some bugfixes on getting tuf files, this is backed by a lot of new unit tests in gotuf
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
This commit is contained in:
parent
3957368eff
commit
43ba8a0426
5 changed files with 29 additions and 18 deletions
|
@ -43,7 +43,7 @@ clone git github.com/docker/distribution 20c4b7a1805a52753dfd593ee1cc35558722a0c
|
|||
clone git github.com/vbatts/tar-split v0.9.10
|
||||
|
||||
clone git github.com/docker/notary 089d8450d8928aa1c58fd03f09cabbde9bcb4590
|
||||
clone git github.com/endophage/gotuf 876c31a61bc4aa0dae09bb8ef3946dc26dd04924
|
||||
clone git github.com/endophage/gotuf 2df1c8e0a7b7e10ae2113bf37aaa1bf1c1de8cc5
|
||||
clone git github.com/jfrazelle/go 6e461eb70cb4187b41a84e9a567d7137bdbe0f16
|
||||
clone git github.com/agl/ed25519 d2b94fd789ea21d12fac1a4443dd3a3f79cda72c
|
||||
|
||||
|
|
|
@ -261,8 +261,7 @@ func (c *Client) downloadTimestamp() error {
|
|||
}
|
||||
// unlike root, targets and snapshot, always try and download timestamps
|
||||
// from remote, only using the cache one if we couldn't reach remote.
|
||||
raw, err := c.remote.GetMeta(role, maxSize)
|
||||
var s *data.Signed
|
||||
raw, s, err := c.downloadSigned(role, maxSize, nil)
|
||||
if err != nil || len(raw) == 0 {
|
||||
if err, ok := err.(store.ErrMetaNotFound); ok {
|
||||
return err
|
||||
|
@ -279,11 +278,6 @@ func (c *Client) downloadTimestamp() error {
|
|||
s = old
|
||||
} else {
|
||||
download = true
|
||||
s = &data.Signed{}
|
||||
err = json.Unmarshal(raw, s)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
err = signed.Verify(s, role, version, c.keysDB)
|
||||
if err != nil {
|
||||
|
@ -305,10 +299,13 @@ func (c *Client) downloadTimestamp() error {
|
|||
func (c *Client) downloadSnapshot() error {
|
||||
logrus.Debug("downloadSnapshot")
|
||||
role := data.RoleName("snapshot")
|
||||
if c.local.Timestamp == nil {
|
||||
return ErrMissingMeta{role: "snapshot"}
|
||||
}
|
||||
size := c.local.Timestamp.Signed.Meta[role].Length
|
||||
expectedSha256, ok := c.local.Timestamp.Signed.Meta[role].Hashes["sha256"]
|
||||
if !ok {
|
||||
return fmt.Errorf("Sha256 is currently the only hash supported by this client. No Sha256 found for snapshot")
|
||||
return ErrMissingMeta{role: "snapshot"}
|
||||
}
|
||||
|
||||
var download bool
|
||||
|
@ -373,6 +370,9 @@ func (c *Client) downloadSnapshot() error {
|
|||
// including delegates roles.
|
||||
func (c *Client) downloadTargets(role string) error {
|
||||
role = data.RoleName(role) // this will really only do something for base targets role
|
||||
if c.local.Snapshot == nil {
|
||||
return ErrMissingMeta{role: role}
|
||||
}
|
||||
snap := c.local.Snapshot.Signed
|
||||
root := c.local.Root.Signed
|
||||
r := c.keysDB.GetRole(role)
|
||||
|
@ -398,13 +398,12 @@ func (c *Client) downloadTargets(role string) error {
|
|||
}
|
||||
|
||||
func (c *Client) downloadSigned(role string, size int64, expectedSha256 []byte) ([]byte, *data.Signed, error) {
|
||||
logrus.Debugf("downloading new %s", role)
|
||||
raw, err := c.remote.GetMeta(role, size)
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
genHash := sha256.Sum256(raw)
|
||||
if !bytes.Equal(genHash[:], expectedSha256) {
|
||||
if expectedSha256 != nil && !bytes.Equal(genHash[:], expectedSha256) {
|
||||
return nil, nil, ErrChecksumMismatch{role: role}
|
||||
}
|
||||
s := &data.Signed{}
|
||||
|
@ -419,11 +418,11 @@ func (c Client) GetTargetsFile(role string, keyIDs []string, snapshotMeta data.F
|
|||
// require role exists in snapshots
|
||||
roleMeta, ok := snapshotMeta[role]
|
||||
if !ok {
|
||||
return nil, fmt.Errorf("Snapshot does not contain target role")
|
||||
return nil, ErrMissingMeta{role: role}
|
||||
}
|
||||
expectedSha256, ok := snapshotMeta[role].Hashes["sha256"]
|
||||
if !ok {
|
||||
return nil, fmt.Errorf("Sha256 is currently the only hash supported by this client. No Sha256 found for targets role %s", role)
|
||||
return nil, ErrMissingMeta{role: role}
|
||||
}
|
||||
|
||||
// try to get meta file from content addressed cache
|
||||
|
|
|
@ -18,6 +18,14 @@ func (e ErrChecksumMismatch) Error() string {
|
|||
return fmt.Sprintf("tuf: checksum for %s did not match", e.role)
|
||||
}
|
||||
|
||||
type ErrMissingMeta struct {
|
||||
role string
|
||||
}
|
||||
|
||||
func (e ErrMissingMeta) Error() string {
|
||||
return fmt.Sprintf("tuf: sha256 checksum required for %s", e.role)
|
||||
}
|
||||
|
||||
type ErrMissingRemoteMetadata struct {
|
||||
Name string
|
||||
}
|
||||
|
|
|
@ -99,10 +99,6 @@ func (s HTTPStore) GetMeta(name string, size int64) ([]byte, error) {
|
|||
logrus.Debugf("%d when retrieving metadata for %s", resp.StatusCode, name)
|
||||
b := io.LimitReader(resp.Body, size)
|
||||
body, err := ioutil.ReadAll(b)
|
||||
if resp.ContentLength > 0 && int64(len(body)) < resp.ContentLength {
|
||||
return nil, ErrShortRead{}
|
||||
}
|
||||
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
|
@ -31,7 +31,15 @@ type memoryStore struct {
|
|||
}
|
||||
|
||||
func (m *memoryStore) GetMeta(name string, size int64) ([]byte, error) {
|
||||
return m.meta[name], nil
|
||||
d, ok := m.meta[name]
|
||||
if ok {
|
||||
if int64(len(d)) < size {
|
||||
return d, nil
|
||||
}
|
||||
return d[:size], nil
|
||||
} else {
|
||||
return nil, ErrMetaNotFound{}
|
||||
}
|
||||
}
|
||||
|
||||
func (m *memoryStore) SetMeta(name string, meta []byte) error {
|
||||
|
|
Loading…
Reference in a new issue