Closed awwad closed 5 years ago
EDIT: the below is now all resolved
The actual content of this PR has to be dug out of PR #171.... It's a movement from just calling updater.refresh()
in fully_validate_metadata()
to calling a new function refresh_toplevel_metadata_from_repositories()
, which will make multiple calls to updater.refresh()
to ensure that the Director repository is called first.
Just to make sure, changing the order in the metadata is only to not confuse the human reader, right? At least that's what the code and the PR description suggest. I am just asking, because the commit message in 6d91773 reads differently, i.e. that it does make a difference to the update order.
My first take (when the commit message went in) was that the order was relevant, but it is not, so the change persists in order to prevent confusion, yes. I'll edit the commit history to remove the old comment.
Also, could it be that you missed
tests/test_data/pinned.json
?
Looks like. :) Fixing.
For both Uptane Standard conformance (Uptane Standard 5.4.4.2) and the resolution to the Timeserver fast-forward attack (discussed in #173), it is important for clients to update Director Repository metadata before Image Repository metadata.
This PR:
secondary.py
andprimary.py
.pinned.json
) in order to avoid any suggestion that the Director repository is updated after the Image Repositoryprimary.py
andsecondary.py
top-level metadata refresh procedure identical, for future modularization. This includes a rename in primary.py of refresh_toplevel_metadata_from_repositories to just refresh_toplevel_metadata, which is the same name the function has in secondary.py. While both names are accurate in a sense, the former could be misleading in secondary.py.