2013-01-31 18:54:15 +00:00
|
|
|
"""
|
|
|
|
|
<Program Name>
|
|
|
|
|
conf.py
|
|
|
|
|
|
|
|
|
|
<Author>
|
|
|
|
|
Vladimir Diaz <vladimir.v.diaz@gmail.com>
|
|
|
|
|
|
|
|
|
|
<Started>
|
|
|
|
|
April 4, 2012. Based a previous version by Geremy Condra.
|
|
|
|
|
|
|
|
|
|
<Copyright>
|
|
|
|
|
See LICENSE for licensing information.
|
|
|
|
|
|
|
|
|
|
<Purpose>
|
2014-01-04 20:42:34 +00:00
|
|
|
A central location for TUF configuration settings. Example options include
|
|
|
|
|
setting the destination of temporary files and downloaded content, the maximum
|
|
|
|
|
length of downloaded metadata (unknown file attributes), download behavior,
|
|
|
|
|
and cryptography libraries clients wish to use.
|
2013-01-31 18:54:15 +00:00
|
|
|
"""
|
|
|
|
|
|
2014-04-29 18:27:34 +00:00
|
|
|
# Help with Python 3 compatibility, where the print statement is a function, an
|
|
|
|
|
# implicit relative import is invalid, and the '/' operator performs true
|
|
|
|
|
# division. Example: print 'hello world' raises a 'SyntaxError' exception.
|
|
|
|
|
from __future__ import print_function
|
|
|
|
|
from __future__ import absolute_import
|
|
|
|
|
from __future__ import division
|
|
|
|
|
from __future__ import unicode_literals
|
|
|
|
|
|
2013-01-31 18:54:15 +00:00
|
|
|
# Set a directory that should be used for all temporary files. If this
|
|
|
|
|
# is None, then the system default will be used. The system default
|
|
|
|
|
# will also be used if a directory path set here is invalid or
|
|
|
|
|
# unusable.
|
|
|
|
|
temporary_directory = None
|
|
|
|
|
|
|
|
|
|
# The directory under which metadata for all repositories will be
|
|
|
|
|
# stored. This is not a simple cache because each repository's root of
|
2014-01-27 16:35:38 +00:00
|
|
|
# trust (root.json) will need to already be stored below here and should
|
2013-01-31 18:54:15 +00:00
|
|
|
# not be deleted. At a minimum, each key in the mirrors dictionary
|
|
|
|
|
# below should have a directory under 'repository_directory'
|
|
|
|
|
# which already exists and within that directory should have the file
|
2014-01-27 16:35:38 +00:00
|
|
|
# 'metadata/current/root.json'. This MUST be set.
|
2013-01-31 18:54:15 +00:00
|
|
|
repository_directory = None
|
2013-03-04 23:01:15 +00:00
|
|
|
|
2013-03-05 00:54:41 +00:00
|
|
|
# A PEM (RFC 1422) file where you may find SSL certificate authorities
|
2013-03-04 23:01:15 +00:00
|
|
|
# https://en.wikipedia.org/wiki/Certificate_authority
|
|
|
|
|
# http://docs.python.org/2/library/ssl.html#certificates
|
2013-03-05 00:54:41 +00:00
|
|
|
ssl_certificates = None
|
2013-07-23 07:18:11 +00:00
|
|
|
|
2016-01-14 22:25:08 +00:00
|
|
|
# The 'log.py' module manages TUF's logging system. Users have the option to
|
|
|
|
|
# enable/disable logging to a file via 'ENABLE_FILE_LOGGING'
|
|
|
|
|
ENABLE_FILE_LOGGING = True
|
|
|
|
|
|
|
|
|
|
# If file logging is enabled via 'ENABLE_FILE_LOGGING', TUF log messages will
|
|
|
|
|
# be saved to 'LOG_FILENAME'
|
|
|
|
|
LOG_FILENAME = 'tuf.log'
|
|
|
|
|
|
2013-08-06 17:40:24 +00:00
|
|
|
# Since the timestamp role does not have signed metadata about itself, we set a
|
|
|
|
|
# default but sane upper bound for the number of bytes required to download it.
|
2013-12-03 21:46:24 +00:00
|
|
|
DEFAULT_TIMESTAMP_REQUIRED_LENGTH = 16384 #bytes
|
2013-08-20 07:48:29 +00:00
|
|
|
|
2015-10-15 13:49:32 +00:00
|
|
|
# The Root role may be updated without knowing its version if top-level
|
|
|
|
|
# metadata cannot be safely downloaded (e.g., keys may have been revoked, thus
|
|
|
|
|
# requiring a new Root file that includes the updated keys). Set a default
|
|
|
|
|
# upper bound for the maximum total bytes that may be downloaded for Root
|
|
|
|
|
# metadata.
|
Address Issues #165, #158, and #147.
