Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Release tough 0.20.0 #867

Merged
merged 13 commits into from
Mar 27, 2025
Merged

Release tough 0.20.0 #867

merged 13 commits into from
Mar 27, 2025

Conversation

cbgbt
Copy link
Contributor

@cbgbt cbgbt commented Mar 27, 2025

Description of changes:

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

AdamKorcz and others added 12 commits March 6, 2025 20:37
@AdamKorcz @cbgbt
store root.json in the datastore to comply with TUF spec
7573eb9 
Signed-off-by: Adam Korczynski <[email protected]>
@larvacea
tough: enforce root metadata validation
0eeb60a 
Update metadata validation: must not skip versions, must measure
expiration relative to start of update. TUF specification v1.0.33,
sections 5.1 and 5.3.5.
@larvacea
tough: detect cyclic (or redundant) delegations
c5ee171 
Do not follow cyclic or redundant edges in the delegated roles graph.
TUF specification v1.0.33, section 5.6.7.1.
@larvacea
tough: implement terminating delegations
598111f 
In the pre-order depth-first search for target metadata, if a delegated
role is selected, is terminating, and does not have metadata for the
target, end the search. TUF specification v1.0.33 section 5.6.7.2.1.
@larvacea
tough: detect rollback in timestamp metafiles
9b400e1 
The version number of the snapshot metadata in the previous timestamp
metadata must be less than or equal to the version number in the new
timestamp metadata. TUF specification v1.0.33 section 5.4.3.2.
@larvacea
tough: detect rollback in snapshot metadata
3345151 
For each role in a previous snapshot, the role must be present in the
new snapshot and must have a version greater than or equal to the
version in the previous snapshot. TUF specification v1.0.33 section
5.5.5.
@larvacea
tough: perform fast-forward recovery
e19c349 
When either the timestamp or snapshot keys are rotated, delete any
cached timestamp and snapshot metadata. TUF specification v1.0.33
section 5.3.11.
@larvacea
tough: detect duplicate keyids in verify_role
094f087 
Require unique keyids in an objects signatures. TUF specification
v1.0.33 section 4.2.1.
@larvacea
tough: simplify error propagation
0ad97ea 
Use .context to simplify error propagation when we do not find an
expected matafiles key. Use the expect attribute rather than allow for
deterministic clippy findings.
@larvacea
tough: refactor find_target
b1a1740 
Introduce the private method find_target_from_role to incorporate two
arguments used in the recursive search (specification 5.6.7), and
call that from the public method find_target.
@jpculp @cbgbt
Update additional cargo dependencies
626c6be
@jpculp @cbgbt
Prepare for tough 0.20.0 release
bf641c1 
Signed-off-by: Sean P. Kelly <[email protected]>
Signed-off-by: Martin Harriman <[email protected]>
Signed-off-by: Patrick J.P. Culp <[email protected]>
@cbgbt cbgbt requested review from larvacea and jpculp March 27, 2025 22:39
@cbgbt cbgbt force-pushed the release-tough-0.20.0 branch from 6abc367 to 81f8b1c Compare March 27, 2025 22:50
@cbgbt cbgbt merged commit 596c2a0 into awslabs:develop Mar 27, 2025
9 checks passed
@cbgbt cbgbt deleted the release-tough-0.20.0 branch March 27, 2025 23:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jpculp jpculp jpculp approved these changes

@ginglis13 ginglis13 ginglis13 approved these changes

@larvacea larvacea Awaiting requested review from larvacea

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@cbgbt @jpculp @ginglis13 @AdamKorcz @larvacea