Metadata API: Tweak get_root_verification_result args

jku · jku · commit f60fb4abc8b2 · 2024-02-05T13:51:28.000+02:00
Change the "other" argument to optional "previous" and
handle the None case in code.

Signed-off-by: Jussi Kukkonen &lt;jkukkonen@google.com&gt;
diff --git a/examples/repository/_simplerepo.py b/examples/repository/_simplerepo.py
@@ -99,11 +99,9 @@ def _get_verification_result(
         if role == Root.type:
             assert isinstance(md.signed, Root)
             root = self.root()
-            if root.version == 0:
-                # special case first root
-                root = md.signed
+            previous = root if root.version > 0 else None
             return md.signed.get_root_verification_result(
-                root, md.signed_bytes, md.signatures
+                previous, md.signed_bytes, md.signatures
             )
         if role in [Timestamp.type, Snapshot.type, Targets.type]:
             delegator: Signed = self.root()
diff --git a/tuf/api/metadata.py b/tuf/api/metadata.py
@@ -965,30 +965,36 @@ def get_key(self, keyid: str) -> Key:  # noqa: D102
 
     def get_root_verification_result(
         self,
-        other: "Root",
+        previous: Optional["Root"],
         payload: bytes,
         signatures: Dict[str, Signature],
     ) -> RootVerificationResult:
         """Return signature threshold verification result for two root roles.
 
-        Verify root metadata with two roles (the root role from `self` and
-        `other`). If you have only one role (in the case of root v1) you can
-        provide the same Root as both `self` and `other`.
+        Verify root metadata with two roles (`self` and optionally `previous`).
+
+        If the repository has no root role versions yet, `previous` can be left
+        None. In all other cases, `previous` must be the previous version of
+        the Root.
 
         NOTE: Unlike `verify_delegate()` this method does not raise, if the
         root metadata is not fully verified.
 
         Args:
-            other: The other `Root` to verify payload with
+            previous: The previous `Root` to verify payload with, or None
             payload: Signed payload bytes for root
             signatures: Signatures over payload bytes
 
         Raises:
             ValueError: no delegation was found for ``delegated_role``.
         """
+
+        if previous is None:
+            previous = self
+
         return RootVerificationResult(
             self.get_verification_result(Root.type, payload, signatures),
-            other.get_verification_result(Root.type, payload, signatures),
+            previous.get_verification_result(Root.type, payload, signatures),
         )
 
 