Issue 147: Finalize conversion of all written metadata behavior. This commit ensures that compressed and uncompressed metadata is also written as outlined in the issue.
Issue 158: As requested, updater.refresh() may now unsafely fetch (i.e., unknown file size and hash) Root metadata if valid top-level metadata cannot be downloaded successfully (e.g., top-level keys may have been revoked). The repository must also sign the new Root file (at least until all clients have updated) with any revoked keys so that clients may successfully update. After unsafely updating Root, the top-level metadata is updated again as normal (and only once to avoid an infinite loop). By default, refresh() unsafely updates Root if only invalid top-level metadata can be downloaded, although this behavior may be overriden by the caller if they wish. Changed default behavior: refresh(self, unsafely_update_root_if_necessary=True)
Issue 165: Delegated roles are no longer added as attributes of a Targets object by libtuf.py (e.g., repository.targets.delegated_role). The previous bahavior restricted rolenames to Python identifiers (i.e., can only include letters, numbers, the underscore character, and must start with a nonnumeric character). Now, delegated roles may be referenced as strings (e.g., repository.targets('recently-claimed')) and include characters other than '_'. In addition, methods have been added to return all the delegated rolesnames of a target (e.g., repository.targets.get_delegated_rolenames()) and the immediate delegated Target objects of a role. Previous behavior: repository.targets.unclaimed.django.version = 8
Current behavior: repository.targets('unclaimed')('django').version = 8.
