Rotate roots per spec#143
Merged
hosseinsia merged 58 commits intotheupdateframework:masterfrom Sep 17, 2021
hosseinsia:updateroots
Merged
Rotate roots per spec#143hosseinsia merged 58 commits intotheupdateframework:masterfrom hosseinsia:updateroots
hosseinsia merged 58 commits intotheupdateframework:masterfrom
hosseinsia:updateroots
Conversation
Pull Request Test Coverage Report for Build 1242433780
💛 - Coveralls |
joshuagl
reviewed
Aug 10, 2021
Member
joshuagl
left a comment
joshuagl
left a comment
There was a problem hiding this comment.
Some drive by comments. I'm not very familiar with go-tuf, so take them with a grain of salt.
This PR is very hard to review because of the number of added files. Do we need them all? Perhaps separate them into a separate commit so that the core logic change is easier to review?
Personally, I'm not a fan of the very large comments which seem likely to become out-of-date. But that appears to be the style for the go-tuf implementation.
trishankatdatadog
suggested changes
Aug 10, 2021
Contributor
trishankatdatadog
left a comment
trishankatdatadog
left a comment
There was a problem hiding this comment.
First round of comments. Thanks for the great work, @hosseinsia! 👏🏽 💯
asraa
reviewed
Aug 11, 2021
asraa
reviewed
Aug 11, 2021
asraa
reviewed
Aug 11, 2021
hosseinsia
commented
Aug 23, 2021
Contributor
Author
hosseinsia
left a comment
hosseinsia
left a comment
There was a problem hiding this comment.
updated according to comments. PTAL.
Major changes:
- The code is being changes such won't persist a bad root metadata (except for when it is expired).
- Added a few more tests to check for the cases of non-root key change.
- Refactored/simplified the client_test
Contributor
raphaelgavache
left a comment
raphaelgavache
left a comment
There was a problem hiding this comment.
Nice PR! This is my first pass, I've left a few minor comments. I'll go through the test cases next
trishankatdatadog
suggested changes
Aug 24, 2021
Contributor
trishankatdatadog
left a comment
trishankatdatadog
left a comment
There was a problem hiding this comment.
So close! Thank you very much.
trishankatdatadog
suggested changes
Sep 2, 2021
Contributor
Author
|
@trishankatdatadog addressed all comments. PTAL. |
asraa
reviewed
Sep 3, 2021
Contributor
asraa
left a comment
asraa
left a comment
There was a problem hiding this comment.
Thanks so much for continuing to review!
trishankatdatadog
previously approved these changes
Sep 3, 2021
Contributor
trishankatdatadog
left a comment
trishankatdatadog
left a comment
There was a problem hiding this comment.
Fantastic work, thank you very much, Hossein! 🎉
Contributor
|
@hosseinsia do we have tests for whether expirations are ignored and not ignored correctly? |
Contributor
Author
Just added a test. ptal. |
joshuagl
reviewed
Sep 8, 2021
… have concerete timestamps (either expired or long exiring one)
raphaelgavache
previously approved these changes
Sep 13, 2021
trishankatdatadog
previously approved these changes
Sep 13, 2021
Contributor
Author
…cal root but no other top-level metadata
hosseinsia
dismissed stale reviews from trishankatdatadog and raphaelgavache
via
45675bf
raphaelgavache
previously approved these changes
Sep 16, 2021
trishankatdatadog
approved these changes
Sep 16, 2021
raphaelgavache
approved these changes
Sep 17, 2021
mnm678
pushed a commit
to mnm678/go-tuf
that referenced
this pull request
Oct 21, 2021
* update roots * removing some debugging comments * removing duplicate code for getLocalRootMeta by calling it from getLocalMeta * fix based on the reviews. * enable an arbitrary root verify another root (use case: n verify n+1) without the need for store them permanently. * check non root metadata, refactor test, address comments * updated according to the comments * remove persistent metadata is the keys have changed. * removing the unused ErrWrongRootVersion * add DeleteMeta to the LocalStore interface and implemenet in MemoryLocalStore and FileLocalStore subtypes. * delete (instead of setting to an empty raw message) the top-level metadata when their key has changed. * add test fixtures for fast forward attack recovery. * test for fast forward attack recovery * addressed several comments. * addressed more comments. Set the rootVersion in loadAndVerifyLocalRootMeta. Fixed a buggy test. * Fixed a buggy test. * fix comment typos * fix race condition related to the expired check. * fix race condition related to the expired check. * kill unmarshalIgnoreExpired. * add test for root update for client version above 1. * add test for root update for client version greater than 1. * update the VerifyIgnoreExpiredCheck method signature and add test for it. * Avoid mocking IsExpired in the tests. Instead update test fixtured to have concerete timestamps (either expired or long exiring one) * remove commented code * update fixtures and clarify test comments. * updating the comments based on the feedbacks. * update roots * removing some debugging comments * removing duplicate code for getLocalRootMeta by calling it from getLocalMeta * fix based on the reviews. * enable an arbitrary root verify another root (use case: n verify n+1) without the need for store them permanently. * check non root metadata, refactor test, address comments * updated according to the comments * remove persistent metadata is the keys have changed. * removing the unused ErrWrongRootVersion * delete (instead of setting to an empty raw message) the top-level metadata when their key has changed. * add test fixtures for fast forward attack recovery. * test for fast forward attack recovery * addressed several comments. * addressed more comments. Set the rootVersion in loadAndVerifyLocalRootMeta. Fixed a buggy test. * Fixed a buggy test. * fix comment typos * Update client/client_test.go Co-authored-by: Trishank Karthik Kuppusamy <trishank.kuppusamy@datadoghq.com> * Update client/client_test.go Co-authored-by: Trishank Karthik Kuppusamy <trishank.kuppusamy@datadoghq.com> * fix race condition related to the expired check. * fix race condition related to the expired check. * kill unmarshalIgnoreExpired. * add test for root update for client version above 1. * add test for root update for client version greater than 1. * update the VerifyIgnoreExpiredCheck method signature and add test for it. * Avoid mocking IsExpired in the tests. Instead update test fixtured to have concerete timestamps (either expired or long exiring one) * remove commented code * update fixtures and clarify test comments. * updating the comments based on the feedbacks. * rebase and update test cases to long expiration (10 years from now), by default. * add test cases for (1) when there is no local root, (2) there is a local root but no other top-level metadata * remove the 'previous' of test folders Co-authored-by: Trishank Karthik Kuppusamy <trishank.kuppusamy@datadoghq.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Update root following the TUF specification v1.0.19
https://theupdateframework.github.io/specification/v1.0.19/index.html#load-trusted-root
Logic: