From 8bdc5e5d4d36fc451d3c6dbce5cb3b3a2a6fde07 Mon Sep 17 00:00:00 2001
From: Junjie Gao <junjiegao@microsoft.com>
Date: Wed, 29 May 2024 11:51:05 +0800
Subject: [PATCH] fix: error message for dangling reference index (#402)

---
 notation.go      | 11 +++++++++--
 notation_test.go | 17 +++++++++++++++++
 2 files changed, 26 insertions(+), 2 deletions(-)

diff --git a/notation.go b/notation.go
index ef8593c7..2e1cf603 100644
--- a/notation.go
+++ b/notation.go
@@ -25,6 +25,9 @@ import (
 	"strings"
 	"time"
 
+	orasRegistry "oras.land/oras-go/v2/registry"
+	"oras.land/oras-go/v2/registry/remote"
+
 	"github.com/notaryproject/notation-core-go/signature"
 	"github.com/notaryproject/notation-go/internal/envelope"
 	"github.com/notaryproject/notation-go/log"
@@ -32,10 +35,10 @@ import (
 	"github.com/notaryproject/notation-go/verifier/trustpolicy"
 	"github.com/opencontainers/go-digest"
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
-	orasRegistry "oras.land/oras-go/v2/registry"
 )
 
 var errDoneVerification = errors.New("done verification")
+
 var reservedAnnotationPrefixes = [...]string{"io.cncf.notary"}
 
 // SignerSignOptions contains parameters for Signer.Sign.
@@ -145,7 +148,11 @@ func Sign(ctx context.Context, signer Signer, repo registry.Repository, signOpts
 	logger.Debugf("Pushing signature of artifact descriptor: %+v, signature media type: %v", targetDesc, signOpts.SignatureMediaType)
 	_, _, err = repo.PushSignature(ctx, signOpts.SignatureMediaType, sig, targetDesc, annotations)
 	if err != nil {
-		logger.Error("Failed to push the signature")
+		var referrerError *remote.ReferrersError
+		// do not log an error for failing to delete referral index
+		if !errors.As(err, &referrerError) || !referrerError.IsReferrersIndexDelete() {
+			logger.Error("Failed to push the signature")
+		}
 		return ocispec.Descriptor{}, ErrorPushSignatureFailed{Msg: err.Error()}
 	}
 
diff --git a/notation_test.go b/notation_test.go
index ee82e697..8b9c45c3 100644
--- a/notation_test.go
+++ b/notation_test.go
@@ -34,6 +34,7 @@ import (
 	"github.com/notaryproject/notation-go/registry"
 	"github.com/notaryproject/notation-go/verifier/trustpolicy"
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+	"oras.land/oras-go/v2/registry/remote"
 )
 
 var expectedMetadata = map[string]string{"foo": "bar", "bar": "foo"}
@@ -74,6 +75,22 @@ func TestSignSuccessWithUserMetadata(t *testing.T) {
 	}
 }
 
+func TestSignWithDanglingReferrersIndex(t *testing.T) {
+	repo := mock.NewRepository()
+	repo.PushSignatureError = &remote.ReferrersError{
+		Op:  "DeleteReferrersIndex",
+		Err: errors.New("error"),
+	}
+	opts := SignOptions{}
+	opts.ArtifactReference = mock.SampleArtifactUri
+	opts.SignatureMediaType = jws.MediaTypeEnvelope
+
+	_, err := Sign(context.Background(), &dummySigner{}, repo, opts)
+	if err == nil {
+		t.Fatalf("no error occurred, expected error")
+	}
+}
+
 func TestSignWithNilRepo(t *testing.T) {
 	opts := SignOptions{}
 	opts.ArtifactReference = mock.SampleArtifactUri