func loadAndValidateTargets(gun string, builder tuf.RepoBuilder, roles map[string]storage.MetaUpdate, store storage.MetaStore) ([]storage.MetaUpdate, error) { targetsRoles := make(utils.RoleList, 0) for role := range roles { if role == data.CanonicalTargetsRole || data.IsDelegation(role) { targetsRoles = append(targetsRoles, role) } } // N.B. RoleList sorts paths with fewer segments first. // By sorting, we'll always process shallower targets updates before deeper // ones (i.e. we'll load and validate targets before targets/foo). This // helps ensure we only load from storage when necessary in a cleaner way. sort.Sort(targetsRoles) updatesToApply := make([]storage.MetaUpdate, 0, len(targetsRoles)) for _, roleName := range targetsRoles { // don't load parent if current role is "targets", // we must load all ancestor roles, starting from `targets` and working down, // for delegations to validate the full parent chain var parentsToLoad []string ancestorRole := roleName for ancestorRole != data.CanonicalTargetsRole { ancestorRole = path.Dir(ancestorRole) if !builder.IsLoaded(ancestorRole) { parentsToLoad = append(parentsToLoad, ancestorRole) } } for i := len(parentsToLoad) - 1; i >= 0; i-- { if err := loadFromStore(gun, parentsToLoad[i], builder, store); err != nil { // if the parent doesn't exist, just keep going - loading the role will eventually fail // due to it being an invalid role if _, ok := err.(storage.ErrNotFound); !ok { return nil, err } } } if err := builder.Load(roleName, roles[roleName].Data, 1, false); err != nil { logrus.Error("ErrBadTargets: ", err.Error()) return nil, validation.ErrBadTargets{Msg: err.Error()} } updatesToApply = append(updatesToApply, roles[roleName]) } return updatesToApply, nil }