updated errMsg

Signed-off-by: Patrick Zheng <[email protected]>
Two-Hearts · Oct 27, 2023 · e3776e8 · e3776e8
1 parent a97e8b2
commit e3776e8
Show file tree

Hide file tree

Showing 6 changed files with 32 additions and 26 deletions.
diff --git a/cmd/notation/inspect.go b/cmd/notation/inspect.go
@@ -94,7 +94,7 @@ Example - [Experimental] Inspect signatures on an OCI artifact identified by a d
 		Long:  longMessage,
 		Args: func(cmd *cobra.Command, args []string) error {
 			if len(args) == 0 {
-				return errors.New("missing reference")
+				return errors.New("missing reference to the artifact. Expecting <registry>/<repository>:<tag> or <registry>/<repository>@<digest>")
 			}
 			opts.reference = args[0]
 			return nil

diff --git a/cmd/notation/list.go b/cmd/notation/list.go
@@ -50,7 +50,7 @@ func listCommand(opts *listOpts) *cobra.Command {
 		Long:    "List all the signatures associated with signed artifact",
 		Args: func(cmd *cobra.Command, args []string) error {
 			if len(args) == 0 {
-				return errors.New("no reference specified")
+				return errors.New("missing reference to the artifact. Expecting <registry>/<repository>:<tag> or <registry>/<repository>@<digest>")
 			}
 			opts.reference = args[0]
 			return nil

diff --git a/cmd/notation/manifest.go b/cmd/notation/manifest.go
@@ -48,7 +48,10 @@ func resolveReference(ctx context.Context, inputType inputType, reference string
 	case inputTypeRegistry:
 		ref, err := registry.ParseReference(reference)
 		if err != nil {
-			return ocispec.Descriptor{}, "", fmt.Errorf("failed to resolve user input reference: %w", err)
+			return ocispec.Descriptor{}, "", fmt.Errorf("%q: %w. Expecting <registry>/<repository>:<tag> or <registry>/<repository>@<digest>", reference, err)
+		}
+		if ref.Reference == "" {
+			return ocispec.Descriptor{}, "", fmt.Errorf("%q: invalid reference: no tag or digest. Expecting <registry>/<repo>:<tag> or <registry>/<repo>@<digest>", reference)
 		}
 		tagOrDigestRef = ref.Reference
 		resolvedRef = ref.Registry + "/" + ref.Repository

diff --git a/cmd/notation/registry.go b/cmd/notation/registry.go
@@ -74,9 +74,11 @@ func getRemoteRepository(ctx context.Context, opts *SecureFlagOpts, reference st
 	logger := log.GetLogger(ctx)
 	ref, err := registry.ParseReference(reference)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("%q: %w. Expecting <registry>/<repository>:<tag> or <registry>/<repository>@<digest>", reference, err)
+	}
+	if ref.Reference == "" {
+		return nil, fmt.Errorf("%q: invalid reference: no tag or digest. Expecting <registry>/<repository>:<tag> or <registry>/<repository>@<digest>", reference)
 	}
-
 	// generate notation repository
 	remoteRepo, err := getRepositoryClient(ctx, opts, ref)
 	if err != nil {

diff --git a/cmd/notation/sign.go b/cmd/notation/sign.go
@@ -90,7 +90,7 @@ Example - [Experimental] Sign an OCI artifact identified by a tag and referenced
 		Long:  longMessage,
 		Args: func(cmd *cobra.Command, args []string) error {
 			if len(args) == 0 {
-				return errors.New("missing reference")
+				return errors.New("missing reference to the artifact. Expecting <registry>/<repository>:<tag> or <registry>/<repository>@<digest>")
 			}
 			opts.reference = args[0]
 			return nil

diff --git a/cmd/notation/verify.go b/cmd/notation/verify.go
@@ -75,7 +75,7 @@ Example - [Experimental] Verify a signature on an OCI artifact identified by a t
 		Long:  longMessage,
 		Args: func(cmd *cobra.Command, args []string) error {
 			if len(args) == 0 {
-				return errors.New("missing reference")
+				return errors.New("missing reference to the artifact. Expecting <registry>/<repository>:<tag> or <registry>/<repository>@<digest>")
 			}
 			opts.reference = args[0]
 			return nil
@@ -158,28 +158,29 @@ func runVerify(command *cobra.Command, opts *verifyOpts) error {
 func checkVerificationFailure(outcomes []*notation.VerificationOutcome, printOut string, err error) error {
 	// write out on failure
 	if err != nil || len(outcomes) == 0 {
-		// reference: https://pkg.go.dev/errors#Join
-		if joinedError, ok := err.(interface{ Unwrap() []error }); ok {
-			errArray := joinedError.Unwrap()
-			if len(errArray) > 1 {
-				// the joined error always starts with a general error message
-				// followed by indivisual notation.VerificationOutcome errors.
-				for _, outcomeError := range errArray[1:] {
-					var errTrustStore truststore.TrustStoreError
-					var errCertificate truststore.CertificateError
-					if errors.Is(outcomeError, fs.ErrNotExist) &&
-						(errors.As(outcomeError, &errTrustStore) || errors.As(outcomeError, &errCertificate)) {
-						fmt.Fprintf(os.Stderr, "Error: %v. Use command 'notation cert add' to create and add trusted certificates to the trust store.\n", outcomeError)
-					} else {
-						fmt.Fprintf(os.Stderr, "Error: %v\n", outcomeError)
-					}
+		if err != nil {
+			var errTrustStore truststore.TrustStoreError
+			if errors.As(err, &errTrustStore) {
+				if errors.Is(err, fs.ErrNotExist) {
+					return fmt.Errorf("%w. Use command 'notation cert add' to create and add trusted certificates to the trust store", errTrustStore)
+				} else {
+					return fmt.Errorf("%w. %w", errTrustStore, errTrustStore.InnerError)
 				}
 			}
-		}
 
-		var errorVerificationFailed notation.ErrorVerificationFailed
-		if !errors.As(err, &errorVerificationFailed) {
-			return fmt.Errorf("signature verification failed: %w", err)
+			var errCertificate truststore.CertificateError
+			if errors.As(err, &errCertificate) {
+				if errors.Is(err, fs.ErrNotExist) {
+					return fmt.Errorf("%w. Use command 'notation cert add' to create and add trusted certificates to the trust store", errCertificate)
+				} else {
+					return fmt.Errorf("%w. %w", errCertificate, errCertificate.InnerError)
+				}
+			}
+
+			var errorVerificationFailed notation.ErrorVerificationFailed
+			if !errors.As(err, &errorVerificationFailed) {
+				return fmt.Errorf("signature verification failed: %w", err)
+			}
 		}
 		return fmt.Errorf("signature verification failed for all the signatures associated with %s", printOut)
 	}