Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Rewriting the workflow to call out to sub-sections
See original GitHub issueThe TUF spec is written in a prose form, especially the update workflow. One of the challenges with this that we have duplicated paragraphs that describe essentially the same thing. For example:
2.1. Check signatures. The new timestamp metadata file must have been signed by a threshold of keys specified in the trusted root metadata file. If the new timestamp metadata file is not properly signed, discard it, abort the update cycle, and report the signature failure. … 3.2. Check signatures. The new snapshot metadata file MUST have been signed by a threshold of keys specified in the trusted root metadata file. If the new snapshot metadata file is not signed as required, discard it, abort the update cycle, and report the signature failure. … 4.2. Check for an arbitrary software attack. The new targets metadata file MUST have been signed by a threshold of keys specified in the trusted root metadata file. If the new targets metadata file is not signed as required, discard it, abort the update cycle, and report the failure.
Note each section has a slight change from each other, which happens as small corrections happen in one, but we forget to fix it in the others. Instead, I think it’s worth considering restructuring the workflow (and possibly the rest of the doc) to be more in the style of the whatwg specs (such as https://url.spec.whatwg.org/), where we call out to sub-sections to implement these major steps. For example, parsing the signatures could be written as:
2.1 Check the signatures.
- Let sig_result be the result of check signatures with metadata being the new timestamp metadata, role being timestamp, and root being the trusted root metadata.
- If sig_result is failure, then return failure. …
Check signatures:
The signature checker takes a metadata metadata, and a role type role, and a root metadata.
- Canonicalize the metadata as canonical_metadata_bytes.
- For each signature sig in the metadata`'s signature field:
- If sig is in a processed_sig set, skip the signature.
- If it signed canonical_metadata_bytes. Increment a threshold counter.
- If threshold counter is less than role’s threshold in the root metadata, return failure.
I think this sort of thing would really be helpful in making sure we don’t make subtle copy-paste errors when changing the spec, and make it much easier on a client library to implement the spec correctly.
Issue Analytics
- State:
- Created 3 years ago
- Reactions:6
- Comments:6 (6 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
bs looks good, thanks for identifying it as a potential solution and starting to PoC converting the spec @erickt !
I’d like to help with this effort. Ideally we would get #118 and #122 merged first, then make a concerted effort to port the specification to bikeshed. How does that sound?
➕ from my side. On a mildly related note, I wonder if there are any good cross-referencing plugins for GitHub markdown. Manually updating section numbers and references is really tedious.