some bugfixes on getting tuf files, this is backed by a lot of new unit tests in gotuf

Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
This commit is contained in:
David Lawrence 2015-10-20 13:21:43 -07:00
parent 3957368eff
commit 43ba8a0426
5 changed files with 29 additions and 18 deletions

View file

@ -43,7 +43,7 @@ clone git github.com/docker/distribution 20c4b7a1805a52753dfd593ee1cc35558722a0c
clone git github.com/vbatts/tar-split v0.9.10
clone git github.com/docker/notary 089d8450d8928aa1c58fd03f09cabbde9bcb4590
clone git github.com/endophage/gotuf 876c31a61bc4aa0dae09bb8ef3946dc26dd04924
clone git github.com/endophage/gotuf 2df1c8e0a7b7e10ae2113bf37aaa1bf1c1de8cc5
clone git github.com/jfrazelle/go 6e461eb70cb4187b41a84e9a567d7137bdbe0f16
clone git github.com/agl/ed25519 d2b94fd789ea21d12fac1a4443dd3a3f79cda72c

View file

@ -261,8 +261,7 @@ func (c *Client) downloadTimestamp() error {
}
// unlike root, targets and snapshot, always try and download timestamps
// from remote, only using the cache one if we couldn't reach remote.
raw, err := c.remote.GetMeta(role, maxSize)
var s *data.Signed
raw, s, err := c.downloadSigned(role, maxSize, nil)
if err != nil || len(raw) == 0 {
if err, ok := err.(store.ErrMetaNotFound); ok {
return err
@ -279,11 +278,6 @@ func (c *Client) downloadTimestamp() error {
s = old
} else {
download = true
s = &data.Signed{}
err = json.Unmarshal(raw, s)
if err != nil {
return err
}
}
err = signed.Verify(s, role, version, c.keysDB)
if err != nil {
@ -305,10 +299,13 @@ func (c *Client) downloadTimestamp() error {
func (c *Client) downloadSnapshot() error {
logrus.Debug("downloadSnapshot")
role := data.RoleName("snapshot")
if c.local.Timestamp == nil {
return ErrMissingMeta{role: "snapshot"}
}
size := c.local.Timestamp.Signed.Meta[role].Length
expectedSha256, ok := c.local.Timestamp.Signed.Meta[role].Hashes["sha256"]
if !ok {
return fmt.Errorf("Sha256 is currently the only hash supported by this client. No Sha256 found for snapshot")
return ErrMissingMeta{role: "snapshot"}
}
var download bool
@ -373,6 +370,9 @@ func (c *Client) downloadSnapshot() error {
// including delegates roles.
func (c *Client) downloadTargets(role string) error {
role = data.RoleName(role) // this will really only do something for base targets role
if c.local.Snapshot == nil {
return ErrMissingMeta{role: role}
}
snap := c.local.Snapshot.Signed
root := c.local.Root.Signed
r := c.keysDB.GetRole(role)
@ -398,13 +398,12 @@ func (c *Client) downloadTargets(role string) error {
}
func (c *Client) downloadSigned(role string, size int64, expectedSha256 []byte) ([]byte, *data.Signed, error) {
logrus.Debugf("downloading new %s", role)
raw, err := c.remote.GetMeta(role, size)
if err != nil {
return nil, nil, err
}
genHash := sha256.Sum256(raw)
if !bytes.Equal(genHash[:], expectedSha256) {
if expectedSha256 != nil && !bytes.Equal(genHash[:], expectedSha256) {
return nil, nil, ErrChecksumMismatch{role: role}
}
s := &data.Signed{}
@ -419,11 +418,11 @@ func (c Client) GetTargetsFile(role string, keyIDs []string, snapshotMeta data.F
// require role exists in snapshots
roleMeta, ok := snapshotMeta[role]
if !ok {
return nil, fmt.Errorf("Snapshot does not contain target role")
return nil, ErrMissingMeta{role: role}
}
expectedSha256, ok := snapshotMeta[role].Hashes["sha256"]
if !ok {
return nil, fmt.Errorf("Sha256 is currently the only hash supported by this client. No Sha256 found for targets role %s", role)
return nil, ErrMissingMeta{role: role}
}
// try to get meta file from content addressed cache

View file

@ -18,6 +18,14 @@ func (e ErrChecksumMismatch) Error() string {
return fmt.Sprintf("tuf: checksum for %s did not match", e.role)
}
type ErrMissingMeta struct {
role string
}
func (e ErrMissingMeta) Error() string {
return fmt.Sprintf("tuf: sha256 checksum required for %s", e.role)
}
type ErrMissingRemoteMetadata struct {
Name string
}

View file

@ -99,10 +99,6 @@ func (s HTTPStore) GetMeta(name string, size int64) ([]byte, error) {
logrus.Debugf("%d when retrieving metadata for %s", resp.StatusCode, name)
b := io.LimitReader(resp.Body, size)
body, err := ioutil.ReadAll(b)
if resp.ContentLength > 0 && int64(len(body)) < resp.ContentLength {
return nil, ErrShortRead{}
}
if err != nil {
return nil, err
}

View file

@ -31,7 +31,15 @@ type memoryStore struct {
}
func (m *memoryStore) GetMeta(name string, size int64) ([]byte, error) {
return m.meta[name], nil
d, ok := m.meta[name]
if ok {
if int64(len(d)) < size {
return d, nil
}
return d[:size], nil
} else {
return nil, ErrMetaNotFound{}
}
}
func (m *memoryStore) SetMeta(name string, meta []byte) error {