fixing version check

2015-06-18 14:30:43 -07:00 · 2015-06-18 14:30:43 -07:00 · 6bb833f7ff
parent c68d837670
commit 6bb833f7ff
3 changed files with 44 additions and 19 deletions
--- a/Godeps/Godeps.json
+++ b/Godeps/Godeps.json
@ -47,7 +47,7 @@
 		},
 		{
 			"ImportPath": "github.com/endophage/gotuf",
-			"Rev": "98e5e9aeb4dd213e0be82df82575930a1e6a2122"
+			"Rev": "429e2920d26a5703bb9cbdeaf893d3b79d6b2085"
 		},
 		{
 			"ImportPath": "github.com/go-sql-driver/mysql",
--- a/Godeps/_workspace/src/github.com/endophage/gotuf/tuf.go
+++ b/Godeps/_workspace/src/github.com/endophage/gotuf/tuf.go
@ -417,11 +417,14 @@ func (tr *TufRepo) UpdateTimestamp(s *data.Signed) error {

 func (tr *TufRepo) SignRoot(expires time.Time) (*data.Signed, error) {
 	logrus.Debug("SignRoot")
+	if tr.Root.Dirty {
+		tr.Root.Signed.Version++
+	}
+	root := tr.keysDB.GetRole(data.ValidRoles["root"])
 	signed, err := tr.Root.ToSigned()
 	if err != nil {
 		return nil, err
 	}
-	root := tr.keysDB.GetRole(data.ValidRoles["root"])
 	signed, err = tr.sign(signed, *root)
 	if err != nil {
 		return nil, err
@ -432,13 +435,14 @@ func (tr *TufRepo) SignRoot(expires time.Time) (*data.Signed, error) {

 func (tr *TufRepo) SignTargets(role string, expires time.Time) (*data.Signed, error) {
 	logrus.Debug("SignTargets")
-	signed, err := tr.Targets[role].ToSigned()
-	if err != nil {
-		logrus.Debug("errored getting targets data.Signed object")
-		return nil, err
-	}
 	logrus.Debug("Got targets data.Signed object")
 	if tr.Targets[role].Dirty {
+		tr.Targets[role].Signed.Version++
+		signed, err := tr.Targets[role].ToSigned()
+		if err != nil {
+			logrus.Debug("errored getting targets data.Signed object")
+			return nil, err
+		}
 		targets := tr.keysDB.GetRole(role)
 		logrus.Debug("About to sign ", role)
 		signed, err = tr.sign(signed, *targets)
@ -448,8 +452,15 @@ func (tr *TufRepo) SignTargets(role string, expires time.Time) (*data.Signed, er
 		}
 		logrus.Debug("success signing ", role)
 		tr.Targets[role].Signatures = signed.Signatures
+		return signed, nil
+	} else {
+		signed, err := tr.Targets[role].ToSigned()
+		if err != nil {
+			logrus.Debug("errored getting targets data.Signed object")
+			return nil, err
+		}
+		return signed, nil
 	}
-	return signed, nil
 }

 func (tr *TufRepo) SignSnapshot(expires time.Time) (*data.Signed, error) {
@ -479,19 +490,26 @@ func (tr *TufRepo) SignSnapshot(expires time.Time) (*data.Signed, error) {
 		}
 		tr.Targets[role].Dirty = false // target role dirty until changes captured in snapshot
 	}
-	signed, err := tr.Snapshot.ToSigned()
-	if err != nil {
-		return nil, err
-	}
 	if tr.Snapshot.Dirty {
+		tr.Snapshot.Signed.Version++
+		signed, err := tr.Snapshot.ToSigned()
+		if err != nil {
+			return nil, err
+		}
 		snapshot := tr.keysDB.GetRole(data.ValidRoles["snapshot"])
 		signed, err = tr.sign(signed, *snapshot)
 		if err != nil {
 			return nil, err
 		}
 		tr.Snapshot.Signatures = signed.Signatures
+		return signed, nil
+	} else {
+		signed, err := tr.Snapshot.ToSigned()
+		if err != nil {
+			return nil, err
+		}
+		return signed, nil
 	}
-	return signed, nil
 }

 func (tr *TufRepo) SignTimestamp(expires time.Time) (*data.Signed, error) {
@ -506,8 +524,9 @@ func (tr *TufRepo) SignTimestamp(expires time.Time) (*data.Signed, error) {
 			return nil, err
 		}
 	}
-	signed, err := tr.Timestamp.ToSigned()
 	if tr.Timestamp.Dirty {
+		tr.Timestamp.Signed.Version++
+		signed, err := tr.Timestamp.ToSigned()
 		if err != nil {
 			return nil, err
 		}
@ -518,8 +537,14 @@ func (tr *TufRepo) SignTimestamp(expires time.Time) (*data.Signed, error) {
 		}
 		tr.Timestamp.Signatures = signed.Signatures
 		tr.Snapshot.Dirty = false // snapshot is dirty until changes have been captured in timestamp
+		return signed, nil
+	} else {
+		signed, err := tr.Timestamp.ToSigned()
+		if err != nil {
+			return nil, err
+		}
+		return signed, nil
 	}
-	return signed, nil
 }

 func (tr TufRepo) sign(signed *data.Signed, role data.Role) (*data.Signed, error) {
--- a/server/version/database.go
+++ b/server/version/database.go
@ -30,18 +30,18 @@ func NewVersionDB(db *sql.DB) *VersionDB {
 // Update multiple TUF records in a single transaction.
 // Always insert a new row. The unique constraint will ensure there is only ever
 func (vdb *VersionDB) UpdateCurrent(qdn, role string, version int, data []byte) error {
-	checkStmt := "SELECT count(*) FROM `tuf_files` WHERE `qdn`=? AND `role`=? AND `version`=?;"
+	checkStmt := "SELECT count(*) FROM `tuf_files` WHERE `qdn`=? AND `role`=? AND `version`>=?;"
 	insertStmt := "INSERT INTO `tuf_files` (`qdn`, `role`, `version`, `data`) VALUES (?,?,?,?) ;"

 	// ensure immediately previous version exists
-	row := vdb.QueryRow(checkStmt, qdn, role, version-1)
+	row := vdb.QueryRow(checkStmt, qdn, role, version)
 	var exists int
 	err := row.Scan(&exists)
 	if err != nil {
 		return err
 	}
-	if exists == 0 && version > 0 {
-		return fmt.Errorf("Attempting to increment version by more than 1 for QDN: %s, role: %s, version: %d", qdn, role, version)
+	if exists != 0 {
+		return fmt.Errorf("Attempting to write an old version for QDN: %s, role: %s, version: %d. A newer version is available.", qdn, role, version)
 	}

 	// attempt to insert. Due to race conditions with the check this could fail.