Switch canonical json #92
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Interesting! Let's discuss at the CNAB Security meeting this week please... |
|
I've added it to Wednesday's agenda. |
|
FYI, the expiration error is now fixed by #91. Happy to chat about this at the next meeting, but as long as all CNAB tooling has the same serialization rules, it should not affect how we sign and verify bundles, although keep in mind this is a breaking change, i.e. the same bundle could get a different content digest and invalidate the signature. |
Signed-off-by: Carolyn Van Slyck <me@carolynvanslyck.com>
Per CNAB Spec cnabio/cnab-spec#414, we want to support numbers in our canonical json representation. The library we are currently using, github.com/docker/go/json, does not support this. So I am migrating us to the library mentioned in the spec as being compliant. This is the same library used by cnab-go. I was not able to completely remove the import of the old library because TUF uses its RawMessage struct, which is a very simple wrapper around a byte array. If we are intersted we can try to get TUF to use an interface instead of a hard-coded struct type so that we can drop the dependency on the other canonical json library. Signed-off-by: Carolyn Van Slyck <me@carolynvanslyck.com>
carolynvs
force-pushed
the
switch-canonical-json
branch
from
f23a5e2
to
6739584
Compare
Rename package to not use an underscore Signed-off-by: Carolyn Van Slyck <me@carolynvanslyck.com>
|
@trishankatdatadog @radu-matei I've rebased to pick up the fix from main and made the linter happy. |
This wasn't necessary like I originally thought since []byte converts cleanly to RawMessage by the compiler with any extra code. Signed-off-by: Carolyn Van Slyck <me@carolynvanslyck.com>
trishankatdatadog
approved these changes
May 24, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Per CNAB Spec cnabio/cnab-spec#414, we want to support numbers in our canonical json representation.
The library we are currently using, github.com/docker/go/json, does not support this. So I am migrating us to the library mentioned in the spec as being compliant. This is the same library used by cnab-go in cnabio/cnab-go#247.
I was not able to completely remove the import of the old library because TUF uses its RawMessage struct, which is a very simple wrapper around a byte array.
If we are interested we can try to get TUF to use an interface instead of a hard-coded struct type so that we can drop the dependency on the other canonical json library.