-
Notifications
You must be signed in to change notification settings - Fork 135
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Exit code is 0 even on verification failure #454
Comments
Hi @omerlh, thanks for opening the issue. Currently, when the command that is run differs from the expected command in the layout, it merely shows a warning--this is not a failure of verification. You can check if verification passed successfully in this instance regardless of commands matching using the When verification does fail, the exit code should be non-zero. |
This is from in-toto/demo after the supply chain has been tampered with. |
I guess the documentation should clarify this 🙂 |
It's part of the spec (emphasis mine):
I'm following up to see if it's also part of the documentation for the reference implementation. 😄 |
I see a reference to it here:https://in-toto.readthedocs.io/en/latest/layout-creation-example.html?highlight=expected%20command#layout-creation-example But I agree, it needs to be clearer, and part of the docs for verification workflow. There, it says "soft-verify" which isn't very clear. I'll submit a fix. |
@adityasaky You comment makes a lot of sense to me, but I am still not sold on this. The |
If I'm not mistaken, in that instance you'd ideally have in-toto metadata capturing the repository state that you're cloning and/or other solutions to secure the repository itself. cc-ing @SantiagoTorres to chime in with his thoughts. I also wonder if it's worth moving this discussion to either a different thread or channel since it's not strictly a reference implementation discussion anymore. |
Please fill in the fields below to submit an issue or feature request. The
more information that is provided, the better.
Description of issue or feature request:
I'm testing in toto right now and noticed that the exit code is not set correctly on failure:
Current behavior:
Exit code is 0
Expected behavior:
Exit code should be non zero
The text was updated successfully, but these errors were encountered: