Skip to content

Comments

update: updated CLI outputs of sign/verification#450

Merged
shizhMSFT merged 46 commits intonotaryproject:mainfrom
patrickzheng200:tag_to_digest
Dec 5, 2022
Merged

update: updated CLI outputs of sign/verification#450
shizhMSFT merged 46 commits intonotaryproject:mainfrom
patrickzheng200:tag_to_digest

Conversation

@patrickzheng200
Copy link
Contributor

@patrickzheng200 patrickzheng200 commented Nov 22, 2022
edited
Loading

This PR updates outputs of sign/verification based on changes in PR #439 and PR #440 specs.
Previous to this PR, outputs only print out digest.
In this PR:

  1. warnings will be printed out for tag reference during sign/verification.
  2. outputs will print out in format <registry>/<repository>@<digest>.

Signed-off-by: Patrick Zheng patrickzheng@microsoft.com

Patrick Zheng added 24 commits October 12, 2022 11:02
updated dependency
b910a8a 
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
resolved conflicts
28b0438 
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
Merge branch 'notaryproject:main' into main
4f4e2a4
Merge branch 'notaryproject:main' into main
eea8003
Merge branch 'notaryproject:main' into main
216cea2
Merge branch 'notaryproject:main' into main
1267c02
Merge branch 'notaryproject:main' into main
1c3dfbb
Merge branch 'notaryproject:main' into main
98e5946
Merge branch 'notaryproject:main' into main
55563d3
Merge branch 'notaryproject:main' into main
c68d602
Merge branch 'notaryproject:main' into main
d165a7b
Merge branch 'notaryproject:main' into main
7166877
Merge branch 'notaryproject:main' into main
94f174d
Merge branch 'notaryproject:main' into main
e1d8437
Merge branch 'notaryproject:main' into main
a873c67
Merge branch 'notaryproject:main' into main
cd877de
Merge branch 'notaryproject:main' into main
53b847d
Merge branch 'notaryproject:main' into main
1e29bb4
Merge branch 'notaryproject:main' into main
5121684
Merge branch 'notaryproject:main' into main
679e01d
Merge branch 'notaryproject:main' into main
394b59a
Merge branch 'notaryproject:main' into main
c6e8dd1
Merge branch 'notaryproject:main' into main
b54b712
updated CLI outputs for sign/verification with tag reference
60e9fdf 
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
@patrickzheng200 patrickzheng200 added this to the RC-1 milestone Nov 22, 2022
resolved conflicts
7f87d1a 
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
update
8ec720a 
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
This was referenced Dec 2, 2022
Closed
Closed
@JeyJeyGao JeyJeyGao mentioned this pull request Dec 2, 2022
Merged
Patrick Zheng added 4 commits December 2, 2022 17:16
update
92b82c3 
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
Merge branch 'notaryproject:main' into tag_to_digest
58e79a8
added back tag to digest warnings print out
c74fdc8 
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
update
0a4a379 
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
shizhMSFT
shizhMSFT reviewed Dec 2, 2022
View reviewed changes
Patrick Zheng added 2 commits December 3, 2022 09:20
updated per code review
89d544c 
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
return err if reference is missing digest or tag
77a9187 
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
shizhMSFT
shizhMSFT reviewed Dec 5, 2022
View reviewed changes
Patrick Zheng added 2 commits December 5, 2022 11:44
updated per code review
17c2751 
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
updated per code review
a2b9467 
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
priteshbandi pushed a commit to notaryproject/notation-go that referenced this pull request Dec 5, 2022
@JeyJeyGao
feat: add required log (#221)
e9545a7 
Example
## sign ## 
```
➜  ./notation sign $IMAGE -e 2s             
Warning: Always sign the artifact using digest(`@sha256:...`) rather than a tag(`:v1`) because tags are mutable and a tag reference can point to a different artifact than the one signed
Resolved artifact tag `v1` to digest `sha256:cd5eef6b6a6750c9850a8d7b1a5435f35f1a1808d66c74e265f6b7ec290bea47` before signing
sha256:cd5eef6b6a6750c9850a8d7b1a5435f35f1a1808d66c74e265f6b7ec290bea47

➜  ./notation sign $IMAGE -e 2s -v
Warning: Always sign the artifact using digest(`@sha256:...`) rather than a tag(`:v1`) because tags are mutable and a tag reference can point to a different artifact than the one signed
Resolved artifact tag `v1` to digest `sha256:cd5eef6b6a6750c9850a8d7b1a5435f35f1a1808d66c74e265f6b7ec290bea47` before signing
sha256:cd5eef6b6a6750c9850a8d7b1a5435f35f1a1808d66c74e265f6b7ec290bea47

➜  ./notation sign $IMAGE -e 2s -d
Warning: Always sign the artifact using digest(`@sha256:...`) rather than a tag(`:v1`) because tags are mutable and a tag reference can point to a different artifact than the one signed
Resolved artifact tag `v1` to digest `sha256:cd5eef6b6a6750c9850a8d7b1a5435f35f1a1808d66c74e265f6b7ec290bea47` before signing
DEBU[2022-12-02T13:10:25+08:00]  Request URL: "http://localhost:5000/v2/net-monitor/manifests/v1" 
DEBU[2022-12-02T13:10:25+08:00]  Request method: "HEAD"                      
