Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add test for duplicate keyids #108

Closed
wants to merge 1 commit into from
Closed

Add test for duplicate keyids #108

wants to merge 1 commit into from

Conversation

AdamKorcz
Copy link
Contributor

@AdamKorcz AdamKorcz commented Aug 5, 2024
edited
Loading

Add test that is specified in #86 (comment) without the bonus test.

The two clients seem to disagree on whether root metadata should update if there are duplicate keys. As such, python-tuf does not fail on meeting the threshold, but rather because the root has duplicate keys.

@AdamKorcz
Add test for duplicate keys
34b414c 
Signed-off-by: Adam Korczynski <[email protected]>
@AdamKorcz AdamKorcz requested a review from jku August 5, 2024 13:26
jku

This comment was marked as outdated.

Sign in to view

@jku
Copy link
Member

jku commented Aug 5, 2024
edited
Loading

Can you be more specific, I can't find code that would fail on duplicates in root.roles["role"].keyids? Do you mean signatures?

oh I see now, you mean the test failing in CI. I'll have a look

EDIT:

        if len(set(keyids)) != len(keyids):
            raise ValueError(f"Nonunique keyids: {keyids}")

python tuf indeed will not deserialize metadata with duplicate keyids... we'll have to decide how we continue. This still seems like an acceptable choice by python-tuf: I wouldn't want to force them to change for the test...

@AdamKorcz
Copy link
Contributor Author

Can you be more specific, I can't find code that would fail on duplicates in root.roles["role"].keyids? Do you mean signatures?

oh I see now, you mean the test failing in CI. I'll have a look

EDIT:

        if len(set(keyids)) != len(keyids):
            raise ValueError(f"Nonunique keyids: {keyids}")

python tuf indeed will not deserialize metadata with duplicate keyids... we'll have to decide how we continue. This still seems like an acceptable choice by python-tuf: I wouldn't want to force them to change for the test...

Yes, for the record, the test is currently set up so that python-tuf fails, but that does not mean that it - or go-tuf for that matter - is wrong. The interesting part here is that the two clients behave differently.

@AdamKorcz AdamKorcz mentioned this pull request Aug 14, 2024
Open
@jku jku mentioned this pull request Aug 14, 2024
Open
@jku jku changed the title Add test for duplicate keys Add test for duplicate keyids Aug 14, 2024
@jku
Copy link
Member

jku commented Aug 14, 2024
edited
Loading

a way to move forward here would be to accept either case for now:

  • failure to refresh metadata with duplicate keyids -> Test succeeds
  • metadata with duplicate keyids works but keyid is not double counted for threshold -> Test succeeds
  • metadata with duplicate keyids works and keyid is double counted for threshold -> Test Fails

The logic here is that while we should try to get a full consensus, the really important thing is to check that multiple keyids will not be double counted by any client

EDIT: The above is actually already tested by test_duplicate_keys_root (almost, I'll file a new issue about the missing bit).

@jku jku mentioned this pull request Aug 14, 2024
Closed
@jku
Copy link
Member

jku commented Aug 15, 2024
edited
Loading

I think we can close this one:

I'll mark this "request changes" just to remove the approval that I gave before understanding the issue

@AdamKorcz opinions?

@jku jku self-requested a review August 15, 2024 09:24
jku
jku requested changes Aug 15, 2024
View reviewed changes
Copy link
Member

@jku jku left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

marking "request changes" to remove my accidental approval: I think we might just be able to close this without merging

@jku
Copy link
Member

jku commented Sep 27, 2024

Closing, everything is handled by other issues

@jku jku closed this Sep 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jku jku jku requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@AdamKorcz @jku