Deep target file paths, or file paths that are more than one subdirectory deep (e.g. <dir1>/<dir2>/file) fail to download due to the targetRemotePath being built wrong when using consistent snapshots.
Root Cause
Current state of the code uses strings.Cut() to parse the directory name from the file name. This works for target files that are only one directory deep (<subdir>/file.ext) because strings.Cut() splits the string on the first occurrence of the separator.
For nested target file paths (<subdir1>/<subdir2>/file.ext) the targetRemotePath ends up being generated incorrectly since the first occurrence of / does not separate the directory from the file name.
When using consistent snapshots, this ends up making the path be <subdir1>/<hash>.<subdir2>/file.ext instead of <subdir1>/<subdir2>/<hash>.file.ext
Issue
Deep target file paths, or file paths that are more than one subdirectory deep (e.g.
<dir1>/<dir2>/file) fail to download due to thetargetRemotePathbeing built wrong when using consistent snapshots.Root Cause
Current state of the code uses
strings.Cut()to parse the directory name from the file name. This works for target files that are only one directory deep (<subdir>/file.ext) becausestrings.Cut()splits the string on the first occurrence of the separator.https://github.com/theupdateframework/go-tuf/blob/b2e024ad4752cc0c4a4e376460b21deb79e40ded/metadata/updater/updater.go#L237-L244
For nested target file paths (
<subdir1>/<subdir2>/file.ext) thetargetRemotePathends up being generated incorrectly since the first occurrence of/does not separate the directory from the file name.When using consistent snapshots, this ends up making the path be
<subdir1>/<hash>.<subdir2>/file.extinstead of<subdir1>/<subdir2>/<hash>.file.ext