fix(localMeta): Add delegated targets back to localMeta #384
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
BaptisteFoy
force-pushed
the
fix/add-delegated-targets-to-localmeta
branch
from
5263f97
to
e136a77
Compare
|
Hey Folks 👋🏻 -- Ideally we'd like to have a backport of In case that's not possible we can probably use our own fork instead. |
BaptisteFoy
force-pushed
the
fix/add-delegated-targets-to-localmeta
branch
2 times, most recently
from
7b22213
to
f05d0a6
Compare
10 tasks
BaptisteFoy
force-pushed
the
fix/add-delegated-targets-to-localmeta
branch
from
f05d0a6
to
6f8a65a
Compare
trishankatdatadog
force-pushed
the
fix/add-delegated-targets-to-localmeta
branch
from
6f8a65a
to
7e326ed
Compare
There was a problem hiding this comment.
Seems fine to me, but I want to hear from @rdimitrov whether he has any concern about adding this back. Thanks!
trishankatdatadog
force-pushed
the
fix/add-delegated-targets-to-localmeta
branch
2 times, most recently
from
d0e4dcf
to
7b23658
Compare
trishankatdatadog
force-pushed
the
fix/add-delegated-targets-to-localmeta
branch
from
7b23658
to
893994b
Compare
|
@BaptisteFoy was an intern at DD working on this, and he has temporarily left, but will be rejoining Remote Config full-time on Nov 15th. Will wait for him until then. Baptiste: if you see this, no rush, but we are trying to wrap this up by Nov 30th. I'm sure we'll have enough time. Thanks in advance! |
BaptisteFoy
force-pushed
the
fix/add-delegated-targets-to-localmeta
branch
9 times, most recently
from
f569829
to
c478700
Compare
trishankatdatadog
force-pushed
the
fix/add-delegated-targets-to-localmeta
branch
from
c478700
to
412626a
Compare
trishankatdatadog
previously approved these changes
Dec 22, 2022
There was a problem hiding this comment.
Great work, thanks very much, @BaptisteFoy! Approving after Zoom discussion. Would be great if you could add the 2-3 clarifying comments we discussed earlier.
asraa
reviewed
Jan 4, 2023
BaptisteFoy
requested review from
asraa and
trishankatdatadog
and removed request for
znewman01 and
asraa
trishankatdatadog
previously approved these changes
Jan 6, 2023
asraa
previously approved these changes
Jan 6, 2023
|
@BaptisteFoy can you pls fix DCO? |
BaptisteFoy
dismissed stale reviews from asraa and trishankatdatadog
via
367fe61
BaptisteFoy
force-pushed
the
fix/add-delegated-targets-to-localmeta
branch
from
cfe757e
to
367fe61
Compare
Signed-off-by: Baptiste Foy <baptiste.foy@datadoghq.com>
Signed-off-by: Baptiste Foy <baptiste.foy@datadoghq.com>
…top metas Signed-off-by: Baptiste Foy <baptiste.foy@datadoghq.com>
Adds verification of delegated targets when they go from the local store to the localMeta structure. The verification is done by selecting one target file per delegated targets that verify at least one, then build the delegation path from the top targets to that specific delegated file. Building the path is already verifying every targets in the path, so the whole path is safe to add to the localMeta. Doing so for every delegated targets lets us verify every delegated targets that is used at least once. Signed-off-by: Baptiste Foy <baptiste.foy@datadoghq.com>
Signed-off-by: Baptiste Foy <baptiste.foy@datadoghq.com>
Signed-off-by: Baptiste Foy <baptiste.foy@datadoghq.com>
BaptisteFoy
force-pushed
the
fix/add-delegated-targets-to-localmeta
branch
from
367fe61
to
45234ee
Compare
trishankatdatadog
approved these changes
Jan 6, 2023
asraa
approved these changes
Jan 9, 2023
znewman01
pushed a commit
to znewman01/go-tuf
that referenced
this pull request
May 22, 2023
…mework#384) * upgrade(localMeta): Verify delegated targets Adds verification of delegated targets when they go from the local store to the localMeta structure. The verification is done by selecting one target file per delegated targets that verify at least one, then build the delegation path from the top targets to that specific delegated file. Building the path is already verifying every targets in the path, so the whole path is safe to add to the localMeta. Doing so for every delegated targets lets us verify every delegated targets that is used at least once. Signed-off-by: Baptiste Foy <baptiste.foy@datadoghq.com>
This was referenced Jul 21, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Following ed6788e, delegated targets are not added in
localMetaanymore. This PR adds them back inlocalMeta.Types of changes:
Description of the changes being introduced by the pull request:
The regression introduced in the aforementioned commit means that the delegated targets have to be read from the remote store all the time, even outside of the update process. In case of a remote failure or a mismatch between local and remote store, the query process breaks down on every call.
In our case, as the remote store contains only the last version of a delegated targets, if it fails to be validated (due to a missing target file for example), we enter this state.
Please verify and check that the pull request fulfills the following requirements: