From e4e8216eff7bff1449c12979c9da4c67eafb4499 Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Wed, 16 Jun 2021 08:58:48 +0200 Subject: a too old or too new tree head is not an error We return !0 for critical errors that need human intervention. Let's consider a stale log and a log with a bad clock an intermittent and non critical error for now. We might want to change requirements on logs to separate freshness from clock skew. We should reconsider the severeness of those errors if that change happens. --- siglog-witness.py | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/siglog-witness.py b/siglog-witness.py index b5f5e0a..2c9862e 100755 --- a/siglog-witness.py +++ b/siglog-witness.py @@ -32,6 +32,7 @@ CONFIG_DIR_DEFAULT = os.path.expanduser('~/.config/siglog-witness/') SIGKEY_FILE_DEFAULT = CONFIG_DIR_DEFAULT + 'signing_key' CONFIG_FILE = CONFIG_DIR_DEFAULT + 'siglog-witness.conf' +ERR_OK = 0 ERR_USAGE = 1 ERR_TREEHEAD_READ = 2 ERR_TREEHEAD_FETCH = 3 @@ -418,11 +419,11 @@ def main(args): ts_sec = new_tree_head.timestamp() ts_asc = time.ctime(ts_sec) if ts_sec < now - 12 * 3600: - return (ERR_TREEHEAD_INVALID, - "ERROR: timestamp too old: {} ({})".format(ts_sec, ts_asc)) + return (ERR_OK, + "WARNING: timestamp too old: {} ({})".format(ts_sec, ts_asc)) if ts_sec > now + 12 * 3600: - return (ERR_TREEHEAD_INVALID, - "ERROR: timestamp too new: {} ({})".format(ts_sec, ts_asc)) + return (ERR_OK, + "WARNING: timestamp too new: {} ({})".format(ts_sec, ts_asc)) # TODO: Needs more thought: size, hash, timestamp -- what may change and what may not? if new_tree_head.tree_size() <= cur_tree_head.tree_size(): -- cgit v1.2.3