search

notaryproject / notation

A CLI tool to sign and verify artifacts
https://notaryproject.dev/
Apache License 2.0
306 stars 84 forks source link

docs: invalid signing time fail to sign prompt improvement #828

Closed fanndu closed 7 months ago

fanndu commented 7 months ago

What is not working as expected?

Because the signing time is not within the validity period of the certificate, the signing failure message does not have the certificate expiration date, and the user needs to run other commands to check the validity period of the certificate, which is not a good experience ./bin/notation sign localhost:5000/gateway@sha256:b992672d71a62c0a94cd8640f7c0db62ffb9de65317100742bf44892b179445f Error: certificate-chain is invalid, certificate with subject "CN=test,O=Notary,L=Seattle,ST=WA,C=US" was not valid at signing time of 2023-11-12 08:34:48 +0000 UTC

What did you expect to happen?

It is necessary to show the certificate validity period in the prompt. ./bin/notation sign localhost:5000/gateway@sha256:b992672d71a62c0a94cd8640f7c0db62ffb9de65317100742bf44892b179445f Error: certificate-chain is invalid, certificate with subject "CN=test,O=Notary,L=Seattle,ST=WA,C=US" was invalid at signing time of 2023-11-12 08:33:33 +0000 UTC. Valid from [2023-10-25 02:40:40 +0000 UTC] to [2023-10-26 02:40:40 +0000 UTC]

How can we reproduce it?

Use expired certificates for signing operations.

Describe your environment

macOS 14.0

What is the version of your Notation CLI or Notation Library?

version 1.0.1

fanndu commented 7 months ago

change to enhancement

yizha1 commented 7 months ago

@fanndu Please let us know if any support you need it. /cc: @FeynmanZhou