mirror of
https://github.com/theupdateframework/python-tuf
synced 2026-05-24 10:08:28 +00:00
Log warning on UnsignedMetadataError in repository_lib
Except the UnsignedMetadataError generated by check_signable_object_format() and log a warning. When creating metadata objects on the repository side of TUF, a use case may exist where metadata is generated unsigned on one machine and signed on another. Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
This commit is contained in:
parent
d3c612bb53
commit
e0086d64a5
2 changed files with 34 additions and 5 deletions
|
|
@ -855,7 +855,12 @@ def load_project(project_directory, prefix='', new_targets_location=None,
|
|||
targets_metadata_path = os.path.join(project_directory, metadata_directory,
|
||||
project_filename)
|
||||
signable = securesystemslib.util.load_json_file(targets_metadata_path)
|
||||
tuf.formats.check_signable_object_format(signable)
|
||||
try:
|
||||
tuf.formats.check_signable_object_format(signable)
|
||||
except tuf.exceptions.UnsignedMetadataError:
|
||||
# Downgrade the error to a warning because a use case exists where
|
||||
# metadata may be generated unsigned on one machine and signed on another.
|
||||
logger.warning('Unsigned metadata object: ' + repr(signable))
|
||||
targets_metadata = signable['signed']
|
||||
|
||||
# Remove the prefix from the metadata.
|
||||
|
|
|
|||
|
|
@ -505,7 +505,13 @@ def _load_top_level_metadata(repository, top_level_filenames, repository_name):
|
|||
try:
|
||||
# Initialize the key and role metadata of the top-level roles.
|
||||
signable = securesystemslib.util.load_json_file(root_filename)
|
||||
tuf.formats.check_signable_object_format(signable)
|
||||
try:
|
||||
tuf.formats.check_signable_object_format(signable)
|
||||
except tuf.exceptions.UnsignedMetadataError:
|
||||
# Downgrade the error to a warning because a use case exists where
|
||||
# metadata may be generated unsigned on one machine and signed on another.
|
||||
logger.warning('Unsigned metadata object: ' + repr(signable))
|
||||
|
||||
root_metadata = signable['signed']
|
||||
tuf.keydb.create_keydb_from_root_metadata(root_metadata, repository_name)
|
||||
tuf.roledb.create_roledb_from_root_metadata(root_metadata, repository_name)
|
||||
|
|
@ -586,7 +592,13 @@ def _load_top_level_metadata(repository, top_level_filenames, repository_name):
|
|||
|
||||
try:
|
||||
signable = securesystemslib.util.load_json_file(snapshot_filename)
|
||||
tuf.formats.check_signable_object_format(signable)
|
||||
try:
|
||||
tuf.formats.check_signable_object_format(signable)
|
||||
except tuf.exceptions.UnsignedMetadataError:
|
||||
# Downgrade the error to a warning because a use case exists where
|
||||
# metadata may be generated unsigned on one machine and signed on another.
|
||||
logger.warning('Unsigned metadata object: ' + repr(signable))
|
||||
|
||||
snapshot_metadata = signable['signed']
|
||||
|
||||
for signature in signable['signatures']:
|
||||
|
|
@ -622,7 +634,13 @@ def _load_top_level_metadata(repository, top_level_filenames, repository_name):
|
|||
|
||||
try:
|
||||
signable = securesystemslib.util.load_json_file(targets_filename)
|
||||
tuf.formats.check_signable_object_format(signable)
|
||||
try:
|
||||
tuf.formats.check_signable_object_format(signable)
|
||||
except tuf.exceptions.UnsignedMetadataError:
|
||||
# Downgrade the error to a warning because a use case exists where
|
||||
# metadata may be generated unsigned on one machine and signed on another.
|
||||
logger.warning('Unsigned metadata object: ' + repr(signable))
|
||||
|
||||
targets_metadata = signable['signed']
|
||||
|
||||
for signature in signable['signatures']:
|
||||
|
|
@ -1862,7 +1880,13 @@ def sign_metadata(metadata_object, keyids, filename, repository_name):
|
|||
|
||||
# Raise 'securesystemslib.exceptions.FormatError' if the resulting 'signable'
|
||||
# is not formatted correctly.
|
||||
tuf.formats.check_signable_object_format(signable)
|
||||
try:
|
||||
tuf.formats.check_signable_object_format(signable)
|
||||
except tuf.exceptions.UnsignedMetadataError:
|
||||
# Downgrade the error to a warning because a use case exists where
|
||||
# metadata may be generated unsigned on one machine and signed on another.
|
||||
logger.warning('Unsigned metadata object: ' + repr(signable))
|
||||
|
||||
|
||||
return signable
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue