" + "time" + "github.com/sigstore/cosign/v2/cmd/cosign/cli" "github.com/sigstore/cosign/v2/cmd/cosign/cli/options" "github.com/sigstore/cosign/v2/cmd/cosign/cli/verify" @@ -12,8 +16,6 @@ import ( "hauler.dev/go/hauler/pkg/log" "hauler.dev/go/hauler/pkg/store" "oras.land/oras-go/pkg/content" - "os" - "time" ) // VerifyFileSignature verifies the digital signature of a file using Sigstore/Cosign. @@ -143,9 +145,17 @@ func RetryOperation(ctx context.Context, rso *flags.StoreRootOpts, ro *flags.Cli } if ro.IgnoreErrors { - l.Warnf("warning (attempt %d/%d)... %v", attempt, rso.Retries, err) + if strings.HasPrefix(err.Error(), "function execution failed: no matching signatures: rekor client not provided for online verification") { + l.Warnf("warning (attempt %d/%d)... failed tlog verification", attempt, rso.Retries) + } else { + l.Warnf("warning (attempt %d/%d)... %v", attempt, rso.Retries, err) + } } else { - l.Errorf("error (attempt %d/%d)... %v", attempt, rso.Retries, err) + if strings.HasPrefix(err.Error(), "function execution failed: no matching signatures: rekor client not provided for online verification") { + l.Errorf("error (attempt %d/%d)... failed tlog verification", attempt, rso.Retries) + } else { + l.Errorf("error (attempt %d/%d)... %v", attempt, rso.Retries, err) + } } // If this is not the last attempt, wait before retrying