Ethan Lowman issues

Results 10 issues of


                                            Ethan Lowman

build: Fix references to check-protos target in Makefile

There is no Makefile target for `checkprotos` -- this is a typo of the `check-protos` target. This PR fixes those references. Signed-off-by: Ethan Lowman

Plugin to CRI for image digest verification

### What is the problem you're trying to solve We would like to be able to verify images after a digest is resolved and before image layers are pulled, using...

kind/feature

[WIP] feat: Implement CRI image verification plugin system

This PR implements https://github.com/containerd/containerd/issues/6691. If a TTRPC image verifier plugin is configured, the CRI will make a call to that plugin to decide whether an image should be pulled. Signed-off-by:...

kind/feature

needs-ok-to-test

status/needs-discussion

Unexpected behavior: passing empty slice of paths to AddTargets* functions adds all staged targets instead of none

Incomplete support for delegations in repo methods which contain a role name as an argument

There are a number of methods which may require breaking API changes to support delegations. These include: - [ ] `Repo.GetThreshold` - [ ] `Repo.SetThreshold` - [ ] `Repo.RevokeKeyWithExpires` and...

Scalability issue: Commit loads all targets metadata into memory

`Commit` calls a function `fileHashes` which loads all targets metadata into memory. This is not scalable if there are many targets files or targets roles. One potential fix would be...

CI runs on simulated merge commit, but leaves comments on unmerged code

CI appears to run on a simulated merge commit, such as [this one](https://github.com/theupdateframework/go-tuf/commit/8220751deb9c76d1bab02300cd7c4bbf84de5292) for [this PR](https://github.com/theupdateframework/go-tuf/pull/175). This is useful, since it verifies that the build will remain green upon merge,...

Rename AddTargetsWithDigest to AddTargetWithDigest, implement missing AddTargetWithDigestWithExpires

This will be a breaking change. The name `AddTargetsWithDigest` breaks the naming convention for `AddTarget*` methods, since only one target is being added. This might be something we can bundle...

Correct and clarify "6.3.1 Updating targets metadata" for delegated targets roles

Step three of [6.3.1](https://theupdateframework.github.io/specification/latest/#update-targets-metadata) states: > Sign the updated targets metadata with at least a [THRESHOLD](https://theupdateframework.github.io/specification/latest/#threshold) of keys for the associated targets role (either the top-level targets role, or a...

Clarify client traversal of role delegation graph

Spec v1.0.19 Section 5.6.7 describes how the client should traverse the delegation graph to update the targets role. The wording on cycle avoidance could use some clarification. The spec says:...