Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Syft does not return the actual error message from Cosign when attestation with a private key fails #1527

Open
Nirusu opened this issue Jan 31, 2023 · 2 comments · May be fixed by #2582
Open

Syft does not return the actual error message from Cosign when attestation with a private key fails #1527

Nirusu opened this issue Jan 31, 2023 · 2 comments · May be fixed by #2582
Labels
bug Something isn't working

Comments

@Nirusu
Copy link
Contributor

Nirusu commented Jan 31, 2023
edited

Please provide a set of steps on how to reproduce the issue

syft attest --key cosign.key ghcr.io/edgelesssys/constellation/joinservice:v2.6.0-pre.0.20230131140552-27cae81bd7bc@sha256:cd33aacb5733f6cb7c9d9694a8d6c5337c78e019274ea1d531e25114f86b537b -o cyclonedx-json

What happened:
Syft fails with an error message that does not help debugging the actual issue.
(Works fine with Syft 0.65.0)

This is the output I get on my local machine (with a proper TTY):

syft attest --key cosign.key ghcr.io/edgelesssys/constellation/joinservice:v2.6.0-pre.0.20230131140552-27cae81bd7bc@sha256:cd33aacb5733f6cb7c9d9694a8d6c5337c78e019274ea1d531e25114f86b537b -o cyclonedx-json   

 ✔ Parsed image            
 ✔ Cataloged packages      [168 packages]
 ⠋ Creating attestation    [running cosign]
     ░░ Error: signing ghcr.io/edgelesssys/constellation/joinservice:v2.6.0-pre.0.20230131140552-27cae81bd7bc@sha256:cd33aacb5733f6cb7c9d9694a8d6c5337c78e019     ░░ main.go:62: error during command execution: signing ghcr.io/edgelesssys/constellation/joinservice:v2.6.0-pre.0.20230131140552-27cae81bd7bc@sha256:cd3
2023/01/31 15:22:22 error during command execution: 1 error occurred:
	* unable to attest SBOM: exit status 1

The output here seems to be truncated.

In a non-TTY environment (GitHub Actions), it's just:

syft attest --key cosign.key ghcr.io/edgelesssys/constellation/joinservice:v2.6.0-pre.0.20230131140552-27cae81bd7bc@sha256:cd33aacb5733f6cb7c9d9694a8d6c5337c78e019274ea1d531e25114f86b537b -o cyclonedx-json
2023/01/31 14:14:16 error during command execution: 1 error occurred:
	* unable to attest SBOM: exit status 1

Here, the error does not seem to be printed at all.

What you expected to happen:
Syft either passes or gives an actionable error message rather than just the exit code which, as for most Go tools, is almost always just "1" in case of an error.

Anything else we need to know?:
Not sure, feel free to ask.
Introduced with #1502 I suppose.

Environment:

  • Output of syft version:
Application:        syft
Version:            0.69.0
JsonSchemaVersion:  6.2.0
BuildDate:          2023-01-30T18:47:24Z
GitCommit:          b81c9805dcc9bf25dad7659fd9c2bbf7dd3f3d90
GitDescription:     [not provided]
Platform:           darwin/arm64
GoVersion:          go1.19.5
Compiler:           gc
  • OS (e.g: cat /etc/os-release or similar):
    macOS Ventura 13.2 arm64 (also fails on Ubuntu 22.04 in the GitHub Actions CI runner)
@Nirusu Nirusu added the bug Something isn't working label Jan 31, 2023
@Nirusu Nirusu changed the title Syft does not return the actual error message from Cosign attestation with a private key fails Syft does not return the actual error message from Cosign when attestation with a private key fails Jan 31, 2023
@tgerla
Copy link
Contributor

tgerla commented Feb 23, 2023

Hi @Nirusu, thanks for the issue. I think a workaround here would be to use the -v option to set verbose mode. Would that work for you? We'll take a look at the issue further but I wanted to give you a quick solution that might work. Thanks,

@wagoodman
Copy link
Contributor

This looks like it's a TUI related bug in how we handle the stdout/stderr reader from cosign when there is no TTY present. Ultimately there is a reader for stdout/err that is published on the bus for a UI consumer to read. However, we disable the UI when there is no TTY, thus, we don't read from the reader.

@wagoodman wagoodman linked a pull request Feb 1, 2024 that will close this issue
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
OSS
Status: Backlog
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix attest reader when no TTY present anchore/syft
3 participants
@tgerla @wagoodman @Nirusu