Warning message is printed to stdout by CLI #1565

shizhMSFT · 2024-06-12T08:36:22Z

What happened in your environment?

After running

ratify verify -c config.json -s mcr.microsoft.com/oss/deislabs/ratify-base:v1.2.0 > log.json

the ratify CLI saves the following content to log.json.

Warning: Digest should be used instead of tagged reference. The resolved digest may not point to the same signed artifact, since tags are mutable.
{
  "verifierReports": [
    {
      "subject": "mcr.microsoft.com/oss/deislabs/ratify-base:v1.2.0",
      "referenceDigest": "sha256:664dbce8187af59ee9a156b10f1ae66c0ab74b2d356bcce6ae3bfbffc90ddcf2",
      "artifactType": "application/vnd.cncf.notary.signature",
      "verifierReports": [
        {
          "isSuccess": false,
          "message": "Original Error: (Original Error: (valid certificates must be provided, only CA certificates or self-signed signing certificates are supported), Error: verify plugin failure, Code: VERIFY_PLUGIN_FAILURE, Plugin Name: notation, Component Type: verifier, Documentation: https://ratify.dev/docs/troubleshoot/verifier/notation, Detail: failed to verify signature of digest), Error: verify reference failure, Code: VERIFY_REFERENCE_FAILURE, Plugin Name: notation, Component Type: verifier",
          "name": "notation",
          "extensions": null
        }
      ],
      "nestedReports": []
    },
    {
      "subject": "mcr.microsoft.com/oss/deislabs/ratify-base:v1.2.0",
      "referenceDigest": "sha256:6557162adb2a50ac98b52477ce8959858ba3bafbb94f346fcf764ac0c2aa8346",
      "artifactType": "application/vnd.in-toto+json",
      "verifierReports": [],
      "nestedReports": []
    },
    {
      "subject": "mcr.microsoft.com/oss/deislabs/ratify-base:v1.2.0",
      "referenceDigest": "sha256:f281be7185446aa5bd346b3ee859061c95199830cfd42ce289cda2994205076f",
      "artifactType": "application/spdx+json",
      "verifierReports": [],
      "nestedReports": [
        {
          "subject": "mcr.microsoft.com/oss/deislabs/ratify-base@sha256:f281be7185446aa5bd346b3ee859061c95199830cfd42ce289cda2994205076f",
          "referenceDigest": "sha256:9a330411e967bde20bd41702fa6cdb32ab27183f53cd3a17af3ebac41d3112b2",
          "artifactType": "application/vnd.cncf.notary.signature",
          "verifierReports": [
            {
              "isSuccess": false,
              "message": "Original Error: (Original Error: (valid certificates must be provided, only CA certificates or self-signed signing certificates are supported), Error: verify plugin failure, Code: VERIFY_PLUGIN_FAILURE, Plugin Name: notation, Component Type: verifier, Documentation: https://ratify.dev/docs/troubleshoot/verifier/notation, Detail: failed to verify signature of digest), Error: verify reference failure, Code: VERIFY_REFERENCE_FAILURE, Plugin Name: notation, Component Type: verifier",
              "name": "notation",
              "extensions": null
            }
          ],
          "nestedReports": []
        }
      ]
    },
    {
      "subject": "mcr.microsoft.com/oss/deislabs/ratify-base:v1.2.0",
      "referenceDigest": "sha256:ac86395350279f460c6bc08eb7875583c7365c423ebf9a7ac5a7a0f86f87924e",
      "artifactType": "application/spdx+json",
      "verifierReports": [],
      "nestedReports": [
        {
          "subject": "mcr.microsoft.com/oss/deislabs/ratify-base@sha256:ac86395350279f460c6bc08eb7875583c7365c423ebf9a7ac5a7a0f86f87924e",
          "referenceDigest": "sha256:d93c4208945899f65c50f03024892a6f106344a0759eb1168e43d497d1582e40",
          "artifactType": "application/vnd.cncf.notary.signature",
          "verifierReports": [
            {
              "isSuccess": false,
              "message": "Original Error: (Original Error: (valid certificates must be provided, only CA certificates or self-signed signing certificates are supported), Error: verify plugin failure, Code: VERIFY_PLUGIN_FAILURE, Plugin Name: notation, Component Type: verifier, Documentation: https://ratify.dev/docs/troubleshoot/verifier/notation, Detail: failed to verify signature of digest), Error: verify reference failure, Code: VERIFY_REFERENCE_FAILURE, Plugin Name: notation, Component Type: verifier",
              "name": "notation",
              "extensions": null
            }
          ],
          "nestedReports": []
        }
      ]
    }
  ]
}

As we can observe, log.json contains a warning line and thus it renders log.json not a JSON object.

What did you expect to happen?

Print the warning message in the stderr instead of stdout.

What version of Kubernetes are you running?

N/A

What version of Ratify are you running?

v1.2.0

Anything else you would like to add?

It is the ratify CLI, not running in k8s.

Are you willing to submit PRs to contribute to this bug fix?

Yes, I am willing to implement it.

The text was updated successfully, but these errors were encountered:

shizhMSFT added bug Something isn't working triage Needs investigation labels Jun 12, 2024

susanshi added this to the v1.3.0 milestone Jun 18, 2024

susanshi removed the triage Needs investigation label Jun 18, 2024

susanshi self-assigned this Jul 22, 2024

susanshi mentioned this issue Jul 30, 2024

fix: warning message is printed to stdout by CLI #1650

Merged

5 tasks

susanshi closed this as completed in #1650 Aug 1, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Warning message is printed to stdout by CLI #1565

Warning message is printed to stdout by CLI #1565

shizhMSFT commented Jun 12, 2024 •

edited

Loading

Warning message is printed to stdout by CLI #1565

Warning message is printed to stdout by CLI #1565

Comments

shizhMSFT commented Jun 12, 2024 • edited Loading

What happened in your environment?

What did you expect to happen?

What version of Kubernetes are you running?

What version of Ratify are you running?

Anything else you would like to add?

Are you willing to submit PRs to contribute to this bug fix?

shizhMSFT commented Jun 12, 2024 •

edited

Loading