Commit graph

3602 commits

Author SHA1 Message Date
marinamoore
86f4436dbf update test to not use keyid_hash_algorithms
Signed-off-by: marinamoore <mmoore32@calpoly.edu>
2020-07-23 09:53:15 -07:00
marinamoore
ed2c597f49 improve comments in keydb tests and add future test for duplicate key
Signed-off-by: marinamoore <mmoore32@calpoly.edu>
2020-07-23 09:53:15 -07:00
marinamoore
68bb55c661 Remove the use of keyid_hash_algorithms in repository_lib by using the keyid provided in the delegation. Note that this requires a change to securesystems lib.
Signed-off-by: marinamoore <mmoore32@calpoly.edu>
2020-07-23 09:53:15 -07:00
marinamoore
3c78d67518 update tests so that keyids do not have to be verified
Signed-off-by: marinamoore <mmoore32@calpoly.edu>
2020-07-23 09:53:15 -07:00
marinamoore
c84ffafc15 fix
Signed-off-by: marinamoore <mmoore32@calpoly.edu>
2020-07-23 09:53:15 -07:00
marinamoore
0bdc78d2ad Replace use of keyid_hash_algorithms in keydb by using the provided keyid. Check that this keyid matches the keyid listed in the key for consistent behavior.
Signed-off-by: marinamoore <mmoore32@calpoly.edu>
2020-07-23 09:53:15 -07:00
marinamoore
9fa92e2286 Remove client check of the keyid calculation. This check is redundant as the keyid is provided in signed metadata. Removing this check allows the client to avoid use of the keyid_hash_algorithm field during verification. Note that this change requires a small change to the securesystemslib api.
Signed-off-by: marinamoore <mmoore32@calpoly.edu>
2020-07-23 09:53:15 -07:00
lukpueh
e095112be7
Merge pull request #1007 from joshuagl/joshuagl/hashed-bins
Enhancements for hashed bin delegation
2020-04-01 15:19:46 +02:00
Joshua Lock
62e4364c59 Add a test for add_target_to_bin that adds a fileinfo
Add some additional checks to test_add_target_to_bin to ensure the code
to add a target passing a fileinfo is tested.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-04-01 12:10:58 +01:00
Joshua Lock
8609927989 Factor out bin numbers calculations into a helper
Factor out code to calculate the prefix length, total number of prefixes
and number of prefixes to be allocated to each bin into a helper
function _get_bin_numbers() so that we a) do not duplicate logic,
b) can document the logic in one place and c) ensure the logic is
consistent.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-04-01 12:09:27 +01:00
Joshua Lock
05830e61a4 Remove custom parameter from add_target_to_bin()
We intend to deprecate the custom parameter of add_target() in favour
of using the fileinfo parameter with the custom value populated,
therefore it does not make sense to _add_ the custom parameter to
add_target_to_bin()

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-04-01 12:09:27 +01:00
Joshua Lock
694da236ba Test at least one delegated bin has path_hash_prefixes
When testing delegate_hashed_bins to ensure that hash_path_prefixes
map to the generated name of the bin, also check to ensure that at least
one of the delegations contains one or more path_hash_prefixes.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-04-01 12:09:27 +01:00
Joshua Lock
01498049da Add test for repo without access to target files
Test the newly added functionality to:
* add a target to the repository without access to the target file on disk
* write targets metadata without access to target files on disk, by using
  the existing fileinfo data from the roledb

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-04-01 12:09:27 +01:00
Joshua Lock
085c5480a7 Only call logger once for hashed bin info
Merge the logger calls reporting information about the hashed bin
delegations into a single logger.info() call to ensure the messages
will be grouped together even when integrated into a logging system
with multiple parallel sources.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-04-01 12:09:27 +01:00
Joshua Lock
68120baa9e Allow writing metadata without access to targets
Previously, at the time of writing targets metadata, we accessed all
targets files and ensured they exist on disk before generating a
filinfo dict containing hashes of the target file.

This change enables targets metadata to be generated using the
fileinfo data that is already stored in the roledb.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-04-01 12:09:27 +01:00
Joshua Lock
6c69daefa2 Enable passing a fileinfo to add_target[_to_bin]()
Add an additional optional parameter to add_target() and
add_target_to_bin() which is a fileinfo object matching
tuf.formats.FILEINFO_OBJECT

This parameter and the custom parameter are mutually exclusive and
thus cannot be passed at the same time.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-04-01 12:09:18 +01:00
Joshua Lock
468a380ea4 Fix replacing targets in add_targets()
Match the pattern in add_target() where if the filepath already exists
in roleinfo['paths'] it is updated to replace the existing entry with
the new fileinfo.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-04-01 12:06:50 +01:00
Joshua Lock
095fd40dcb Do not check target file exists in add_target[s]()
The file isn't strictly needed on-disk at the time add_target() and
add_targets() are called and this duplicates the check for the file's
presence in write[_all]()

