Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Misleading error message if no permission to read certificates from trust store #700

Closed
yizha1 opened this issue Jun 5, 2023 · 1 comment · Fixed by #810
Closed

Misleading error message if no permission to read certificates from trust store #700

yizha1 opened this issue Jun 5, 2023 · 1 comment · Fixed by #810
Assignees
@Two-Hearts
Labels
bug Something isn't working
Milestone
1.1.0

Comments

@yizha1
Copy link
Contributor

yizha1 commented Jun 5, 2023

What is the areas you experience the issue in?

Notation CLI

What is not working as expected?

If trust store is not readable or the certificates stored in the trust store are not readable, the error message is too general and misleading

$ notation verify $image
Error: signature verification failed for all the signatures associated with localhost:5001/net-monitor@sha256:8456f085dd609fd12cdebc5f80b6f33f25f670a7a9a03c8fa750b8aee0c4d657

What did you expect to happen?

If the certificates in the trust store cannot be read, the proposed message is

$ notation verify $image
Error: failed to read the certificate "/home/yizha1/.config/notation/truststore/x509/ca/6.4.io/6.4.io.crt", permission denied

If the trust store is not readable, the proposed message is

$ notation verify $image
Error: failed to access trust store "/home/yizha1/.config/notation/truststore/x509/ca/6.4.io", permission denied

How can we reproduce it?

  1. use chmod -r <path_to_certificate> to remove the read ACL
  2. Run notation verify $image

Describe your environment

WSL2

What is the version of your Notation CLI or Notation Library?

Notation v1.0.0-rc.7
@yizha1 yizha1 added bug Something isn't working triage Need to triage labels Jun 5, 2023
@priteshbandi
Copy link
Contributor

priteshbandi commented Jun 5, 2023
edited
Loading

If the certificates in the trust store cannot be read, the proposed message is

$ notation verify $image
Error: failed to read the trusted certificate "/home/yizha1/.config/notation/truststore/x509/ca/6.4.io/6.4.io.crt", permission denied

If the trust store is not readable, the proposed message is

$ notation verify $image
Error: failed to access the trusted certificate "/home/yizha1/.config/notation/truststore/x509/ca/6.4.io", permission denied

cc: @iamsamirzon

@yizha1 yizha1 mentioned this issue Jun 6, 2023
Closed
@zr-msft zr-msft mentioned this issue Jun 12, 2023
Merged
@yizha1 yizha1 added this to the 1.1.0 milestone Jul 25, 2023
@yizha1 yizha1 removed the triage Need to triage label Jul 25, 2023
@Two-Hearts Two-Hearts mentioned this issue Aug 29, 2023
Merged
@Two-Hearts Two-Hearts linked a pull request Aug 29, 2023 that will close this issue
fix: update notation verify error messages #771
Closed
@Two-Hearts Two-Hearts self-assigned this Aug 29, 2023
@Two-Hearts Two-Hearts mentioned this issue Aug 29, 2023
Closed
@Two-Hearts Two-Hearts mentioned this issue Oct 27, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Two-Hearts Two-Hearts

Labels
bug Something isn't working
Projects
Notary Project Planning Board
Status: Done
Milestone
1.1.0
3 participants
@priteshbandi @yizha1 @Two-Hearts