mirror of
https://github.com/theupdateframework/python-tuf
synced 2026-05-24 10:08:28 +00:00
Fix remaining test failures
This commit is contained in:
parent
81a147614b
commit
f05fdd9c05
4 changed files with 33 additions and 37 deletions
|
|
@ -1087,7 +1087,7 @@ def test_delegate(self):
|
|||
rolename = 'tuf'
|
||||
list_of_targets = [target1_filepath, target2_filepath]
|
||||
threshold = 1
|
||||
restricted_paths = [self.targets_directory]
|
||||
restricted_paths = [self.targets_directory + '/*']
|
||||
path_hash_prefixes = ['e3a3', '8fae', 'd543']
|
||||
|
||||
self.targets_object.delegate(rolename, public_keys, list_of_targets,
|
||||
|
|
@ -1334,7 +1334,7 @@ def test_add_restricted_paths(self):
|
|||
|
||||
restricted_path = os.path.join(self.targets_directory, 'tuf_files')
|
||||
os.mkdir(restricted_path)
|
||||
restricted_paths = [restricted_path]
|
||||
restricted_paths = [restricted_path + '/*']
|
||||
self.targets_object.add_restricted_paths(restricted_paths, 'tuf')
|
||||
|
||||
# Retrieve 'targets_object' roleinfo, and verify the roleinfo contains
|
||||
|
|
@ -1344,7 +1344,7 @@ def test_add_restricted_paths(self):
|
|||
targets_object_roleinfo = tuf.roledb.get_roleinfo(self.targets_object.rolename)
|
||||
|
||||
delegated_role = targets_object_roleinfo['delegations']['roles'][0]
|
||||
self.assertEqual(['/tuf_files/'], delegated_role['paths'])
|
||||
self.assertEqual(['/tuf_files/*'], delegated_role['paths'])
|
||||
|
||||
|
||||
# Test improperly formatted arguments.
|
||||
|
|
|
|||
|
|
@ -969,7 +969,7 @@ def test_6_target(self):
|
|||
# the metadata store) so that it can be found later.
|
||||
filepath, fileinfo = target_files.popitem()
|
||||
target_files[filepath] = fileinfo
|
||||
|
||||
|
||||
target_fileinfo = self.repository_updater.target(filepath)
|
||||
self.assertTrue(tuf.formats.TARGETFILE_SCHEMA.matches(target_fileinfo))
|
||||
self.assertEqual(target_fileinfo['filepath'], filepath)
|
||||
|
|
@ -982,7 +982,7 @@ def test_6_target(self):
|
|||
# Test updater.target() backtracking behavior (enabled by default.)
|
||||
targets_directory = os.path.join(self.repository_directory, 'targets')
|
||||
foo_directory = os.path.join(targets_directory, 'foo')
|
||||
foo_pattern = os.path.join(targets_directory, 'foo*.tar.gz')
|
||||
foo_pattern = os.path.join(foo_directory, 'foo*.tar.gz')
|
||||
os.makedirs(foo_directory)
|
||||
|
||||
foo_package = os.path.join(foo_directory, 'foo1.1.tar.gz')
|
||||
|
|
@ -998,6 +998,7 @@ def test_6_target(self):
|
|||
|
||||
repository.targets.delegate('role3', [self.role_keys['targets']['public']],
|
||||
[foo_package], restricted_paths=[foo_pattern])
|
||||
|
||||
repository.targets.load_signing_key(self.role_keys['targets']['private'])
|
||||
repository.targets('role2').load_signing_key(self.role_keys['targets']['private'])
|
||||
repository.targets('role3').load_signing_key(self.role_keys['targets']['private'])
|
||||
|
|
|
|||
|
|
@ -2599,9 +2599,8 @@ def target(self, target_filepath):
|
|||
|
||||
# Raise an exception if the target information could not be retrieved.
|
||||
if target is None:
|
||||
message = target_filepath + ' not found.'
|
||||
logger.error(target_filepath + ' not found.')
|
||||
raise tuf.UnknownTargetError(message)
|
||||
raise tuf.UnknownTargetError(target_filepath + ' not found.')
|
||||
|
||||
# Otherwise, return the found target.
|
||||
else:
|
||||
|
|
@ -2843,6 +2842,10 @@ def _visit_child_role(self, child_role, target_filepath, parent_delegations):
|
|||
if fnmatch.fnmatch(target_filepath, child_role_path):
|
||||
child_role_is_relevant = True
|
||||
|
||||
else:
|
||||
logger.debug('Target path' + repr(target_filepath) + ' does not'
|
||||
' match child role path ' + repr(child_role_path))
|
||||
|
||||
else:
|
||||
# 'role_name' should have been validated when it was downloaded.
|
||||
# The 'paths' or 'path_hash_prefixes' fields should not be missing,
|
||||
|
|
|
|||
|
|
@ -1728,22 +1728,22 @@ def target_files(self):
|
|||
|
||||
|
||||
|
||||
def add_restricted_paths(self, list_of_directory_paths, child_rolename):
|
||||
def add_restricted_paths(self, restricted_paths, child_rolename):
|
||||
"""
|
||||
<Purpose>
|
||||
Add 'list_of_directory_paths' to the restricted paths of 'child_rolename'.
|
||||
Add 'restricted_paths' to the restricted paths of 'child_rolename'.
|
||||
The updater client verifies the target paths specified by child roles, and
|
||||
searches for targets by visiting these restricted paths. A child role may
|
||||
only provide targets specifically listed in the delegations field of the
|
||||
parent, or a target that falls under a restricted path.
|
||||
parent, or a target that matches a restricted path.
|
||||
|
||||
>>>
|
||||
>>>
|
||||
>>>
|
||||
|
||||
<Arguments>
|
||||
list_of_directory_paths:
|
||||
A list of directory paths 'child_rolename' should also be restricted to.
