Error: -04 18:20:14 [ERROR] no signature on commit

[adam-azarchs]

Describe the bug

In our CI, we encountered this error:

$ cargo check --all-targets --locked  # Noting here to clarify that this isn't an issue fetching the crates registry or dependencies.
$ cargo deny --locked check
Error: -04 18:20:14 [ERROR] no signature on commit db78ca0149f8ed7c8c2d2aea0236edb63a23f362: Revert "Adopt rust-admin 0.8.0 --skip-namecheck rustdecimal" (pinkforest <36498018+pinkforest@users.noreply.github.com>): this commit is not signed; class=Object (11); code=NotFound (-3)

It appears to have been transient. I suspect that it was something to do with fetching the advisory database? But I don't actually know, which is the actual problem.

Expected behavior

Some context for the error message, e.g. what repository it was failing to fetch and why it was trying to fetch it.

Device:

• OS: Linux (github actions ubuntu-20.04 runner)
• Version 0.12.1

[Jake-Shadle]

Yes, that's the advisory database, the code expects all commits to be signed rustsec/advisory-db@d87417a. This is "fixed" now but I'll leave this open as a proper fix would be a better error message.

[amousset]

Upstream issue: rustsec/rustsec#629

[Jake-Shadle]

Ok, in that case I'll just remove that check since cargo deny directly does its own fetching of the advisory database.

[adam-azarchs]

There are of course other ways in which fetching the advisory database could fail (e.g. network connectivity, local filesystem issues, hitting the rlimit for user process count, etc). Ideally any and all such failures would result in a somewhat less opaque error message, at least indicating that it was the fetch of the advisory database which was failing.