Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: remove signing certificate output #160

Merged
merged 5 commits into from
Jul 22, 2022
Merged

fix: remove signing certificate output #160

merged 5 commits into from
Jul 22, 2022

Conversation

asraa
Copy link
Contributor

@asraa asraa commented Jul 21, 2022

Signed-off-by: Asra Ali asraa@google.com

Fixes #156

Updates README.md with the new output.

@asraa
remove signing certificate output
bc1d297 
Signed-off-by: Asra Ali <asraa@google.com>
@asraa
add verified
4423925 
Signed-off-by: Asra Ali <asraa@google.com>
@asraa
update readme
cef1c63 
Signed-off-by: Asra Ali <asraa@google.com>
@asraa
Merge branch 'main' into remove-signing-cert-info
4a65e23
@laurentsimon
Copy link
Contributor

laurentsimon commented Jul 22, 2022
edited
Loading

lots of really interesting error messages in the log. One I had not seen before: Getting rekor entry error error searching rekor entries: [POST /api/v1/log/entries/retrieve][400] searchLogQueryBadRequest &{Code:400 Message:invalid public key: failure decoding PEM}, trying Redis search index to find entries by subject digest ... maybe that's one that'ex expected given the unit tests actually.

May be useful to separate the list of message by a comma. I created #161 to improve the logging we have and make it more structured / standard.

@asraa
Copy link
Contributor Author

asraa commented Jul 22, 2022

Oh, the error messages were from #159, not this PR.

error messages were added with a separated comma: https://github.com/asraa/slsa-verifier/blob/0c6f7c68bde9fd305579e11f86e40a79019e2451/pkg/rekor.go#L394

Maybe a newline? I"ll do that in the follow-up, not this PR

@asraa
Copy link
Contributor Author

asraa commented Jul 22, 2022

One I had not seen before: Getting rekor entry error error searching rekor entries: [POST /api/v1/log/entries/retrieve][400] searchLogQueryBadRequest &{Code:400 Message:invalid public key: failure decoding PEM}, trying Redis search index to find entries by subject digest ... maybe that's one that'ex expected given the unit tests actually.

I saw this one too, and I realize it's likely because there was no certificate PEM in the intoto envelope for the older builder tests. So rekor fails to decode the empty string PEM. Just added an error condition to prevent Rekor query if the cert is empty, so that'll be a clearer error message.

@asraa
add error message about pem
f56f880 
Signed-off-by: Asra Ali <asraa@google.com>
@laurentsimon
Copy link
Contributor

Ready to merge?

@asraa
Copy link
Contributor Author

asraa commented Jul 22, 2022

Yes!

@asraa asraa merged commit 8c4373c into slsa-framework:main Jul 22, 2022
laurentsimon pushed a commit to laurentsimon/slsa-verifier that referenced this pull request Aug 3, 2022
@asraa
fix: remove signing certificate output (slsa-framework#160)
c88cf20 
* remove signing certificate output

Signed-off-by: Asra Ali <asraa@google.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@laurentsimon laurentsimon laurentsimon approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Remove the default JSON output
2 participants
@asraa @laurentsimon