Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Misleading error message when no certificates were stored in the trust store #701

Closed
yizha1 opened this issue Jun 5, 2023 · 2 comments · Fixed by #810
Closed

Misleading error message when no certificates were stored in the trust store #701

yizha1 opened this issue Jun 5, 2023 · 2 comments · Fixed by #810
Assignees
@Two-Hearts
Labels
bug Something isn't working
Milestone
1.1.0

Comments

@yizha1
Copy link
Contributor

yizha1 commented Jun 5, 2023

What is the areas you experience the issue in?

Notation CLI

What is not working as expected?

Run notation verify command, if no certificates were stored in trust store. The error message is too general and misleading.

$ notation verify $IMAGE
Error: signature verification failed for all the signatures associated with localhost:5001/net-monitor@sha256:8456f085dd609fd12cdebc5f80b6f33f25f670a7a9a03c8fa750b8aee0c4d657

With -v flag used, we could find more information and understand the root cause.

$ notation verify $IMAGE -v
INFO Checking whether signature verification should be skipped or not
INFO Trust policy configuration: &{Name:policy-1 RegistryScopes:[localhost:5001/net-monitor] SignatureVerification:{VerificationLevel:strict Override:map[]} TrustStores:[ca:6.4.io] TrustedIdentities:[*]}
INFO Check over. Trust policy is not configured to skip signature verification
INFO Processing signature with manifest mediaType: application/vnd.oci.image.manifest.v1+json and digest: sha256:7aa4005f01c913531e1ac58176d2cc25ba9f5849ab07eb430dab2e1e04ddeff0
INFO Trust policy configuration: &{Name:policy-1 RegistryScopes:[localhost:5001/net-monitor] SignatureVerification:{VerificationLevel:strict Override:map[]} TrustStores:[ca:6.4.io] TrustedIdentities:[*]}
ERRO authenticity validation failed. Failure reason: error while loading the trust store, trust store "/home/yizha/.config/notation/truststore/x509/ca/6.4.io" has no x509 certificates
WARN Signature sha256:7aa4005f01c913531e1ac58176d2cc25ba9f5849ab07eb430dab2e1e04ddeff0 failed verification with error: error while loading the trust store, trust store "/home/yizha/.config/notation/truststore/x509/ca/6.4.io" has no x509 certificates
Error: signature verification failed for all the signatures associated with localhost:5001/net-monitor@sha256:8456f085dd609fd12cdebc5f80b6f33f25f670a7a9a03c8fa750b8aee0c4d657

What did you expect to happen?

If no certificates are stored in the trust store, the proposed message is as showed in below example

$ notation verify $image
Error: no x509 certificates were found in trust store with the name mystore of type ca

How can we reproduce it?

  1. Remove certificates from trust store
  2. Run command notation verify $image

Describe your environment

WSL2

What is the version of your Notation CLI or Notation Library?

Notation v1.0.0-rc.7
@yizha1 yizha1 added bug Something isn't working triage Need to triage labels Jun 5, 2023
@priteshbandi
Copy link
Contributor 

notation verify $image
Error: no x509 certificates were found in trust store with the name 'mystore' of type ca. Use command "notation cert add" to create and add trusted certificates to trust store

@iamsamirzon
Copy link
Contributor

Suggest one more edit on top of it

notation verify $image
Error: no x509 certificates were found in trust store with the name 'mystore' of type ca**/signingAuthority**. Use command "notation cert add" to create and add trusted certificates to the trust store

@yizha1 yizha1 mentioned this issue Jun 6, 2023
Closed
@zr-msft zr-msft mentioned this issue Jun 12, 2023
Merged
@yizha1 yizha1 added this to the 1.1.0 milestone Jul 25, 2023
@yizha1 yizha1 removed the triage Need to triage label Jul 25, 2023
@Two-Hearts Two-Hearts mentioned this issue Aug 29, 2023
Merged
@Two-Hearts Two-Hearts linked a pull request Aug 29, 2023 that will close this issue
fix: update notation verify error messages #771
Closed
@Two-Hearts Two-Hearts self-assigned this Aug 29, 2023
@Two-Hearts Two-Hearts mentioned this issue Aug 29, 2023
Closed
@Two-Hearts Two-Hearts mentioned this issue Oct 27, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Two-Hearts Two-Hearts

Labels
bug Something isn't working
Projects
Notary Project Planning Board
Status: Done
Milestone
1.1.0
4 participants
@priteshbandi @iamsamirzon @yizha1 @Two-Hearts