Refactor composefs warnings #2994
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cgwalters
force-pushed
the
refactor-composefs-warnings
branch
from
304e290
to
bb7709e
Compare
|
@alexlarsson review ping if you have a bit of capacity, I think this one is quite safe and it passes the tests we have here (though we don't yet cover the signed path in CI) |
|
I guess we can hold this one for the next release, since it could use a bit more testing and in the end it's mostly cosmetic. |
|
OK release is done, lifting draft here |
We print if we're doing a signature+digest verification; its absence is sufficient in the other case. The goal here is to avoid polluting the logs when signatures are not enabled.
Prep for a later patch.
Now that we don't support digest-but-not-signature verification for composefs, the logic here was unnecessarily complicated. With a prior prep patch that moved the composefs option initialization up, we can just have everything related to signature verification in a single conditonal.
Since we enabled composefs at build time, the default (non-composefs) case now always prints `composefs: Optional support failed: No such file or directory` But that's normal and expected. Rework things here so that in the very special case where we are in "maybe/optional" mode and we get ENOENT, then we output a much more normal-looking message that doesn't include the string "failed". Now on the flip side - if I have explicitly enabled signature checking, I think we *do* want to make that fatal even if composefs is in "maybe" mode. (This part is more debatable; perhaps we should just disallow the case of "maybe" + signatures at all; but I think this is an improvement in that direction)
cgwalters
force-pushed
the
refactor-composefs-warnings
branch
from
bb7709e
to
38880bf
Compare
ericcurtin
reviewed
Aug 27, 2023
ericcurtin
approved these changes
Aug 28, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
prepare-root: Drop redundant print about signature/digest
We print if we're doing a signature+digest verification; its absence is
sufficient in the other case. The goal here is to avoid polluting
the logs when signatures are not enabled.
prepare-root: Init composefs options earlier
Prep for a later patch.
prepare-root: Fold together composefs signature cases
Now that we don't support digest-but-not-signature verification
for composefs, the logic here was unnecessarily complicated.
With a prior prep patch that moved the composefs option
initialization up, we can just have everything related to signature
verification in a single conditonal.
composefs: Hard error except on ENOENT even in "optional" case
Since we enabled composefs at build time, the default (non-composefs)
case now always prints
composefs: Optional support failed: No such file or directoryBut that's normal and expected.
Rework things here so that in the very special case where
we are in "maybe/optional" mode and we get ENOENT, then we
output a much more normal-looking message that doesn't include
the string "failed".
Now on the flip side - if I have explicitly enabled signature
checking, I think we do want to make that fatal even if
composefs is in "maybe" mode.
(This part is more debatable; perhaps we should just disallow
the case of "maybe" + signatures at all; but I think this is
an improvement in that direction)