cli: verify previous transition hash on SetManifest#2189
Open
davidweisse wants to merge 1 commit intodav/expose-transitionsfrom
Open
cli: verify previous transition hash on SetManifest#2189davidweisse wants to merge 1 commit intodav/expose-transitionsfrom
davidweisse wants to merge 1 commit intodav/expose-transitionsfrom
Conversation
burgerdev
reviewed
Feb 19, 2026
davidweisse
force-pushed
the
dav/expose-transitions
branch
from
475e720 to
d6fdaad
Compare
davidweisse
force-pushed
the
dav/set-verify-transition-hash
branch
from
63de6e1 to
4edf5ea
Compare
davidweisse
added
changelog
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
We want to ensure that a
SetManifestcall only succeeds if the Coordinator is in an expected state, i.e., has the expected manifest history. For this, we pass the latest transition hash tocontrast setand verify on the Coordinator side that it matches the current state before updating the manifest.This means that, when the
--atomicflag is set, subsequent calls tocontrast setwill fail because the transition hash changes. Before eachcontrast setthe transition hash has to be obtained withcontrast verifyto ensure the CLI is aware of the current Coordinator state when setting a new manifest.The
PreviousTransitionHashfield in the request is only checked if notnil, i.e.,--atomicis not set. If--atomicis set on the first SetManifest call, the field is set to the all zero string (notnil), since we cannot default tonilifverify/latest-transitionis not present. To the coordinator this would just seem as if--atomicis not set.