Elgato_dark/python-tuf
1
0
Fork 0
mirror of https://github.com/theupdateframework/python-tuf synced 2026-05-24 10:08:28 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Discuss the special case where metadata is marked obselete and deleted

Browse source 
Also document the assumption that the metadata store is the latest and exists in _update_metadata()

Signed-off-by: Vladimir Diaz <vladimir.v.diaz@gmail.com>
This commit is contained in:
Vladimir Diaz 2018-06-08 10:20:34 -04:00
parent e18d3db1db
commit 47dbdbaf5c
No known key found for this signature in database
GPG key ID: 5DEE9B97B0E2289A
1 changed files with 13 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
tuf/client/updater.py
View file

@ -1081,16 +1081,19 @@ def refresh(self, unsafely_update_root_if_necessary=True):
# do we blindly trust the downloaded root metadata here?
self._update_root_metadata(root_metadata)
# Ensure the role and key information of the top-level roles is updated.
# We do this whether or not root needed to be updated, in order to ensure
# that, e.g., the entries in roledb for top-level roles are populated with
# expected keyid info so that roles can be validated. See Issue #736.
# Ensure that the role and key information of the top-level roles is the
# latest. We do this whether or not Root needed to be updated, in order to
# ensure that, e.g., the entries in roledb for top-level roles are
# populated with expected keyid info so that roles can be validated. In
# certain circumstances, top-level metadata might be missing because it was
# marked obsolete and deleted after a failed attempt. See Issue #736.
self._rebuild_key_and_role_db()
self.consistent_snapshot = self.metadata['current']['root']['consistent_snapshot']
# Use default but sane information for timestamp metadata, and do not
# require strict checks on its required length.
self._update_metadata('timestamp', DEFAULT_TIMESTAMP_UPPERLENGTH)
# TODO: After fetching snapshot.json, we should either verify the root
# fileinfo referenced there matches what was fetched earlier in
# _update_root_metadata() or make another attempt to download root.json.
@ -1670,10 +1673,12 @@ def _update_metadata(self, metadata_role, upperbound_filelength, version=None):
"""
<Purpose>
Non-public method that downloads, verifies, and 'installs' the metadata
belonging to 'metadata_role'. Calling this method implies the metadata
has been updated by the repository and thus needs to be re-downloaded.
The current and previous metadata stores are updated if the newly
downloaded metadata is successfully downloaded and verified.
belonging to 'metadata_role'. Calling this method implies that the
'metadata_role' on the repository is newer than the client's, and thus
needs to be re-downloaded. The current and previous metadata stores are
updated if the newly downloaded metadata is successfully downloaded and
verified. This method also assumes that the store of top-level metadata
is the latest and exists.
<Arguments>
metadata_role: