|
|
@@ -261,8 +261,7 @@ func (c *Client) downloadTimestamp() error {
|
|
|
}
|
|
|
// unlike root, targets and snapshot, always try and download timestamps
|
|
|
// from remote, only using the cache one if we couldn't reach remote.
|
|
|
- raw, err := c.remote.GetMeta(role, maxSize)
|
|
|
- var s *data.Signed
|
|
|
+ raw, s, err := c.downloadSigned(role, maxSize, nil)
|
|
|
if err != nil || len(raw) == 0 {
|
|
|
if err, ok := err.(store.ErrMetaNotFound); ok {
|
|
|
return err
|
|
|
@@ -279,11 +278,6 @@ func (c *Client) downloadTimestamp() error {
|
|
|
s = old
|
|
|
} else {
|
|
|
download = true
|
|
|
- s = &data.Signed{}
|
|
|
- err = json.Unmarshal(raw, s)
|
|
|
- if err != nil {
|
|
|
- return err
|
|
|
- }
|
|
|
}
|
|
|
err = signed.Verify(s, role, version, c.keysDB)
|
|
|
if err != nil {
|
|
|
@@ -305,10 +299,13 @@ func (c *Client) downloadTimestamp() error {
|
|
|
func (c *Client) downloadSnapshot() error {
|
|
|
logrus.Debug("downloadSnapshot")
|
|
|
role := data.RoleName("snapshot")
|
|
|
+ if c.local.Timestamp == nil {
|
|
|
+ return ErrMissingMeta{role: "snapshot"}
|
|
|
+ }
|
|
|
size := c.local.Timestamp.Signed.Meta[role].Length
|
|
|
expectedSha256, ok := c.local.Timestamp.Signed.Meta[role].Hashes["sha256"]
|
|
|
if !ok {
|
|
|
- return fmt.Errorf("Sha256 is currently the only hash supported by this client. No Sha256 found for snapshot")
|
|
|
+ return ErrMissingMeta{role: "snapshot"}
|
|
|
}
|
|
|
|
|
|
var download bool
|
|
|
@@ -373,6 +370,9 @@ func (c *Client) downloadSnapshot() error {
|
|
|
// including delegates roles.
|
|
|
func (c *Client) downloadTargets(role string) error {
|
|
|
role = data.RoleName(role) // this will really only do something for base targets role
|
|
|
+ if c.local.Snapshot == nil {
|
|
|
+ return ErrMissingMeta{role: role}
|
|
|
+ }
|
|
|
snap := c.local.Snapshot.Signed
|
|
|
root := c.local.Root.Signed
|
|
|
r := c.keysDB.GetRole(role)
|
|
|
@@ -398,13 +398,12 @@ func (c *Client) downloadTargets(role string) error {
|
|
|
}
|
|
|
|
|
|
func (c *Client) downloadSigned(role string, size int64, expectedSha256 []byte) ([]byte, *data.Signed, error) {
|
|
|
- logrus.Debugf("downloading new %s", role)
|
|
|
raw, err := c.remote.GetMeta(role, size)
|
|
|
if err != nil {
|
|
|
return nil, nil, err
|
|
|
}
|
|
|
genHash := sha256.Sum256(raw)
|
|
|
- if !bytes.Equal(genHash[:], expectedSha256) {
|
|
|
+ if expectedSha256 != nil && !bytes.Equal(genHash[:], expectedSha256) {
|
|
|
return nil, nil, ErrChecksumMismatch{role: role}
|
|
|
}
|
|
|
s := &data.Signed{}
|
|
|
@@ -419,11 +418,11 @@ func (c Client) GetTargetsFile(role string, keyIDs []string, snapshotMeta data.F
|
|
|
// require role exists in snapshots
|
|
|
roleMeta, ok := snapshotMeta[role]
|
|
|
if !ok {
|
|
|
- return nil, fmt.Errorf("Snapshot does not contain target role")
|
|
|
+ return nil, ErrMissingMeta{role: role}
|
|
|
}
|
|
|
expectedSha256, ok := snapshotMeta[role].Hashes["sha256"]
|
|
|
if !ok {
|
|
|
- return nil, fmt.Errorf("Sha256 is currently the only hash supported by this client. No Sha256 found for targets role %s", role)
|
|
|
+ return nil, ErrMissingMeta{role: role}
|
|
|
}
|
|
|
|
|
|
// try to get meta file from content addressed cache
|
David Lawrence