Resign TUF metadata without changes (e.g. close to expiry)

[asraa]

@ethan-lowman-dd @mnm678 this came up when using delegations from #175, but also applies to root and targets: how do you deal with re-signing delegations? let's suppose no change is made to a delegation, but expiraiton is coming up and we need to resign and increment the expiration/version. Right now adding the delegation again will return an error that it already exists, and re-signing with Sign does not increment a version, it just updates the signatures.

We basically need a "snapshot/timestamp" but for other meta.

[asraa]

We currently don't really have an API for this, my proposal is adding something like SignWithIncrement.

[asraa]

Related: theupdateframework/python-tuf#1727

bump_expiry was removed, and expiration is manually bumped.

[asraa]

FWIW for delegations and targets adding an existing target will do a version bump with a no-op

[znewman01]

What's the relationship between this issue and #329 ?

[asraa]

What's the relationship between this issue and #329 ?

This is to re-sign any metadata, like targets, root, delegations: we want to re-fresh the signature and bump the version.

SImply using the repo.Sign won't increment version.

go-tuf/repo.go

Line 806 in f75cbcc

func (r *Repo) Sign(roleFilename string) error {

[asraa]

e.g. targets.json is expiring, but we aren't removing or adding targets, no change: so we need to bump the version and expiration

[rdimitrov]

Closing since the code base changed and is no longer relevant

Thanks for raising this 👍