Consistently use STDERR for output. #647
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This is basically these commands: ```shell sed -i 's@fmt.Printf(@fmt.Fprintf(os.Stderr, @g' $(git grep fmt.Printf | cut -d':' -f 1 | uniq) sed -i 's@fmt.Println(@fmt.Fprintln(os.Stderr, @g' $(git grep fmt.Println | cut -d':' -f 1 | uniq) sed -i 's/os.Stdout/os.Stderr/g' $(git grep os.Stdout | cut -d':' -f 1) ``` Signed-off-by: Matt Moore <mattomata@gmail.com>
dlorenc
approved these changes
Sep 12, 2021
|
Whoops, this did hit an issue with sign-blob signatures going to stdout. This only got hit in our post-merge tests :( |
dlorenc
added a commit
that referenced
this pull request
Sep 12, 2021
This reverts commit fefa881. Signed-off-by: Dan Lorenc <lorenc.d@gmail.com>
dlorenc
pushed a commit
that referenced
this pull request
Sep 12, 2021
|
@dlorenc Do you have a link to which test? I'm wondering if we can add presubmit coverage, and I'd be curious what things care about STDOUT vs. STDERR, to help rationalize things and build my mental model for it. |
|
You should be able to see this: https://github.com/sigstore/cosign/runs/3579958722?check_suite_focus=true It looks like we expect the signature over STDOUT in sign-blob. I think we also expect the verified payloads in verify (the JSON simple singing thing). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is basically these commands (I also renamed a variable in the output-capture code):
(some context around motivation)
I have been experimenting with adding inline keyless verification in downstream tooling with:
(and similar for keyless signing, but that's more verbose currently, so omitted)
However, some of these tools reserve STDOUT to enable command composition, e.g.
kn service create foo --image=$(ko publish ./cmd/bar)So if (in this illustrative example) we wanted
koto automatically verify base images whenCOSIGN_EXPERIMENTAL=truethen we would need all of the output fromcli.Verify().Exec(...)to either go to STDERR, or surface some capacity for redirecting output (similar to cobra'scmd.Set{Out,Err}methods).There is some existing logic to redirect STDOUT to a file, but I couldn't really discern a pattern for what goes to STDOUT vs. STDERR. The two general motivations for this (I'd assume) would be:
ko publishemits a digest to STDOUT, and nothing else; but there is no obvious schema to any of the paths I looked at...?)So I'm assuming that the motivation is
1., and "fixing" it to capture STDERR here, but it would be good to get some eyeballs on this that are more familiar with the motivation for capturing output to make sure this isn't somehow breaking (let's see what the tests say)!Signed-off-by: Matt Moore mattomata@gmail.com