Radish alpha
h
heartwood
rad:z3gqcJUoA1n9HaHKufZs5FCSGazv5
Radicle Heartwood Protocol & Stack
Radicle
Git
Commits fa1699e
radicle/sigrefs: Revert strict verification of `refs/rad/root`
Lorenz Leutgeb committed 1 month ago
commit fa1699e5d02ccb54f628638e64d7b2eb43a780b8
parent d01ff2e
3 files changed +20 -2
modified CHANGELOG.md
@@ -14,6 +14,16 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
  in the ambiguous format could not be parsed anymore. Partially undo this change

  to stay backward compatible, but log a warning in case ambiguous addresses are

  encountered.
+ 
- In commit `d3bc868e84c334f113806df1737f52cc57c5453d` which was released in
+ 
  version 1.7.0, the criteria for verification of Signed References was changed
+ 
  to be more strict. In particular, to require the reference `refs/rad/root`
+ 
  pointing at the root commit in the history of the repository identity.
+ 
  This was done under the assumption that the overwhelming majority of
+ 
  repositories on the network would have this reference, thus not many users
+ 
  would be negatively affected, in a trade for improved security.
+ 
  It turned out that this assumption was wrong, and that a larger-than-expected
+ 
  portion of the network is affected by verification errors. The change is
+ 
  reverted, relaxing the verification criteria again.



## 1.7.0
modified crates/radicle/src/storage/refs/sigrefs/read.rs
@@ -258,10 +258,17 @@ impl Commit {
                // Identity verification succeeds.

            }

        } else {
- 
            return Err(error::Verify::MissingIdentity(error::MissingIdentity {
+ 
            let err = error::Verify::MissingIdentity(error::MissingIdentity {

                sigrefs_commit: self.oid,

                expected,
- 
            }));
+ 
            });
+
+ 
            log::debug!("Reading sigrefs will error in the future: {err}");
+
+ 
            // TODO: Make this return the error
+ 
            // and enable test `test::commit_reader::missing_identity`.
+
+ 
            // Identity verification succeeds.

        }



        self.refs.remove_sigrefs();
modified crates/radicle/src/storage/refs/sigrefs/read/test/commit_reader.rs
@@ -73,6 +73,7 @@ fn missing_commit() {
}



#[test]
+ 
#[ignore = "strict verification of `refs/rad/root` reverted due to compatibility issues"]

fn missing_identity() {

    let head = mock::oid(1);

    let refs = [(mock::refs_heads_main(), mock::oid(10))];