diff --git a/Godeps/Godeps.json b/Godeps/Godeps.json index d1fa5b27a3..ac62b2b6a5 100644 --- a/Godeps/Godeps.json +++ b/Godeps/Godeps.json @@ -47,7 +47,7 @@ }, { "ImportPath": "github.com/endophage/gotuf", - "Rev": "98e5e9aeb4dd213e0be82df82575930a1e6a2122" + "Rev": "429e2920d26a5703bb9cbdeaf893d3b79d6b2085" }, { "ImportPath": "github.com/go-sql-driver/mysql", diff --git a/Godeps/_workspace/src/github.com/endophage/gotuf/tuf.go b/Godeps/_workspace/src/github.com/endophage/gotuf/tuf.go index 5d6bf64627..860e405ae7 100644 --- a/Godeps/_workspace/src/github.com/endophage/gotuf/tuf.go +++ b/Godeps/_workspace/src/github.com/endophage/gotuf/tuf.go @@ -417,11 +417,14 @@ func (tr *TufRepo) UpdateTimestamp(s *data.Signed) error { func (tr *TufRepo) SignRoot(expires time.Time) (*data.Signed, error) { logrus.Debug("SignRoot") + if tr.Root.Dirty { + tr.Root.Signed.Version++ + } + root := tr.keysDB.GetRole(data.ValidRoles["root"]) signed, err := tr.Root.ToSigned() if err != nil { return nil, err } - root := tr.keysDB.GetRole(data.ValidRoles["root"]) signed, err = tr.sign(signed, *root) if err != nil { return nil, err @@ -432,13 +435,14 @@ func (tr *TufRepo) SignRoot(expires time.Time) (*data.Signed, error) { func (tr *TufRepo) SignTargets(role string, expires time.Time) (*data.Signed, error) { logrus.Debug("SignTargets") - signed, err := tr.Targets[role].ToSigned() - if err != nil { - logrus.Debug("errored getting targets data.Signed object") - return nil, err - } logrus.Debug("Got targets data.Signed object") if tr.Targets[role].Dirty { + tr.Targets[role].Signed.Version++ + signed, err := tr.Targets[role].ToSigned() + if err != nil { + logrus.Debug("errored getting targets data.Signed object") + return nil, err + } targets := tr.keysDB.GetRole(role) logrus.Debug("About to sign ", role) signed, err = tr.sign(signed, *targets) @@ -448,8 +452,15 @@ func (tr *TufRepo) SignTargets(role string, expires time.Time) (*data.Signed, er } logrus.Debug("success signing ", role) tr.Targets[role].Signatures = signed.Signatures + return signed, nil + } else { + signed, err := tr.Targets[role].ToSigned() + if err != nil { + logrus.Debug("errored getting targets data.Signed object") + return nil, err + } + return signed, nil } - return signed, nil } func (tr *TufRepo) SignSnapshot(expires time.Time) (*data.Signed, error) { @@ -479,19 +490,26 @@ func (tr *TufRepo) SignSnapshot(expires time.Time) (*data.Signed, error) { } tr.Targets[role].Dirty = false // target role dirty until changes captured in snapshot } - signed, err := tr.Snapshot.ToSigned() - if err != nil { - return nil, err - } if tr.Snapshot.Dirty { + tr.Snapshot.Signed.Version++ + signed, err := tr.Snapshot.ToSigned() + if err != nil { + return nil, err + } snapshot := tr.keysDB.GetRole(data.ValidRoles["snapshot"]) signed, err = tr.sign(signed, *snapshot) if err != nil { return nil, err } tr.Snapshot.Signatures = signed.Signatures + return signed, nil + } else { + signed, err := tr.Snapshot.ToSigned() + if err != nil { + return nil, err + } + return signed, nil } - return signed, nil } func (tr *TufRepo) SignTimestamp(expires time.Time) (*data.Signed, error) { @@ -506,8 +524,9 @@ func (tr *TufRepo) SignTimestamp(expires time.Time) (*data.Signed, error) { return nil, err } } - signed, err := tr.Timestamp.ToSigned() if tr.Timestamp.Dirty { + tr.Timestamp.Signed.Version++ + signed, err := tr.Timestamp.ToSigned() if err != nil { return nil, err } @@ -518,8 +537,14 @@ func (tr *TufRepo) SignTimestamp(expires time.Time) (*data.Signed, error) { } tr.Timestamp.Signatures = signed.Signatures tr.Snapshot.Dirty = false // snapshot is dirty until changes have been captured in timestamp + return signed, nil + } else { + signed, err := tr.Timestamp.ToSigned() + if err != nil { + return nil, err + } + return signed, nil } - return signed, nil } func (tr TufRepo) sign(signed *data.Signed, role data.Role) (*data.Signed, error) { diff --git a/server/version/database.go b/server/version/database.go index 8cff205900..23c9a7e506 100644 --- a/server/version/database.go +++ b/server/version/database.go @@ -30,18 +30,18 @@ func NewVersionDB(db *sql.DB) *VersionDB { // Update multiple TUF records in a single transaction. // Always insert a new row. The unique constraint will ensure there is only ever func (vdb *VersionDB) UpdateCurrent(qdn, role string, version int, data []byte) error { - checkStmt := "SELECT count(*) FROM `tuf_files` WHERE `qdn`=? AND `role`=? AND `version`=?;" + checkStmt := "SELECT count(*) FROM `tuf_files` WHERE `qdn`=? AND `role`=? AND `version`>=?;" insertStmt := "INSERT INTO `tuf_files` (`qdn`, `role`, `version`, `data`) VALUES (?,?,?,?) ;" // ensure immediately previous version exists - row := vdb.QueryRow(checkStmt, qdn, role, version-1) + row := vdb.QueryRow(checkStmt, qdn, role, version) var exists int err := row.Scan(&exists) if err != nil { return err } - if exists == 0 && version > 0 { - return fmt.Errorf("Attempting to increment version by more than 1 for QDN: %s, role: %s, version: %d", qdn, role, version) + if exists != 0 { + return fmt.Errorf("Attempting to write an old version for QDN: %s, role: %s, version: %d. A newer version is available.", qdn, role, version) } // attempt to insert. Due to race conditions with the check this could fail.