Permalink
Show file tree
Hide file tree
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
Merge pull request from GHSA-66x3-6cw3-v5gj
* Remove obsolete snapshot error check Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com> * Add a dedicated error for missing target metadata file Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com> * Fix protection against metadata rollback attacks The go-tuf client now loads any previously trusted metadata before proceeding with the update process. This is mandatory for the protection against rollback attacks. It also fixes the detailed order of operations necessary to implement such protection. Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com> * Don't abort the update process if loading trusted metadata fails Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com> * Update getLocalMeta so it tries loading every verified metadata file If some of the metadata files fail to load, getLocalMeta will proceed with trying to load the rest, but still return an error at the end, if such occurred. Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com> * Revert the preliminary targets.json download check Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com> * Use current instead of old when addressing metadata Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com> * Timestamp metadata do not require hashes and lenght being present Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com> * fix: reload local meta based on the latest root Clear the in-memory copy of the local metadata. The goal is to reload and take into account only the metadata files that are verified by the latest root. Otherwise, their content should be ignored. Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com> * fix: update client unit tests for cases where metadata is now invalidated Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com> * chore: clarify the case where targets rollback verification will be skipped Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com> * chore: update getLocalMeta() description Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com> * chore: simplify getLocalMeta() so it wraps the inner error upon failure Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com> * chore: remove unused ErrLoadLocalFailed error type Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com> * chore: improve code layout for decodeSnapshot() Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>
- Loading branch information
Showing
8 changed files
with
126 additions
and
49 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters