search

dennisvang / tufup-example

Example of a self-updating application using tufup.
MIT License
13 stars 8 forks source link

Repository contains 1.root.json but client reading from 2.root.json (timestamp was signed by 0/1 keys) #13

Closed jamumamu closed 10 months ago

jamumamu commented 1 year ago

Ran through the steps and everything appeared to work as expected but the application appears to be unable to fetch the update: from the log it's attempting to download 2.root.json but that file wasn't created by any of the previous steps.

Windows 10, Python 3.10.4

Full log:

INFO:__main__:my_app 1.0
DEBUG:tuf.ngclient._internal.trusted_metadata_set:Updating initial trusted root
INFO:tuf.ngclient._internal.trusted_metadata_set:Loaded trusted root v1
DEBUG:tuf.ngclient.fetcher:Downloading: http://localhost:8000/metadata/2.root.json
DEBUG:tuf.ngclient._internal.requests_fetcher:Made new session http+localhost
DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): localhost:8000
DEBUG:urllib3.connectionpool:http://localhost:8000 "GET /metadata/2.root.json HTTP/1.1" 404 469
DEBUG:tuf.ngclient.updater:Local timestamp not valid as final: [Errno 2] No such file or directory: 'C:\\Users\\USERNAME\\AppData\\Local\\my_app\\update_cache\\metadata\\timestamp.json'
DEBUG:tuf.ngclient.fetcher:Downloading: http://localhost:8000/metadata/timestamp.json
DEBUG:tuf.ngclient._internal.requests_fetcher:Reusing session http+localhost
DEBUG:urllib3.connectionpool:Resetting dropped connection: localhost
DEBUG:urllib3.connectionpool:http://localhost:8000 "GET /metadata/timestamp.json HTTP/1.1" 200 434
DEBUG:tuf.ngclient.fetcher:Downloaded 434 out of 16384 bytes
INFO:tuf.api.metadata:Key 10f6cc324d892a54b2874d093ae55e6e5110a4dbdac0aab1e05a64877f54cc9a failed to verify timestamp
WARNING:tufup.client:Cannot refresh metadata: timestamp was signed by 0/1 keys
Starting my_app 1.0...
dennisvang commented 1 year ago

Hi @jamumamu , judging from the next to last line, it looks like your timestamp file was not signed:

WARNING:tufup.client:Cannot refresh metadata: timestamp was signed by 0/1 keys

You can verify this by opening the timestamp.json file in the repository metadata directory: there should be an entry in the signatures section.

dennisvang commented 1 year ago

@jamumamu Just out of curiosity: did you manage to get the update working?

If your timestamp.json does have a valid signature, and you're still getting this error, there may be some stale data leftover from a previous run.

To start with a clean slate, make sure the path specified in UPDATE_CACHE_DIR is empty.

By default, on Windows, this is <current user directory>\AppData\Local\my_app\update_cache.

Also see the troubleshooting section in the readme.

dennisvang commented 10 months ago

closing due to inactivity