Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MetaFile/TargetFile: ensure securesystemslib errors are all handled #1452

Closed
jku opened this issue Jun 16, 2021 · 1 comment · Fixed by #1454
Closed

MetaFile/TargetFile: ensure securesystemslib errors are all handled #1452

jku opened this issue Jun 16, 2021 · 1 comment · Fixed by #1454
Assignees
@sechkova
Labels
backlog Issues to address with priority for current development goals
Milestone
weeks24-25

Comments

@jku
Copy link
Member

jku commented Jun 16, 2021
edited
Loading

Filing this so we can merge #1437 (Add hash and length verification to MetaFile and TargetFile) and can continue with this afterwards.

We need to review the errors that maybe thrown by securesystemslib in in Basefile._verify_hashes():

  • do we want to handle all of them?
  • should we just raise LengthOrHashMismatchError or something else?

My first instinct is that this is like verify_signatures(): the error messages may be interesting but from client POV what matters is that we cannot guarantee that hashes match.

cc @sechkova
This was referenced Jun 16, 2021
Merged
Merged
@sechkova sechkova self-assigned this Jun 17, 2021
@jku
Copy link
Member Author

jku commented Jun 17, 2021

For reference #1435 is the PR to fix same issue in signature verification

@sechkova sechkova added this to the weeks24-25 milestone Jun 17, 2021
@sechkova sechkova mentioned this issue Jun 17, 2021
Merged
3 tasks
@joshuagl joshuagl added the backlog Issues to address with priority for current development goals label Jun 22, 2021
@jku jku closed this as completed in #1454 Jun 23, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sechkova sechkova

Labels
backlog Issues to address with priority for current development goals
Projects
None yet
Milestone
weeks24-25
Development

Successfully merging a pull request may close this issue.

BaseFile._verify_hashes: handle sslib errors sechkova/tuf
3 participants
@jku @joshuagl @sechkova