Merge pull request #712 from vladimir-v-diaz/refactor_code_that_sets_previous_keyids

Refactor how previous keyids are saved in add_verification_key()
2026-05-24 10:08:28 +00:00 · 2018-04-26 13:33:33 -04:00 · 2018-04-26 13:33:33 -04:00 · 73dcee1bf2
commit 73dcee1bf2
parent 64b0e737d9 9f0c495f19
2 changed files with 10 additions and 5 deletions
--- a/tests/test_repository_tool.py
+++ b/tests/test_repository_tool.py
@ -137,7 +137,8 @@ def test_writeall(self):
    # sub-directory in 'temporary_directory' if it does not exist.
    repository_directory = os.path.join(temporary_directory, 'repository')
    metadata_directory = os.path.join(repository_directory,
-                                      repo_tool.METADATA_STAGED_DIRECTORY_NAME)
+        repo_tool.METADATA_STAGED_DIRECTORY_NAME)
+
    repository = repo_tool.create_new_repository(repository_directory, repository_name)

    # (1) Load the public and private keys of the top-level roles, and one
@ -230,7 +231,8 @@ def test_writeall(self):
      role_filepath = os.path.join(metadata_directory, role)
      role_signable = securesystemslib.util.load_json_file(role_filepath)

-      # Raise 'securesystemslib.exceptions.FormatError' if 'role_signable' is an invalid signable.
+      # Raise 'securesystemslib.exceptions.FormatError' if 'role_signable' is
+      # an invalid signable.
      tuf.formats.check_signable_object_format(role_signable)

      self.assertTrue(os.path.exists(role_filepath))
--- a/tuf/repository_tool.py
+++ b/tuf/repository_tool.py
@ -671,10 +671,13 @@ def add_verification_key(self, key, expires=None):
    keyid = key['keyid']
    roleinfo = tuf.roledb.get_roleinfo(self.rolename, self._repository_name)

-    previous_keyids = roleinfo['keyids']
+    # Save the keyids that are being replaced since certain roles will need to
+    # re-sign metadata with these keys (e.g., root).  Use list() to make a copy
+    # of roleinfo['keyids'] to ensure we're modifying distinct lists.
+    previous_keyids = list(roleinfo['keyids'])

-    # Add 'key' to the role's entry in 'tuf.roledb.py' and avoid duplicates.
-    if keyid not in previous_keyids:
+    # Add 'key' to the role's entry in 'tuf.roledb.py', and avoid duplicates.
+    if keyid not in roleinfo['keyids']:
      roleinfo['keyids'].append(keyid)
      roleinfo['previous_keyids'] = previous_keyids