By removing this check we allow extra versatility in adding targets.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-04-01 12:06:50 +01:00
Joshua Lock
642639e2af Hash target file path's as they appear in metadata
In delegate_to_hashed_bins() duplicate the code which determines the
target's file path for writing to the metadata in repository_lib's
generate_targets_metadata to ensure that the target path hashed by
delegate_hashed_bins() matches the target path in the metadata file.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-04-01 12:06:50 +01:00
Joshua Lock
78e2edfac1 Refactor delegate_hashed_bins
Simplify the delegate_hashed_bins function based on the semi-pseudo-code
by Lukas Puehringer in #995.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-04-01 12:06:50 +01:00
Joshua Lock
ab788e306a Refactor add_target_to_bin & remove_target_from_bin
Vastly simplify the implementation, using the _get_hash() and
_find_bin_for_hash() helpers added in earlier commits.

Furthermore, enable passing of the custom parameter to
add_target_to_bin() to better match add_target()

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-04-01 12:06:50 +01:00
Joshua Lock
40d1dcfa6c Add _find_bin_for_hash() helper to repository_tool
Add a helper function to determine the name of a bin that a hashed
targetfile will be delegated to.

Based sketches by Lukas Puehringer in issues #994 & #995

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-03-30 19:03:52 +01:00
Joshua Lock
eb01374c3b Add _get_hash() helper function to repository_tool
This helper will generate a hash of the passed target_filepath using the
algorithm defined by the repository_tool's HASH_FUNCTION variable.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-03-26 11:11:03 +00:00
Joshua Lock
e2407a1f66 Simplify delegated hash bin tests
As we are adding and removing items from the hashed bins and checking
for their presence/absence it's simplest if we being with the hashed
bins initially empty.

If we pass a list of targets when we call delgate_hashed_bins() the
delegated roles have an initial set of targets delegated to them,
which complicates testing of adding then removing a target to a
delegated bin.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-03-26 11:10:56 +00:00
Joshua Lock
790f21fefe Test to ensure delegated bin names match prefixes
Add test to ensure delegated bin names are consistent with the hash
prefixes that are delegated to the role.

This is an implicit assumption of the current implementation, the
testing of which will enable us to modify the code with greater
confidence.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-03-26 11:10:50 +00:00
lukpueh
c63b7f3bdc
Merge pull request #1001 from lukpueh/rm-obsolete-client-doc
Remove obsolete client documentation
2020-03-16 13:03:32 +01:00
Lukas Puehringer
7816000abc Remove incomplete and outdated client doc
An up-to-date version of the minimal client usage instructions
from client_setup_and_repository_example.md can be found in
the main TUF tutorial.

More comprehensive documentation of the tuf client can be found in
tuf/client/README.md, which also needs a revision.

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2020-03-16 10:33:57 +01:00
Lukas Puehringer
6f94aa1653 Remove link to outdated client docs in tutorial
Remove link to incomplete and severely outdated
client_setup_and_repository_example.md in client section of
TUTORIAL.md.

Instead we should link (or move the entire client tutorial part) to
tuf/client/README.md, which is more comprehensive and less outdated
than above document (see #808).

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2020-03-16 10:31:14 +01:00
lukpueh
45a82945be
Merge pull request #997 from joshuagl/joshuagl/maint
Update MAINTAINERS
2020-03-11 16:12:41 +01:00
Joshua Lock
ca953c3335 Update MAINTAINERS
Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-03-11 14:58:51 +00:00
lukpueh
1cf085a360
Merge pull request #988 from joshuagl/joshuagl/issue-933
Remove root from snapshot
2020-03-11 14:34:09 +01:00
lukpueh
256aef8695
Merge pull request #989 from joshuagl/logger
Use __name__ for loggers, per convention
2020-03-11 14:33:35 +01:00
Joshua Lock
99ba904cbb Remove redundant code branch in Updater
Remove logic for handling of root metadata in _update_metadata_if_changed()
as root metadata is no longer fetched with this function, instead
_update_root_metadata() serves this purpose.

Additionally remove redundant mention of root metadata in a TODO comment.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-03-11 12:55:16 +00:00
Joshua Lock
3720b2358e Re-generate repository and client test metadata
Re-generate metadata to adopt the change that root.json is no longer
listed in snapshot.json

```
 # Remove repository and client data
cd tests/repository_data && rm -rf repository client
 # Generate metadata
python generate.py
 # Duplicate metadata files
cp -r client/test_repository1 client/test_repository2
 # Recover non-signed file
git checkout client/map.json
```

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-03-11 11:35:37 +00:00
Joshua Lock
4bd9b5ef6b Improve determinism of test repository generator
One of the created target files has its file permissions encoded in the
targets metadata via the custom attribute of the add_target() function.
On Linux-based OS the umask value of the environment the script is run
in can result in different octal permissions for the created file, i.e.
on Fedora the default umask is 0002 (default permissions 664) whereas
on Debian/Ubuntu the default umask is 0022 (default permissions 644).

