-
Notifications
You must be signed in to change notification settings - Fork 108
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Support delegated targets roles in repo writer #175
feat: Support delegated targets roles in repo writer #175
Conversation
Pull Request Test Coverage Report for Build 2061709688Warning: This coverage report may be inaccurate.This pull request's base commit is no longer the HEAD commit of its target branch. This means it includes changes from outside the original pull request, including, potentially, unrelated coverage changes.
Details
💛 - Coveralls |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just started doing the review, just got caught up a little in the key generation not being compatible with delegations -- right now i think it is, except for the hashed bin delegations? (i think it should end up saving the keys in a role file, possibly duplicating them)
I haven't looked at the parts of this I wrote in a while, so I'm unfortunately a bit rusty on what's unfinished, but this is the testing script I was using (haven't converted it to unit tests yet): https://gist.github.com/ethan-lowman-dd/cbc403cd0e68215703f903b7b8777c9c Running this script on the current branch, regular delegated role signing seems to work. Key management for hash bin delegated signing is not working -- the There's also a potential issue with delegation traversal, but I need to read the spec closer to verify -- in the test, A.txt can not be signed since there is no explicit delegation for its path, but I think the top level targets role should sign in that case. Additionally, I think it's still unaddressed how hash bin delegated keys would be loaded after the delegation is first written. In the test script, we generate the |
Ah @asraa good point, another way to make the disk-backed key store work with delegated roles would be to just write it to disk under each of |
Yes, I was also running into this in tuf-notary. You can use the |
Going to defer to the rest here. Great job, everyone! |
Thanks for the test script @ethan-lowman-dd. I think I fixed the |
Could I get another review @ethan-lowman-dd or @asraa? The hashed-bin key storage seems to be working as long as the keys are each stored ( |
I pushed some failing tests -- currently, targets metadata that does not have any target files is not signed. I'm currently debugging. Also, some notes for myself -- all of my printf debugging in |
I fixed the issues I mentioned above. I think it may be okay if the |
@lukpueh do you think you can help review? |
Any thoughts on whether delegated targets key revocation needs to go in this PR, or whether we can we leave those changes as TODOs? I wouldn't consider the code useable in production without APIs to revoke keys, but I also don't want to bloat this PR with mostly-independent changes. |
I think we can update all of the add/revoke key functions in a separate pr to keep this one a bit smaller/easier to review. But I agree that we should get those done before a release that includes this pr. |
Just a general comment, but it would be really great for go-tuf if we can try to keep the PRs simpler and independent as much as possible so they are easy to review. For example, If there's some refactoring related to introducing a new feature, try to separate it in a different PR. Trying to make sense of a lot of changes put in a single PR is usually only feasible for people with very in-depth knowledge of the whole codebase. TUF, itself, is not an easy topic, so avoiding this would help in the direction of welcoming more people to review (and even contribute to) the project which would also limit the chance of introducing code that was not thought through well enough 👍 |
@rdimitrov Since supporting delegated roles touches almost everywhere roles are used, it's been tricky to keep this change compact. However, I think at this point we're confident enough in the necessary refactors that it makes sense to separate them out as you suggested. I'll spend some time on this today. |
…fix GenKey expiration Splitting up #175
…'t change signed targets
be25f93
to
e481cd3
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's go! Really want to start getting this code in, and we can tackle the cleanups afterwards. If need be let's make a milestone tracking issue for all the tasks we need to do so we can sort out who can own each.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
This pr is a takeover of #171, which I don't seem to be able to edit directly.
cc @ethan-lowman-dd @asraa @trishankatdatadog @hosseinsia