TUF specification has a new version - v1.0.30 #321
Assignees
Comments
rdimitrov
moved this to 📋 Backlog
in [go-tuf] Project planning - v0.6.0 (Target: 2022-11-30)
znewman01
added a commit
to znewman01/go-tuf
that referenced
this issue
Sep 20, 2022
Adds a new test for this case: if a client sees a new `timestamp.json` file with the same version as its current `timestamp.json` file, it should do nothing (no update, but also no error). A few other tests were implicitly relying on the fact that the client did a full update each time, so they've been updated to commit a new timestamp. This updates go-tuf for TUF specification v1.0.30 (fixes theupdateframework#321). The only substantive change was [theupdateframework/specification#209][tuf-spec-209], which clarifies the intended behavior for updating metadata files. Updates for other roles were already in compliance: - Root metadata: https://github.com/theupdateframework/go-tuf/blob/13eff30efd6c61f165e1bf06e8c0e72f5a0e5703/client/client.go#L258 - Timestamp, checking snapshot version: https://github.com/theupdateframework/go-tuf/blob/13eff30efd6c61f165e1bf06e8c0e72f5a0e5703/client/client.go#L751 - Snapshot, must match version from timestamp: https://github.com/theupdateframework/go-tuf/blob/13eff30efd6c61f165e1bf06e8c0e72f5a0e5703/client/client.go#L667 - Snapshot, no rollback of targets: https://github.com/theupdateframework/go-tuf/blob/13eff30efd6c61f165e1bf06e8c0e72f5a0e5703/client/client.go#L685 - Targets: https://github.com/theupdateframework/go-tuf/blob/13eff30efd6c61f165e1bf06e8c0e72f5a0e5703/client/client.go#L643 [tuf-spec-209]: (theupdateframework/specification#209). Signed-off-by: Zachary Newman <[email protected]>
5 tasks
znewman01
added a commit
to znewman01/go-tuf
that referenced
this issue
Sep 20, 2022
Adds a new test for this case: if a client sees a new `timestamp.json` file with the same version as its current `timestamp.json` file, it should do nothing (no update, but also no error). A few other tests were implicitly relying on the fact that the client did a full update each time, so they've been updated to commit a new timestamp. This updates go-tuf for TUF specification v1.0.30 (fixes theupdateframework#321). The only substantive change was [theupdateframework/specification#209][tuf-spec-209], which clarifies the intended behavior for updating metadata files. Updates for other roles were already in compliance: - Root metadata: https://github.com/theupdateframework/go-tuf/blob/13eff30efd6c61f165e1bf06e8c0e72f5a0e5703/client/client.go#L258 - Timestamp, checking snapshot version: https://github.com/theupdateframework/go-tuf/blob/13eff30efd6c61f165e1bf06e8c0e72f5a0e5703/client/client.go#L751 - Snapshot, must match version from timestamp: https://github.com/theupdateframework/go-tuf/blob/13eff30efd6c61f165e1bf06e8c0e72f5a0e5703/client/client.go#L667 - Snapshot, no rollback of targets: https://github.com/theupdateframework/go-tuf/blob/13eff30efd6c61f165e1bf06e8c0e72f5a0e5703/client/client.go#L685 - Targets: https://github.com/theupdateframework/go-tuf/blob/13eff30efd6c61f165e1bf06e8c0e72f5a0e5703/client/client.go#L643 [tuf-spec-209]: (theupdateframework/specification#209). Signed-off-by: Zachary Newman <[email protected]>
znewman01
added a commit
to znewman01/go-tuf
that referenced
this issue
Sep 20, 2022