Explicitly chown 'file1' to octal permissions 644 so that the generated
data has the same custom attributes for targets regardless of which
Linux host they are generated on.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-03-11 11:35:37 +00:00
Joshua Lock
a134db0a43 Update test repository data generator
* Fix the path referenced in the Purpose
* Change add_target() calls to pass file paths relative to targets dir

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-03-11 11:35:37 +00:00
Joshua Lock
8dafe6018d Update docstrings and comments for the Updater object
The workflow for downloading metadata for top-level roles has changed.

Root is now updated and verified by stepping through a chain of trust
based on the currently available root metadata. For that reason
root.json is no longer needed in snapshot and has been dropped from
there per theupdateframework/specification#40

Update docstrings and comments in the Updater object to reflect the
correct flow of metadata updates:
root (if necessary) -> timestamp -> snapshot -> targets

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-03-11 11:35:37 +00:00
Joshua Lock
8dfee1a106 Update docs/METADATA.md to reflect recent spec change
The specification was updated in PR #40 to remove root.json from
snapshot.json

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-03-11 11:35:37 +00:00
Joshua Lock
8f13fe5add Update tests for removal of root.json from snapshot.json
Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-03-11 11:15:06 +00:00
Joshua Lock
0c972717d0 Remove root from snapshot
In PR #40 aginst the specification "root.json" has been removed from
the meta dictionary in "snapshot.json".

Update generate_snapshot_metadata() to no longer add an entry for
root.json to root.json

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-03-11 11:15:06 +00:00
lukpueh
ba57da0bb8
Merge pull request #993 from joshuagl/joshuagl/quickblake
Support blake algorithms for file hashing
2020-03-10 17:33:30 +01:00
lukpueh
4fe29d138d
Merge pull request #992 from lukpueh/fix-tutorial-typo
Quickfix critical tutorial typo
2020-03-06 11:41:46 +01:00
Lukas Puehringer
c490a8daee Quickfix critical tutorial typo
In tutorial code snippet fix a call to repository.mark_dirty that
passes a non-existing bin role name raising:
"tuf.exceptions.UnknownRoleError: Role name does not exist: 90-7"

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2020-03-06 10:47:52 +01:00
Joshua Lock
930d832f87 Don't hard-code hash algo used in timestamp for snapshot
Timestamp.json includes a METAFILES entry for snapshot.json. METAFILES
includes HASHES:
"HASHES is the dictionary that specifies one or more hashes, including the
cryptographic hash function. For example: { "sha256": HASH, ... }."

We've been hard-coding this to a single sha256 hash, as that's the default
algorithms argument of securesystemlib.util.get_file_details() -- this
feels wrong. Change to using the new tuf.settings.FILE_HASH_ALGORITHMS
setting.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-03-05 17:55:38 +00:00
Joshua Lock
1f0cb9cd52 Add new setting for file hashing algorithms
Using securesystemslib.settings.HASH_ALGORITHMS is undersirable, because
it binds tuf to an implementation detail of the underlying library.
In this specific instance of file hashing algorithms it's even more
undesirable because it's overloading the intended use of the setting
which is "algorithm(s) [...] used to generate key IDs".

Add a new setting tuf.settings.FILE_HASH_ALGORITHMS, with a default
value of ['sha256', 'sha512'] (that matches the current value of
securesystemslib.settings.HASH_ALGORITHMS), to be used for file
hashing operations in tuf.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-03-05 17:55:38 +00:00
lukpueh
679348ffcf
Merge pull request #990 from theupdateframework/dependabot/pip/pycparser-2.20
build(deps): bump pycparser from 2.19 to 2.20
2020-03-05 14:43:14 +01:00
dependabot-preview[bot]
fe7c852293
build(deps): bump pycparser from 2.19 to 2.20
Bumps [pycparser](https://github.com/eliben/pycparser) from 2.19 to 2.20.
- [Release notes](https://github.com/eliben/pycparser/releases)
- [Changelog](https://github.com/eliben/pycparser/blob/master/CHANGES)
- [Commits](https://github.com/eliben/pycparser/compare/release_v2.19...release_v2.20)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-03-05 10:34:58 +00:00
lukpueh
bb94304eb8
Merge pull request #985 from lukpueh/quickfix-win-py27-tests
Fix failing AppVeyor Python2.7 tests
2020-03-03 12:04:53 +01:00
Joshua Lock
292b18926b Use __name__ for loggers, per convention
Replace hard-coded logger names with __name__. For the most part this just uses
the standard conventions to create the same logger hierarchy as existed before.
The only real difference is that loggers created for printing during tests are
no longer part of the 'tuf' hierarchy.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-03-03 10:36:39 +00:00
lukpueh
83d6ded134
Merge pull request #987 from theupdateframework/dependabot/pip/securesystemslib-colorscryptopynacl--0.14.2
build(deps): bump securesystemslib[colors,crypto,pynacl] from 0.14.0 to 0.14.2
2020-02-28 14:03:50 +01:00