[Delegations prereq 8] Make snapshot manifest list dynamic, and remove root.json from snapshot (#198)

* [Delegations prereq] Make snapshot manifest list dynamic

Splitting up #175

* Remove root from snapshot and make tests pass (minus testdata)

* Regenerate testdata

* Fix staticcheck

* Address comments

* Fix manifest reference

Author: ethan-lowman-dd

client/client.go

@@ -6,7 +6,6 @@ import (
 	"encoding/json"
 	"io"
 	"io/ioutil"
-	"log"
 
 	"github.com/theupdateframework/go-tuf/data"
 	"github.com/theupdateframework/go-tuf/util"
@@ -193,10 +192,6 @@ func (c *Client) Update() (data.TargetFiles, error) {
 		return nil, err
 	}
 
-	if _, ok := snapshotMetas["root.json"]; ok {
-		log.Println("root pinning is not supported in Spec 1.0.19")
-	}
-
 	// If we don't have the targets.json, download it, determine updated
 	// targets and save targets.json in local storage
 	var updatedTargets data.TargetFiles

client/testdata/go-tuf/consistent-snapshot-false/0/repository/snapshot.json

@@ -2,20 +2,13 @@
 	"signatures": [
 		{
 			"keyid": "289e5a9e71afd7909326aa4caea92f7557ee0e2283d8c31f0c3401ce67248a45",
-			"sig": "ead7e8f3a5717ef8316d36f13f870fa70c484a451ced93342b6cd8d52d91b9f49d88278c34b8fab14f6d127f9701e3f272d479794795f5bffc364bf3a441cb08"
+			"sig": "3f24a81d61a8f1fbe2bf310a9d8263c7b3a5fc87524b92e00a100ce6d8e0f742c0ef05b017234b0d08c9cf4da4591deb65e6f76340afad722b3db1b25d2e0203"
 		}
 	],
 	"signed": {
 		"_type": "snapshot",
 		"expires": "2100-01-01T00:00:00Z",
 		"meta": {
-			"root.json": {
-				"hashes": {
-					"sha512": "3645d16128d9f60fe1e8966685940256a1a6ef66fddb07c6134f886e5c96c8f6eecdbd5be27bd59202d252d3c8bd2e0bf960a66c5f7cb9a40eeac3fafadf2b8d"
-				},
-				"length": 2178,
-				"version": 1
-			},
 			"targets.json": {
 				"hashes": {
 					"sha512": "e0dd9a3833d117cd7bb6fdaae8923d5bda0661cb242be067813bfec3114d83943230b8bb7fcbf093a15d5840f1ecd969f44d3df13e2045d3fb7d22903fbc1bf5"

client/testdata/go-tuf/consistent-snapshot-false/0/repository/timestamp.json

@@ -2,7 +2,7 @@
 	"signatures": [
 		{
 			"keyid": "aa3255b4e8e17e566d2bdbea0e5842978f9fa1d2fa9ec76ae76b146164acbfc8",
-			"sig": "f21f0edf928c8683ad5751ee7e79cbc3eb8c340ae418d93bcda1710c4a8ad0c858576b0d662db20128db2eabf2d4cec1b9babfc71e4171e501981a11f5c6d10f"
+			"sig": "cc163b290f68c6d41fbc7ca01a30416a43a5ee7652d2f99aff3c6ef01e5c2fa9d5f2caf0e745abeee3baa277ddfe43ac636149963cf085686345addc9e000301"
 		}
 	],
 	"signed": {
@@ -11,9 +11,9 @@
 		"meta": {
 			"snapshot.json": {
 				"hashes": {
-					"sha512": "f4c7e7bc04b386d303f23579ff32f9380831c0ca993974c7e2a40e6ee0eb51f392e315f09cf807a8c09d1b5a0a30bca27b81736d9522af2fd951dd8413eec4a5"
+					"sha512": "973d23a7e47e1003cd4f8c0e431b080171408e488084fe736b664433d9be76e1f1048ea76607c1f485f1dcb23ce2b4980257431c39cee0fddcc53559997cd565"
 				},
-				"length": 847,
+				"length": 617,
 				"version": 1
 			}
 		},

client/testdata/go-tuf/consistent-snapshot-false/1/repository/snapshot.json

@@ -2,20 +2,13 @@
 	"signatures": [
 		{
 			"keyid": "289e5a9e71afd7909326aa4caea92f7557ee0e2283d8c31f0c3401ce67248a45",
-			"sig": "f832b8fd3e3a2ea65e35d8fe11861d9e252bef6c1a1775e39b4453d93314e0fc6c1b81b819af93ecd1433f707d06e026794e1dd3eccb1f5df5ed99dc3f13d30f"
+			"sig": "bded36f9992b8eb9444a276b397db2ce5f06a8be1273d7f84391b2a098778522a1c49185b2fc858aa99bc69fe820f2444bc8e5077f447ddcf42515c3a7026e0a"
 		}
 	],
 	"signed": {
 		"_type": "snapshot",
 		"expires": "2100-01-01T00:00:00Z",
 		"meta": {
-			"root.json": {
-				"hashes": {
-					"sha512": "6b79dd15ae5aed0b96b5eb6226b27ba9b77f33bdac90a8da9b749120d312cd0240bd254cb8569daa777a7668edfee80681ee988f57416586bf1f7b04eefa4dc0"
-				},
-				"length": 2408,
-				"version": 2
-			},
 			"targets.json": {
 				"hashes": {
 					"sha512": "8672c435a53519972738fada6ed3b7fa37b3ea42b4fa1e436b774e697a8d696d9efbeb6c590a6e16dec0a5e7f789da82ea59a68fae63f343340d1549a075ab1b"

client/testdata/go-tuf/consistent-snapshot-false/1/repository/timestamp.json

@@ -2,7 +2,7 @@
 	"signatures": [
 		{
 			"keyid": "aa3255b4e8e17e566d2bdbea0e5842978f9fa1d2fa9ec76ae76b146164acbfc8",
-			"sig": "5543ad32130a134921cf82d44575ad4b72a276297d6f8eafca116476d7e62b397e75e596f485517afb6c0a74e92f8ff96e1d24a1a341f8c68ceff06363386d07"
+			"sig": "8ab93c7453677374d1483c495b49d80128b589ca80c1f3e7806bb3c40bd8be793c6df492ce68b2bcf5d50af73fdf7694b0484093b31577720898d6882ae97d0f"
 		}
 	],
 	"signed": {
@@ -11,9 +11,9 @@
 		"meta": {
 			"snapshot.json": {
 				"hashes": {
-					"sha512": "d5ca4e4060b044075d38132891de10ba7ed9024f0a709674bd76b8c6270afabc16da2a449f5fd8740aebcca7c9828eb7fb28c917aa290a0cf1fc9c0daed879e7"
+					"sha512": "957e34523e34c2316a9fd02744162834382101796efca153e35028eb1e3fe970427d4e60e375300d1ac92e1c0a8ec74a1b5575a29d337b3454083a76cb922959"
 				},
-				"length": 847,
+				"length": 617,
 				"version": 2
 			}
 		},

client/testdata/go-tuf/consistent-snapshot-false/2/repository/snapshot.json

@@ -2,20 +2,13 @@
 	"signatures": [
 		{
 			"keyid": "289e5a9e71afd7909326aa4caea92f7557ee0e2283d8c31f0c3401ce67248a45",
-			"sig": "3840c3f286934c59194392a1f481df9c25676d9f0921d2cc5a283a540e663f8755754ff86d14175b0d7818aaf69cf1870c2779a974e32651e79de93b5b858507"
+			"sig": "94a60aaddf390953b997b783bab689a2cbaf66610b4dee5645ef858480f709b61afefc5eb21c6131aa5d3e2248eccebe77a7b4a8462f6f8f7964680085053903"
 		}
 	],
 	"signed": {
 		"_type": "snapshot",
 		"expires": "2100-01-01T00:00:00Z",
 		"meta": {
-			"root.json": {
-				"hashes": {
-					"sha512": "b72aba523da68c23ac4e1e992894aa888a8c2ce947b7a615e9382e999594053b46e83198d68606d686b8868526a346279fcb73e6800b82a1e5ca0be184ccc5cb"
-				},
-				"length": 2178,
-				"version": 3
-			},
 			"targets.json": {
 				"hashes": {
 					"sha512": "b103f5cd1d68e0b5f7b96af03a27cf971460977976cff0b1d1371dcce6d45ef78e183fa26bf886f3864e84b8ddbbfc1bab7bd0e2be180ad82ed26f22a8e9b68b"

client/testdata/go-tuf/consistent-snapshot-false/2/repository/timestamp.json

@@ -2,7 +2,7 @@
 	"signatures": [
 		{
 			"keyid": "aa3255b4e8e17e566d2bdbea0e5842978f9fa1d2fa9ec76ae76b146164acbfc8",
-			"sig": "77047b8a1d8221726b7df9d0fba92b495bcef861c1a06fe5a0ab5c579c595cda9ee546e28657e34a2b84747381ed5a557c7e273e05b97aa1e2eb429c2e1adf09"
+			"sig": "e431037f03bb3e323aa6d9f97533883a0d111698a17cd7eb7843961fa4b15a12a98a8a6cac377df934a9303d3765cc5314f59a160ffe11a32e76c18c27b0180f"
 		}
 	],
 	"signed": {
@@ -11,9 +11,9 @@
 		"meta": {
 			"snapshot.json": {
 				"hashes": {
-					"sha512": "3a27aa26ff6e341bf45f8237208583a1cbad65c88b19531b17d1f33eb4aaf7533f0ae1c263746101f285a608ec54c6330878c6ae3b331595ee6cc8b90c53a025"
+					"sha512": "49d07f15210a34a0b2bf51e2d349b243bba68800796a6f7031adaa14a86da0f3aa96098c46c6f55330fb71a424a6658cdf09683287f72f9082302e9be3aec1ef"
 				},
-				"length": 847,
+				"length": 617,
 				"version": 3
 			}
 		},

