fix: timestamp.json meta can has optional fields #778
Conversation
|
JFYI: TUF's reference implementation (written in python) has |
There was a problem hiding this comment.
Seems correct to me.
The only note I have is that I believe TimestampMeta and SnapshotMeta are now 100% equivalent (as they should be): Having two separate types seems reasonable but maybe there should be only one struct implementation and then TypeAliases for the actual types?
|
I agree with you @jku, I just wanted to go soft on the initial PR to not scare the maintainers 😄 But this change is definitely on the table if the maintainers are fine with that. |
|
This change makes sense to me, although it has triggered a clippy warning. Unless someone disagrees, I think it might be fine to just add a clippy exception to |
tough/src/cache.rs
Outdated
| self.max_snapshot_size()? | ||
| .unwrap_or(self.limits.max_timestamp_size), |
There was a problem hiding this comment.
I would prefer adding a separate max_snapshot_size limit to the limits struct. It can share the default with max_timestamp_size (1 MiB) but it's a different metadata file and clients may want to treat it differently.
There was a problem hiding this comment.
Yes, good point. I've fixed that with 4474051
I will squash the commit once the review process is done
tough/src/schema/mod.rs
Outdated
| /// The integer length in bytes of the snapshot.json file. It is OPTIONAL and | ||
| /// can be omitted to reduce the snapshot metadata file size. In that case the client MUST use a | ||
| /// custom download limit for the listed metadata. | ||
| #[serde(skip_serializing_if = "Option::is_none")] | ||
| pub length: Option<u64>, |
There was a problem hiding this comment.
After this change, TimestampMeta looks identical to SnapshotMeta. If we're taking an API break for this, seems like we should just converge on a single MetaFile struct, to better convey the idea that this is actually the same type according to the spec.
There was a problem hiding this comment.
I agree, do you want me to attempt to perform this change now or would you prefer a dedicated PR later?
There was a problem hiding this comment.
I think this should probably be in the same PR. Perhaps a separate commit for now and then we squash at the end of the review process?
There was a problem hiding this comment.
I've just pushed a commit that replaces SnapshotMeta and TimestampMeta with Metafiles.
I'm open to suggestions for a better name 😅
|
The CI is failing because clippy complains about the Should I add a directive to ignore this warning? The function seems ok to me... |
I would probably just add a |
Done. BTW, the function length limit is 100, the function is currently 101 lines long 😓 |
tough/src/schema/mod.rs
Outdated
| @@ -292,7 +292,7 @@ pub struct Snapshot { | |||
| /// }, | |||
| /// ``` | |||
| #[derive(Debug, Clone, Deserialize, Serialize, Eq, PartialEq)] | |||
| pub struct SnapshotMeta { | |||
| pub struct Metafiles { | |||
There was a problem hiding this comment.
I think this should be Metafile since there's only one. I was thrown at first by the Hashes struct immediately after this one, but that's different because it can include multiple hashes, even though only the sha256 one is used.
In the enclosing structs, the HashMap<String, Metafile> collection implies the "plural" - there can be 0-N metafiles - so the type name doesn't need to reflect it. If you really wanted a closer correspondence to the spec, you could declare a newtype:
struct Metafiles(HashMap<String, Metafile>)
And then Snapshot and Timestamp could say this instead:
pub meta: Metafiles,
But I don't think that's necessary.
There was a problem hiding this comment.
@bcressey: sorry, should I go ahead and rename Metafiles to Metafile?
If you want I can also go ahead with the struct Metafiles thing you suggested.
There was a problem hiding this comment.
sorry, should I go ahead and rename Metafiles to Metafile?
@flavio: yes please rename Metafiles to Metafile. I wouldn't bother with the second part (newtype) unless you're excited about it 😀
There was a problem hiding this comment.
I’m currently on vacation. I’ll look at that on the 1st of August
There was a problem hiding this comment.
I'm back from holidays. I've done the rename inside of 0274aa5
I tried to introduce the struct Metafiles, but the change required to implement get and insert methods on it. I don't know if we really want all this extra code.
I'll leave you to mark this comment as solved if you're fine with the change
flavio
force-pushed
the
timestamp.json-optional-fields-inside-of-meta
branch
from
db0b9e6
to
ff2625e
Compare
|
Just a reminder, once everybody is happy about the change I'll squash all commits into a single one. |
Looks good to me! Thanks! |
According to the TUF specification, the `meta` attribute of `timestamp.json` must follow the same specification of `METAFILES`. That means it has optional `LENGTH` and `HASHES`. See [this](https://theupdateframework.github.io/specification/latest/#file-formats-timestamp) section of the TUF specification. Fixes issue awslabs#771 Signed-off-by: Flavio Castelli <[email protected]>
flavio
force-pushed
the
timestamp.json-optional-fields-inside-of-meta
branch
from
0274aa5
to
f2a8cce
Compare
|
Great, I've squashed all the commits into a single one |
|
Hello, do you have any ETA about when this fix will be made available through an official release? Thanks! |
|
Hi @jpculp. Sorry, just pinging this after the long weekend, hoping it doesn't get lost. I understand that sigstore work isn't really your concern but, it would be helpful for us to get a release on this, as we're planning some updates to our TUF metadata that break without it. If there's an ETA, I'd love to try to schedule our work around it. |
|
This change broke bpfman today. Is there a schedule for a release containing this fix? Thanks, Andre |
|
@flavio / @loosebazooka, sorry for the delay! We were taking a look at some other contributions first, but I suspect they will end up in a separate release. I can't commit to a date yet, but I'd like to get this out sooner rather than later. Thank you for your patience! @anfredette, can you elaborate on the breakage with |
|
Thanks for your response, @jpculp! We just started getting the following error from |
|
Oh my bad I guess they already moved the sigstore metadata. |
|
On top of having this fix published, we also need #769 to be merged. Currently |
Sigstore's TUF repository format changed in way that breaks the tough crate. This commit updates to a forked release of the tough crate that includes fixes for these issues: * awslabs/tough#778 - the fix for the TUF repo change * awslabs/tough#769 - another long standing issue Signed-off-by: Flavio Castelli <[email protected]>
|
Hi @flavio / @loosebazooka, this fix is available today through the official release. Thank you for your patience. |
Issue #, if available:
Fixes issue #771
Description of changes:
According to the TUF specification, the
metaattribute oftimestamp.jsonmust follow the same specification ofMETAFILES.That means it has optional
LENGTHandHASHES.See this section of the TUF specification.
I've handled a missing
LENGTHandHASHESin thetimestamp.jsonfile using the same logic used by the library when loading targets.By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.