DEBU[2022-12-02T13:10:25+08:00]  Request headers:                            
DEBU[2022-12-02T13:10:25+08:00]    "Accept": "application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.list.v2+json, application/vnd.oci.image.manifest.v1+json, application/vnd.oci.image.index.v1+json, application/vnd.oci.artifact.manifest.v1+json" 
DEBU[2022-12-02T13:10:25+08:00]    "User-Agent": "notation/v0.12.0-beta.1+unreleased" 
DEBU[2022-12-02T13:10:25+08:00]  Response Status: "200 OK"                   
DEBU[2022-12-02T13:10:25+08:00]  Response headers:                           
DEBU[2022-12-02T13:10:25+08:00]    "Content-Length": "942"                   
DEBU[2022-12-02T13:10:25+08:00]    "Content-Type": "application/vnd.docker.distribution.manifest.v2+json" 
DEBU[2022-12-02T13:10:25+08:00]    "Docker-Content-Digest": "sha256:cd5eef6b6a6750c9850a8d7b1a5435f35f1a1808d66c74e265f6b7ec290bea47" 
DEBU[2022-12-02T13:10:25+08:00]    "Docker-Distribution-Api-Version": "registry/2.0" 
DEBU[2022-12-02T13:10:25+08:00]    "Etag": "\"sha256:cd5eef6b6a6750c9850a8d7b1a5435f35f1a1808d66c74e265f6b7ec290bea47\"" 
DEBU[2022-12-02T13:10:25+08:00]    "X-Content-Type-Options": "nosniff"       
DEBU[2022-12-02T13:10:25+08:00]    "Date": "Fri, 02 Dec 2022 05:10:25 GMT"   
WARN[2022-12-02T13:10:25+08:00] Always sign the artifact using digest(`@sha256:...`) rather than a tag(`:v1`) because tags are mutable and a tag reference can point to a different artifact than the one signed 
INFO[2022-12-02T13:10:25+08:00] Resolved artifact tag `v1` to digest `sha256:cd5eef6b6a6750c9850a8d7b1a5435f35f1a1808d66c74e265f6b7ec290bea47` before signing 
DEBU[2022-12-02T13:10:25+08:00] generic signing for sha256:cd5eef6b6a6750c9850a8d7b1a5435f35f1a1808d66c74e265f6b7ec290bea47 
DEBU[2022-12-02T13:10:25+08:00] sign request:                                
DEBU[2022-12-02T13:10:25+08:00]   ContentType: application/vnd.cncf.notary.payload.v1+json 
DEBU[2022-12-02T13:10:25+08:00]   Content: {"targetArtifact":{"mediaType":"application/vnd.docker.distribution.manifest.v2+json","digest":"sha256:cd5eef6b6a6750c9850a8d7b1a5435f35f1a1808d66c74e265f6b7ec290bea47","size":942}} 
DEBU[2022-12-02T13:10:25+08:00]   Expiry: 2022-12-02 13:10:26.218713827 +0800 CST m=+4.043056722 
DEBU[2022-12-02T13:10:25+08:00]   SigningTime: 2022-12-02 13:10:25.683371981 +0800 CST m=+3.507714874 
DEBU[2022-12-02T13:10:25+08:00]   SigningScheme: notary.x509                 
DEBU[2022-12-02T13:10:25+08:00]   SigningAgent: Notation/1.0.0               
DEBU[2022-12-02T13:10:25+08:00] generate annotation                          
DEBU[2022-12-02T13:10:25+08:00] push signature, artifact descriptor: {MediaType:application/vnd.docker.distribution.manifest.v2+json Digest:sha256:cd5eef6b6a6750c9850a8d7b1a5435f35f1a1808d66c74e265f6b7ec290bea47 Size:942 URLs:[] Annotations:map[] Data:[] Platform:<nil> ArtifactType:}, annotations: map[io.cncf.notary.x509chain.thumbprint#S256:["676ae98f2cc491ce67cf897b3f7f59583a62193282c80d384814c900e4958c16"]] 
DEBU[2022-12-02T13:10:25+08:00]  Request URL: "http://localhost:5000/v2/net-monitor/blobs/uploads/" 
DEBU[2022-12-02T13:10:25+08:00]  Request method: "POST"                      
DEBU[2022-12-02T13:10:25+08:00]  Request headers:                            
DEBU[2022-12-02T13:10:25+08:00]    "User-Agent": "notation/v0.12.0-beta.1+unreleased" 
DEBU[2022-12-02T13:10:25+08:00]  Response Status: "202 Accepted"             
DEBU[2022-12-02T13:10:25+08:00]  Response headers:                           
DEBU[2022-12-02T13:10:25+08:00]    "Docker-Distribution-Api-Version": "registry/2.0" 
DEBU[2022-12-02T13:10:25+08:00]    "Docker-Upload-Uuid": "97835b52-8e9c-4f35-82d8-8e19b434a738" 
DEBU[2022-12-02T13:10:25+08:00]    "Location": "http://localhost:5000/v2/net-monitor/blobs/uploads/97835b52-8e9c-4f35-82d8-8e19b434a738?_state=LU0rqXS4CRHkO8Y3wL1-YxFRn2rqX55hlt9cI7NwYB97Ik5hbWUiOiJuZXQtbW9uaXRvciIsIlVVSUQiOiI5NzgzNWI1Mi04ZTljLTRmMzUtODJkOC04ZTE5YjQzNGE3MzgiLCJPZmZzZXQiOjAsIlN0YXJ0ZWRBdCI6IjIwMjItMTItMDJUMDU6MTA6MjUuNjg2OTgxNDg0WiJ9" 
DEBU[2022-12-02T13:10:25+08:00]    "Range": "0-0"                            
DEBU[2022-12-02T13:10:25+08:00]    "X-Content-Type-Options": "nosniff"       
DEBU[2022-12-02T13:10:25+08:00]    "Date": "Fri, 02 Dec 2022 05:10:25 GMT"   
DEBU[2022-12-02T13:10:25+08:00]    "Content-Length": "0"                     
DEBU[2022-12-02T13:10:25+08:00]  Request URL: "http://localhost:5000/v2/net-monitor/blobs/uploads/97835b52-8e9c-4f35-82d8-8e19b434a738?_state=LU0rqXS4CRHkO8Y3wL1-YxFRn2rqX55hlt9cI7NwYB97Ik5hbWUiOiJuZXQtbW9uaXRvciIsIlVVSUQiOiI5NzgzNWI1Mi04ZTljLTRmMzUtODJkOC04ZTE5YjQzNGE3MzgiLCJPZmZzZXQiOjAsIlN0YXJ0ZWRBdCI6IjIwMjItMTItMDJUMDU6MTA6MjUuNjg2OTgxNDg0WiJ9&digest=sha256%3A472efea7f2acae601d8f052ff89fdd9cbe66a172cb0f8ddf2f1396b99d07fd38" 
DEBU[2022-12-02T13:10:25+08:00]  Request method: "PUT"                       
DEBU[2022-12-02T13:10:25+08:00]  Request headers:                            
DEBU[2022-12-02T13:10:25+08:00]    "Content-Type": "application/octet-stream" 
