Skip to main content

VerifyError

nexo_ext_installer::verify_error

Enum VerifyError 

Source 
pub enum VerifyError {

Show 14 variants    CosignNotFound {
        searched: Vec<PathBuf>,
    },
    CosignFailed {
        stderr: String,
    },
    Io(String),
    PolicyRequiresSig {
        owner: String,
    },
    AssetIncomplete {
        present: &'static str,
        missing: &'static str,
    },
    TrustedKeysParse {
        path: PathBuf,
        reason: String,
    },
    IdentityRegexpInvalid {
        got: String,
        reason: String,
    },
    CertParseFailed(String),
    UnsupportedKey(String),
    SignatureDecodeFailed(String),
    SignatureMismatch,
    IdentityNotFound,
    IdentityMismatch {
        found: String,
        expected_regex: String,
    },
    IssuerMismatch {
        found: String,
        expected: String,
    },

}
Expand description

Errors surfaced by crate::verify::verify_plugin_signature and the trusted_keys.toml loader.

Variants§

§

CosignNotFound

cosign binary not found on PATH or in any well-known location, and no cosign_binary override was configured.

Fields

§searched: Vec<PathBuf>

Paths the discoverer probed.

§

CosignFailed

cosign verify-blob exited with a non-zero status.

Fields

§stderr: String

stderr captured from the cosign invocation. Preserved verbatim so operators can diagnose identity mismatches or transparency-log failures.

§

Io(String)

IO error during signature/cert/bundle download or local process spawning.

§

PolicyRequiresSig

Trust policy is Require but the resolved release has no .sig + .cert assets.

Fields

§owner: String

Repo owner that the policy resolved against.

§

AssetIncomplete

Release ships one half of the signing material but not the other (e.g. .sig without .cert). Implies a publish convention violation upstream; rejected outside Ignore.

Fields

§present: &'static str

Asset suffix that was present (e.g. .sig).

§missing: &'static str

Asset suffix expected as companion (e.g. .cert).

§

TrustedKeysParse

trusted_keys.toml failed to parse.

Fields

§path: PathBuf

Path on disk where the file was loaded from.

§reason: String

Parse failure reason.

§

IdentityRegexpInvalid

One of the [[authors]] entries declared an identity_regexp that does not compile under the Rust regex engine.

Fields

§got: String

Offending regex string.

§reason: String

regex::Regex::new error message.

§

CertParseFailed(String)

PEM/DER certificate could not be parsed.

§

UnsupportedKey(String)

Certificate is well-formed but does not carry an ECDSA-P256 public key — the only key type cosign uses today.

§

SignatureDecodeFailed(String)

Signature file could not be base64-decoded or DER-parsed.

§

SignatureMismatch

Signature did not verify against the certificate’s public key over SHA-256(blob). Either the blob, the certificate, or the signature has been tampered with.

§

IdentityNotFound

Certificate has no Subject Alternative Name URIs / emails — Fulcio always emits at least one, so an empty SAN almost certainly means we got handed the wrong cert.

§

IdentityMismatch

Certificate’s SAN entries do not match the policy’s identity_regexp.

Fields

§found: String

First SAN entry the verifier inspected (URIs/emails joined for diagnostic clarity).

§expected_regex: String

Regex from the matched author entry.

§

IssuerMismatch

Certificate’s Fulcio OIDC-issuer extension does not match the policy.

Fields

§found: String

What the cert’s 1.3.6.1.4.1.57264.1.{1,8} extension reported.

§expected: String

What the trust policy required.

Trait Implementations§

Source§

impl Debug for VerifyError

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Display for VerifyError

Source§

fn fmt(&self, __formatter: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Error for VerifyError

1.30.0 · Source§

fn source(&self) -> Option<&(dyn Error + 'static)>

Returns the lower-level source of this error, if any. Read more
1.0.0 · Source§

fn description(&self) -> &str

👎Deprecated since 1.42.0:

use the Display impl or to_string()

Read more
1.0.0 · Source§

fn cause(&self) -> Option<&dyn Error>

👎Deprecated since 1.33.0:

replaced by Error::source, which can support downcasting

Source§

fn provide<'a>(&'a self, request: &mut Request<'a>)

🔬This is a nightly-only experimental API. (error_generic_member_access)
Provides type-based access to context intended for error reports. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<'a, T, E> AsTaggedExplicit<'a, E> for T
where T: 'a,

Source§

fn explicit(self, class: Class, tag: u32) -> TaggedParser<'a, Explicit, Self, E>

Source§

impl<'a, T, E> AsTaggedImplicit<'a, E> for T
where T: 'a,

Source§

fn implicit( self, class: Class, constructed: bool, tag: u32, ) -> TaggedParser<'a, Implicit, Self, E>

Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToString for T
where T: Display + ?Sized,

Source§

fn to_string(&self) -> String

Converts the given value to a String. Read more
Source§

impl<T> ToStringFallible for T
where T: Display,

Source§

fn try_to_string(&self) -> Result<String, TryReserveError>

ToString::to_string, but without panic on OOM.

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more