client/testdata/go-tuf/consistent-snapshot-false/3/repository/snapshot.json

@@ -2,20 +2,13 @@
 	"signatures": [
 		{
 			"keyid": "b096bc2d67080cec22e6c0bbaa69cfd9d714b9e9ad847d255f950b2728855fef",
-			"sig": "5d310cc0b9cf6bf9c15b3d35020676b41dad6ae75405ec61cd299a697397fa4140c8718da6f0303708dd49e71d5f3702dae32289d1d7e34890073f90367bf109"
+			"sig": "bb6acd05cd4328a69a227ec24f3f241e3b692dfa04301b3ec682c808f143c94bed361ac5215800189f1b415a05ee1bf8534d452dab8548abe514582b91d0f308"
 		}
 	],
 	"signed": {
 		"_type": "snapshot",
 		"expires": "2100-01-01T00:00:00Z",
 		"meta": {
-			"root.json": {
-				"hashes": {
-					"sha512": "8a9faf25965186fd6f131ba4d7c81c77c814e3ca7d18add76f952ab2ef3fa5aa8600a3511e784aff6156626a1e856b48d0bb085b93b5c3b30f24d2f56c4b303d"
-				},
-				"length": 2178,
-				"version": 4
-			},
 			"targets.json": {
 				"hashes": {
 					"sha512": "75cc15d5a7c20656e37ece0a339434922fb489cf79f8ddf6a11d8c2a797ba1c7c51da0efaf335b31f9185c1eb9a5bbd074e16d412983a104e3bd33877eeb54c3"

client/testdata/go-tuf/consistent-snapshot-false/3/repository/timestamp.json

@@ -2,7 +2,7 @@
 	"signatures": [
 		{
 			"keyid": "aa3255b4e8e17e566d2bdbea0e5842978f9fa1d2fa9ec76ae76b146164acbfc8",
-			"sig": "92dede82d29dc862dbcd8f263880c1ed4140e54859feb2a985ea7efd95c040f443aa1057e2d91ddc6f7dc6618b9d6828e3744a681f658effd1f79f2989fcfa01"
+			"sig": "40e97ae18e413a3b44f2f1fb19c0ab57303fb39e950a38954a845f4ba1185bae2314e20c1dc5f157f60106c50e546e1d3469fb0b4cf6675810798f84f22cd001"
 		}
 	],
 	"signed": {
@@ -11,9 +11,9 @@
 		"meta": {
 			"snapshot.json": {
 				"hashes": {
-					"sha512": "1e7a837c1f6cf3f3a9bdf31869cc6fd6e146cba5065c438702d3225e8c0a4fef3d33148c8b41a1f86a15925c2032f7007d918c01794a3885d24801fa6a925904"
+					"sha512": "e55cb3fd889a759eaad70713f44d226a3b9b55b0e934fb6a1588832661c553d7f1e0cd6a2dfffeccabb5312dc9cf11ea88f34afbabd6fb715742ba60eb62756c"
 				},
-				"length": 848,
+				"length": 618,
 				"version": 4
 			}
 		},

client/testdata/go-tuf/consistent-snapshot-false/4/repository/snapshot.json

@@ -2,20 +2,13 @@
 	"signatures": [
 		{
 			"keyid": "b096bc2d67080cec22e6c0bbaa69cfd9d714b9e9ad847d255f950b2728855fef",
-			"sig": "b7da47fb77166cf71ed690476858ac830534e9528230c6cf9c76ca3f1821377c7036ca1e9aeffe4bf6ad178b99e5bb1cb65c4c175ec38c6f8e63f2d802be0a02"
+			"sig": "8ce62f94026a58e31a875017e0d10806e19e9541469330cdbfcd9ebfa5f0c317c7eb203256d114307d018400521add578bd2a11c85b5328af3e4efd471b92307"
 		}
 	],
 	"signed": {
 		"_type": "snapshot",
 		"expires": "2100-01-01T00:00:00Z",
 		"meta": {
-			"root.json": {
-				"hashes": {
-					"sha512": "2446f097fb62a5dc304044b981e3933ae72c050a01199d79d59a91fbbb22a6283b093e8c71c8d812a62dbe5e02be97e61a85a0c1ff1aa5f4323462b27d843a19"
-				},
-				"length": 2178,
-				"version": 5
-			},
 			"targets.json": {
 				"hashes": {
 					"sha512": "6832a32afe35bb07557081f3a935296cde39c39f6bca65bd068c337743b570818ff6c04a968a40b83228b46d214b44528719babfa3314658df36d4b21b0757ae"