Clarify optional attributes #165
Conversation
Nowhere in the spec, we clarify that "delegations" is an optional field in the targets metadata file. This is a possible reason why (at the time of writing this commit) in the TUF python reference implementation "delegations" is still a required field. Signed-off-by: Martin Vrachev <[email protected]>
From chapter 6.2.1 in the tuf specification (version 1.019) "Finally, the root metadata should write the Boolean "consistent_snapshot" attribute at the root level of its keys of attributes. If consistent snapshots are not written by the repository, then the attribute may either be left unspecified or be set to the False value. Otherwise, it must be set to the True value." The above implies that there could be repositories with root metadata without CONSISTENT_SNAPSHOT. Clarify that, but phrase it so it's clear this should be included in new implementations. For context: https://theupdateframework.github.io/specification/latest/index.html#writing-consistent-snapshots Signed-off-by: Martin Vrachev <[email protected]>
Clarify "paths" and "path_hash_prefixes" in delegations, because currently, it's not properly defined which of these options can be used to create a valid target file: - BOTH paths and path_hash_prefixes - ONLY ONE of paths and path_hash_prefixes - NONE of paths and path_hash_prefixes With this change, I aim to define clearly that a valid target file will contain ONLY ONE of them or NONE of them. Signed-off-by: Martin Vrachev <[email protected]>
|
While working on TUF I noticed that in TUF we have hardcoded a Is that what you meant by this in the spec here:
PS: Tagging people who I hope have the historical context: @trishankatdatadog, @joshuagl. |
Good catch. Seems weird, but shouldn't be illegal. |
|
@MVrachev can you set the version to 21 |
actually, can you make it 22 |
Co-authored-by: Trishank Karthik Kuppusamy <[email protected]>
This pr merges changes from #157, #158, and #162 into one for an easier review process and
merging (considering we have to bump the version on each merge)
and closes #156.
This pr makes three changes
delegationsoptionalconsistent_snapshotoptionalpathsandpath_hash_prefixescan be used and whenNowhere in the spec, we clarify that
delegationsis an optional fieldin the targets, metadata file which is implied by the file format scheme showed for targets here.
From chapter 6.2.1 in the tuf specification (version 1.019)
The above implies that there could be repositories with root metadata
without
CONSISTENT_SNAPSHOT.Clarify that, but phrase it so it's clear this should be included
in new implementations.
Finally, clarify
pathsandpath_hash_prefixesin delegations, becausecurrently, it's not properly defined which of these options can be used
to create a valid target file:
pathsandpath_hash_prefixespathsandpath_hash_prefixespathsandpath_hash_prefixesWith this change, I aim to define clearly that a valid target file will
contain ONLY ONE or NONE of them.