From 5c0abb05cdac1f9f01660748f096be65c75ad1af Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adolfo=20Garc=C3=ADa=20Veytia=20=28Puerco=29?= Date: Mon, 13 Jun 2022 19:27:12 -0500 Subject: [PATCH] Lock TUF client during target loading operations MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This commit adds adds a mutex to the tuf client to lock itself when loading data. This resolves a panic where multiple operations would cause cosign to crash when signing in parallel. Signed-off-by: Adolfo GarcĂ­a Veytia (Puerco) --- pkg/cosign/tuf/client.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/pkg/cosign/tuf/client.go b/pkg/cosign/tuf/client.go index 3388679eb4a..e2363aacbfe 100644 --- a/pkg/cosign/tuf/client.go +++ b/pkg/cosign/tuf/client.go @@ -60,6 +60,7 @@ var GetRemoteRoot = func() string { } type TUF struct { + sync.Mutex client *client.Client targets targetImpl local client.LocalStore @@ -345,6 +346,8 @@ func isValidTarget(testTarget []byte, validMeta data.TargetFileMeta) bool { func (t *TUF) GetTarget(name string) ([]byte, error) { // Get valid target metadata. Does a local verification. + t.Lock() + defer t.Unlock() validMeta, err := t.client.Target(name) if err != nil { return nil, fmt.Errorf("error verifying local metadata; local cache may be corrupt: %w", err) @@ -364,10 +367,13 @@ func (t *TUF) GetTarget(name string) ([]byte, error) { // Get target files by a custom usage metadata tag. If there are no files found, // use the fallback target names to fetch the targets by name. func (t *TUF) GetTargetsByMeta(usage UsageKind, fallbacks []string) ([]TargetFile, error) { + t.Lock() targets, err := t.client.Targets() + t.Unlock() if err != nil { return nil, fmt.Errorf("error getting targets: %w", err) } + var matchedTargets []TargetFile for name, targetMeta := range targets { // Skip any targets that do not include custom metadata.