aboutsummaryrefslogtreecommitdiff
path: root/siglog-witness.py
diff options
context:
space:
mode:
authorLinus Nordberg <linus@nordberg.se>2021-06-16 08:58:48 +0200
committerLinus Nordberg <linus@nordberg.se>2021-06-16 08:58:48 +0200
commite4e8216eff7bff1449c12979c9da4c67eafb4499 (patch)
tree01f5f0e3b408239bf82d5007d10c78ee006db13a /siglog-witness.py
parent10dd352ab1ab6ef9cdc8b1494f0a8c0e9ca7d20d (diff)
a too old or too new tree head is not an error
We return !0 for critical errors that need human intervention. Let's consider a stale log and a log with a bad clock an intermittent and non critical error for now. We might want to change requirements on logs to separate freshness from clock skew. We should reconsider the severeness of those errors if that change happens.
Diffstat (limited to 'siglog-witness.py')
-rwxr-xr-xsiglog-witness.py9
1 files changed, 5 insertions, 4 deletions
diff --git a/siglog-witness.py b/siglog-witness.py
index b5f5e0a..2c9862e 100755
--- a/siglog-witness.py
+++ b/siglog-witness.py
@@ -32,6 +32,7 @@ CONFIG_DIR_DEFAULT = os.path.expanduser('~/.config/siglog-witness/')
SIGKEY_FILE_DEFAULT = CONFIG_DIR_DEFAULT + 'signing_key'
CONFIG_FILE = CONFIG_DIR_DEFAULT + 'siglog-witness.conf'
+ERR_OK = 0
ERR_USAGE = 1
ERR_TREEHEAD_READ = 2
ERR_TREEHEAD_FETCH = 3
@@ -418,11 +419,11 @@ def main(args):
ts_sec = new_tree_head.timestamp()
ts_asc = time.ctime(ts_sec)
if ts_sec < now - 12 * 3600:
- return (ERR_TREEHEAD_INVALID,
- "ERROR: timestamp too old: {} ({})".format(ts_sec, ts_asc))
+ return (ERR_OK,
+ "WARNING: timestamp too old: {} ({})".format(ts_sec, ts_asc))
if ts_sec > now + 12 * 3600:
- return (ERR_TREEHEAD_INVALID,
- "ERROR: timestamp too new: {} ({})".format(ts_sec, ts_asc))
+ return (ERR_OK,
+ "WARNING: timestamp too new: {} ({})".format(ts_sec, ts_asc))
# TODO: Needs more thought: size, hash, timestamp -- what may change and what may not?
if new_tree_head.tree_size() <= cur_tree_head.tree_size():