DEBU[2022-12-02T13:10:25+08:00]    "User-Agent": "notation/v0.12.0-beta.1+unreleased" 
DEBU[2022-12-02T13:10:25+08:00]  Response Status: "201 Created"              
DEBU[2022-12-02T13:10:25+08:00]  Response headers:                           
DEBU[2022-12-02T13:10:25+08:00]    "Content-Length": "0"                     
DEBU[2022-12-02T13:10:25+08:00]    "Docker-Content-Digest": "sha256:472efea7f2acae601d8f052ff89fdd9cbe66a172cb0f8ddf2f1396b99d07fd38" 
DEBU[2022-12-02T13:10:25+08:00]    "Docker-Distribution-Api-Version": "registry/2.0" 
DEBU[2022-12-02T13:10:25+08:00]    "Location": "http://localhost:5000/v2/net-monitor/blobs/sha256:472efea7f2acae601d8f052ff89fdd9cbe66a172cb0f8ddf2f1396b99d07fd38" 
DEBU[2022-12-02T13:10:25+08:00]    "X-Content-Type-Options": "nosniff"       
DEBU[2022-12-02T13:10:25+08:00]    "Date": "Fri, 02 Dec 2022 05:10:25 GMT"   
DEBU[2022-12-02T13:10:25+08:00]  Request URL: "http://localhost:5000/v2/net-monitor/manifests/sha256:117f4c3c03f228776cdf9727f7ce77c75f95a98d9fa7a22455f30c8639f4ed4e" 
DEBU[2022-12-02T13:10:25+08:00]  Request method: "PUT"                       
DEBU[2022-12-02T13:10:25+08:00]  Request headers:                            
DEBU[2022-12-02T13:10:25+08:00]    "Content-Type": "application/vnd.oci.artifact.manifest.v1+json" 
DEBU[2022-12-02T13:10:25+08:00]    "User-Agent": "notation/v0.12.0-beta.1+unreleased" 
DEBU[2022-12-02T13:10:25+08:00]  Response Status: "201 Created"              
DEBU[2022-12-02T13:10:25+08:00]  Response headers:                           
DEBU[2022-12-02T13:10:25+08:00]    "Docker-Content-Digest": "sha256:117f4c3c03f228776cdf9727f7ce77c75f95a98d9fa7a22455f30c8639f4ed4e" 
DEBU[2022-12-02T13:10:25+08:00]    "Docker-Distribution-Api-Version": "registry/2.0" 
DEBU[2022-12-02T13:10:25+08:00]    "Location": "http://localhost:5000/v2/net-monitor/manifests/sha256:117f4c3c03f228776cdf9727f7ce77c75f95a98d9fa7a22455f30c8639f4ed4e" 
DEBU[2022-12-02T13:10:25+08:00]    "X-Content-Type-Options": "nosniff"       
DEBU[2022-12-02T13:10:25+08:00]    "Date": "Fri, 02 Dec 2022 05:10:25 GMT"   
DEBU[2022-12-02T13:10:25+08:00]    "Content-Length": "0"                     
DEBU[2022-12-02T13:10:25+08:00]  Request URL: "http://localhost:5000/v2/net-monitor/referrers/sha256:0000000000000000000000000000000000000000000000000000000000000000" 
DEBU[2022-12-02T13:10:25+08:00]  Request method: "GET"                       
DEBU[2022-12-02T13:10:25+08:00]  Request headers:                            
DEBU[2022-12-02T13:10:25+08:00]    "User-Agent": "notation/v0.12.0-beta.1+unreleased" 
DEBU[2022-12-02T13:10:25+08:00]  Response Status: "404 Not Found"            
DEBU[2022-12-02T13:10:25+08:00]  Response headers:                           
DEBU[2022-12-02T13:10:25+08:00]    "Content-Type": "text/plain; charset=utf-8" 
DEBU[2022-12-02T13:10:25+08:00]    "Docker-Distribution-Api-Version": "registry/2.0" 
DEBU[2022-12-02T13:10:25+08:00]    "X-Content-Type-Options": "nosniff"       
DEBU[2022-12-02T13:10:25+08:00]    "Date": "Fri, 02 Dec 2022 05:10:25 GMT"   
DEBU[2022-12-02T13:10:25+08:00]    "Content-Length": "19"                    
DEBU[2022-12-02T13:10:25+08:00]  Request URL: "http://localhost:5000/v2/net-monitor/manifests/sha256-cd5eef6b6a6750c9850a8d7b1a5435f35f1a1808d66c74e265f6b7ec290bea47" 
DEBU[2022-12-02T13:10:25+08:00]  Request method: "GET"                       
DEBU[2022-12-02T13:10:25+08:00]  Request headers:                            
DEBU[2022-12-02T13:10:25+08:00]    "Accept": "application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.list.v2+json, application/vnd.oci.image.manifest.v1+json, application/vnd.oci.image.index.v1+json, application/vnd.oci.artifact.manifest.v1+json" 
DEBU[2022-12-02T13:10:25+08:00]    "User-Agent": "notation/v0.12.0-beta.1+unreleased" 
DEBU[2022-12-02T13:10:25+08:00]  Response Status: "200 OK"                   
DEBU[2022-12-02T13:10:25+08:00]  Response headers:                           
DEBU[2022-12-02T13:10:25+08:00]    "Docker-Content-Digest": "sha256:829256e18b2ee0980a39a2ff86182c8459303b15b676b00dc7006e123e7599ee" 
DEBU[2022-12-02T13:10:25+08:00]    "Docker-Distribution-Api-Version": "registry/2.0" 
DEBU[2022-12-02T13:10:25+08:00]    "Etag": "\"sha256:829256e18b2ee0980a39a2ff86182c8459303b15b676b00dc7006e123e7599ee\"" 
DEBU[2022-12-02T13:10:25+08:00]    "X-Content-Type-Options": "nosniff"       
DEBU[2022-12-02T13:10:25+08:00]    "Date": "Fri, 02 Dec 2022 05:10:25 GMT"   
DEBU[2022-12-02T13:10:25+08:00]    "Content-Length": "901"                   
DEBU[2022-12-02T13:10:25+08:00]    "Content-Type": "application/vnd.oci.image.index.v1+json" 
DEBU[2022-12-02T13:10:25+08:00]  Request URL: "http://localhost:5000/v2/net-monitor/manifests/sha256-cd5eef6b6a6750c9850a8d7b1a5435f35f1a1808d66c74e265f6b7ec290bea47" 
DEBU[2022-12-02T13:10:25+08:00]  Request method: "PUT"                       
DEBU[2022-12-02T13:10:25+08:00]  Request headers:                            
DEBU[2022-12-02T13:10:25+08:00]    "Content-Type": "application/vnd.oci.image.index.v1+json" 
DEBU[2022-12-02T13:10:25+08:00]    "User-Agent": "notation/v0.12.0-beta.1+unreleased" 
