throw if fail to setup trust repo, unless skip signature

tuananh · tuananh · commit 0c97906faa6b · 2025-07-31T21:27:04.000+07:00
Signed-off-by: Tuan Anh Tran &lt;me@tuananh.org&gt;
diff --git a/src/oci.rs b/src/oci.rs
@@ -84,7 +84,10 @@ async fn setup_trust_repository(cli: &Cli) -> Result<Box<dyn TrustRoot>, anyhow:
         match SigstoreTrustRoot::new(None).await {
             Ok(repo) => return Ok(Box::new(repo)),
             Err(e) => {
-                log::warn!("Failed to initialize TUF trust repository: {e}");
+                log::error!("Failed to initialize TUF trust repository: {e}");
+                if !cli.insecure_skip_signature {
+                    return Err(anyhow!("Failed to initialize TUF trust repository and signature verification is required"));
+                }
                 log::info!("Falling back to manual trust repository");
             }
         }

Original file line number	Diff line number	Diff line change
`@@ -84,7 +84,10 @@ async fn setup_trust_repository(cli: &Cli) -> Result<Box<dyn TrustRoot>, anyhow:`
`84`	`84`	`match SigstoreTrustRoot::new(None).await {`
`85`	`85`	`Ok(repo) => return Ok(Box::new(repo)),`
`86`	`86`	`Err(e) => {`
`87`		`- log::warn!("Failed to initialize TUF trust repository: {e}");`
	`87`	`+ log::error!("Failed to initialize TUF trust repository: {e}");`
	`88`	`+ if !cli.insecure_skip_signature {`
	`89`	`+ return Err(anyhow!("Failed to initialize TUF trust repository and signature verification is required"));`
	`90`	`+ }`
`88`	`91`	`log::info!("Falling back to manual trust repository");`
`89`	`92`	`}`
`90`	`93`	`}`