Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improving Verify Error Response #430

Merged
merged 14 commits into from
May 10, 2024
Merged

Improving Verify Error Response #430

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
1ba8ffd
saving changes to client
ChaosInTheCRD Apr 12, 2024
9970630
switching error logs to be error returns (should ensure exit 1 is exit
ChaosInTheCRD Apr 30, 2024
6388fc9
Merge branch 'main' into improve-verify-errors
ChaosInTheCRD May 3, 2024
be848b5
changing failure statement to match changes in go-witness
ChaosInTheCRD May 8, 2024
ec353c2
fixing go mod
ChaosInTheCRD May 8, 2024
e69916d
Merge branch 'improve-verify-errors' of github.com:ChaosInTheCRD/witn…
ChaosInTheCRD May 8, 2024
5e3ed0f
adding check for a source
ChaosInTheCRD May 8, 2024
028915b
Merge branch 'main' into improve-verify-errors
ChaosInTheCRD May 9, 2024
590947d
fixed only printing one error
ChaosInTheCRD May 10, 2024
ee4f57e
Merge branch 'improve-verify-errors' of github.com:ChaosInTheCRD/witn…
ChaosInTheCRD May 10, 2024
702384c
getting things up to scratch
ChaosInTheCRD May 10, 2024
cfa3e26
Merge branch 'main' into improve-verify-errors
ChaosInTheCRD May 10, 2024
5ef815a
go mod tidy and a small fix
ChaosInTheCRD May 10, 2024
ac10dda
fixing bool comparison lint issue
ChaosInTheCRD May 10, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
1 change: 1 addition & 0 deletions cmd/run.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -129,6 +129,7 @@ func runRun(ctx context.Context, ro options.RunOptions, args []string, signers .

results, err := witness.RunWithExports(
ro.StepName,
witness.RunWithSigners(signers...),
witness.RunWithAttestors(attestors),
witness.RunWithAttestationOpts(attestation.WithWorkingDir(ro.WorkingDir), attestation.WithHashes(roHashes)),
witness.RunWithTimestampers(timestampers...),
Expand Down
42 changes: 30 additions & 12 deletions cmd/verify.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,10 @@ func runVerify(ctx context.Context, vo options.VerifyOptions, verifiers ...crypt
return fmt.Errorf("must supply either a public key, CA certificates or a verifier")
}

if !vo.ArchivistaOptions.Enable && len(vo.AttestationFilePaths) == 0 {
return fmt.Errorf("must either specify attestation file paths or enable archivista as an attestation source")
}

if vo.KeyPath != "" {
keyFile, err := os.Open(vo.KeyPath)
if err != nil {
Expand Down Expand Up @@ -124,26 +128,40 @@ func runVerify(ctx context.Context, vo options.VerifyOptions, verifiers ...crypt
}
}

verifiedResult, err := witness.Verify(
verifiedEvidence, err := witness.Verify(
ctx,
policyEnvelope,
verifiers,
witness.VerifyWithSubjectDigests(subjects),
witness.VerifyWithCollectionSource(collectionSource),
)
if err != nil {
if verifiedEvidence.StepResults != nil {
log.Error("Verification failed")
log.Error("Evidence:")
for step, result := range verifiedEvidence.StepResults {
log.Error("Step: ", step)
for _, p := range result.Rejected {
if p.Collection.Collection.Name != "" {
log.Errorf("collection rejected: %s, Reason: %s ", p.Collection.Collection.Name, p.Reason)
} else {
log.Errorf("verification failure: Reason: %s", p.Reason)
}
}
}
}
return fmt.Errorf("failed to verify policy: %w", err)
}

log.Info("Verification succeeded")
log.Info("Evidence:")
num := 0
for _, stepEvidence := range verifiedResult.StepResults {
for _, e := range stepEvidence.Passed {
log.Info(fmt.Sprintf("%d: %s", num, e.Reference))
num++
} else {
log.Info("Verification succeeded")
log.Info("Evidence:")
num := 0
for step, result := range verifiedEvidence.StepResults {
log.Info("Step: ", step)
for _, p := range result.Passed {
log.Info(fmt.Sprintf("%d: %s", num, p.Reference))
num++
}
}
return nil
}

return nil
}