Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: sign-payload shouldn't recanonicalize payload #479

Merged
merged 1 commit into from
Apr 19, 2023
Merged

fix: sign-payload shouldn't recanonicalize payload #479

merged 1 commit into from
Apr 19, 2023

Conversation

znewman01
Copy link
Contributor

  • Add new Repo.SignRaw which doesn't canonicalize before signing (and just returns Signatures)
  • Rename SignPayload to CanonicalizeAndSign (old name is deprecated; it probably doesn't actually get used so we can rip out next major release.)
  • Add sign.MakeSignatures which does not canonicalize; refactor sign.Sign to use it.
  • Modify offline flow to test this property.
  • Use SignRaw in tuf sign-payload.

Please fill in the fields below to submit a pull request. The more information that is provided, the better.

Fixes #475.

Release Notes:

  • (API) Repo.SignPayload is deprecated; please use CanonicalizeAndSign instead.
  • (CLI) Fix tuf sign-payload to not re-canonicalize the input.

Types of changes:

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected). Please ensure that your PR title is a Conventional Commit breaking change (with a !, as in feat!: change foo).

Description of the changes being introduced by the pull request:

Please verify and check that the pull request fulfills the following requirements:

  • Tests have been added for the bug fix or new feature
  • Docs have been added for the bug fix or new feature

@znewman01 znewman01 requested review from rdimitrov and asraa April 8, 2023 13:49
github-advanced-security[bot]
github-advanced-security bot found potential problems Apr 8, 2023
View reviewed changes
sign/sign.go Fixed Show fixed Hide fixed
@znewman01 znewman01 force-pushed the sign-payload branch 2 times, most recently from 1c8e198 to bbc749f Compare April 8, 2023 14:11
github-advanced-security[bot]
github-advanced-security bot found potential problems Apr 8, 2023
View reviewed changes
sign/sign.go Show resolved Hide resolved
rdimitrov
rdimitrov approved these changes Apr 10, 2023
View reviewed changes
Copy link
Contributor

@rdimitrov rdimitrov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm 👍

sign/sign.go Show resolved Hide resolved
sign/sign.go Show resolved Hide resolved
@znewman01 @rdimitrov
fix: sign-payload shouldn't recanonicalize payload
f595663 
Fixes theupdateframework#475.

- Add new `Repo.SignRaw` which doesn't canonicalize before signing (and
  just returns Signatures)
- Rename `SignPayload` to `CanonicalizeAndSign` (old name is
  deprecated; it probably doesn't actually get used so we can rip out
  next major release.)
- Add `sign.MakeSignatures` which does not canonicalize; refactor
  `sign.Sign` to use it.
- Modify offline flow to test this property.
- Use `SignRaw` in `tuf sign-payload`.

Signed-off-by: Zachary Newman <[email protected]>
joshuagl
joshuagl approved these changes Apr 18, 2023
View reviewed changes
repo.go Show resolved Hide resolved
repo.go Show resolved Hide resolved
@znewman01 znewman01 merged commit 6b93a5a into theupdateframework:master Apr 19, 2023
@rdimitrov rdimitrov mentioned this pull request Apr 27, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rdimitrov rdimitrov rdimitrov approved these changes

@joshuagl joshuagl joshuagl approved these changes

@asraa asraa Awaiting requested review from asraa

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Payload functionality broken ( invalid character '\n' in string literal)
3 participants
@znewman01 @joshuagl @rdimitrov