DEBU[2022-12-02T13:10:25+08:00]  Response Status: "201 Created"              
DEBU[2022-12-02T13:10:25+08:00]  Response headers:                           
DEBU[2022-12-02T13:10:25+08:00]    "X-Content-Type-Options": "nosniff"       
DEBU[2022-12-02T13:10:25+08:00]    "Date": "Fri, 02 Dec 2022 05:10:25 GMT"   
DEBU[2022-12-02T13:10:25+08:00]    "Content-Length": "0"                     
DEBU[2022-12-02T13:10:25+08:00]    "Docker-Content-Digest": "sha256:490010607becd94467b45783303458b5b1533bcc17a813dbaf60a4f4aa96f582" 
DEBU[2022-12-02T13:10:25+08:00]    "Docker-Distribution-Api-Version": "registry/2.0" 
DEBU[2022-12-02T13:10:25+08:00]    "Location": "http://localhost:5000/v2/net-monitor/manifests/sha256:490010607becd94467b45783303458b5b1533bcc17a813dbaf60a4f4aa96f582" 
DEBU[2022-12-02T13:10:25+08:00]  Request URL: "http://localhost:5000/v2/net-monitor/manifests/sha256:829256e18b2ee0980a39a2ff86182c8459303b15b676b00dc7006e123e7599ee" 
DEBU[2022-12-02T13:10:25+08:00]  Request method: "DELETE"                    
DEBU[2022-12-02T13:10:25+08:00]  Request headers:                            
DEBU[2022-12-02T13:10:25+08:00]    "User-Agent": "notation/v0.12.0-beta.1+unreleased" 
DEBU[2022-12-02T13:10:25+08:00]  Response Status: "202 Accepted"             
DEBU[2022-12-02T13:10:25+08:00]  Response headers:                           
DEBU[2022-12-02T13:10:25+08:00]    "Docker-Distribution-Api-Version": "registry/2.0" 
DEBU[2022-12-02T13:10:25+08:00]    "X-Content-Type-Options": "nosniff"       
DEBU[2022-12-02T13:10:25+08:00]    "Date": "Fri, 02 Dec 2022 05:10:25 GMT"   
DEBU[2022-12-02T13:10:25+08:00]    "Content-Length": "0"                     
sha256:cd5eef6b6a6750c9850a8d7b1a5435f35f1a1808d66c74e265f6b7ec290bea47
```
## verify ## 
```
➜  ./notation verify $IMAGE       
Warning: Always sign the artifact using digest(`@sha256:...`) rather than a tag(`:v1`) because tags are mutable and a tag reference can point to a different artifact than the one signed
Resolved artifact tag `v1` to digest `sha256:cd5eef6b6a6750c9850a8d7b1a5435f35f1a1808d66c74e265f6b7ec290bea47` before signing
Error: signature verification failed

➜  ./notation verify $IMAGE -v
Warning: Always sign the artifact using digest(`@sha256:...`) rather than a tag(`:v1`) because tags are mutable and a tag reference can point to a different artifact than the one signed
Resolved artifact tag `v1` to digest `sha256:cd5eef6b6a6750c9850a8d7b1a5435f35f1a1808d66c74e265f6b7ec290bea47` before signing
INFO passing a nil signature to check 'skip' level 
ERRO integrity validation failed. Failure reason: unable to parse the digital signature, error : signature envelope format with media type "" is not supported 
INFO check over. not 'skip' level                 
INFO processing signature with digest: sha256:6e0a5084fc479f071a51cb11518f70b795a9f160ae62851dd34d821e3c7b371a 
ERRO expiry validation failed. Failure reason: digital signature has expired on "Fri, 02 Dec 2022 13:09:58 +0800" 
INFO processing signature with digest: sha256:74bd7d7fb3a0a9a26e542a0849c5c6f803b5a8f53c7d02a1d2471b8f4ec808e0 
ERRO expiry validation failed. Failure reason: digital signature has expired on "Fri, 02 Dec 2022 13:10:04 +0800" 
INFO processing signature with digest: sha256:117f4c3c03f228776cdf9727f7ce77c75f95a98d9fa7a22455f30c8639f4ed4e 
ERRO expiry validation failed. Failure reason: digital signature has expired on "Fri, 02 Dec 2022 13:10:26 +0800" 
Error: signature verification failed

➜  ./notation verify $IMAGE -d
Warning: Always sign the artifact using digest(`@sha256:...`) rather than a tag(`:v1`) because tags are mutable and a tag reference can point to a different artifact than the one signed
Resolved artifact tag `v1` to digest `sha256:cd5eef6b6a6750c9850a8d7b1a5435f35f1a1808d66c74e265f6b7ec290bea47` before signing
INFO[2022-12-02T13:14:39+08:00] passing a nil signature to check 'skip' level 
DEBU[2022-12-02T13:14:39+08:00] verify signature against artifact  referenced as localhost:5000/net-monitor@sha256:cd5eef6b6a6750c9850a8d7b1a5435f35f1a1808d66c74e265f6b7ec290bea47 
DEBU[2022-12-02T13:14:39+08:00] verification level: &{Name:strict Enforcement:map[authenticTimestamp:enforce authenticity:enforce expiry:enforce integrity:enforce revocation:enforce]} 
ERRO[2022-12-02T13:14:39+08:00] integrity validation failed. Failure reason: unable to parse the digital signature, error : signature envelope format with media type "" is not supported 
INFO[2022-12-02T13:14:39+08:00] check over. not 'skip' level                 
DEBU[2022-12-02T13:14:39+08:00]  Request URL: "http://localhost:5000/v2/net-monitor/manifests/sha256:cd5eef6b6a6750c9850a8d7b1a5435f35f1a1808d66c74e265f6b7ec290bea47" 
DEBU[2022-12-02T13:14:39+08:00]  Request method: "HEAD"                      
DEBU[2022-12-02T13:14:39+08:00]  Request headers:                            
DEBU[2022-12-02T13:14:39+08:00]    "User-Agent": "notation/v0.12.0-beta.1+unreleased" 
DEBU[2022-12-02T13:14:39+08:00]    "Accept": "application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.list.v2+json, application/vnd.oci.image.manifest.v1+json, application/vnd.oci.image.index.v1+json, application/vnd.oci.artifact.manifest.v1+json" 
