Merge pull request #17219 from endophage/gotuf_bugfixes

some bugfixes on getting tuf files
This commit is contained in:
Jess Frazelle 2015-10-20 18:13:19 -07:00
commit 967e49bdbc
5 changed files with 29 additions and 18 deletions

View file

@ -43,7 +43,7 @@ clone git github.com/docker/distribution 20c4b7a1805a52753dfd593ee1cc35558722a0c
clone git github.com/vbatts/tar-split v0.9.10 clone git github.com/vbatts/tar-split v0.9.10
clone git github.com/docker/notary 089d8450d8928aa1c58fd03f09cabbde9bcb4590 clone git github.com/docker/notary 089d8450d8928aa1c58fd03f09cabbde9bcb4590
clone git github.com/endophage/gotuf 876c31a61bc4aa0dae09bb8ef3946dc26dd04924 clone git github.com/endophage/gotuf 2df1c8e0a7b7e10ae2113bf37aaa1bf1c1de8cc5
clone git github.com/jfrazelle/go 6e461eb70cb4187b41a84e9a567d7137bdbe0f16 clone git github.com/jfrazelle/go 6e461eb70cb4187b41a84e9a567d7137bdbe0f16
clone git github.com/agl/ed25519 d2b94fd789ea21d12fac1a4443dd3a3f79cda72c clone git github.com/agl/ed25519 d2b94fd789ea21d12fac1a4443dd3a3f79cda72c

View file

@ -261,8 +261,7 @@ func (c *Client) downloadTimestamp() error {
} }
// unlike root, targets and snapshot, always try and download timestamps // unlike root, targets and snapshot, always try and download timestamps
// from remote, only using the cache one if we couldn't reach remote. // from remote, only using the cache one if we couldn't reach remote.
raw, err := c.remote.GetMeta(role, maxSize) raw, s, err := c.downloadSigned(role, maxSize, nil)
var s *data.Signed
if err != nil || len(raw) == 0 { if err != nil || len(raw) == 0 {
if err, ok := err.(store.ErrMetaNotFound); ok { if err, ok := err.(store.ErrMetaNotFound); ok {
return err return err
@ -279,11 +278,6 @@ func (c *Client) downloadTimestamp() error {
s = old s = old
} else { } else {
download = true download = true
s = &data.Signed{}
err = json.Unmarshal(raw, s)
if err != nil {
return err
}
} }
err = signed.Verify(s, role, version, c.keysDB) err = signed.Verify(s, role, version, c.keysDB)
if err != nil { if err != nil {
@ -305,10 +299,13 @@ func (c *Client) downloadTimestamp() error {
func (c *Client) downloadSnapshot() error { func (c *Client) downloadSnapshot() error {
logrus.Debug("downloadSnapshot") logrus.Debug("downloadSnapshot")
role := data.RoleName("snapshot") role := data.RoleName("snapshot")
if c.local.Timestamp == nil {
return ErrMissingMeta{role: "snapshot"}
}
size := c.local.Timestamp.Signed.Meta[role].Length size := c.local.Timestamp.Signed.Meta[role].Length
expectedSha256, ok := c.local.Timestamp.Signed.Meta[role].Hashes["sha256"] expectedSha256, ok := c.local.Timestamp.Signed.Meta[role].Hashes["sha256"]
if !ok { if !ok {
return fmt.Errorf("Sha256 is currently the only hash supported by this client. No Sha256 found for snapshot") return ErrMissingMeta{role: "snapshot"}
} }
var download bool var download bool
@ -373,6 +370,9 @@ func (c *Client) downloadSnapshot() error {
// including delegates roles. // including delegates roles.
func (c *Client) downloadTargets(role string) error { func (c *Client) downloadTargets(role string) error {
role = data.RoleName(role) // this will really only do something for base targets role role = data.RoleName(role) // this will really only do something for base targets role
if c.local.Snapshot == nil {
return ErrMissingMeta{role: role}
}
snap := c.local.Snapshot.Signed snap := c.local.Snapshot.Signed
root := c.local.Root.Signed root := c.local.Root.Signed
r := c.keysDB.GetRole(role) r := c.keysDB.GetRole(role)
@ -398,13 +398,12 @@ func (c *Client) downloadTargets(role string) error {
} }
func (c *Client) downloadSigned(role string, size int64, expectedSha256 []byte) ([]byte, *data.Signed, error) { func (c *Client) downloadSigned(role string, size int64, expectedSha256 []byte) ([]byte, *data.Signed, error) {
logrus.Debugf("downloading new %s", role)
raw, err := c.remote.GetMeta(role, size) raw, err := c.remote.GetMeta(role, size)
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
} }
genHash := sha256.Sum256(raw) genHash := sha256.Sum256(raw)
if !bytes.Equal(genHash[:], expectedSha256) { if expectedSha256 != nil && !bytes.Equal(genHash[:], expectedSha256) {
return nil, nil, ErrChecksumMismatch{role: role} return nil, nil, ErrChecksumMismatch{role: role}
} }
s := &data.Signed{} s := &data.Signed{}
@ -419,11 +418,11 @@ func (c Client) GetTargetsFile(role string, keyIDs []string, snapshotMeta data.F
// require role exists in snapshots // require role exists in snapshots
roleMeta, ok := snapshotMeta[role] roleMeta, ok := snapshotMeta[role]
if !ok { if !ok {
return nil, fmt.Errorf("Snapshot does not contain target role") return nil, ErrMissingMeta{role: role}
} }
expectedSha256, ok := snapshotMeta[role].Hashes["sha256"] expectedSha256, ok := snapshotMeta[role].Hashes["sha256"]
if !ok { if !ok {
return nil, fmt.Errorf("Sha256 is currently the only hash supported by this client. No Sha256 found for targets role %s", role) return nil, ErrMissingMeta{role: role}
} }
// try to get meta file from content addressed cache // try to get meta file from content addressed cache

View file

@ -18,6 +18,14 @@ func (e ErrChecksumMismatch) Error() string {
return fmt.Sprintf("tuf: checksum for %s did not match", e.role) return fmt.Sprintf("tuf: checksum for %s did not match", e.role)
} }
type ErrMissingMeta struct {
role string
}
func (e ErrMissingMeta) Error() string {
return fmt.Sprintf("tuf: sha256 checksum required for %s", e.role)
}
type ErrMissingRemoteMetadata struct { type ErrMissingRemoteMetadata struct {
Name string Name string
} }

View file

@ -99,10 +99,6 @@ func (s HTTPStore) GetMeta(name string, size int64) ([]byte, error) {
logrus.Debugf("%d when retrieving metadata for %s", resp.StatusCode, name) logrus.Debugf("%d when retrieving metadata for %s", resp.StatusCode, name)
b := io.LimitReader(resp.Body, size) b := io.LimitReader(resp.Body, size)
body, err := ioutil.ReadAll(b) body, err := ioutil.ReadAll(b)
if resp.ContentLength > 0 && int64(len(body)) < resp.ContentLength {
return nil, ErrShortRead{}
}
if err != nil { if err != nil {
return nil, err return nil, err
} }

View file

@ -31,7 +31,15 @@ type memoryStore struct {
} }
func (m *memoryStore) GetMeta(name string, size int64) ([]byte, error) { func (m *memoryStore) GetMeta(name string, size int64) ([]byte, error) {
return m.meta[name], nil d, ok := m.meta[name]
if ok {
if int64(len(d)) < size {
return d, nil
}
return d[:size], nil
} else {
return nil, ErrMetaNotFound{}
}
} }
func (m *memoryStore) SetMeta(name string, meta []byte) error { func (m *memoryStore) SetMeta(name string, meta []byte) error {