From cdc0cb7021c507ee299bfdd9b288ee4845cce5d6 Mon Sep 17 00:00:00 2001
From: Marco Franssen <marco.franssen@philips.com>
Date: Fri, 11 Feb 2022 12:58:38 +0100
Subject: [PATCH] Log cosign unavailable as warning

Signed-off-by: Marco Franssen <marco.franssen@philips.com>
---
 install-slsa-provenance.sh | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/install-slsa-provenance.sh b/install-slsa-provenance.sh
index 4bb57703..c625198b 100755
--- a/install-slsa-provenance.sh
+++ b/install-slsa-provenance.sh
@@ -4,9 +4,11 @@ shopt -s expand_aliases
 if [ -z "$NO_COLOR" ]; then
   alias log_info="echo -e \"\033[1;32mINFO\033[0m:\""
   alias log_error="echo -e \"\033[1;31mERROR\033[0m:\""
+  alias log_warning="echo -e \"\033[1;33mWARN\033[0m:\""
 else
   alias log_info="echo \"INFO:\""
   alias log_error="echo \"ERROR:\""
+  alias log_warning="echo \"WARN:\""
 fi
 
 set -e
@@ -76,9 +78,11 @@ if [ -x "$(command -v cosign)" ] ; then
   cosign verify-blob --key cosign.pub --signature slsa-provenance.sig "${ARCHIVE}"
   rm slsa-provenance.sig cosign.pub
 else
-  log_error >&2
-  log_error "  cosign binary not installed in PATH. Unable to verify signature" >&2
-  log_error >&2
+  log_warning >&2
+  log_warning "  cosign binary not installed in PATH. Unable to verify signature!" >&2
+  log_warning >&2
+  log_warning "  Consider installing cosign first, to be able to verify the signature!" >&2
+  log_warning >&2
 fi
 
 log_info "extracting ${BINARY} from ${ARCHIVE}"