DEBU[2022-12-02T13:14:39+08:00]  Response Status: "200 OK"                   
DEBU[2022-12-02T13:14:39+08:00]  Response headers:                           
DEBU[2022-12-02T13:14:39+08:00]    "Etag": "\"sha256:cd5eef6b6a6750c9850a8d7b1a5435f35f1a1808d66c74e265f6b7ec290bea47\"" 
DEBU[2022-12-02T13:14:39+08:00]    "X-Content-Type-Options": "nosniff"       
DEBU[2022-12-02T13:14:39+08:00]    "Date": "Fri, 02 Dec 2022 05:14:39 GMT"   
DEBU[2022-12-02T13:14:39+08:00]    "Content-Length": "942"                   
DEBU[2022-12-02T13:14:39+08:00]    "Content-Type": "application/vnd.docker.distribution.manifest.v2+json" 
DEBU[2022-12-02T13:14:39+08:00]    "Docker-Content-Digest": "sha256:cd5eef6b6a6750c9850a8d7b1a5435f35f1a1808d66c74e265f6b7ec290bea47" 
DEBU[2022-12-02T13:14:39+08:00]    "Docker-Distribution-Api-Version": "registry/2.0" 
DEBU[2022-12-02T13:14:39+08:00] fetch signature manifest                     
DEBU[2022-12-02T13:14:39+08:00]  Request URL: "http://localhost:5000/v2/net-monitor/referrers/sha256:cd5eef6b6a6750c9850a8d7b1a5435f35f1a1808d66c74e265f6b7ec290bea47?artifactType=application%2Fvnd.cncf.notary.v2.signature" 
DEBU[2022-12-02T13:14:39+08:00]  Request method: "GET"                       
DEBU[2022-12-02T13:14:39+08:00]  Request headers:                            
DEBU[2022-12-02T13:14:39+08:00]    "User-Agent": "notation/v0.12.0-beta.1+unreleased" 
DEBU[2022-12-02T13:14:39+08:00]  Response Status: "404 Not Found"            
DEBU[2022-12-02T13:14:39+08:00]  Response headers:                           
DEBU[2022-12-02T13:14:39+08:00]    "Content-Type": "text/plain; charset=utf-8" 
DEBU[2022-12-02T13:14:39+08:00]    "Docker-Distribution-Api-Version": "registry/2.0" 
DEBU[2022-12-02T13:14:39+08:00]    "X-Content-Type-Options": "nosniff"       
DEBU[2022-12-02T13:14:39+08:00]    "Date": "Fri, 02 Dec 2022 05:14:39 GMT"   
DEBU[2022-12-02T13:14:39+08:00]    "Content-Length": "19"                    
DEBU[2022-12-02T13:14:39+08:00]  Request URL: "http://localhost:5000/v2/net-monitor/manifests/sha256-cd5eef6b6a6750c9850a8d7b1a5435f35f1a1808d66c74e265f6b7ec290bea47" 
DEBU[2022-12-02T13:14:39+08:00]  Request method: "GET"                       
DEBU[2022-12-02T13:14:39+08:00]  Request headers:                            
DEBU[2022-12-02T13:14:39+08:00]    "Accept": "application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.list.v2+json, application/vnd.oci.image.manifest.v1+json, application/vnd.oci.image.index.v1+json, application/vnd.oci.artifact.manifest.v1+json" 
DEBU[2022-12-02T13:14:39+08:00]    "User-Agent": "notation/v0.12.0-beta.1+unreleased" 
DEBU[2022-12-02T13:14:39+08:00]  Response Status: "200 OK"                   
DEBU[2022-12-02T13:14:39+08:00]  Response headers:                           
DEBU[2022-12-02T13:14:39+08:00]    "X-Content-Type-Options": "nosniff"       
DEBU[2022-12-02T13:14:39+08:00]    "Date": "Fri, 02 Dec 2022 05:14:39 GMT"   
DEBU[2022-12-02T13:14:39+08:00]    "Content-Length": "1308"                  
DEBU[2022-12-02T13:14:39+08:00]    "Content-Type": "application/vnd.oci.image.index.v1+json" 
DEBU[2022-12-02T13:14:39+08:00]    "Docker-Content-Digest": "sha256:490010607becd94467b45783303458b5b1533bcc17a813dbaf60a4f4aa96f582" 
DEBU[2022-12-02T13:14:39+08:00]    "Docker-Distribution-Api-Version": "registry/2.0" 
DEBU[2022-12-02T13:14:39+08:00]    "Etag": "\"sha256:490010607becd94467b45783303458b5b1533bcc17a813dbaf60a4f4aa96f582\"" 
INFO[2022-12-02T13:14:39+08:00] processing signature with digest: sha256:6e0a5084fc479f071a51cb11518f70b795a9f160ae62851dd34d821e3c7b371a 
DEBU[2022-12-02T13:14:39+08:00]  Request URL: "http://localhost:5000/v2/net-monitor/manifests/sha256:6e0a5084fc479f071a51cb11518f70b795a9f160ae62851dd34d821e3c7b371a" 
DEBU[2022-12-02T13:14:39+08:00]  Request method: "GET"                       
DEBU[2022-12-02T13:14:39+08:00]  Request headers:                            
DEBU[2022-12-02T13:14:39+08:00]    "Accept": "application/vnd.oci.artifact.manifest.v1+json" 
DEBU[2022-12-02T13:14:39+08:00]    "User-Agent": "notation/v0.12.0-beta.1+unreleased" 
DEBU[2022-12-02T13:14:39+08:00]  Response Status: "200 OK"                   
DEBU[2022-12-02T13:14:39+08:00]  Response headers:                           
DEBU[2022-12-02T13:14:39+08:00]    "Etag": "\"sha256:6e0a5084fc479f071a51cb11518f70b795a9f160ae62851dd34d821e3c7b371a\"" 
DEBU[2022-12-02T13:14:39+08:00]    "X-Content-Type-Options": "nosniff"       
DEBU[2022-12-02T13:14:39+08:00]    "Date": "Fri, 02 Dec 2022 05:14:39 GMT"   
DEBU[2022-12-02T13:14:39+08:00]    "Content-Length": "628"                   
DEBU[2022-12-02T13:14:39+08:00]    "Content-Type": "application/vnd.oci.artifact.manifest.v1+json" 
DEBU[2022-12-02T13:14:39+08:00]    "Docker-Content-Digest": "sha256:6e0a5084fc479f071a51cb11518f70b795a9f160ae62851dd34d821e3c7b371a" 
DEBU[2022-12-02T13:14:39+08:00]    "Docker-Distribution-Api-Version": "registry/2.0" 
