Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(data): add back SnapshotFileMeta.Custom #373

Merged

Conversation

arbll
Copy link
Contributor

@arbll arbll commented Sep 6, 2022

Adds back a Custom field to SnapshotFileMeta following its removal in #345.

Release Notes: Add back a Custom field to SnapshotFileMeta

Types of changes:

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)

Description of the changes being introduced by the pull request:

We rely on this Custom field to store some custom data related to delegated targets. The removal of this field would force us to store this outside of the signed TUF file or in a hacky map in Snapshot.Custom.

Please verify and check that the pull request fulfills the following requirements:

  • Tests have been added for the bug fix or new feature
  • Docs have been added for the bug fix or new feature

@arbll arbll force-pushed the arbll/snapshot-file-meta-custom branch 2 times, most recently from 93b9650 to 743472d Compare September 6, 2022 12:42
@arbll arbll changed the title add back SnapshotFileMeta.Custom revert: add back SnapshotFileMeta.Custom Sep 6, 2022
@trishankatdatadog trishankatdatadog changed the title revert: add back SnapshotFileMeta.Custom fix(data): add back SnapshotFileMeta.Custom Sep 6, 2022
@znewman01 znewman01 requested a review from asraa September 6, 2022 13:58
@trishankatdatadog
Copy link
Member

I'm not strictly against this PR, but a few things:

  1. Why just Snapshot? Why not the base Metadata itself, while we are it?
  2. I don't think we should keep indefinitely supporting this custom (pun intended) use case. If we add this back, we should add a deprecation notice to observe that we can remove this later.

@asraa
Copy link
Contributor

asraa commented Sep 6, 2022

Thanks @arbll!

As with @trishankatdatadog, this field is not in the TUF specification: https://theupdateframework.github.io/specification/latest/#file-formats-snapshot

If you want to keep information about a delegated target, then ideally the information should live in/signed by the parent role, rather than the snapshot role, correct?

It seems like you may want CUSTOM metadata inside a DELEGATIONS object long-term, right? https://theupdateframework.github.io/specification/latest/#delegations

I'm on the side of adding this specifically to SnapshotFileMeta, and not to the base FileMeta that TimestampFileMeta uses, I'd rather scope this usage minimally.

@trishankatdatadog
Copy link
Member

I'm on the side of adding this specifically to SnapshotFileMeta, and not to the base FileMeta that TimestampFileMeta uses, I'd rather scope this usage minimally.

Agreed. Is there a good way to make this optional and not built or at least included in the metadata (even as an empty field) by default?

@trishankatdatadog trishankatdatadog force-pushed the arbll/snapshot-file-meta-custom branch from 743472d to 52f27c3 Compare September 6, 2022 15:30
@trishankatdatadog
Copy link
Member

I'm on the side of adding this specifically to SnapshotFileMeta, and not to the base FileMeta that TimestampFileMeta uses, I'd rather scope this usage minimally.

I also want to make sure that we only need this kind of surgical addition, and not have additional PRs later adding this in other places.

@asraa
Copy link
Contributor

asraa commented Sep 6, 2022

not built or at least included in the metadata (even as an empty field) by default?

Should be omitted when empty! So I think this is good.

@trishankatdatadog
Copy link
Member

Should be omitted when empty! So I think this is good.

I am worried about end-users getting confused about this custom addition, so we need to at least document why it's there.

asraa
asraa previously approved these changes Sep 13, 2022
Copy link
Contributor

@asraa asraa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approval, but to accomodate, let's add a commend above type SnapshotFileMeta that it includes Custom.

Don't think end-users will even see the field if it isn't populated, but worth a comment

@trishankatdatadog
Copy link
Member

Approval, but to accomodate, let's add a commend above type SnapshotFileMeta that it includes Custom.

Don't think end-users will even see the field if it isn't populated, but worth a comment

@arbll pls make the change? thx!

@trishankatdatadog
Copy link
Member

Thanks @arbll. Would you please:

  1. Sign off DCO and rebase + force-push
  2. Confirm that custom is not populated by default unless explicitly set?

@arbll arbll force-pushed the arbll/snapshot-file-meta-custom branch from 4076a7f to 85b22ad Compare September 21, 2022 12:40
Signed-off-by: Arthur Bellal <arthur.bellal@datadoghq.com>
@arbll arbll force-pushed the arbll/snapshot-file-meta-custom branch from 85b22ad to 0518f2f Compare September 21, 2022 12:42
@arbll
Copy link
Contributor Author

arbll commented Sep 21, 2022

@trishankatdatadog Done

Copy link
Member

@trishankatdatadog trishankatdatadog left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not crazy about this PR (we should add a deprecation notice and figure out alternatives), but happy to unblock for now.

@asraa asraa merged commit adbdc7d into theupdateframework:master Oct 5, 2022
znewman01 pushed a commit to znewman01/go-tuf that referenced this pull request May 22, 2023
add back SnapshotFileMeta.custom

Signed-off-by: Arthur Bellal <arthur.bellal@datadoghq.com>

Signed-off-by: Arthur Bellal <arthur.bellal@datadoghq.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
No open projects
Development

Successfully merging this pull request may close these issues.

3 participants