Skip to content

addd_root_verification #2650

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jku merged 5 commits into from
Jun 4, 2024
Merged

addd_root_verification #2650

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
47aca00
addd_root_verification
h4l0gen May 30, 2024
51c445c
rebasing
h4l0gen Jun 3, 2024
2f62590
Merge branch 'theupdateframework:develop' into add_root_verification
h4l0gen Jun 4, 2024
873c632
removing @unittest.expectedFailure tag
h4l0gen Jun 4, 2024
46fa947
Update test_repository.py
h4l0gen Jun 4, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 0 additions & 2 deletions tests/test_repository.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -186,7 +186,6 @@ def test_do_snapshot_after_new_targets_delegation(self) -> None:
self.assertEqual(2, len(snapshot_versions))
self.assertEqual(2, snapshot_versions[-1].signed.version)

@unittest.expectedFailure # Issue 2438
def test_do_snapshot_after_snapshot_key_change(self) -> None:
# change snapshot signing keys
with self.repo.edit_root() as root:
Expand Down Expand Up @@ -228,7 +227,6 @@ def test_do_timestamp_after_snapshot_change(self) -> None:
self.assertEqual(2, len(timestamp_versions))
self.assertEqual(2, timestamp_versions[-1].signed.version)

@unittest.expectedFailure # Issue 2438
def test_do_timestamp_after_timestamp_key_change(self) -> None:
# change timestamp signing keys
with self.repo.edit_root() as root:
Expand Down
26 changes: 26 additions & 0 deletions tuf/repository/_repository.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
from copy import deepcopy
from typing import Dict, Generator, Optional, Tuple

from tuf.api.exceptions import UnsignedMetadataError
from tuf.api.metadata import (
Metadata,
MetaFile,
Expand Down Expand Up @@ -188,6 +189,18 @@ def do_snapshot(
update_version = force
removed: Dict[str, MetaFile] = {}

root = self.root()
snapshot_md = self.open(Snapshot.type)

try:
root.verify_delegate(
Snapshot.type,
snapshot_md.signed_bytes,
snapshot_md.signatures,
)
except UnsignedMetadataError:
update_version = True

with self.edit_snapshot() as snapshot:
for keyname, new_meta in self.targets_infos.items():
if keyname not in snapshot.meta:
Expand Down Expand Up @@ -228,6 +241,19 @@ def do_timestamp(
"""
update_version = force
removed = None

root = self.root()
timestamp_md = self.open(Timestamp.type)

try:
root.verify_delegate(
Timestamp.type,
timestamp_md.signed_bytes,
timestamp_md.signatures,
)
except UnsignedMetadataError:
update_version = True

with self.edit_timestamp() as timestamp:
if self.snapshot_info.version < timestamp.snapshot_meta.version:
raise ValueError("snapshot version rollback")
Expand Down