root-signing icon indicating copy to clipboard operation
root-signing copied to clipboard
verified publisher icon sigstore

Investigate: Root newline change in snapshot update #286

Open asraa opened this issue 3 years ago • 1 comments

Description

Investigate:

  • The root cause of why newlines were removed from root/targets in the snapshot update from #286
  • Why GitHub Actions was not triggering validate

@joshuagl @dlorenc

asraa avatar Jun 23 '22 13:06 asraa

This is actually causing me problems in the verifier. Before the newline was removed, the targets file had 3972 bytes. Old TUF clients (before commit https://github.com/theupdateframework/go-tuf/pull/247) cannot verify metadata with the newline:

asraa@asraa1:~/git/go-tuf$ ./tuf-client list -s /tmp/tuf.db http://localhost:8001
ERROR: tuf: unexpected file size: targets.json (expected 3971 bytes, got 3972 bytes)

The client at head CAN verify with either the newline present or removed.

Now, however, when we initialize a new root, we are adding the newline BACK. This means old clients cannot verify the change.

I'm still trying to figure out where we're using an old version of the client. I don't know why we are hitting the error.

asraa avatar Jul 01 '22 16:07 asraa

I don't think this should be relevant anymore and we haven't seen this issue in some time. Closing.

haydentherapper avatar Sep 04 '24 15:09 haydentherapper