Unclear Cosign Logging
Closed this issue · 1 comments
thebeanogamer commented
commands/build.rs
's check_cosign_files
has some logic errors in its logging I think.
match env::var(COSIGN_PRIVATE_KEY).ok() {
Some(cosign_priv_key) if !cosign_priv_key.is_empty() && Path::new(COSIGN_PATH).exists() => {
<Signing happens here>
}
_ => {
warn!("{COSIGN_PATH} doesn't exist, skipping cosign file check");
Ok(())
}
}
Even if the file on COSIGN_PATH
exists, if the COSIGN_PRIVATE_KEY
environment variable isn't set then the log message will say it doesn't exist.
This caused me some headaches whilst setting up container signing, but I'm happy to fix it myself. Just raising this issue so there's some tracking for it.
gmpinder commented
Yeah I think this should be better. I think instead we can fail right away if both the private and public key aren't available. I'll also add a --no-sign
flag to skip over this check and signing the image if the user want's to do it that way.