DEBU[2022-12-02T13:14:39+08:00]  Request URL: "http://localhost:5000/v2/net-monitor/blobs/sha256:9e27c57b266d8bcd206a90af96dba94a6c2d9ac8fe93d47979aaf7ce47a34f68" 
DEBU[2022-12-02T13:14:39+08:00]  Request method: "GET"                       
DEBU[2022-12-02T13:14:39+08:00]  Request headers:                            
DEBU[2022-12-02T13:14:39+08:00]    "Range": "bytes=0-2220"                   
DEBU[2022-12-02T13:14:39+08:00]    "User-Agent": "notation/v0.12.0-beta.1+unreleased" 
DEBU[2022-12-02T13:14:39+08:00]  Response Status: "206 Partial Content"      
DEBU[2022-12-02T13:14:39+08:00]  Response headers:                           
DEBU[2022-12-02T13:14:39+08:00]    "Content-Length": "2221"                  
DEBU[2022-12-02T13:14:39+08:00]    "Content-Range": "bytes 0-2220/2221"      
DEBU[2022-12-02T13:14:39+08:00]    "Docker-Distribution-Api-Version": "registry/2.0" 
DEBU[2022-12-02T13:14:39+08:00]    "X-Content-Type-Options": "nosniff"       
DEBU[2022-12-02T13:14:39+08:00]    "Date": "Fri, 02 Dec 2022 05:14:39 GMT"   
DEBU[2022-12-02T13:14:39+08:00]    "Accept-Ranges": "bytes"                  
DEBU[2022-12-02T13:14:39+08:00]    "Cache-Control": "max-age=31536000"       
DEBU[2022-12-02T13:14:39+08:00]    "Content-Type": "application/octet-stream" 
DEBU[2022-12-02T13:14:39+08:00]    "Docker-Content-Digest": "sha256:9e27c57b266d8bcd206a90af96dba94a6c2d9ac8fe93d47979aaf7ce47a34f68" 
DEBU[2022-12-02T13:14:39+08:00]    "Etag": "\"sha256:9e27c57b266d8bcd206a90af96dba94a6c2d9ac8fe93d47979aaf7ce47a34f68\"" 
DEBU[2022-12-02T13:14:39+08:00] verify signature against artifact sha256:cd5eef6b6a6750c9850a8d7b1a5435f35f1a1808d66c74e265f6b7ec290bea47 referenced as localhost:5000/net-monitor@sha256:cd5eef6b6a6750c9850a8d7b1a5435f35f1a1808d66c74e265f6b7ec290bea47 
DEBU[2022-12-02T13:14:39+08:00] verification level: &{Name:strict Enforcement:map[authenticTimestamp:enforce authenticity:enforce expiry:enforce integrity:enforce revocation:enforce]} 
DEBU[2022-12-02T13:14:39+08:00] verify cert chain                            
DEBU[2022-12-02T13:14:39+08:00] verify trust identity                        
DEBU[2022-12-02T13:14:39+08:00] verify expiry                                
ERRO[2022-12-02T13:14:39+08:00] expiry validation failed. Failure reason: digital signature has expired on "Fri, 02 Dec 2022 13:09:58 +0800" 
INFO[2022-12-02T13:14:39+08:00] processing signature with digest: sha256:74bd7d7fb3a0a9a26e542a0849c5c6f803b5a8f53c7d02a1d2471b8f4ec808e0 
DEBU[2022-12-02T13:14:39+08:00]  Request URL: "http://localhost:5000/v2/net-monitor/manifests/sha256:74bd7d7fb3a0a9a26e542a0849c5c6f803b5a8f53c7d02a1d2471b8f4ec808e0" 
DEBU[2022-12-02T13:14:39+08:00]  Request method: "GET"                       
DEBU[2022-12-02T13:14:39+08:00]  Request headers:                            
DEBU[2022-12-02T13:14:39+08:00]    "Accept": "application/vnd.oci.artifact.manifest.v1+json" 
DEBU[2022-12-02T13:14:39+08:00]    "User-Agent": "notation/v0.12.0-beta.1+unreleased" 
DEBU[2022-12-02T13:14:39+08:00]  Response Status: "200 OK"                   
DEBU[2022-12-02T13:14:39+08:00]  Response headers:                           
DEBU[2022-12-02T13:14:39+08:00]    "Content-Type": "application/vnd.oci.artifact.manifest.v1+json" 
DEBU[2022-12-02T13:14:39+08:00]    "Docker-Content-Digest": "sha256:74bd7d7fb3a0a9a26e542a0849c5c6f803b5a8f53c7d02a1d2471b8f4ec808e0" 
DEBU[2022-12-02T13:14:39+08:00]    "Docker-Distribution-Api-Version": "registry/2.0" 
DEBU[2022-12-02T13:14:39+08:00]    "Etag": "\"sha256:74bd7d7fb3a0a9a26e542a0849c5c6f803b5a8f53c7d02a1d2471b8f4ec808e0\"" 
DEBU[2022-12-02T13:14:39+08:00]    "X-Content-Type-Options": "nosniff"       
DEBU[2022-12-02T13:14:39+08:00]    "Date": "Fri, 02 Dec 2022 05:14:39 GMT"   
DEBU[2022-12-02T13:14:39+08:00]    "Content-Length": "628"                   
DEBU[2022-12-02T13:14:39+08:00]  Request URL: "http://localhost:5000/v2/net-monitor/blobs/sha256:b804160dff6d263d918c4ec4088876a325f4b59f003c0eaba55fd71419f73557" 
DEBU[2022-12-02T13:14:39+08:00]  Request method: "GET"                       
DEBU[2022-12-02T13:14:39+08:00]  Request headers:                            
DEBU[2022-12-02T13:14:39+08:00]    "Range": "bytes=0-2220"                   
DEBU[2022-12-02T13:14:39+08:00]    "User-Agent": "notation/v0.12.0-beta.1+unreleased" 
DEBU[2022-12-02T13:14:39+08:00]  Response Status: "206 Partial Content"      
DEBU[2022-12-02T13:14:39+08:00]  Response headers:                           
DEBU[2022-12-02T13:14:39+08:00]    "Accept-Ranges": "bytes"                  
DEBU[2022-12-02T13:14:39+08:00]    "Cache-Control": "max-age=31536000"       
DEBU[2022-12-02T13:14:39+08:00]    "Content-Length": "2221"                  
DEBU[2022-12-02T13:14:39+08:00]    "Docker-Content-Digest": "sha256:b804160dff6d263d918c4ec4088876a325f4b59f003c0eaba55fd71419f73557" 
DEBU[2022-12-02T13:14:39+08:00]    "Etag": "\"sha256:b804160dff6d263d918c4ec4088876a325f4b59f003c0eaba55fd71419f73557\"" 
DEBU[2022-12-02T13:14:39+08:00]    "Date": "Fri, 02 Dec 2022 05:14:39 GMT"   
DEBU[2022-12-02T13:14:39+08:00]    "Content-Range": "bytes 0-2220/2221"      
