minor changes to whitespace and error logging

Author: jettero

hubblestack/utils/signing.py

@@ -64,8 +64,8 @@
 MANIFEST_RE = re.compile(r'^\s*(?P<digest>[0-9a-fA-F]+)\s+(?P<fname>.+)$')
 log = logging.getLogger(__name__)
 
-# "verification_log_timestamps" is a global dict that contains str path 
-# and time() kv pairs. When the time() value exceeds the dampening_limit (3600 sec), 
+# "verification_log_timestamps" is a global dict that contains str path
+# and time() kv pairs. When the time() value exceeds the dampening_limit (3600 sec),
 # we reset time and set log level accordingly.
 verif_log_timestamps = {}
 # How often in seconds 3600 = 1 hour to set log level to log.error/critical
@@ -332,7 +332,7 @@ def __init__(self, public_crt=None, ca_crt=None):
             except ossl.X509StoreContextError as exception_object:
                 code, depth, message = exception_object.args[0]
                 if code in (2,3,20,27,33):
-                    # from openssl/x509_vfy.h or 
+                    # from openssl/x509_vfy.h or
                     # https://www.openssl.org/docs/man1.1.0/man3/X509_STORE_CTX_set_current_cert.html
                     # X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT         2
                     # X509_V_ERR_UNABLE_TO_GET_CRL                 3
@@ -444,7 +444,12 @@ def sign_target(fname, ofname, private_key='private.key', **kwargs): # pylint: d
     """
     # NOTE: This is intended to crash if there's some number of keys other than
     # exactly 1 read from the private_key file:
-    first_key, = read_certs(private_key)
+    the_keys = list(read_certs(private_key))
+    if not the_keys:
+        log.error('unable to sign %s with %s (no such file or error reading certs)',
+            os.path.abspath(fname), os.path.abspath(private_key))
+        return
+    first_key = the_keys[0]
     hasher, chosen_hash = hash_target(fname, obj_mode=True)
     args = { 'data': hasher.finalize() }
     if isinstance(first_key, rsa.RSAPrivateKey):
@@ -458,7 +463,7 @@ def sign_target(fname, ofname, private_key='private.key', **kwargs): # pylint: d
         fh.write('\n')
 
 def verify_signature(fname, sfname, public_crt='public.crt', ca_crt='ca-root.crt', **kwargs): # pylint: disable=unused-argument
-    ### make 
+    ### make
     """
         Given the fname, sfname public_crt and ca_crt:
 
@@ -601,7 +606,7 @@ def verify_files(targets, mfname='MANIFEST', sfname='SIGNATURE', public_crt='pub
             # or it's a digest from the MANIFEST. If UNKNOWN, we have nothing to compare
             # so we return UNKNOWN
             status = STATUS.UNKNOWN
-            # check to see if the the status of a failed target has been sent is the last 
+            # check to see if the the status of a failed target has been sent is the last
             # x seconds, we reset time and set log level accordingly. the same for FAIL
         elif digest == new_hash:
             # path gets same status as MANIFEST