From 47aca00dcf0d6802478cd6a37b43117a49980736 Mon Sep 17 00:00:00 2001
From: h4l0gen <ks3913688@gmail.com>
Date: Thu, 30 May 2024 14:33:43 +0530
Subject: [PATCH 1/4] addd_root_verification

Signed-off-by: h4l0gen <ks3913688@gmail.com>
---
 tuf/repository/_repository.py | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/tuf/repository/_repository.py b/tuf/repository/_repository.py
index fc96b8f474..9a4f52d917 100644
--- a/tuf/repository/_repository.py
+++ b/tuf/repository/_repository.py
@@ -188,6 +188,12 @@ def do_snapshot(
         update_version = force
         removed: Dict[str, MetaFile] = {}
 
+        root = self.root()
+        snapshot = self.snapshot()
+
+        if not root.verify_signature(snapshot):
+            update_version = True
+
         with self.edit_snapshot() as snapshot:
             for keyname, new_meta in self.targets_infos.items():
                 if keyname not in snapshot.meta:
@@ -228,6 +234,13 @@ def do_timestamp(
         """
         update_version = force
         removed = None
+
+        root = self.root()
+        timestampt = self.timestamp()
+
+        if not root.verify_signature(timestamp):
+            update_version = True
+
         with self.edit_timestamp() as timestamp:
             if self.snapshot_info.version < timestamp.snapshot_meta.version:
                 raise ValueError("snapshot version rollback")

From 51c445c31b6e7c9610daee95976146a6ae3bd722 Mon Sep 17 00:00:00 2001
From: h4l0gen <ks3913688@gmail.com>
Date: Mon, 3 Jun 2024 20:15:03 +0530
Subject: [PATCH 2/4] rebasing

Signed-off-by: h4l0gen <ks3913688@gmail.com>
---
 tuf/repository/_repository.py | 25 +++++++++++++++++++------
 1 file changed, 19 insertions(+), 6 deletions(-)

diff --git a/tuf/repository/_repository.py b/tuf/repository/_repository.py
index 9a4f52d917..09306b821c 100644
--- a/tuf/repository/_repository.py
+++ b/tuf/repository/_repository.py
@@ -9,6 +9,7 @@
 from copy import deepcopy
 from typing import Dict, Generator, Optional, Tuple
 
+from tuf.api.exceptions import UnsignedMetadataError
 from tuf.api.metadata import (
     Metadata,
     MetaFile,
@@ -189,9 +190,15 @@ def do_snapshot(
         removed: Dict[str, MetaFile] = {}
 
         root = self.root()
-        snapshot = self.snapshot()
-
-        if not root.verify_signature(snapshot):
+        snapshot_md = self.open(Snapshot.type)
+
+        try:
+            root.verify_delegate(
+                Snapshot.type,
+                snapshot_md.signed_bytes,
+                snapshot_md.signatures,
+            )
+        except UnsignedMetadataError:
             update_version = True
 
         with self.edit_snapshot() as snapshot:
@@ -236,9 +243,15 @@ def do_timestamp(
         removed = None
 
         root = self.root()
-        timestampt = self.timestamp()
-
-        if not root.verify_signature(timestamp):
+        timestamp_md = self.open(Timestamp.type)
+
+        try:
+            root.verify_delegate(
+                Timestamp.type,
+                timestamp_md.signed_bytes,
+                timestamp_md.signatures,
+            )
+        except UnsignedMetadataError:
             update_version = True
 
         with self.edit_timestamp() as timestamp:

From 873c632da0fd9114ec228ccfaf49eafaab86ec9e Mon Sep 17 00:00:00 2001
From: Kapil Sharma <ks3913688@gmail.com>
Date: Tue, 4 Jun 2024 12:02:27 +0530
Subject: [PATCH 3/4] removing @unittest.expectedFailure tag

Signed-off-by: Kapil Sharma <ks3913688@gmail.com>
---
 tests/test_repository.py | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/tests/test_repository.py b/tests/test_repository.py
index 092df0ec79..6e95d51add 100644
--- a/tests/test_repository.py
+++ b/tests/test_repository.py
@@ -186,7 +186,6 @@ def test_do_snapshot_after_new_targets_delegation(self) -> None:
         self.assertEqual(2, len(snapshot_versions))
         self.assertEqual(2, snapshot_versions[-1].signed.version)
 
-    @unittest.expectedFailure  # Issue 2438
     def test_do_snapshot_after_snapshot_key_change(self) -> None:
         # change snapshot signing keys
         with self.repo.edit_root() as root:
@@ -228,9 +227,7 @@ def test_do_timestamp_after_snapshot_change(self) -> None:
         self.assertEqual(2, len(timestamp_versions))
         self.assertEqual(2, timestamp_versions[-1].signed.version)
 
-    @unittest.expectedFailure  # Issue 2438
-    def test_do_timestamp_after_timestamp_key_change(self) -> None:
-        # change timestamp signing keys
+    def test_do_timestamp_after_timestamp_key_change(self) -> None:        # change timestamp signing keys
         with self.repo.edit_root() as root:
             # remove key
             keyid = root.roles["timestamp"].keyids[0]

From 46fa9471ac353623155c55f16b146f18013bfaa8 Mon Sep 17 00:00:00 2001
From: Kapil Sharma <ks3913688@gmail.com>
Date: Tue, 4 Jun 2024 12:06:45 +0530
Subject: [PATCH 4/4] Update test_repository.py

Signed-off-by: Kapil Sharma <ks3913688@gmail.com>
---
 tests/test_repository.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tests/test_repository.py b/tests/test_repository.py
index 6e95d51add..e1d228dc9b 100644
--- a/tests/test_repository.py
+++ b/tests/test_repository.py
@@ -227,7 +227,8 @@ def test_do_timestamp_after_snapshot_change(self) -> None:
         self.assertEqual(2, len(timestamp_versions))
         self.assertEqual(2, timestamp_versions[-1].signed.version)
 
-    def test_do_timestamp_after_timestamp_key_change(self) -> None:        # change timestamp signing keys
+    def test_do_timestamp_after_timestamp_key_change(self) -> None:
+        # change timestamp signing keys
         with self.repo.edit_root() as root:
             # remove key
             keyid = root.roles["timestamp"].keyids[0]