Fix threshold counting for duplicate public keys#733
Merged
Conversation
There was a problem hiding this comment.
Pull request overview
This PR fixes delegation threshold verification so duplicate metadata key records that resolve to the same public key cannot satisfy multi-key thresholds by themselves.
Changes:
- Counts verified threshold contributions by SHA-256 fingerprint of the resolved public key.
- Adds regression tests for duplicate public keys across ECDSA, Ed25519, and RSA cases.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
metadata/metadata.go |
Uses PKIX public-key fingerprints instead of key IDs when counting verified threshold contributors. |
metadata/metadata_test.go |
Adds duplicate-public-key regression coverage for delegated target verification. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Signed-off-by: Radoslav Dimitrov <radoslav@stacklok.com>
rdimitrov
added a commit
that referenced
this pull request
May 26, 2026
Layers fixes for the CI failures observed on PR #695, plus a sync with master to incorporate intervening changes (#733 threshold fix and dep bumps). * fix(conformance-client): set LocalTargetsDir on refresh. Updater.New calls cfg.EnsurePathsExist on both LocalMetadataDir and LocalTargetsDir; an empty LocalTargetsDir made os.MkdirAll fail before any network work, which was the root cause of the broad "assert 1 == 0" failures across the conformance suite. * fix(conformance-client): honour libfaketime FAKETIME env. Go binaries on Linux read clock_gettime via VDSO and bypass libfaketime interception, so faketime-driven tests like test_faketime and the sigstore-root-signing static repository saw the real wall clock. Parse FAKETIME -- including Ubuntu's signed second-offset form (e.g. "+691200") -- and feed the parsed instant into Updater.UnsafeSetRefTime before Refresh. * test(config): drop the "not a directory" substring check in TestEnsurePathsExistTable; Windows os.MkdirAll returns "The system cannot find the path specified." expectError: true already covers the intent. * test(metadata): same OS-string fix for TestMetadataFromFile/Non-existent_file. Result: 108/108 tuf-conformance tests pass; CI green on linux/macOS/windows for both stable and oldstable Go. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Signed-off-by: Radoslav Dimitrov <radoslav@stacklok.com>
rdimitrov
added a commit
that referenced
this pull request
Jun 3, 2026
Layers fixes for the CI failures observed on PR #695, plus a sync with master to incorporate intervening changes (#733 threshold fix and dep bumps). * fix(conformance-client): set LocalTargetsDir on refresh. Updater.New calls cfg.EnsurePathsExist on both LocalMetadataDir and LocalTargetsDir; an empty LocalTargetsDir made os.MkdirAll fail before any network work, which was the root cause of the broad "assert 1 == 0" failures across the conformance suite. * fix(conformance-client): honour libfaketime FAKETIME env. Go binaries on Linux read clock_gettime via VDSO and bypass libfaketime interception, so faketime-driven tests like test_faketime and the sigstore-root-signing static repository saw the real wall clock. Parse FAKETIME -- including Ubuntu's signed second-offset form (e.g. "+691200") -- and feed the parsed instant into Updater.UnsafeSetRefTime before Refresh. * test(config): drop the "not a directory" substring check in TestEnsurePathsExistTable; Windows os.MkdirAll returns "The system cannot find the path specified." expectError: true already covers the intent. * test(metadata): same OS-string fix for TestMetadataFromFile/Non-existent_file. Result: 108/108 tuf-conformance tests pass; CI green on linux/macOS/windows for both stable and oldstable Go. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Signed-off-by: Radoslav Dimitrov <radoslav@stacklok.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Testing