You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The bundle.json file is a representation of bundle metadata. It MUST be represented as Canonical JSON. While Canonical JSON is parseable by any JSON parser, its serialized form is consistent. This is a necessity when comparing two textual representations of the same data (such as when hashing).
You may want to insist on exactly which "Canonical JSON" specification you are refering to to avoid subtle incompatibility issues between various CNAB tools.
Thank you for raising that we forgot to update the link to canonical json at the same time. If you'd like to submit a PR to fix the link and add a note about which specific canonical json we are following, it would be welcome!
For Porter, we use RFC 8785 (since cnab-go is a dependency). What are you using at DataDog?
Section 1.i ("The bundle.json File") states:
The link for "Canonical JSON" points to http://wiki.laptop.org/go/Canonical_JSON. However this "Canonical JSON specification" is the not the only one. In particular, RFC 8785 JSON Canonicalization Scheme (JCS) is another "Canonical JSON" specification that's gaining popularity.
The two specifications may have subtle incompatibilities, typically when it comes to the serialization of unicode strings and floating-point numbers.
You may want to insist on exactly which "Canonical JSON" specification you are refering to to avoid subtle incompatibility issues between various CNAB tools.
For instance, CNAB-Go, which seems to be the "reference implementation" uses the
github.com/cyberphone/json-canonicalization
package, which implements RFC 8785, which is not the spec linked to in the CNAB spec.One example of a Go package declaring to be compatible with http://wiki.laptop.org/go/Canonical_JSON is https://github.com/secure-systems-lab/go-securesystemslib/cjson.
I would suggest to
The text was updated successfully, but these errors were encountered: