Comments (4)
This is the actual error. (it's happening because my roots are different from what's in the mirror)
error: "getting paths for staged packages: refreshing targets: staging targets: downloading target: target verification failed: target length is incorrect"
btw, there's a lot of indirection happening there.
from updater.
That code is looking to see if the version of the targets role that we got from notary, is greater than the version we have in our local TUF repo. If the targets role from notary is the same as the targets role in our local repo, we don't return an error, and the stagedPath is an empty string because there is nothing new to download.
from updater.
That code is looking to see if the version of the targets role that we got from notary, is greater than the version we have in our local TUF repo.
Ok, but my local repo files are signed by completely different notary server and the target I'm looking for doesn't match what is in the remote. I had to generate brand new roots when I was setting up a test.
The current updater assumes everything in the local path is perfect, otherwise it just silently ignores the message.
Do you think there's a way to verify that the local repo files are mismatched?
If not, would you accept a debug log message there? The current state is forever silent/undetectable without removing a conditional in the code.
from updater.
I hit another edge case with this where both previous and current version are the same according to the metadata, but there are 0 versions downloaded. locally.
How can we handle the case where there have been 0 updates according to the files in repo/
but we don't have the software on the system already?
from updater.
Related Issues (14)
- use filepath package for os paths HOT 1
- create Download method which securely downloads a file from the mirror HOT 1
- Improve documentation of code that implements TUF client algorithm
- Add delegation support. HOT 1
- tuf code might have race conditions
- large files are saved to a memory buffer before downloading
- combine updater and tuf packages
- use constant time functions for comparing checksums
- switch json Hashes field to a map of bytes
- use function type for optional args
- Update README Docs
- verify that target metadata files remain listed
- Question: Does this client API support Notary and Mirror authentication? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from updater.