From 91480c86285d682c59f76e1381dd32ae95192ced Mon Sep 17 00:00:00 2001 From: Vladimir Diaz Date: Tue, 29 Apr 2014 08:15:18 -0400 Subject: [PATCH] Edit updater.refresh() and install of compressed metadata. 1. Raise an exception for clients that do not wish to automatically fetch a Root file when an expired version is loaded from disk. 2. Properly 'install' compressed metadata downloaded. The compressed version of the rolename was added to the fileinfo store, which prevented detection of changed metadata and would unintentionally cause compressed metadata to always refresh (only the fileinfo of uncompressed metadata is stored and compared.) 3. Rename unsafely_verify_compressed_metadata_file() variable names, so that they match the other verify functions. --- tuf/client/updater.py | 29 +++++++++++++++++------------ 1 file changed, 17 insertions(+), 12 deletions(-) diff --git a/tuf/client/updater.py b/tuf/client/updater.py index c0c82e8b..726ce482 100755 --- a/tuf/client/updater.py +++ b/tuf/client/updater.py @@ -615,18 +615,23 @@ def refresh(self, unsafely_update_root_if_necessary=True): # 'unsafely_update_root_if_necessary' is True, update an expired Root role # now. Updating the other top-level roles, regardless of their validity, # should only occur if the root of trust is up-to-date. - if unsafely_update_root_if_necessary: - root_metadata = self.metadata['current']['root'] - try: - self._ensure_not_expired(root_metadata, 'root') - - except tuf.ExpiredMetadataError as e: - # Raise 'tuf.NoWorkingMirrorError' if a valid (not expired, properly - # signed, and valid metadata) 'root' cannot be installed. + root_metadata = self.metadata['current']['root'] + try: + self._ensure_not_expired(root_metadata, 'root') + + except tuf.ExpiredMetadataError as e: + # Raise 'tuf.NoWorkingMirrorError' if a valid (not expired, properly + # signed, and valid metadata) 'root' cannot be installed. + if unsafely_update_root_if_necessary: message = \ 'Expired Root metadata was loaded from disk. Try to update it now.' logger.info(message) self._update_metadata('root', DEFAULT_ROOT_FILEINFO) + + # The caller explicitly requested not to unsafely fetch an expired Root. + else: + logger.info('An expired Root metadata was loaded and must be updated.') + raise # Use default but sane information for timestamp metadata, and do not # require strict checks on its required length. @@ -1009,9 +1014,9 @@ def unsafely_verify_uncompressed_metadata_file(metadata_file_object): self._verify_uncompressed_metadata_file(metadata_file_object, metadata_role) - def unsafely_verify_compressed_metadata_file(metadata_signable): - self._hard_check_file_length(metadata_signable, compressed_file_length) - self._check_hashes(metadata_signable, compressed_file_hashes) + def unsafely_verify_compressed_metadata_file(metadata_file_object): + self._hard_check_file_length(metadata_file_object, compressed_file_length) + self._check_hashes(metadata_file_object, compressed_file_hashes) if compression is None: unsafely_verify_compressed_metadata_file = None @@ -1372,7 +1377,7 @@ def _update_metadata(self, metadata_role, uncompressed_fileinfo, logger.debug('Updated '+repr(current_filepath)+'.') self.metadata['previous'][metadata_role] = current_metadata_object self.metadata['current'][metadata_role] = updated_metadata_object - self._update_fileinfo(metadata_filename) + self._update_fileinfo(uncompressed_metadata_filename) # Ensure the role and key information of the top-level roles is also updated # according to the newly-installed Root metadata.