|
||||
restricted_paths:
|
||||
A list of paths that 'child_rolename' should be restricted to.
|
||||
|
||||
child_rolename:
|
||||
The child delegation that requires an update to its restricted paths,
|
||||
|
|
@ -1751,8 +1751,8 @@ def add_restricted_paths(self, list_of_directory_paths, child_rolename):
|
|||
'unclaimed').
|
||||
|
||||
<Exceptions>
|
||||
tuf.Error, if a directory path in 'list_of_directory_paths' is not a
|
||||
directory, or not under the repository's targets directory. If
|
||||
tuf.Error, if a restricted path in 'restricted_paths' is not a string
|
||||
path, doesn't live under the repository's targets directory, or if
|
||||
'child_rolename' has not been delegated yet.
|
||||
|
||||
<Side Effects>
|
||||
|
|
@ -1766,46 +1766,40 @@ def add_restricted_paths(self, list_of_directory_paths, child_rolename):
|
|||
# Ensure the arguments have the appropriate number of objects and object
|
||||
# types, and that all dict keys are properly named.
|
||||
# Raise 'tuf.FormatError' if there is a mismatch.
|
||||
tuf.formats.PATHS_SCHEMA.check_match(list_of_directory_paths)
|
||||
tuf.formats.PATHS_SCHEMA.check_match(restricted_paths)
|
||||
tuf.formats.ROLENAME_SCHEMA.check_match(child_rolename)
|
||||
|
||||
# A list of verified paths to be added to the child role's entry in the
|
||||
# parent's delegations.
|
||||
directory_paths = []
|
||||
# A list of relative and verified paths to be added to the child role's
|
||||
# entry in the parent's delegations.
|
||||
relative_paths = []
|
||||
|
||||
# Ensure the 'child_rolename' has been delegated, otherwise it will not
|
||||
# have an entry in the parent role's delegations field.
|
||||
if not tuf.roledb.role_exists(child_rolename):
|
||||
raise tuf.Error(repr(child_rolename) + ' has not been delegated.')
|
||||
|
||||
# Are the paths in 'list_of_directory_paths' valid?
|
||||
for directory_path in list_of_directory_paths:
|
||||
directory_path = os.path.abspath(directory_path)
|
||||
if not os.path.isdir(directory_path):
|
||||
raise tuf.Error(repr(directory_path) + ' is not a directory.')
|
||||
|
||||
# Are the paths in the repository's targets directory? Append a trailing
|
||||
# path separator with os.path.join(path, '').
|
||||
for restricted_path in restricted_paths:
|
||||
# Do the restricted paths fall under the repository's targets directory?
|
||||
# Append a trailing path separator with os.path.join(path, '').
|
||||
targets_directory = os.path.join(self._targets_directory, '')
|
||||
directory_path = os.path.join(directory_path, '')
|
||||
if not directory_path.startswith(targets_directory):
|
||||
raise tuf.Error(repr(directory_path) + ' is not under the'
|
||||
if not restricted_path.startswith(targets_directory):
|
||||
raise tuf.Error(repr(restricted_path) + ' does not live under the'
|
||||
' Repository\'s targets directory: ' + repr(self._targets_directory))
|
||||
|
||||
directory_paths.append(directory_path[len(self._targets_directory):])
|
||||
relative_paths.append(restricted_path[len(self._targets_directory):])
|
||||
|
||||
# Get the current role's roleinfo, so that its delegations field can be
|
||||
# updated.
|
||||
roleinfo = tuf.roledb.get_roleinfo(self._rolename)
|
||||
|
||||
# Update the restricted paths of 'child_rolename'.
|
||||
# Update the restricted paths of 'child_rolename' to add relative paths.
|
||||
for role in roleinfo['delegations']['roles']:
|
||||
if role['name'] == child_rolename:
|
||||
restricted_paths = role['paths']
|
||||
|
||||
for directory_path in directory_paths:
|
||||
if directory_path not in restricted_paths:
|
||||
restricted_paths.append(directory_path)
|
||||
for relative_path in relative_paths:
|
||||
if relative_path not in restricted_paths:
|
||||
restricted_paths.append(relative_path)
|
||||
|
||||
tuf.roledb.update_roleinfo(self._rolename, roleinfo)
|
||||
|
||||
|
|
@ -2178,7 +2172,7 @@ def delegate(self, rolename, public_keys, list_of_targets, threshold=1,
|
|||
|
||||
for target in list_of_targets:
|
||||
target = os.path.abspath(target)
|
||||
if not target.startswith(self._targets_directory+os.sep):
|
||||
if not target.startswith(self._targets_directory + os.sep):
|
||||
raise tuf.Error(repr(target) + ' is not under the Repository\'s'
|
||||
' targets directory: ' + repr(self._targets_directory))
|
||||
|
||||
|
|
@ -2190,13 +2184,11 @@ def delegate(self, rolename, public_keys, list_of_targets, threshold=1,
|
|||
|
||||
if restricted_paths is not None:
|
||||
for path in restricted_paths:
|
||||
path = os.path.abspath(path) + os.sep
|
||||
if not path.startswith(self._targets_directory + os.sep):
|
||||
raise tuf.Error(repr(path) + ' is not under the Repository\'s'
|
||||
' targets directory: ' +repr(self._targets_directory))
|
||||
|
||||
# Append a trailing path separator with os.path.join(path, '').
|
||||
path = os.path.join(path, '')
|
||||
relative_restricted_paths.append(path[targets_directory_length:])
|
||||
|
||||
# Create a new Targets object for the 'rolename' delegation. An initial
|
||||
|
|
|
|||
Loading…
Reference in a new issue