2014-01-02 17:18:44 +00:00
|
|
|
DEFAULT_ROOT_REQUIRED_LENGTH = 512000 #bytes
|
|
|
|
|
|
2015-10-27 21:04:29 +00:00
|
|
|
# Set a default, but sane, upper bound for the number of bytes required to
|
2015-10-15 13:49:32 +00:00
|
|
|
# download Snapshot metadata.
|
|
|
|
|
DEFAULT_SNAPSHOT_REQUIRED_LENGTH = 2000000 #bytes
|
|
|
|
|
|
2015-10-27 21:04:29 +00:00
|
|
|
# Set a default, but sane, upper bound for the number of bytes required to
|
2015-10-15 13:49:32 +00:00
|
|
|
# download Targets metadata.
|
|
|
|
|
DEFAULT_TARGETS_REQUIRED_LENGTH = 5000000 #bytes
|
|
|
|
|
|
2013-09-03 16:52:47 +00:00
|
|
|
# Set a timeout value in seconds (float) for non-blocking socket operations.
|
2014-05-12 02:59:42 +00:00
|
|
|
SOCKET_TIMEOUT = 2 #seconds
|
2013-09-03 16:52:47 +00:00
|
|
|
|
|
|
|
|
# The maximum chunk of data, in bytes, we would download in every round.
|
2013-09-08 06:14:22 +00:00
|
|
|
CHUNK_SIZE = 8192 #bytes
|
2013-09-03 16:52:47 +00:00
|
|
|
|
2013-09-09 15:39:39 +00:00
|
|
|
# The minimum average of download speed (bytes/second) that must be met to
|
|
|
|
|
# avoid being considered as a slow retrieval attack.
|
|
|
|
|
MIN_AVERAGE_DOWNLOAD_SPEED = CHUNK_SIZE #bytes/second
|
|
|
|
|
|
|
|
|
|
# The time (in seconds) we ignore a server with a slow initial retrieval speed.
|
2014-05-13 16:53:50 +00:00
|
|
|
SLOW_START_GRACE_PERIOD = 3 #seconds
|
2013-09-03 16:52:47 +00:00
|
|
|
|
2013-09-12 16:50:11 +00:00
|
|
|
# The current "good enough" number of PBKDF2 passphrase iterations.
|
|
|
|
|
# We recommend that important keys, such as root, be kept offline.
|
|
|
|
|
# 'tuf.conf.PBKDF2_ITERATIONS' should increase as CPU speeds increase, set here
|
|
|
|
|
# at 100,000 iterations by default (in 2013). The repository maintainer may opt
|
|
|
|
|
# to modify the default setting according to their security needs and
|
|
|
|
|
# computational restrictions. A strong user password is still important.
|
|
|
|
|
# Modifying the number of iterations will result in a new derived key+PBDKF2
|
|
|
|
|
# combination if the key is loaded and re-saved, overriding any previous
|
2013-12-16 13:45:40 +00:00
|
|
|
# iteration setting used in the old '<keyid>' key file.
|
2013-09-12 16:50:11 +00:00
|
|
|
# https://en.wikipedia.org/wiki/PBKDF2
|
|
|
|
|
PBKDF2_ITERATIONS = 100000
|
2013-10-08 17:09:59 +00:00
|
|
|
|
2016-01-21 21:11:56 +00:00
|
|
|
# The client, or the software updater that is integrating TUF, may set the
|
|
|
|
|
# specific cryptography library used by The Update Framework updater. Only a
|
|
|
|
|
# subset of the supported crypto libraries are used for general-purpose
|
|
|
|
|
# cryptography (PyCrypto and PyCA Cryptography).
|
2015-08-26 21:27:15 +00:00
|
|
|
|
2016-01-21 21:11:56 +00:00
|
|
|
# Supported cryptography libraries that can be used to generate and verify RSA
|
|
|
|
|
# keys and signatures: ['pycrypto', 'pyca-cryptography']
|
2015-07-30 14:19:44 +00:00
|
|
|
RSA_CRYPTO_LIBRARY = 'pyca-cryptography'
|
2013-10-10 16:19:46 +00:00
|
|
|
|
2016-01-21 21:11:56 +00:00
|
|
|
# Supported Ed25519 cryptography libraries: ['pynacl', 'ed25519']
|
2014-01-04 20:42:34 +00:00
|
|
|
ED25519_CRYPTO_LIBRARY = 'ed25519'
|
2013-12-09 16:11:23 +00:00
|
|
|
|
2015-07-30 14:19:44 +00:00
|
|
|
# General purpose cryptography. Algorithms and functions that fall under
|
|
|
|
|
# general purpose include AES, PBKDF2, cryptographically strong random number
|
2013-12-09 16:11:23 +00:00
|
|
|
# generators, and cryptographic hash functions. The majority of the general
|
|
|
|
|
# cryptography is needed by the repository and developer tools.
|
|
|
|
|
# RSA_CRYPTO_LIBRARY and ED25519_CRYPTO_LIBRARY are needed on the client side
|
|
|
|
|
# of the software updater.
|
2016-01-21 21:11:56 +00:00
|
|
|
# Supported libraries for general-purpose cryptography: ['pycrypto',
|
|
|
|
|
# 'pyca-cryptography']
|
2015-08-05 18:51:27 +00:00
|
|
|
GENERAL_CRYPTO_LIBRARY = 'pyca-cryptography'
|
Finish initial implementation of Issue #151 and reading consistent snapshots.
Support multiple hash algorithms, where the generated digests of metadata and
target files is included in metadata (and filenames if 'consistent_snapshots'
is True). Previously, only a single hash algorithm was supported, and it was
set by default to 'sha256' in code. Repository maintainers may now choose any,
and/or multiple, hash algorithms from those supported by TUF. By default,
'sha256' is used when generating digests.
Support the recent change to the TUF specification, where writing consistent
snapshots may include N versions of identical metadata and targets, if N hash
algorithms is used by the repository when generating metadata.
Update code affected by the recent changes to the specification, such as
targets that may include digests in their filename.
Support consistent snapshots of compressed metadata, including repositories
that provide multiple versions of metadata with different digests included
in their filenames.
The repository tools can now load repositories that include consistent snapshots
of metadata and targets, including those with multiple (i.e., multiple digests
prepended to filenames) consistent snapshots of files.
The client code may now read repositories with 'consistent_snapshots': true in
Root metadata, and properly request and update files with digests included.
2014-01-17 16:05:40 +00:00
|
|
|
|
2015-07-30 14:19:44 +00:00
|
|
|
# The algorithm(s) in REPOSITORY_HASH_ALGORITHMS are chosen by the repository
|
|
|
|
|
# tool to generate the digests listed in metadata and prepended to the
|
|
|
|
|
# filenames of consistent snapshots.
|
2014-01-23 17:03:31 +00:00
|
|
|
REPOSITORY_HASH_ALGORITHMS = ['sha256']
|
2015-05-04 19:34:22 +00:00
|
|
|
|
|
|
|
|
# Software updaters that integrate the framework are required to specify
|
|
|
|
|
# the URL prefix for the mirrors that clients can contact to download updates.
|
|
|
|
|
# The following URI schemes are those that download.py support. By default,
|
|
|
|
|
# the ['http', 'https'] URI schemes are supported, but may be modified by
|
|
|
|
|
# integrators to schemes that they wish to support for their integration.
|
|
|
|
|
SUPPORTED_URI_SCHEMES = ['http', 'https']
|
2016-02-19 22:44:21 +00:00
|
|
|
|
|
|
|
|
# By default, limit number of delegatees we visit for any target.
|
|
|
|
|
MAX_NUMBER_OF_DELEGATIONS = 2**5
|
|
|
|
|
|