From 4be583c8a9c59d1e871e2900764fd24e98d1fb13 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Wed, 5 Apr 2023 18:48:35 +0200 Subject: [PATCH] Fix error handling of signature.NewEphemeralGPGSigningMechanism MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit signature.NewEphemeralGPGSigningMechanism is called in an if branch where the previous err := introduces a "new" err variable, which means the failure isn't visible after the if. So, do the dumb thing and just check on both branches explicitly. (We still need to worry about correctly setting "mech" and "publicKeyfingerprints" to persist after the if.) How I hate Go sometimes. And this shows we really should update the linter. Signed-off-by: Miloslav Trmač --- cmd/skopeo/signing.go | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/cmd/skopeo/signing.go b/cmd/skopeo/signing.go index 9ea9202f..295b3245 100644 --- a/cmd/skopeo/signing.go +++ b/cmd/skopeo/signing.go @@ -116,11 +116,15 @@ func (opts *standaloneVerifyOptions) run(args []string, stdout io.Writer) error return fmt.Errorf("Error reading public keys from %s: %w", opts.publicKeyFile, err) } mech, publicKeyfingerprints, err = signature.NewEphemeralGPGSigningMechanism(publicKeys) + if err != nil { + return fmt.Errorf("Error initializing GPG: %w", err) + + } } else { mech, err = signature.NewGPGSigningMechanism() - } - if err != nil { - return fmt.Errorf("Error initializing GPG: %w", err) + if err != nil { + return fmt.Errorf("Error initializing GPG: %w", err) + } } defer mech.Close()