Cleanup image verification error handling

This diff removes a few early outs that caused errors to be unreported and
catches a missed error case for signature verification from libtrust. More work
needs to be done around ensuring consistent error handling but this is enough
to make the API work correctly.
This commit is contained in:
Stephen J Day 2014-12-01 16:13:01 -08:00
parent b73a6c1998
commit 8c7bec72b1

View file

@ -111,11 +111,13 @@ func (ms *manifestStore) verifyManifest(name, tag string, manifest *SignedManife
var errs ErrManifestVerification var errs ErrManifestVerification
if manifest.Name != name { if manifest.Name != name {
return fmt.Errorf("name does not match manifest name") // TODO(stevvooe): This needs to be an exported error
errs = append(errs, fmt.Errorf("name does not match manifest name"))
} }
if manifest.Tag != tag { if manifest.Tag != tag {
return fmt.Errorf("tag does not match manifest tag") // TODO(stevvooe): This needs to be an exported error.
errs = append(errs, fmt.Errorf("tag does not match manifest tag"))
} }
// TODO(stevvooe): These pubkeys need to be checked with either Verify or // TODO(stevvooe): These pubkeys need to be checked with either Verify or
@ -127,9 +129,13 @@ func (ms *manifestStore) verifyManifest(name, tag string, manifest *SignedManife
case libtrust.ErrMissingSignatureKey, libtrust.ErrInvalidJSONContent, libtrust.ErrMissingSignatureKey: case libtrust.ErrMissingSignatureKey, libtrust.ErrInvalidJSONContent, libtrust.ErrMissingSignatureKey:
errs = append(errs, ErrManifestUnverified{}) errs = append(errs, ErrManifestUnverified{})
default: default:
if err.Error() == "invalid signature" { // TODO(stevvooe): This should be exported by libtrust
errs = append(errs, ErrManifestUnverified{})
} else {
errs = append(errs, err) errs = append(errs, err)
} }
} }
}
for _, fsLayer := range manifest.FSLayers { for _, fsLayer := range manifest.FSLayers {
exists, err := ms.layerService.Exists(name, fsLayer.BlobSum) exists, err := ms.layerService.Exists(name, fsLayer.BlobSum)