Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

keys map is not evaluated in the order it appears in the file #25

Closed
Kortanul opened this issue Nov 11, 2017 · 0 comments
Closed

keys map is not evaluated in the order it appears in the file #25

Kortanul opened this issue Nov 11, 2017 · 0 comments
Labels
bug Something isn't working.
Milestone
v1.2.0

Comments

@Kortanul
Copy link
Contributor

Kortanul commented Nov 11, 2017
edited
Loading

Steps to Reproduce

  1. Create a keys map file that looks like this:
test:*:1.0.0=0xA6ADFC93EF34893E
test:test-package:*=0xA6ADFC93EF34893F
  1. Attempt to pull in a dependency named test:test-package:1.0.0 that has the PGP key 0xA6ADFC93EF34893E in a project that uses PGP verify.

Expected Results

PGP signature verification passes because it uses the first mapping it encounters (test:*:1.0.0=0xA6ADFC93EF34893E).

Actual Results

PGP signature verification fails because the keys map is loaded like a Properties file, which is backed by a Hashtable. Consequently, the second mapping (test:test-package:*=0xA6ADFC93EF34893F) appears first in the hash table because the hash of test:test-package:* is a lower hash code than the hash of test:*:1.0.0.
Kortanul added a commit to Kortanul/pgpverify-maven-plugin that referenced this issue Nov 11, 2017
@Kortanul
[s4u#25] Process keys map in the order it appears
a3b0fe6 
ensures that keys are evaluated in the order that they appear in the keys map file, rather than in hash code order.
@Kortanul Kortanul mentioned this issue Nov 11, 2017
Merged
Kortanul added a commit to Kortanul/pgpverify-maven-plugin that referenced this issue Nov 11, 2017
@Kortanul
[s4u#25] Stop using .properties files for keys
712f09f 
the format being used is not quite that of a properties file. the fact that CheckStyle is unhappy with a sample keys map "properties" file that is accepted by PGP confirms this. I've renamed the vars, changed the docs, and updated the sample files. the new file extension is ".list" for keys map files.
Kortanul added a commit to Kortanul/pgpverify-maven-plugin that referenced this issue Nov 12, 2017
@Kortanul
[s4u#25] Skip empty lines in keys map file
d6939ae 
empty lines should not cause errors.
slawekjaranowski pushed a commit that referenced this issue Nov 12, 2017
@Kortanul @slawekjaranowski
[#25] Process keys map in the order it appears
32f5cad 
ensures that keys are evaluated in the order that they appear in the keys map file, rather than in hash code order.
slawekjaranowski pushed a commit that referenced this issue Nov 12, 2017
@Kortanul @slawekjaranowski
[#25] Stop using .properties files for keys
420fc20 
the format being used is not quite that of a properties file. the fact that CheckStyle is unhappy with a sample keys map "properties" file that is accepted by PGP confirms this. I've renamed the vars, changed the docs, and updated the sample files. the new file extension is ".list" for keys map files.
slawekjaranowski pushed a commit that referenced this issue Nov 12, 2017
@Kortanul @slawekjaranowski
[#25] Skip empty lines in keys map file
150d134 
empty lines should not cause errors.
@slawekjaranowski slawekjaranowski added the bug Something isn't working. label Dec 1, 2017
@slawekjaranowski slawekjaranowski added this to the v1.2.0 milestone Nov 6, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working.
Milestone
v1.2.0
Development

No branches or pull requests
2 participants
@slawekjaranowski @Kortanul