|
3 | 3 |
|
4 | 4 | """Trusted collection of client-side TUF Metadata |
5 | 5 |
|
6 | | -TrustedMetadataSet keeps track of current valid set of metadata for the client, |
7 | | -and handles almost every step of the "Detailed client workflow" ( |
| 6 | +TrustedMetadataSet keeps track of the current valid set of metadata for the |
| 7 | +client, and handles almost every step of the "Detailed client workflow" ( |
8 | 8 | https://theupdateframework.github.io/specification/latest#detailed-client-workflow) |
9 | 9 | in the TUF specification: the remaining steps are related to filesystem and |
10 | | -network IO which is not handled here. |
| 10 | +network IO, which are not handled here. |
11 | 11 |
|
12 | | -Loaded metadata can be accessed via the index access with rolename as key |
13 | | -(trusted_set["root"]) or, in the case of top-level metadata using the helper |
| 12 | +Loaded metadata can be accessed via index access with rolename as key |
| 13 | +(trusted_set["root"]) or, in the case of top-level metadata, using the helper |
14 | 14 | properties (trusted_set.root). |
15 | 15 |
|
16 | 16 | The rules for top-level metadata are |
17 | | - * Metadata is loadable only if metadata it depends on is loaded |
18 | | - * Metadata is immutable if any metadata depending on it has been loaded |
19 | | - * Metadata must be loaded/updated in order: |
20 | | - root -> timestamp -> snapshot -> targets -> (other delegated targets) |
21 | | -
|
| 17 | + * Metadata is updatable only if metadata it depends on is loaded |
| 18 | + * Metadata is not updatable if any metadata depending on it has been loaded |
| 19 | + * Metadata must be updated in order: |
| 20 | + root -> timestamp -> snapshot -> targets -> (delegated targets) |
22 | 21 |
|
23 | 22 | Exceptions are raised if metadata fails to load in any way. |
24 | 23 |
|
@@ -240,10 +239,10 @@ def root_update_finished(self): |
240 | 239 | if self.root.signed.is_expired(self.reference_time): |
241 | 240 | raise exceptions.ExpiredMetadataError("New root.json is expired") |
242 | 241 |
|
243 | | - # No need to recover from fast-forward attack here since |
244 | | - # timestamp and snapshot are not loaded at this point and |
245 | | - # when loaded later will be verified with the new rotated |
246 | | - # keys. |
| 242 | + # No need to delete timestamp/snapshot here as specification instructs |
| 243 | + # for fast-forward attack recovery: timestamp/snapshot can not be |
| 244 | + # loaded at this point and when loaded later they will be verified |
| 245 | + # with current root keys. |
247 | 246 |
|
248 | 247 | self._root_update_finished = True |
249 | 248 | logger.debug("Verified final root.json") |
|
0 commit comments