diff options
| author | Linus Nordberg <linus@nordberg.se> | 2021-06-16 08:58:48 +0200 |
|---|---|---|
| committer | Linus Nordberg <linus@nordberg.se> | 2021-06-16 08:58:48 +0200 |
| commit | e4e8216eff7bff1449c12979c9da4c67eafb4499 (patch) | |
| tree | 01f5f0e3b408239bf82d5007d10c78ee006db13a | |
| parent | 10dd352ab1ab6ef9cdc8b1494f0a8c0e9ca7d20d (diff) | |
a too old or too new tree head is not an error
We return !0 for critical errors that need human intervention.
Let's consider a stale log and a log with a bad clock an intermittent
and non critical error for now.
We might want to change requirements on logs to separate freshness
from clock skew. We should reconsider the severeness of those errors
if that change happens.
| -rwxr-xr-x | siglog-witness.py | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/siglog-witness.py b/siglog-witness.py index b5f5e0a..2c9862e 100755 --- a/siglog-witness.py +++ b/siglog-witness.py @@ -32,6 +32,7 @@ CONFIG_DIR_DEFAULT = os.path.expanduser('~/.config/siglog-witness/') SIGKEY_FILE_DEFAULT = CONFIG_DIR_DEFAULT + 'signing_key' CONFIG_FILE = CONFIG_DIR_DEFAULT + 'siglog-witness.conf' +ERR_OK = 0 ERR_USAGE = 1 ERR_TREEHEAD_READ = 2 ERR_TREEHEAD_FETCH = 3 @@ -418,11 +419,11 @@ def main(args): ts_sec = new_tree_head.timestamp() ts_asc = time.ctime(ts_sec) if ts_sec < now - 12 * 3600: - return (ERR_TREEHEAD_INVALID, - "ERROR: timestamp too old: {} ({})".format(ts_sec, ts_asc)) + return (ERR_OK, + "WARNING: timestamp too old: {} ({})".format(ts_sec, ts_asc)) if ts_sec > now + 12 * 3600: - return (ERR_TREEHEAD_INVALID, - "ERROR: timestamp too new: {} ({})".format(ts_sec, ts_asc)) + return (ERR_OK, + "WARNING: timestamp too new: {} ({})".format(ts_sec, ts_asc)) # TODO: Needs more thought: size, hash, timestamp -- what may change and what may not? if new_tree_head.tree_size() <= cur_tree_head.tree_size(): |