Skip to content

Remove stale delegations#546

Merged
asraa merged 1 commit intosigstore:mainfrom
asraa:remove-unused-delegations
Nov 18, 2022
Merged

Remove stale delegations#546
asraa merged 1 commit intosigstore:mainfrom
asraa:remove-unused-delegations

Conversation

@asraa
Copy link
Copy Markdown
Contributor

@asraa asraa commented Nov 17, 2022

Signed-off-by: Asra Ali asraa@google.com

Fixes #545

The sync job checks to make sure that none of the files uploaded are expired. Our unused delegated targets files just expired which caused the sync job to fail. We can safely remove the target files, so long as the snapshot.json continues to hold their hashes to prevent a rollback attack.

When we snapshot, we preserve old delegated targets files hashes and versions.

When we rotate snapshot keys, we should clear the snapshot.json of the old unused delegations.

Summary

Release Note

Documentation

@asraa
update delegations
fb1cd24 
Signed-off-by: Asra Ali <asraa@google.com>
@asraa
Copy link
Copy Markdown
Contributor Author

asraa commented Nov 17, 2022

cc'ing reviewers, please check my on my TUF logic. @trishankatdatadog

@trishankatdatadog
Copy link
Copy Markdown
Contributor

trishankatdatadog commented Nov 17, 2022
edited
Loading

cc'ing reviewers, please check my on my TUF logic. @trishankatdatadog

Seems right to me, yes. If there is a delegatee you want to delete, you should delete:

  1. The targets only the delegatee is responsible for.
  2. The delegatee's targets metadata.
  3. The delegation off any delegator's targets metadata.

But keep the snapshot metadata about (2) around until timestamp/snapshot needs to be reset (e.g., due to a fast-forward attack, as described in Section 5.3.11 of the spec).

(3) can safely be updated in the snapshot metadata so long as it doesn't rollback itself.

Any disagreements @mnm678 @JustinCappos?

@asraa
Copy link
Copy Markdown
Contributor Author

asraa commented Nov 17, 2022

Seems right to me, yes. If there is a delegatee you want to delete, you should delete:

Thank you for this list! I double checked that there weren't any delegatee targets as well. Those were removed.

But keep the snapshot metadata about (2) around until timestamp/snapshot needs to be reset (e.g., due to a fast-forward attack, as described in Section 5.3.11 of the spec).

+1, the snapshot will hold on to the delegations indefinitely (until we refresh keys). double-checked that our automation won't remove it.

joshuagl
joshuagl approved these changes Nov 18, 2022
View reviewed changes
Copy link
Copy Markdown
Member

@joshuagl joshuagl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thanks for the detailed review @trishankatdatadog

@joshuagl joshuagl mentioned this pull request Nov 18, 2022
Open
@asraa asraa merged commit e3c099e into sigstore:main Nov 18, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Hayden-IO Hayden-IO Hayden-IO approved these changes

@kommendorkapten kommendorkapten kommendorkapten approved these changes

@mnm678 mnm678 Awaiting requested review from mnm678

+1 more reviewer

@joshuagl joshuagl joshuagl approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[bug]: Updating workflow sync

5 participants

@asraa @trishankatdatadog @Hayden-IO @kommendorkapten @joshuagl