Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to initialize client without fetching from remote #208

Closed
haydentherapper opened this issue Jan 24, 2022 · 2 comments · Fixed by #354
Closed

Unable to initialize client without fetching from remote #208

haydentherapper opened this issue Jan 24, 2022 · 2 comments · Fixed by #354

Comments

@haydentherapper
Copy link
Contributor

Before calling client.Update or client.UpdateRoots, it is expected that the client has been initialized with client.Init. Init uses a set of root keys, pulls the latest root.json, verifies it with those keys, and saves it locally.

The issue is there's no guarantee that the latest root can be verified using the set of root keys. For example, let's say a project is shipped with the first root.json. Before a new root signing, one key is rotated. After 5 signings, all keys used to sign the remote root.json will have been rotated. Init will fail, and there's no other way to directly initialize the client.

The proper way to initialize a client would be to initialize the client with a local root, then walk and verify the chain using Update or UpdateRoots. I'd like to propose that Init take the local root.json to initialize the database, and not make any calls to the remote to fetch the latest root.json.

Another option would be for Init to take the set of root keys and threshold, its current API, and call UpdateRoots as part of initialization. I would prefer that this not be the default, for those who don't want to initialize a client with the latest root.

cc @asraa
haydentherapper added a commit to haydentherapper/go-tuf that referenced this issue Jan 25, 2022
@haydentherapper
Add client method for initializing from root metadata
b545e41 
This will allow users of go-tuf to initialize a client
without requiring a remote connection. This is useful
for when a root has been updated and the local root
verification keys can no longer verify the the latest
remote root, except by verifying the chain with
client.Update().

Ref theupdateframework#208

Signed-off-by: Hayden Blauzvern <[email protected]>
@haydentherapper haydentherapper mentioned this issue Jan 25, 2022
Merged
haydentherapper added a commit to haydentherapper/go-tuf that referenced this issue Feb 10, 2022
@haydentherapper
Add client method for initializing from root metadata
7c68b42 
This will allow users of go-tuf to initialize a client
without requiring a remote connection. This is useful
for when a root has been updated and the local root
verification keys can no longer verify the the latest
remote root, except by verifying the chain with
client.Update().

Ref theupdateframework#208

Signed-off-by: Hayden Blauzvern <[email protected]>
haydentherapper added a commit to haydentherapper/go-tuf that referenced this issue Feb 10, 2022
@haydentherapper
Add client method for initializing from root metadata
0e429a4 
This will allow users of go-tuf to initialize a client
without requiring a remote connection. This is useful
for when a root has been updated and the local root
verification keys can no longer verify the the latest
remote root, except by verifying the chain with
client.Update().

Ref theupdateframework#208

Signed-off-by: Hayden Blauzvern <[email protected]>
haydentherapper added a commit to haydentherapper/go-tuf that referenced this issue Feb 10, 2022
@haydentherapper
Add client method for initializing from root metadata
dea5aab 
This will allow users of go-tuf to initialize a client
without requiring a remote connection. This is useful
for when a root has been updated and the local root
verification keys can no longer verify the the latest
remote root, except by verifying the chain with
client.Update().

Ref theupdateframework#208

Signed-off-by: Hayden Blauzvern <[email protected]>
@haydentherapper
Copy link
Contributor Author

haydentherapper commented Feb 10, 2022
edited
Loading

Until a versioned release process is in place, I've added a second method InitLocal that resolves this issue. After the process is in place, I'll submit another PR to change InitLocal to Init.

asraa pushed a commit that referenced this issue Feb 10, 2022
@haydentherapper
Add client method for initializing from root metadata (#210)
95659a5 
* Add client method for initializing from root metadata

This will allow users of go-tuf to initialize a client
without requiring a remote connection. This is useful
for when a root has been updated and the local root
verification keys can no longer verify the the latest
remote root, except by verifying the chain with
client.Update().

Ref #208

Signed-off-by: Hayden Blauzvern <[email protected]>

* Prefer InitLocal over Init in client and tests

Signed-off-by: Hayden Blauzvern <[email protected]>
@rdimitrov rdimitrov mentioned this issue Jun 17, 2022
Closed
@asraa
Copy link
Contributor

asraa commented Aug 3, 2022

Scheduling deprecation for v0.4

@znewman01 znewman01 mentioned this issue Aug 3, 2022
Merged
2 tasks
@znewman01 znewman01 moved this from 🆕 New to 🏗 In progress in [go-tuf] Project planning - v0.6.0 (Target: 2022-11-30) Aug 3, 2022
@znewman01 znewman01 moved this from 🏗 In progress to 👀 In review in [go-tuf] Project planning - v0.6.0 (Target: 2022-11-30) Aug 3, 2022
znewman01 added a commit to znewman01/go-tuf that referenced this issue Aug 5, 2022
@znewman01
refactor!: rename "InitLocal" to "Init"
d73b025 
Straightforward find/replace:

    find . -name '*.go' | xargs sed -i 's/InitLocal/Init/g'

BREAKING CHANGE: the method signature of `Init()` has changed since the
last release to take in the raw `root.json` metadata.

Fixes theupdateframework#208.

Signed-off-by: Zachary Newman <[email protected]>
@znewman01 znewman01 mentioned this issue Aug 5, 2022
Merged
5 tasks
znewman01 added a commit to znewman01/go-tuf that referenced this issue Aug 5, 2022
@znewman01
refactor!: rename "InitLocal" to "Init"
6989f35 
Straightforward find/replace:

    find . -name '*.go' | xargs sed -i 's/InitLocal/Init/g'

BREAKING CHANGE: the method signature of `Init()` has changed since the
last release to take in the raw `root.json` metadata.

Fixes theupdateframework#208.

Signed-off-by: Zachary Newman <[email protected]>
trishankatdatadog pushed a commit that referenced this issue Aug 5, 2022
@znewman01
refactor!: rename "InitLocal" to "Init" (#354)
f3a48f7 
* refactor!: rename "InitLocal" to "Init"

Straightforward find/replace:

    find . -name '*.go' | xargs sed -i 's/InitLocal/Init/g'

BREAKING CHANGE: the method signature of `Init()` has changed since the
last release to take in the raw `root.json` metadata.

Fixes #208.

Signed-off-by: Zachary Newman <[email protected]>

* test: remove now-obsolete duplicate test

Signed-off-by: Zachary Newman <[email protected]>
Repository owner moved this from 👀 In review to ✅ Done in [go-tuf] Project planning - v0.6.0 (Target: 2022-11-30) Aug 5, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
No open projects
[go-tuf] Project planning - v0.6.0 (Target: 2022-11-30)
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

refactor!: rename "InitLocal" to "Init" znewman01/go-tuf
2 participants
@asraa @haydentherapper