Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: abandon updates if timestamp.json isn't new #387

Merged
merged 1 commit into from
Sep 20, 2022
Merged

fix: abandon updates if timestamp.json isn't new #387

merged 1 commit into from
Sep 20, 2022

Conversation

znewman01
Copy link
Contributor

Adds a new test for this case: if a client sees a new timestamp.json file with the same version as its current timestamp.json file, it should do nothing (no update, but also no error).

A few other tests were implicitly relying on the fact that the client did a full update each time, so they've been updated to commit a new timestamp.

This updates go-tuf for TUF specification v1.0.30 (fixes #321). The only substantive change was
theupdateframework/specification#209, which clarifies the intended behavior for updating metadata files.

Updates for other roles were already in compliance:

Signed-off-by: Zachary Newman [email protected]

Please fill in the fields below to submit a pull request. The more information that is provided, the better.

Fixes #369
Release Notes: go-tuf clients now only complete an update if the timestamp.json file is new, rather than completing the same update over and over.

Types of changes:

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)

Description of the changes being introduced by the pull request: See above

Please verify and check that the pull request fulfills the following requirements:

  • Tests have been added for the bug fix or new feature
  • Docs have been added for the bug fix or new feature: N/A

@znewman01 znewman01 requested a review from mnm678 September 20, 2022 00:32
joshuagl
joshuagl previously approved these changes Sep 20, 2022
View reviewed changes
Copy link
Member

@joshuagl joshuagl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great stuff, thanks.

client/client_test.go Outdated Show resolved Hide resolved
client/client_test.go Outdated Show resolved Hide resolved
@znewman01 znewman01 force-pushed the abandonallupdatesyewhoenterhere branch from f393a21 to 189f7d1 Compare September 20, 2022 14:18
@znewman01 znewman01 requested a review from joshuagl September 20, 2022 14:18
@znewman01
fix: abandon updates if timestamp.json isn't new
4d59f3b 
Adds a new test for this case: if a client sees a new `timestamp.json`
file with the same version as its current `timestamp.json` file, it
should do nothing (no update, but also no error).

A few other tests were implicitly relying on the fact that the client
did a full update each time, so they've been updated to commit a new
timestamp.

This updates go-tuf for TUF specification v1.0.30 (fixes theupdateframework#321). The
only substantive change was
[theupdateframework/specification#209][tuf-spec-209], which clarifies
the intended behavior for updating metadata files.

Updates for other roles were already in compliance:

- Root metadata: https://github.com/theupdateframework/go-tuf/blob/13eff30efd6c61f165e1bf06e8c0e72f5a0e5703/client/client.go#L258
- Timestamp, checking snapshot version: https://github.com/theupdateframework/go-tuf/blob/13eff30efd6c61f165e1bf06e8c0e72f5a0e5703/client/client.go#L751
- Snapshot, must match version from timestamp: https://github.com/theupdateframework/go-tuf/blob/13eff30efd6c61f165e1bf06e8c0e72f5a0e5703/client/client.go#L667
- Snapshot, no rollback of targets: https://github.com/theupdateframework/go-tuf/blob/13eff30efd6c61f165e1bf06e8c0e72f5a0e5703/client/client.go#L685
- Targets: https://github.com/theupdateframework/go-tuf/blob/13eff30efd6c61f165e1bf06e8c0e72f5a0e5703/client/client.go#L643

[tuf-spec-209]: (theupdateframework/specification#209).

Signed-off-by: Zachary Newman <[email protected]>
@znewman01 znewman01 force-pushed the abandonallupdatesyewhoenterhere branch from 189f7d1 to 4d59f3b Compare September 20, 2022 14:49
@joshuagl joshuagl merged commit 040092c into theupdateframework:master Sep 20, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joshuagl joshuagl joshuagl approved these changes

@mnm678 mnm678 mnm678 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

TUF specification has a new version - v1.0.30
3 participants
@znewman01 @mnm678 @joshuagl