securedrop-admin update returns indistinguishable error messages for distinct error conditions

[cfm]

Description

securedrop-admin update returns the same error message Signature verification failed. for multiple distinct error conditions. It's therefore necessary to step through the logic of the update() function to identify the cause of the error.

securedrop/admin/securedrop_admin/__init__.py

Lines 1078 to 1095 in f5ca29b

	sdlog.info("Signature verification failed.")
	return 1
	except subprocess.CalledProcessError as e:
	if "not a valid ref" in e.output.decode("utf-8"):
	# Then there is no duplicate branch.
	sdlog.info("Signature verification successful.")
	else: # If any other exception occurs, we bail.
	sdlog.info("Signature verification failed.")
	return 1
	else: # If anything else happens, fail and exit 1
	sdlog.info("Signature verification failed.")
	return 1
	except subprocess.CalledProcessError:
	# If there is no signature, or if the signature does not verify,
	# then git tag -v exits subprocess.check_output will exit 1
	# and subprocess.check_output will throw a CalledProcessError
	sdlog.info("Signature verification failed.")

Steps to Reproduce

Discovered in the course of #7168.

Expected Behavior

Error messages either (a) are self-explanatory or (b) can be traced to a unique point in the code.

Actual Behavior

Neither.

Comments

It would be interesting to run a search for duplicated logging and exception strings across the codebase and see if this is a problem elsewhere.

[xavierlwr]

interested, will look into this

[rudradeep22]

If no one is working on this, can I take this up?