From 1e7380ab22c57d9feb9098b5827d07e504ceeedd Mon Sep 17 00:00:00 2001 From: Patrick Zheng Date: Thu, 6 Apr 2023 14:08:55 +0800 Subject: [PATCH 1/4] added warning for dangling referrers index deletion Signed-off-by: Patrick Zheng --- cmd/notation/sign.go | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/cmd/notation/sign.go b/cmd/notation/sign.go index 7567b4949..81fe922c0 100644 --- a/cmd/notation/sign.go +++ b/cmd/notation/sign.go @@ -5,6 +5,7 @@ import ( "errors" "fmt" "os" + "strings" "time" "github.com/notaryproject/notation-go" @@ -18,8 +19,9 @@ import ( ) const ( - signatureManifestArtifact = "artifact" - signatureManifestImage = "image" + signatureManifestArtifact = "artifact" + signatureManifestImage = "image" + referrersTagSchemaDeleteError = "failed to delete dangling referrers index" ) var supportedSignatureManifest = []string{signatureManifestArtifact, signatureManifestImage} @@ -112,8 +114,16 @@ func runSign(command *cobra.Command, cmdOpts *signOpts) error { _, err = notation.Sign(ctx, signer, sigRepo, opts) if err != nil { var errorPushSignatureFailed notation.ErrorPushSignatureFailed - if errors.As(err, &errorPushSignatureFailed) && !ociImageManifest { - return fmt.Errorf("%v. Possible reason: target registry does not support OCI artifact manifest. Try removing the flag `--signature-manifest artifact` to store signatures using OCI image manifest", err) + if errors.As(err, &errorPushSignatureFailed) { + if !ociImageManifest { + return fmt.Errorf("%v. Possible reason: target registry does not support OCI artifact manifest. Try removing the flag `--signature-manifest artifact` to store signatures using OCI image manifest", err) + } + if strings.Contains(err.Error(), referrersTagSchemaDeleteError) { + // failed to delete dangling referrers index + fmt.Fprintln(os.Stderr, "Warning: failed to delete dangling referrers index, since this is an OCI v1.0 compliant registry and the deletion API is disabled by the registry.") + fmt.Println("Successfully signed", ref) + return nil + } } return err } From 4ae0f859712f178be2108c984512dc042ca137ed Mon Sep 17 00:00:00 2001 From: Patrick Zheng Date: Thu, 6 Apr 2023 14:11:08 +0800 Subject: [PATCH 2/4] update Signed-off-by: Patrick Zheng --- cmd/notation/sign.go | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/cmd/notation/sign.go b/cmd/notation/sign.go index 81fe922c0..98e5c5f26 100644 --- a/cmd/notation/sign.go +++ b/cmd/notation/sign.go @@ -19,11 +19,12 @@ import ( ) const ( - signatureManifestArtifact = "artifact" - signatureManifestImage = "image" - referrersTagSchemaDeleteError = "failed to delete dangling referrers index" + signatureManifestArtifact = "artifact" + signatureManifestImage = "image" ) +const referrersTagSchemaDeleteError = "failed to delete dangling referrers index" + var supportedSignatureManifest = []string{signatureManifestArtifact, signatureManifestImage} type signOpts struct { From ee4cb982eca74e1dc986eacf36dc92e70754e384 Mon Sep 17 00:00:00 2001 From: Patrick Zheng Date: Fri, 7 Apr 2023 13:49:07 +0800 Subject: [PATCH 3/4] updated per code review Signed-off-by: Patrick Zheng --- cmd/notation/sign.go | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/cmd/notation/sign.go b/cmd/notation/sign.go index 98e5c5f26..4285084b0 100644 --- a/cmd/notation/sign.go +++ b/cmd/notation/sign.go @@ -119,9 +119,10 @@ func runSign(command *cobra.Command, cmdOpts *signOpts) error { if !ociImageManifest { return fmt.Errorf("%v. Possible reason: target registry does not support OCI artifact manifest. Try removing the flag `--signature-manifest artifact` to store signatures using OCI image manifest", err) } - if strings.Contains(err.Error(), referrersTagSchemaDeleteError) { - // failed to delete dangling referrers index - fmt.Fprintln(os.Stderr, "Warning: failed to delete dangling referrers index, since this is an OCI v1.0 compliant registry and the deletion API is disabled by the registry.") + if _, after, found := strings.Cut(err.Error(), referrersTagSchemaDeleteError); found { + warnMsg := fmt.Sprintf("Warning: %s %s", referrersTagSchemaDeleteError, after) + fmt.Fprintln(os.Stderr, warnMsg) + // write out fmt.Println("Successfully signed", ref) return nil } From 4f7a677205cf7cc7da595437f3ecff36a16f7f83 Mon Sep 17 00:00:00 2001 From: Patrick Zheng Date: Mon, 10 Apr 2023 16:39:01 +0800 Subject: [PATCH 4/4] update Signed-off-by: Patrick Zheng --- cmd/notation/sign.go | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/cmd/notation/sign.go b/cmd/notation/sign.go index 4285084b0..96aa1356e 100644 --- a/cmd/notation/sign.go +++ b/cmd/notation/sign.go @@ -119,9 +119,8 @@ func runSign(command *cobra.Command, cmdOpts *signOpts) error { if !ociImageManifest { return fmt.Errorf("%v. Possible reason: target registry does not support OCI artifact manifest. Try removing the flag `--signature-manifest artifact` to store signatures using OCI image manifest", err) } - if _, after, found := strings.Cut(err.Error(), referrersTagSchemaDeleteError); found { - warnMsg := fmt.Sprintf("Warning: %s %s", referrersTagSchemaDeleteError, after) - fmt.Fprintln(os.Stderr, warnMsg) + if strings.Contains(err.Error(), referrersTagSchemaDeleteError) { + fmt.Fprintln(os.Stderr, "Warning: Removal of outdated referrers index is not supported by the remote registry. Garbage collection may be required.") // write out fmt.Println("Successfully signed", ref) return nil