Merge branch 'develop' into datetime

Author: erickt

tuf/src/client.rs

@@ -332,14 +332,13 @@ where
     }
 
     /// Create a new TUF client. It will trust and update the TUF database.
-    pub async fn from_database(
-        config: Config,
-        tuf: Database<D>,
-        local: L,
-        remote: R,
-    ) -> Result<Self> {
-        let (local, remote) = (Repository::new(local), Repository::new(remote));
-        Self::new(config, tuf, local, remote).await
+    pub fn from_database(config: Config, tuf: Database<D>, local: L, remote: R) -> Self {
+        Self {
+            config,
+            tuf,
+            local: Repository::new(local),
+            remote: Repository::new(remote),
+        }
     }
 
     /// Construct a client with the given parts.
@@ -1499,9 +1498,7 @@ mod test {
                 Database::from_trusted_root(metadata1.root().unwrap()).unwrap(),
                 track_local,
                 track_remote,
-            )
-            .await
-            .unwrap(),
+            ),
         };
 
         assert_eq!(client.tuf.trusted_root().version(), 1);
@@ -1546,13 +1543,7 @@ mod test {
                 );
             }
             ConstructorMode::FromDatabase => {
-                assert_eq!(
-                    client.local_repo().take_tracks(),
-                    vec![Track::FetchErr(
-                        MetadataPath::root(),
-                        MetadataVersion::Number(2)
-                    )],
-                );
+                assert_eq!(client.local_repo().take_tracks(), vec![],);
             }
         };
 

tuf/src/interchange/cjson/shims.rs

@@ -10,6 +10,14 @@ use crate::Result;
 
 const SPEC_VERSION: &str = "1.0";
 
+// Ensure the given spec version matches our spec version.
+//
+// We also need to handle the literal "1.0" here, despite that fact that it is not a valid version
+// according to the SemVer spec, because it is already baked into some of the old roots.
+fn valid_spec_version(other: &str) -> bool {
+    matches!(other, "1.0" | "1.0.0")
+}
+
 fn parse_datetime(ts: &str) -> Result<DateTime<Utc>> {
     DateTime::parse_from_rfc3339(ts)
         .map(|ts| ts.with_timezone(&Utc))
@@ -71,7 +79,7 @@ impl RootMetadata {
             )));
         }
 
-        if self.spec_version != SPEC_VERSION {
+        if !valid_spec_version(&self.spec_version) {
             return Err(Error::Encoding(format!(
                 "Unknown spec version {}",
                 self.spec_version
@@ -185,7 +193,7 @@ impl TimestampMetadata {
             )));
         }
 
-        if self.spec_version != SPEC_VERSION {
+        if !valid_spec_version(&self.spec_version) {
             return Err(Error::Encoding(format!(
                 "Unknown spec version {}",
                 self.spec_version
@@ -234,7 +242,7 @@ impl SnapshotMetadata {
             )));
         }
 
-        if self.spec_version != SPEC_VERSION {
+        if !valid_spec_version(&self.spec_version) {
             return Err(Error::Encoding(format!(
                 "Unknown spec version {}",
                 self.spec_version
@@ -300,7 +308,7 @@ impl TargetsMetadata {
             )));
         }
 
-        if self.spec_version != SPEC_VERSION {
+        if !valid_spec_version(&self.spec_version) {
             return Err(Error::Encoding(format!(
                 "Unknown spec version {}",
                 self.spec_version
@@ -576,6 +584,25 @@ mod deserialize_reject_duplicates {
 mod test {
     use super::*;
 
+    #[test]
+    fn spec_version_validation() {
+        let valid_spec_versions = ["1.0.0", "1.0"];
+
+        for version in valid_spec_versions {
+            assert!(valid_spec_version(version), "{:?} should be valid", version);
+        }
+
+        let invalid_spec_versions = ["1.0.1", "1.1.0", "2.0.0", "3.0"];
+
+        for version in invalid_spec_versions {
+            assert!(
+                !valid_spec_version(version),
+                "{:?} should be invalid",
+                version
+            );
+        }
+    }
+    
     #[test]
     fn datetime_formats() {
         // The TUF spec says datetimes should be in ISO8601 format, specifically