mirror of
https://github.com/theupdateframework/python-tuf
synced 2026-05-24 10:08:28 +00:00
repository: handle online key changes (#2650)
* repository: Handle online key change situations in do_snapshot() and do_timestamp(): always create a new version if current version is not correctly signed * remove expectedFailure marks from the related tests Signed-off-by: h4l0gen <ks3913688@gmail.com> Signed-off-by: Kapil Sharma <ks3913688@gmail.com>
This commit is contained in:
parent
d2afc09dcd
commit
0ac86c67ad
2 changed files with 26 additions and 2 deletions
|
|
@ -186,7 +186,6 @@ def test_do_snapshot_after_new_targets_delegation(self) -> None:
|
|||
self.assertEqual(2, len(snapshot_versions))
|
||||
self.assertEqual(2, snapshot_versions[-1].signed.version)
|
||||
|
||||
@unittest.expectedFailure # Issue 2438
|
||||
def test_do_snapshot_after_snapshot_key_change(self) -> None:
|
||||
# change snapshot signing keys
|
||||
with self.repo.edit_root() as root:
|
||||
|
|
@ -228,7 +227,6 @@ def test_do_timestamp_after_snapshot_change(self) -> None:
|
|||
self.assertEqual(2, len(timestamp_versions))
|
||||
self.assertEqual(2, timestamp_versions[-1].signed.version)
|
||||
|
||||
@unittest.expectedFailure # Issue 2438
|
||||
def test_do_timestamp_after_timestamp_key_change(self) -> None:
|
||||
# change timestamp signing keys
|
||||
with self.repo.edit_root() as root:
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@
|
|||
from copy import deepcopy
|
||||
from typing import Dict, Generator, Optional, Tuple
|
||||
|
||||
from tuf.api.exceptions import UnsignedMetadataError
|
||||
from tuf.api.metadata import (
|
||||
Metadata,
|
||||
MetaFile,
|
||||
|
|
@ -188,6 +189,18 @@ def do_snapshot(
|
|||
update_version = force
|
||||
removed: Dict[str, MetaFile] = {}
|
||||
|
||||
root = self.root()
|
||||
snapshot_md = self.open(Snapshot.type)
|
||||
|
||||
try:
|
||||
root.verify_delegate(
|
||||
Snapshot.type,
|
||||
snapshot_md.signed_bytes,
|
||||
snapshot_md.signatures,
|
||||
)
|
||||
except UnsignedMetadataError:
|
||||
update_version = True
|
||||
|
||||
with self.edit_snapshot() as snapshot:
|
||||
for keyname, new_meta in self.targets_infos.items():
|
||||
if keyname not in snapshot.meta:
|
||||
|
|
@ -228,6 +241,19 @@ def do_timestamp(
|
|||
"""
|
||||
update_version = force
|
||||
removed = None
|
||||
|
||||
root = self.root()
|
||||
timestamp_md = self.open(Timestamp.type)
|
||||
|
||||
try:
|
||||
root.verify_delegate(
|
||||
Timestamp.type,
|
||||
timestamp_md.signed_bytes,
|
||||
timestamp_md.signatures,
|
||||
)
|
||||
except UnsignedMetadataError:
|
||||
update_version = True
|
||||
|
||||
with self.edit_timestamp() as timestamp:
|
||||
if self.snapshot_info.version < timestamp.snapshot_meta.version:
|
||||
raise ValueError("snapshot version rollback")
|
||||
|
|
|
|||
Loading…
Reference in a new issue