-
Notifications
You must be signed in to change notification settings - Fork 81
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[delegations] Refresh/Update a delegation #612
Comments
The version should be 3 (as it is the same delegation, but a later version). I think the ideal solution here is to fix the upstream go-tuf library to allow for updates to delegations the same way other targets are updated. |
@asraa I'm trying to understand what the real work needed are. With the current tooling we can:
|
This would be in case of rotating the delegation's signing key. I don't see how current tooling can handle modifying properties of the delegation --
Isn't updating the expiration of the role's metadata file handled by just the role itself in its own repository (which includes a version bump - it seems the same as point 2). |
Yes, changing the key is something I don't think can be done today, but we have ~1y to figure that out 😄 I should maybe clarify what I meant, for the immediate work, we have support for the following:
Agreed, but I would prefer that we have tooling for this to avoid manually working on the JSON files, which we have. |
Yes exactly! I just wanted to make sure we had a tracking issue. And yep, agree with the current support (which I think is good enough to start with) |
Great, sorry for not being clear on my intentions, I just wanted to make sure this is not a blocker for adding the delegation. |
Should we remove this from this milestone and add it to root signing v8? |
Yes! Will do - thanks. |
This should no longer be relevant with current tools |
Description
See theupdateframework/go-tuf#330; delegation rolenames must not conflict, so there is currently no way through the go-tuf API to modify properties of a delegation. The workaround is to reset it, and then recreate it.
It would be good to test this, since I'm unsure whether resetting it and then recreating it would interfere with the delegation version numbers.
For e.g.
cc @kommendorkapten @joshuagl @trishankatdatadog @mnm678
The text was updated successfully, but these errors were encountered: