Misleading error message if no permission to read certificates from trust store #700
Description
What is the areas you experience the issue in?
Notation CLI
What is not working as expected?
If trust store is not readable or the certificates stored in the trust store are not readable, the error message is too general and misleading
$ notation verify $image
Error: signature verification failed for all the signatures associated with localhost:5001/net-monitor@sha256:8456f085dd609fd12cdebc5f80b6f33f25f670a7a9a03c8fa750b8aee0c4d657
What did you expect to happen?
If the certificates in the trust store cannot be read, the proposed message is
$ notation verify $image
Error: failed to read the certificate "/home/yizha1/.config/notation/truststore/x509/ca/6.4.io/6.4.io.crt", permission denied
If the trust store is not readable, the proposed message is
$ notation verify $image
Error: failed to access trust store "/home/yizha1/.config/notation/truststore/x509/ca/6.4.io", permission denied
How can we reproduce it?
- use
chmod -r <path_to_certificate>to remove the read ACL - Run
notation verify $image
Describe your environment
WSL2
What is the version of your Notation CLI or Notation Library?
Notation v1.0.0-rc.7