ngclient: recent rollback checks are buggy #1563
Assignees
Labels
Comments
|
Some findings:
so I guess this issue and #1523 are not related... |
jku
pushed a commit
to jku/python-tuf
that referenced
this issue
Sep 2, 2021
The rollback checks themselves work, but they create a situation where Updater does not realize that it needs to download e.g. a new snapshot because the local snapshot is valid as _intermediate_ snapshot (that can be used for rollback protection but nothing else), but is not valid as final snapshot. Raise in the end of update_snapshot and update_timestamp if the files are not valid final metadata: this way the intermediate metadata does get loaded but Updater also knows it is not the final metadata. Fixes theupdateframework#1563 Signed-off-by: Jussi Kukkonen <[email protected]>
jku
pushed a commit
to jku/python-tuf
that referenced
this issue
Sep 6, 2021
The rollback checks themselves work, but they create a situation where Updater does not realize that it needs to download e.g. a new snapshot because the local snapshot is valid as _intermediate_ snapshot (that can be used for rollback protection but nothing else), but is not valid as final snapshot. Raise in the end of update_snapshot and update_timestamp if the files are not valid final metadata: this way the intermediate metadata does get loaded but Updater also knows it is not the final metadata. Fixes theupdateframework#1563 Signed-off-by: Jussi Kukkonen <[email protected]>
jku
pushed a commit
to jku/python-tuf
that referenced
this issue
Sep 6, 2021
The rollback checks themselves work, but they create a situation where Updater does not realize that it needs to download e.g. a new snapshot because the local snapshot is valid as _intermediate_ snapshot (that can be used for rollback protection but nothing else), but is not valid as final snapshot. Raise in the end of update_snapshot and update_timestamp if the files are not valid final metadata: this way the intermediate metadata does get loaded but Updater also knows it is not the final metadata. This modifies the existing tests but does not yet test the situation described in the first paragraph. Fixes theupdateframework#1563 Signed-off-by: Jussi Kukkonen <[email protected]>
jku
pushed a commit
to jku/python-tuf
that referenced
this issue
Sep 6, 2021
The rollback checks themselves work, but they create a situation where Updater does not realize that it needs to download e.g. a new snapshot because the local snapshot is valid as _intermediate_ snapshot (that can be used for rollback protection but nothing else), but is not valid as final snapshot. Raise in the end of update_snapshot and update_timestamp if the files are not valid final metadata: this way the intermediate metadata does get loaded but Updater also knows it is not the final metadata. This modifies the existing tests but does not yet test the situation described in the first paragraph. Fixes theupdateframework#1563 Signed-off-by: Jussi Kukkonen <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I recently added the rollback protection checks in ngclient and am now improving ngclient testing situation. With hindsight the order is wrong: I've found an issue with the rollback checks
as a result updater thinks it does not need to download a new version of e.g. snapshot but then targets update fails because the final snapshot is not the correct version...
This should not be too hard to fix, but I'm trying to think if we can somehow combine this with #1523: it feels like a similar issue
The text was updated successfully, but these errors were encountered: