2017-01-11 15:48:40 +00:00
|
|
|
#!/usr/bin/env python
|
|
|
|
|
|
2017-11-30 18:23:38 +00:00
|
|
|
# Copyright 2017, New York University and the TUF contributors
|
|
|
|
|
# SPDX-License-Identifier: MIT OR Apache-2.0
|
|
|
|
|
|
2013-01-31 18:54:15 +00:00
|
|
|
"""
|
|
|
|
|
<Program Name>
|
2016-11-01 19:38:40 +00:00
|
|
|
settings.py
|
2013-01-31 18:54:15 +00:00
|
|
|
|
|
|
|
|
<Author>
|
|
|
|
|
Vladimir Diaz <vladimir.v.diaz@gmail.com>
|
|
|
|
|
|
|
|
|
|
<Started>
|
2017-01-11 15:48:40 +00:00
|
|
|
January 11, 2017
|
2013-01-31 18:54:15 +00:00
|
|
|
|
|
|
|
|
<Copyright>
|
2018-02-05 16:31:19 +00:00
|
|
|
See LICENSE-MIT OR LICENSE for licensing information.
|
2013-01-31 18:54:15 +00:00
|
|
|
|
|
|
|
|
<Purpose>
|
2017-01-11 15:48:40 +00:00
|
|
|
A central location for TUF configuration settings. Example options include
|
|
|
|
|
setting the destination of temporary files and downloaded content, the maximum
|
|
|
|
|
length of downloaded metadata (unknown file attributes), and download
|
|
|
|
|
behavior.
|
2013-01-31 18:54:15 +00:00
|
|
|
"""
|
|
|
|
|
|
2014-04-29 18:27:34 +00:00
|
|
|
# Help with Python 3 compatibility, where the print statement is a function, an
|
|
|
|
|
# implicit relative import is invalid, and the '/' operator performs true
|
|
|
|
|
# division. Example: print 'hello world' raises a 'SyntaxError' exception.
|
|
|
|
|
from __future__ import print_function
|
|
|
|
|
from __future__ import absolute_import
|
|
|
|
|
from __future__ import division
|
|
|
|
|
from __future__ import unicode_literals
|
|
|
|
|
|
2017-01-11 15:48:40 +00:00
|
|
|
|
2013-01-31 18:54:15 +00:00
|
|
|
# Set a directory that should be used for all temporary files. If this
|
|
|
|
|
# is None, then the system default will be used. The system default
|
|
|
|
|
# will also be used if a directory path set here is invalid or
|
|
|
|
|
# unusable.
|
|
|
|
|
temporary_directory = None
|
|
|
|
|
|
2017-02-03 15:31:20 +00:00
|
|
|
# Set a local directory to store metadata that is requested from mirrors. This
|
|
|
|
|
# directory contains subdirectories for different repositories, where each
|
|
|
|
|
# subdirectory contains a different set of metadata. For example:
|
|
|
|
|
# tuf.settings.repositories_directory = /tmp/repositories. The root file for a
|
|
|
|
|
# repository named 'django_repo' can be found at:
|
|
|
|
|
# /tmp/repositories/django_repo/metadata/current/root.METADATA_EXTENSION
|
|
|
|
|
repositories_directory = None
|
|
|
|
|
|
2016-01-14 22:25:08 +00:00
|
|
|
# The 'log.py' module manages TUF's logging system. Users have the option to
|
2018-06-14 15:46:09 +00:00
|
|
|
# enable/disable logging to a file via 'ENABLE_FILE_LOGGING', or
|
|
|
|
|
# tuf.log.enable_file_logging() and tuf.log.disable_file_logging().
|
|
|
|
|
ENABLE_FILE_LOGGING = False
|
2016-01-14 22:25:08 +00:00
|
|
|
|
|
|
|
|
# If file logging is enabled via 'ENABLE_FILE_LOGGING', TUF log messages will
|
|
|
|
|
# be saved to 'LOG_FILENAME'
|
|
|
|
|
LOG_FILENAME = 'tuf.log'
|
|
|
|
|
|
2013-08-06 17:40:24 +00:00
|
|
|
# Since the timestamp role does not have signed metadata about itself, we set a
|
|
|
|
|
# default but sane upper bound for the number of bytes required to download it.
|
2013-12-03 21:46:24 +00:00
|
|
|
DEFAULT_TIMESTAMP_REQUIRED_LENGTH = 16384 #bytes
|
2013-08-20 07:48:29 +00:00
|
|
|
|
2015-10-15 13:49:32 +00:00
|
|
|
# The Root role may be updated without knowing its version if top-level
|
|
|
|
|
# metadata cannot be safely downloaded (e.g., keys may have been revoked, thus
|
|
|
|
|
# requiring a new Root file that includes the updated keys). Set a default
|
|
|
|
|
# upper bound for the maximum total bytes that may be downloaded for Root
|
|
|
|
|
# metadata.
|
Address Issues #165, #158, and #147.
Issue 147: Finalize conversion of all written metadata behavior. This commit ensures that compressed and uncompressed metadata is also written as outlined in the issue.
Issue 158: As requested, updater.refresh() may now unsafely fetch (i.e., unknown file size and hash) Root metadata if valid top-level metadata cannot be downloaded successfully (e.g., top-level keys may have been revoked). The repository must also sign the new Root file (at least until all clients have updated) with any revoked keys so that clients may successfully update. After unsafely updating Root, the top-level metadata is updated again as normal (and only once to avoid an infinite loop). By default, refresh() unsafely updates Root if only invalid top-level metadata can be downloaded, although this behavior may be overriden by the caller if they wish. Changed default behavior: refresh(self, unsafely_update_root_if_necessary=True)
Issue 165: Delegated roles are no longer added as attributes of a Targets object by libtuf.py (e.g., repository.targets.delegated_role). The previous bahavior restricted rolenames to Python identifiers (i.e., can only include letters, numbers, the underscore character, and must start with a nonnumeric character). Now, delegated roles may be referenced as strings (e.g., repository.targets('recently-claimed')) and include characters other than '_'. In addition, methods have been added to return all the delegated rolesnames of a target (e.g., repository.targets.get_delegated_rolenames()) and the immediate delegated Target objects of a role. Previous behavior: repository.targets.unclaimed.django.version = 8
Current behavior: repository.targets('unclaimed')('django').version = 8.
2014-01-02 17:18:44 +00:00
|
|
|
DEFAULT_ROOT_REQUIRED_LENGTH = 512000 #bytes
|
|
|
|
|
|
2015-10-27 21:04:29 +00:00
|
|
|
# Set a default, but sane, upper bound for the number of bytes required to
|
2015-10-15 13:49:32 +00:00
|
|
|
# download Snapshot metadata.
|
2017-01-09 21:55:34 +00:00
|
|
|
DEFAULT_SNAPSHOT_REQUIRED_LENGTH = 2000000 #bytes
|
2015-10-15 13:49:32 +00:00
|
|
|
|
2015-10-27 21:04:29 +00:00
|
|
|
# Set a default, but sane, upper bound for the number of bytes required to
|
2015-10-15 13:49:32 +00:00
|
|
|
# download Targets metadata.
|
2017-01-09 21:55:34 +00:00
|
|
|
DEFAULT_TARGETS_REQUIRED_LENGTH = 5000000 #bytes
|
2015-10-15 13:49:32 +00:00
|
|
|
|
2013-09-03 16:52:47 +00:00
|
|
|
# Set a timeout value in seconds (float) for non-blocking socket operations.
|
2018-10-02 19:01:38 +00:00
|
|
|
SOCKET_TIMEOUT = 4 #seconds
|
2013-09-03 16:52:47 +00:00
|
|
|
|
|
|
|
|
# The maximum chunk of data, in bytes, we would download in every round.
|
2018-05-21 15:59:30 +00:00
|
|
|
CHUNK_SIZE = 400000 #bytes
|
2013-09-03 16:52:47 +00:00
|
|
|
|
2016-10-10 21:34:00 +00:00
|
|
|
# The minimum average download speed (bytes/second) that must be met to
|
2013-09-09 15:39:39 +00:00
|
|
|
# avoid being considered as a slow retrieval attack.
|
2018-05-21 15:59:30 +00:00
|
|
|
MIN_AVERAGE_DOWNLOAD_SPEED = 50 #bytes/second
|
2013-09-09 15:39:39 +00:00
|
|
|
|
2016-02-19 22:44:21 +00:00
|
|
|
# By default, limit number of delegatees we visit for any target.
|
|
|
|
|
MAX_NUMBER_OF_DELEGATIONS = 2**5
|
2016-10-24 14:44:08 +00:00
|
|
|
|
2016-10-26 15:52:59 +00:00
|
|
|
# This configuration is for indicating how consistent files should be created.
|
|
|
|
|
# There are two options: "copy" and "hard_link". For "copy", the consistent
|
|
|
|
|
# file with be a copy of root.json. This approach will require the most disk
|
|
|
|
|
# space out of the two options. For "hard_link", the latest root.json will be
|
|
|
|
|
# a hard link to 2.root.json (for example). This approach is more efficient in
|
|
|
|
|
# terms of disk space usage. By default, we use 'copy'.
|
|
|
|
|
CONSISTENT_METHOD = 'copy'
|
2017-04-24 20:38:04 +00:00
|
|
|
|
2017-06-14 19:18:11 +00:00
|
|
|
# A setting for the instances where a default hashing algorithm is needed.
|
|
|
|
|
# This setting is currently used to calculate the path hash prefixes of hashed
|
|
|
|
|
# bin delegations. The other instances (e.g., digest of files) that require a
|
|
|
|
|
# hashing algorithm rely on settings in the securesystemslib external library.
|
2017-04-24 20:38:04 +00:00
|
|
|
DEFAULT_HASH_ALGORITHM = 'sha256'
|
2018-03-27 18:41:33 +00:00
|
|
|
|
|
|
|
|
# The client's update procedure (contained within a while-loop) can potentially
|
|
|
|
|
# hog the CPU. The following setting can be used to force the update sequence
|
|
|
|
|
# to suspend execution for a specified amount of time. See
|
|
|
|
|
# theupdateframework/tuf/issue#338.
|
|
|
|
|
SLEEP_BEFORE_ROUND = None
|