Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Rotate roots per spec #143

Merged
merged 58 commits into from
Sep 17, 2021
Merged

Rotate roots per spec #143

merged 58 commits into from
Sep 17, 2021

Conversation

hosseinsia
Copy link
Contributor

Update root following the TUF specification v1.0.19
https://theupdateframework.github.io/specification/v1.0.19/index.html#load-trusted-root

Logic:

  1. Call the update root first in any client updates.
  2. Start from the current root version (n), loop through next versions by trying to fetch (n+1).root.json file.
  3. For any new root, verify the signatures.

@coveralls
Copy link

coveralls commented Aug 10, 2021

Pull Request Test Coverage Report for Build 1242433780

  • 192 of 243 (79.01%) changed or added relevant lines in 5 files are covered.
  • 55 unchanged lines in 2 files lost coverage.
  • Overall coverage decreased (-1.5%) to 67.999%

Changes Missing Coverage Covered Lines Changed/Added Lines %
verify/errors.go 0 3 0.0%
verify/verify.go 14 27 51.85%
client/client.go 171 206 83.01%
Files with Coverage Reduction New Missed Lines %
client/errors.go 12 7.84%
client/client.go 43 75.04%
Totals Coverage Status
Change from base Build 1221339773: -1.5%
Covered Lines: 1872
Relevant Lines: 2753

💛 - Coveralls

Copy link
Member

@joshuagl joshuagl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some drive by comments. I'm not very familiar with go-tuf, so take them with a grain of salt.

This PR is very hard to review because of the number of added files. Do we need them all? Perhaps separate them into a separate commit so that the core logic change is easier to review?

Personally, I'm not a fan of the very large comments which seem likely to become out-of-date. But that appears to be the style for the go-tuf implementation.

Copy link
Member

@trishankatdatadog trishankatdatadog left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

First round of comments. Thanks for the great work, @hosseinsia! 👏🏽 💯

Copy link
Contributor Author

@hosseinsia hosseinsia left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

updated according to comments. PTAL.

Major changes:

  • The code is being changes such won't persist a bad root metadata (except for when it is expired).
  • Added a few more tests to check for the cases of non-root key change.
  • Refactored/simplified the client_test

Copy link
Contributor

@raphaelgavache raphaelgavache left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice PR! This is my first pass, I've left a few minor comments. I'll go through the test cases next

Copy link
Member

@trishankatdatadog trishankatdatadog left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So close! Thank you very much.

raphaelgavache
raphaelgavache previously approved these changes Aug 31, 2021
Copy link
Contributor

@raphaelgavache raphaelgavache left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm!

Copy link
Member

@trishankatdatadog trishankatdatadog left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Almost there!

@hosseinsia
Copy link
Contributor Author

@trishankatdatadog addressed all comments. PTAL.

Copy link
Contributor

@asraa asraa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks so much for continuing to review!

Copy link
Member

@trishankatdatadog trishankatdatadog left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fantastic work, thank you very much, Hossein! 🎉

raphaelgavache
raphaelgavache previously approved these changes Sep 7, 2021
Copy link
Contributor

@raphaelgavache raphaelgavache left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm!

@trishankatdatadog
Copy link
Member

@hosseinsia do we have tests for whether expirations are ignored and not ignored correctly?

@hosseinsia
Copy link
Contributor Author

@hosseinsia do we have tests for whether expirations are ignored and not ignored correctly?

Just added a test. ptal.

raphaelgavache
raphaelgavache previously approved these changes Sep 13, 2021
@hosseinsia
Copy link
Contributor Author

@asraa and @joshuagl ptal!

raphaelgavache
raphaelgavache previously approved these changes Sep 16, 2021
Copy link
Contributor

@asraa asraa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Took another pass, LGTM!

@hosseinsia hosseinsia merged commit 526f227 into theupdateframework:master Sep 17, 2021
@hosseinsia hosseinsia deleted the updateroots branch September 17, 2021 17:03
mnm678 pushed a commit to mnm678/go-tuf that referenced this pull request Oct 21, 2021
* update roots

* removing some debugging comments

* removing duplicate code for getLocalRootMeta by calling it from getLocalMeta

* fix based on the reviews.

* enable an arbitrary root verify another root (use case: n verify n+1) without the need for store them permanently.

* check non root metadata, refactor test, address comments

* updated according to the comments

* remove persistent metadata is the keys have changed.

* removing the unused ErrWrongRootVersion

* add DeleteMeta to the LocalStore interface and implemenet in MemoryLocalStore and FileLocalStore  subtypes.

* delete (instead of setting to an empty raw message) the top-level metadata when their key has changed.

* add test fixtures for fast forward attack recovery.

* test for fast forward attack recovery

* addressed several comments.

* addressed more comments. Set the rootVersion in loadAndVerifyLocalRootMeta. Fixed a buggy test.

* Fixed a buggy test.

* fix comment typos

* fix race condition related to the expired check.

* fix race condition related to the expired check.

* kill unmarshalIgnoreExpired.

* add test for root update for client version above 1.

* add test for root update for client version greater than 1.

* update the VerifyIgnoreExpiredCheck method signature and add test for it.

* Avoid mocking IsExpired in the tests. Instead update test fixtured to have concerete timestamps (either expired or long exiring one)

* remove commented code

* update fixtures and clarify test comments.

* updating the comments based on the feedbacks.

* update roots

* removing some debugging comments

* removing duplicate code for getLocalRootMeta by calling it from getLocalMeta

* fix based on the reviews.

* enable an arbitrary root verify another root (use case: n verify n+1) without the need for store them permanently.

* check non root metadata, refactor test, address comments

* updated according to the comments

* remove persistent metadata is the keys have changed.

* removing the unused ErrWrongRootVersion

* delete (instead of setting to an empty raw message) the top-level metadata when their key has changed.

* add test fixtures for fast forward attack recovery.

* test for fast forward attack recovery

* addressed several comments.

* addressed more comments. Set the rootVersion in loadAndVerifyLocalRootMeta. Fixed a buggy test.

* Fixed a buggy test.

* fix comment typos

* Update client/client_test.go

Co-authored-by: Trishank Karthik Kuppusamy <[email protected]>

* Update client/client_test.go

Co-authored-by: Trishank Karthik Kuppusamy <[email protected]>

* fix race condition related to the expired check.

* fix race condition related to the expired check.

* kill unmarshalIgnoreExpired.

* add test for root update for client version above 1.

* add test for root update for client version greater than 1.

* update the VerifyIgnoreExpiredCheck method signature and add test for it.

* Avoid mocking IsExpired in the tests. Instead update test fixtured to have concerete timestamps (either expired or long exiring one)

* remove commented code

* update fixtures and clarify test comments.

* updating the comments based on the feedbacks.

* rebase and update test cases to long expiration (10 years from now), by default.

* add test cases for (1) when there is no local root, (2) there is a local root but no other top-level metadata

* remove the 'previous' of test folders

Co-authored-by: Trishank Karthik Kuppusamy <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

6 participants