Fix tuf/tuf#736: Rebuild roledb in refresh() even if root unchanged #13
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
even if root has not been updated. In order to avoid freezes if role info is deleted due to prior validation failures, make sure that roledb is rebuilt during client tuf.client.updater.refresh(), even if root did not need to be updated. If, for example, snapshot.json is deleted because timestamp has indicated that there is a newer version but that newer version cannot be obtained, we should still not fail to try to update snapshot next time. See https://github.com/theupdateframework/tuf/issue/736 Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
|
Demo still functions. Uptane tests all succeed. Similar set merged in TUF proper. |
awwad
added a commit
that referenced
this pull request
Jul 24, 2018
test_repository_lib fix: Some time ago in PR #5 #5 I changed signature code such that tuf.keys.create_signature and verify_signature accept already-encoded bytes instead of assuming what the encodings should look like, and moved encoding up a bit in the stack (often to tuf.sig). This test wasn't updated at that point, and now it is being updated to deal with this (by encoding first, then calling the tuf.keys.create_signature function). test_mix_and_match_attack fix: A fix to the way that role files are retained if validation fails (possibly from #13 ) broke this test, I think, though I'm not certain. In any event, this demonstrates passable behavior for now, with the role info loaded correctly. These tests in the TUF fork are not regarded as critical, given that testing occurs at the Uptane level and Uptane will be migrating to the main TUF repository when possible; however, these fixes may be helpful in the interim. Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In order to avoid freezes if role info is deleted due to prior validation failures, make sure that roledb is rebuilt during client tuf.client.updater.refresh(), even if root did not need to be updated.
If, for example, snapshot.json is deleted because timestamp has indicated that there is a newer version but that newer version cannot be obtained, we should still not fail to try to update snapshot next time.
See theupdateframework#736
This is a patch for the immediate issue on this fork. A broader change is called for; see theupdateframework#736 and theupdateframework#660. That should be fixed on the main repository (theupdateframework/tuf) and this fork should be merged back.