Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: fix verification to continue on invalid sigs #418

Merged
merged 5 commits into from
Oct 31, 2022
Merged

fix: fix verification to continue on invalid sigs #418

merged 5 commits into from
Oct 31, 2022

Conversation

asraa
Copy link
Contributor

@asraa asraa commented Oct 14, 2022
edited
Loading

Signed-off-by: Asra Ali asraa@google.com

Fixes #370

Blocked on #417

As described in the issue, client will currently fail on any single invalid signature rather than counting the number of valid signatures. The fix is that it continues on invalid signatures, not counting them to the threshold of valid signatures.

Please fill in the fields below to submit a pull request. The more information that is provided, the better.

Fixes #

Release Notes: 

* fix!: client will allow invalid signatures on metadata, so long as the number of valid ones reaches the threshold. Previously, the client rejected metadata signed with any invalid signatures.

Types of changes:

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected). Please ensure that your PR title is a Conventional Commit breaking change (with a !, as in feat!: change foo).

Description of the changes being introduced by the pull request:

Please verify and check that the pull request fulfills the following requirements:

  • Tests have been added for the bug fix or new feature
  • Docs have been added for the bug fix or new feature

@asraa
fix: fix verification to continue on invalid sigs
d3f9354 
Signed-off-by: Asra Ali <asraa@google.com>
joshuagl
joshuagl previously approved these changes Oct 17, 2022
View reviewed changes
Copy link
Member

@joshuagl joshuagl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change LGTM, thanks Asra!

repo.go Outdated Show resolved Hide resolved
@joshuagl joshuagl marked this pull request as draft October 17, 2022 13:41
@asraa
factor our verification and update repo.go
8af86a0 
Signed-off-by: Asra Ali <asraa@google.com>
@asraa asraa marked this pull request as ready for review October 18, 2022 18:17
rdimitrov
rdimitrov previously approved these changes Oct 19, 2022
View reviewed changes
trishankatdatadog
trishankatdatadog reviewed Oct 28, 2022
View reviewed changes
repo.go Show resolved Hide resolved
repo.go Show resolved Hide resolved
@asraa asraa merged commit 047cdb3 into theupdateframework:master Oct 31, 2022
BaptisteFoy pushed a commit to BaptisteFoy/go-tuf that referenced this pull request Dec 22, 2022
@asraa @BaptisteFoy
fix: fix verification to continue on invalid sigs (theupdateframework…
54cb704 
…#418)

* fix: fix verification to continue on invalid sigs

Signed-off-by: Asra Ali <asraa@google.com>
Signed-off-by: Baptiste Foy <baptiste.foy@datadoghq.com>
BaptisteFoy pushed a commit to BaptisteFoy/go-tuf that referenced this pull request Jan 6, 2023
@asraa @BaptisteFoy
fix: fix verification to continue on invalid sigs (theupdateframework…
4959959 
…#418)

* fix: fix verification to continue on invalid sigs

Signed-off-by: Asra Ali <asraa@google.com>
Signed-off-by: Baptiste Foy <baptiste.foy@datadoghq.com>
znewman01 pushed a commit to znewman01/go-tuf that referenced this pull request May 22, 2023
@asraa @znewman01
fix: fix verification to continue on invalid sigs (theupdateframework…
703cc7c 
…#418)

* fix: fix verification to continue on invalid sigs

Signed-off-by: Asra Ali <asraa@google.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joshuagl joshuagl joshuagl left review comments

@rdimitrov rdimitrov rdimitrov approved these changes

@trishankatdatadog trishankatdatadog trishankatdatadog approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Threshold signature check fails if any single signature is invalid
4 participants
@asraa @joshuagl @rdimitrov @trishankatdatadog