DEBU[2022-12-02T13:14:39+08:00]    "Content-Type": "application/octet-stream" 
DEBU[2022-12-02T13:14:39+08:00]    "Docker-Distribution-Api-Version": "registry/2.0" 
DEBU[2022-12-02T13:14:39+08:00]    "X-Content-Type-Options": "nosniff"       
DEBU[2022-12-02T13:14:39+08:00] verify signature against artifact sha256:cd5eef6b6a6750c9850a8d7b1a5435f35f1a1808d66c74e265f6b7ec290bea47 referenced as localhost:5000/net-monitor@sha256:cd5eef6b6a6750c9850a8d7b1a5435f35f1a1808d66c74e265f6b7ec290bea47 
DEBU[2022-12-02T13:14:39+08:00] verification level: &{Name:strict Enforcement:map[authenticTimestamp:enforce authenticity:enforce expiry:enforce integrity:enforce revocation:enforce]} 
DEBU[2022-12-02T13:14:39+08:00] verify cert chain                            
DEBU[2022-12-02T13:14:39+08:00] verify trust identity                        
DEBU[2022-12-02T13:14:39+08:00] verify expiry                                
ERRO[2022-12-02T13:14:39+08:00] expiry validation failed. Failure reason: digital signature has expired on "Fri, 02 Dec 2022 13:10:04 +0800" 
INFO[2022-12-02T13:14:39+08:00] processing signature with digest: sha256:117f4c3c03f228776cdf9727f7ce77c75f95a98d9fa7a22455f30c8639f4ed4e 
DEBU[2022-12-02T13:14:39+08:00]  Request URL: "http://localhost:5000/v2/net-monitor/manifests/sha256:117f4c3c03f228776cdf9727f7ce77c75f95a98d9fa7a22455f30c8639f4ed4e" 
DEBU[2022-12-02T13:14:39+08:00]  Request method: "GET"                       
DEBU[2022-12-02T13:14:39+08:00]  Request headers:                            
DEBU[2022-12-02T13:14:39+08:00]    "Accept": "application/vnd.oci.artifact.manifest.v1+json" 
DEBU[2022-12-02T13:14:39+08:00]    "User-Agent": "notation/v0.12.0-beta.1+unreleased" 
DEBU[2022-12-02T13:14:39+08:00]  Response Status: "200 OK"                   
DEBU[2022-12-02T13:14:39+08:00]  Response headers:                           
DEBU[2022-12-02T13:14:39+08:00]    "Docker-Distribution-Api-Version": "registry/2.0" 
DEBU[2022-12-02T13:14:39+08:00]    "Etag": "\"sha256:117f4c3c03f228776cdf9727f7ce77c75f95a98d9fa7a22455f30c8639f4ed4e\"" 
DEBU[2022-12-02T13:14:39+08:00]    "X-Content-Type-Options": "nosniff"       
DEBU[2022-12-02T13:14:39+08:00]    "Date": "Fri, 02 Dec 2022 05:14:39 GMT"   
DEBU[2022-12-02T13:14:39+08:00]    "Content-Length": "628"                   
DEBU[2022-12-02T13:14:39+08:00]    "Content-Type": "application/vnd.oci.artifact.manifest.v1+json" 
DEBU[2022-12-02T13:14:39+08:00]    "Docker-Content-Digest": "sha256:117f4c3c03f228776cdf9727f7ce77c75f95a98d9fa7a22455f30c8639f4ed4e" 
DEBU[2022-12-02T13:14:39+08:00]  Request URL: "http://localhost:5000/v2/net-monitor/blobs/sha256:472efea7f2acae601d8f052ff89fdd9cbe66a172cb0f8ddf2f1396b99d07fd38" 
DEBU[2022-12-02T13:14:39+08:00]  Request method: "GET"                       
DEBU[2022-12-02T13:14:39+08:00]  Request headers:                            
DEBU[2022-12-02T13:14:39+08:00]    "Range": "bytes=0-2220"                   
DEBU[2022-12-02T13:14:39+08:00]    "User-Agent": "notation/v0.12.0-beta.1+unreleased" 
DEBU[2022-12-02T13:14:39+08:00]  Response Status: "206 Partial Content"      
DEBU[2022-12-02T13:14:39+08:00]  Response headers:                           
DEBU[2022-12-02T13:14:39+08:00]    "Content-Range": "bytes 0-2220/2221"      
DEBU[2022-12-02T13:14:39+08:00]    "Docker-Content-Digest": "sha256:472efea7f2acae601d8f052ff89fdd9cbe66a172cb0f8ddf2f1396b99d07fd38" 
DEBU[2022-12-02T13:14:39+08:00]    "Docker-Distribution-Api-Version": "registry/2.0" 
DEBU[2022-12-02T13:14:39+08:00]    "X-Content-Type-Options": "nosniff"       
DEBU[2022-12-02T13:14:39+08:00]    "Date": "Fri, 02 Dec 2022 05:14:39 GMT"   
DEBU[2022-12-02T13:14:39+08:00]    "Accept-Ranges": "bytes"                  
DEBU[2022-12-02T13:14:39+08:00]    "Content-Length": "2221"                  
DEBU[2022-12-02T13:14:39+08:00]    "Etag": "\"sha256:472efea7f2acae601d8f052ff89fdd9cbe66a172cb0f8ddf2f1396b99d07fd38\"" 
DEBU[2022-12-02T13:14:39+08:00]    "Cache-Control": "max-age=31536000"       
DEBU[2022-12-02T13:14:39+08:00]    "Content-Type": "application/octet-stream" 
DEBU[2022-12-02T13:14:39+08:00] verify signature against artifact sha256:cd5eef6b6a6750c9850a8d7b1a5435f35f1a1808d66c74e265f6b7ec290bea47 referenced as localhost:5000/net-monitor@sha256:cd5eef6b6a6750c9850a8d7b1a5435f35f1a1808d66c74e265f6b7ec290bea47 
DEBU[2022-12-02T13:14:39+08:00] verification level: &{Name:strict Enforcement:map[authenticTimestamp:enforce authenticity:enforce expiry:enforce integrity:enforce revocation:enforce]} 
DEBU[2022-12-02T13:14:39+08:00] verify cert chain                            
DEBU[2022-12-02T13:14:39+08:00] verify trust identity                        
DEBU[2022-12-02T13:14:39+08:00] verify expiry                                
ERRO[2022-12-02T13:14:39+08:00] expiry validation failed. Failure reason: digital signature has expired on "Fri, 02 Dec 2022 13:10:26 +0800" 
DEBU[2022-12-02T13:14:39+08:00] Signature verification failed for all the signatures associated with digest sha256:cd5eef6b6a6750c9850a8d7b1a5435f35f1a1808d66c74e265f6b7ec290bea47 
Error: signature verification failed
```

> warning logs for successful verification will added in
notaryproject/notation#450 By Patrick

Signed-off-by: Junjie Gao <junjiegao@microsoft.com>
updated dependencies
c28e2ab 
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
shizhMSFT
shizhMSFT approved these changes Dec 5, 2022
View reviewed changes
Copy link
Contributor

@shizhMSFT shizhMSFT left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

update
e21c8ee 
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
shizhMSFT
shizhMSFT approved these changes Dec 5, 2022
View reviewed changes
Copy link
Contributor

@shizhMSFT shizhMSFT left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

priteshbandi
priteshbandi approved these changes Dec 5, 2022
View reviewed changes
Copy link
Contributor

@priteshbandi priteshbandi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@shizhMSFT shizhMSFT merged commit 767f8ae into notaryproject:main Dec 5, 2022
@patrickzheng200 patrickzheng200 deleted the tag_to_digest branch December 5, 2022 05:44
7h3-3mp7y-m4n pushed a commit to 7h3-3mp7y-m4n/notation that referenced this pull request Mar 29, 2025
@7h3-3mp7y-m4n
update: updated CLI outputs of sign/verification (notaryproject#450)
10cd6aa 
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
FeynmanZhou pushed a commit to FeynmanZhou/notation that referenced this pull request May 15, 2025
@FeynmanZhou
update: updated CLI outputs of sign/verification (notaryproject#450)
6942905 
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@FeynmanZhou FeynmanZhou FeynmanZhou left review comments

@rgnote rgnote rgnote approved these changes

@priteshbandi priteshbandi priteshbandi approved these changes

@shizhMSFT shizhMSFT shizhMSFT approved these changes

@JeyJeyGao JeyJeyGao Awaiting requested review from JeyJeyGao

@yizha1 yizha1 Awaiting requested review from yizha1 yizha1 is a code owner

Assignees

@patrickzheng200 patrickzheng200

Labels

None yet

Projects

None yet

Milestone

RC-1

Development

Successfully merging this pull request may close these issues.

UX: Improve the help doc and output for verification UX: Improve the output for a successful signing

7 participants

@patrickzheng200 @codecov-commenter @rgnote @priteshbandi @shizhMSFT @FeynmanZhou @yizha1