From a9b9656473525ed5d50d6f44d8e1f0afd58e1726 Mon Sep 17 00:00:00 2001 From: Itxaka Date: Mon, 20 May 2024 15:47:55 +0200 Subject: [PATCH] Improve error message Signed-off-by: Itxaka --- pkg/uki/common.go | 2 +- pkg/uki/upgrade.go | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/pkg/uki/common.go b/pkg/uki/common.go index 02e9d0a6..9906e907 100644 --- a/pkg/uki/common.go +++ b/pkg/uki/common.go @@ -296,5 +296,5 @@ func checkArtifactSignatureIsValid(fs v1.FS, artifact string, logger sdkTypes.Ka } } // If we reach this point, we need to fail as we haven't matched anything, so default is to fail - return errors.New("not ok") + return fmt.Errorf("could not find a signature in EFIVars DB that matches the upgrade artifact") } diff --git a/pkg/uki/upgrade.go b/pkg/uki/upgrade.go index dee0f562..60a2f247 100644 --- a/pkg/uki/upgrade.go +++ b/pkg/uki/upgrade.go @@ -69,7 +69,9 @@ func (i *UpgradeAction) Run() (err error) { if err != nil { // Remove efi file to not occupy space and leave stuff around _ = removeArtifactSetWithRole(i.cfg.Fs, constants.UkiEfiDir, UnassignedArtifactRole) - i.cfg.Logger.Logger.Error().Err(err).Msg("Checking signature") + i.cfg.Logger.Logger.Error().Err(err).Msg("Checking signature before upgrading") + i.cfg.Logger.Logger.Warn().Msg("Upgrade artifact signature does not match, upgrading to this source would result in an unbootable active system.\n" + + "Check the upgrade source and confirm that its signed with a valid key, that key is in the machine DB and it has not been blacklisted.") return err }