diff --git a/cmd/notation/verify.go b/cmd/notation/verify.go index 8943c087c..4565abeb9 100644 --- a/cmd/notation/verify.go +++ b/cmd/notation/verify.go @@ -246,6 +246,7 @@ func getVerifier(ctx context.Context) (notation.Verifier, error) { if err != nil { return nil, err } + crlFetcher.DiscardCacheError = true // discard cache error revocationCodeSigningValidator, err := revocation.NewWithOptions(revocation.Options{ OCSPHTTPClient: ocspHttpClient, CRLFetcher: crlFetcher, diff --git a/cmd/notation/verify_test.go b/cmd/notation/verify_test.go index 23954e11f..52ba4c186 100644 --- a/cmd/notation/verify_test.go +++ b/cmd/notation/verify_test.go @@ -86,6 +86,18 @@ func TestVerifyCommand_MissingArgs(t *testing.T) { } func TestGetVerifier(t *testing.T) { + defer func(oldConfiDir, oldCacheDir string) { + dir.UserConfigDir = oldConfiDir + dir.UserCacheDir = oldCacheDir + }(dir.UserConfigDir, dir.UserCacheDir) + + t.Run("success", func(t *testing.T) { + _, err := getVerifier(context.Background()) + if err != nil { + t.Fatal(err) + } + }) + t.Run("non-existing trust policy", func(t *testing.T) { dir.UserConfigDir = "/" expectedErrMsg := "trust policy is not present. To create a trust policy, see: https://notaryproject.dev/docs/quickstart/#create-a-trust-policy"