Adds a new test for this case: if a client sees a new `timestamp.json` file with the same version as its current `timestamp.json` file, it should do nothing (no update, but also no error). A few other tests were implicitly relying on the fact that the client did a full update each time, so they've been updated to commit a new timestamp. This updates go-tuf for TUF specification v1.0.30 (fixes theupdateframework#321). The only substantive change was [theupdateframework/specification#209][tuf-spec-209], which clarifies the intended behavior for updating metadata files. Updates for other roles were already in compliance: - Root metadata: https://github.com/theupdateframework/go-tuf/blob/13eff30efd6c61f165e1bf06e8c0e72f5a0e5703/client/client.go#L258 - Timestamp, checking snapshot version: https://github.com/theupdateframework/go-tuf/blob/13eff30efd6c61f165e1bf06e8c0e72f5a0e5703/client/client.go#L751 - Snapshot, must match version from timestamp: https://github.com/theupdateframework/go-tuf/blob/13eff30efd6c61f165e1bf06e8c0e72f5a0e5703/client/client.go#L667 - Snapshot, no rollback of targets: https://github.com/theupdateframework/go-tuf/blob/13eff30efd6c61f165e1bf06e8c0e72f5a0e5703/client/client.go#L685 - Targets: https://github.com/theupdateframework/go-tuf/blob/13eff30efd6c61f165e1bf06e8c0e72f5a0e5703/client/client.go#L643 [tuf-spec-209]: (theupdateframework/specification#209). Signed-off-by: Zachary Newman <[email protected]>
joshuagl
pushed a commit
that referenced
this issue
Sep 20, 2022
Adds a new test for this case: if a client sees a new `timestamp.json` file with the same version as its current `timestamp.json` file, it should do nothing (no update, but also no error). A few other tests were implicitly relying on the fact that the client did a full update each time, so they've been updated to commit a new timestamp. This updates go-tuf for TUF specification v1.0.30 (fixes #321). The only substantive change was [theupdateframework/specification#209][tuf-spec-209], which clarifies the intended behavior for updating metadata files. Updates for other roles were already in compliance: - Root metadata: https://github.com/theupdateframework/go-tuf/blob/13eff30efd6c61f165e1bf06e8c0e72f5a0e5703/client/client.go#L258 - Timestamp, checking snapshot version: https://github.com/theupdateframework/go-tuf/blob/13eff30efd6c61f165e1bf06e8c0e72f5a0e5703/client/client.go#L751 - Snapshot, must match version from timestamp: https://github.com/theupdateframework/go-tuf/blob/13eff30efd6c61f165e1bf06e8c0e72f5a0e5703/client/client.go#L667 - Snapshot, no rollback of targets: https://github.com/theupdateframework/go-tuf/blob/13eff30efd6c61f165e1bf06e8c0e72f5a0e5703/client/client.go#L685 - Targets: https://github.com/theupdateframework/go-tuf/blob/13eff30efd6c61f165e1bf06e8c0e72f5a0e5703/client/client.go#L643 [tuf-spec-209]: (theupdateframework/specification#209). Signed-off-by: Zachary Newman <[email protected]> Signed-off-by: Zachary Newman <[email protected]>
Repository owner
moved this from 📋 Backlog
to ✅ Done
in [go-tuf] Project planning - v0.6.0 (Target: 2022-11-30)
Sep 20, 2022
znewman01
added a commit
to znewman01/go-tuf
that referenced
this issue
Sep 21, 2022
We fixed theupdateframework#321 but forgot to update this, so now the GH actions bot is confused (theupdateframework#391).
znewman01
added a commit
to znewman01/go-tuf
that referenced
this issue
Sep 21, 2022
We fixed theupdateframework#321 but forgot to update this, so now the GH actions bot is confused (theupdateframework#391). Signed-off-by: Zachary Newman <[email protected]>
trishankatdatadog
pushed a commit
to znewman01/go-tuf
that referenced
this issue
Sep 21, 2022
We fixed theupdateframework#321 but forgot to update this, so now the GH actions bot is confused (theupdateframework#391). Signed-off-by: Zachary Newman <[email protected]>
znewman01
added a commit
that referenced
this issue
Sep 21, 2022
We fixed #321 but forgot to update this, so now the GH actions bot is confused (#391). Signed-off-by: Zachary Newman <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hey, it seems there's a newer version of the TUF specification - v1.0.30
The version which theupdateframework/go-tuf states it supports is - v1.0.29
The following is a comparison of what changed between the two versions - Compare v1.0.29 to v1.0.30
Please review the newer version and address the changes.
The text was updated successfully, but these errors were encountered: