Fix bug in sig.py's get_signature_status

get_signature_status() incorrectly uses the role's threshold in roledb instead of using the one supplied in the 'threshold' argument to the function Signed-off-by: Vladimir Diaz <vladimir.v.diaz@gmail.com>
2026-05-24 10:08:28 +00:00 · 2018-04-26 11:39:53 -04:00 · 2018-04-26 11:39:53 -04:00 · e7cff3bba8
commit e7cff3bba8
parent 08c8bf67ae
1 changed files with 10 additions and 6 deletions
--- a/tuf/sig.py
+++ b/tuf/sig.py
@ -67,7 +67,7 @@


 def get_signature_status(signable, role=None, repository_name='default',
-                         threshold=None, keyids=None):
+    threshold=None, keyids=None):
  """
  <Purpose>
    Return a dictionary representing the status of the signatures listed in
@ -214,12 +214,16 @@ def get_signature_status(signable, role=None, repository_name='default',
  # securesystemslib.exceptions.UnknownRoleError if we were given an invalid
  # role.
  if role is not None:
-    try:
-      threshold = \
-        tuf.roledb.get_role_threshold(role, repository_name=repository_name)
+    if threshold is None:
+      try:
+        threshold = \
+          tuf.roledb.get_role_threshold(role, repository_name=repository_name)

-    except tuf.exceptions.UnknownRoleError:
-      raise
+      except tuf.exceptions.UnknownRoleError:
+        raise
+
+    else:
+      logger.debug('Not using roledb.py\'s threshold for ' + repr(role))

  else:
    threshold = 0