Clarify payload and add-signature args.

Specifically, they expect a metadata file name, *not* a role name. Added a test for each.
theupdateframework · Mar 20, 2022 · 6d47024 · 6d47024
1 parent 109b4d0
commit 6d47024
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 9 deletions.
diff --git a/cmd/tuf/add_signature.go b/cmd/tuf/add_signature.go
@@ -10,16 +10,17 @@ import (
 
 func init() {
 	register("add-signature", cmdAddSignature, `
-usage: tuf add-signature <role> --key-id <key_id> --signature <sig_file>
+usage: tuf add-signature <metadata> --key-id <key_id> --signature <sig_file>
 
-Adds a signature (as hex-encoded bytes) generated by an offline tool to the given role.
+Adds a signature (as hex-encoded bytes) generated by an offline tool to the
+given role metadata file.
 
 If the signature does not verify, it will not be added.
 `)
 }
 
 func cmdAddSignature(args *docopt.Args, repo *tuf.Repo) error {
-	role := args.String["<role>"]
+	roleFilename := args.String["<metadata>"]
 	keyID := args.String["<key_id>"]
 
 	f := args.String["<sig_file>"]
@@ -33,5 +34,5 @@ func cmdAddSignature(args *docopt.Args, repo *tuf.Repo) error {
 		KeyID:     keyID,
 		Signature: sigData,
 	}
-	return repo.AddOrUpdateSignature(role, sig)
+	return repo.AddOrUpdateSignature(roleFilename, sig)
 }
diff --git a/cmd/tuf/payload.go b/cmd/tuf/payload.go
@@ -9,16 +9,16 @@ import (
 
 func init() {
 	register("payload", cmdPayload, `
-usage: tuf payload <role>
+usage: tuf payload <metadata>
 
-Output a role's metadata in a ready-to-sign format.
+Output the metadata file for a role in a ready-to-sign format.
 
 The output is canonicalized.
 `)
 }
 
 func cmdPayload(args *docopt.Args, repo *tuf.Repo) error {
-	p, err := repo.Payload(args.String["<role>"])
+	p, err := repo.Payload(args.String["<metadata>"])
 	if err != nil {
 		return err
 	}

diff --git a/errors.go b/errors.go
@@ -17,7 +17,7 @@ type ErrMissingMetadata struct {
 }
 
 func (e ErrMissingMetadata) Error() string {
-	return fmt.Sprintf("tuf: missing metadata %s", e.Name)
+	return fmt.Sprintf("tuf: missing metadata file %s", e.Name)
 }
 
 type ErrFileNotFound struct {

diff --git a/repo_test.go b/repo_test.go
@@ -1739,6 +1739,13 @@ func (rs *RepoSuite) TestBadAddOrUpdateSignatures(c *C) {
 	c.Assert(err, IsNil)
 	c.Assert(r.AddVerificationKey("timestamp", timestampKey.PublicData()), IsNil)
 
+	// attempt to sign `root`, rather than `root.json`
+	for _, id := range rootKey.PublicData().IDs() {
+		c.Assert(r.AddOrUpdateSignature("root", data.Signature{
+			KeyID:     id,
+			Signature: nil}), Equals, ErrMissingMetadata{"root"})
+	}
+
 	// add a signature with a bad role
 	rootMeta, err := r.SignedMeta("root.json")
 	c.Assert(err, IsNil)
@@ -1845,7 +1852,10 @@ func (rs *RepoSuite) TestPayload(c *C) {
 	c.Assert(err, IsNil)
 
 	_, err = r.Payload("badrole.json")
-	c.Assert(err, NotNil)
+	c.Assert(err, Equals, ErrInvalidRole{"badrole"})
+
+	_, err = r.Payload("root")
+	c.Assert(err, Equals, ErrMissingMetadata{"root"})
 
 	payload, err := r.Payload("root.json")
 	c.Assert(err, IsNil)