Document fast-forward attack recovery

Document why deleting the timestamp and snapshot files
is not needed to recover from a fast-forward attack.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
This commit is contained in:
Teodora Sechkova 2021-06-16 16:25:08 +03:00 committed by Jussi Kukkonen
parent 0f69f28710
commit a31f2ecb4a

View file

@ -240,6 +240,11 @@ def root_update_finished(self):
if self.root.signed.is_expired(self.reference_time):
raise exceptions.ExpiredMetadataError("New root.json is expired")
# No need to recover from fast-forward attack here since
# timestamp and snapshot are not loaded at this point and
# when loaded later will be verified with the new rotated
# keys.
self._root_update_finished = True
logger.debug("Verified final root.json")