Commit graph

3596 commits

Author SHA1 Message Date
marinamoore
9fa92e2286 Remove client check of the keyid calculation. This check is redundant as the keyid is provided in signed metadata. Removing this check allows the client to avoid use of the keyid_hash_algorithm field during verification. Note that this change requires a small change to the securesystemslib api.
Signed-off-by: marinamoore <mmoore32@calpoly.edu>
2020-07-23 09:53:15 -07:00
lukpueh
e095112be7
Merge pull request #1007 from joshuagl/joshuagl/hashed-bins
Enhancements for hashed bin delegation
2020-04-01 15:19:46 +02:00
Joshua Lock
62e4364c59 Add a test for add_target_to_bin that adds a fileinfo
Add some additional checks to test_add_target_to_bin to ensure the code
to add a target passing a fileinfo is tested.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-04-01 12:10:58 +01:00
Joshua Lock
8609927989 Factor out bin numbers calculations into a helper
Factor out code to calculate the prefix length, total number of prefixes
and number of prefixes to be allocated to each bin into a helper
function _get_bin_numbers() so that we a) do not duplicate logic,
b) can document the logic in one place and c) ensure the logic is
consistent.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-04-01 12:09:27 +01:00
Joshua Lock
05830e61a4 Remove custom parameter from add_target_to_bin()
We intend to deprecate the custom parameter of add_target() in favour
of using the fileinfo parameter with the custom value populated,
therefore it does not make sense to _add_ the custom parameter to
add_target_to_bin()

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-04-01 12:09:27 +01:00
Joshua Lock
694da236ba Test at least one delegated bin has path_hash_prefixes
When testing delegate_hashed_bins to ensure that hash_path_prefixes
map to the generated name of the bin, also check to ensure that at least
one of the delegations contains one or more path_hash_prefixes.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-04-01 12:09:27 +01:00
Joshua Lock
01498049da Add test for repo without access to target files
Test the newly added functionality to:
* add a target to the repository without access to the target file on disk
* write targets metadata without access to target files on disk, by using
  the existing fileinfo data from the roledb

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-04-01 12:09:27 +01:00
Joshua Lock
085c5480a7 Only call logger once for hashed bin info
Merge the logger calls reporting information about the hashed bin
delegations into a single logger.info() call to ensure the messages
will be grouped together even when integrated into a logging system
with multiple parallel sources.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-04-01 12:09:27 +01:00
Joshua Lock
68120baa9e Allow writing metadata without access to targets
Previously, at the time of writing targets metadata, we accessed all
targets files and ensured they exist on disk before generating a
filinfo dict containing hashes of the target file.

This change enables targets metadata to be generated using the
fileinfo data that is already stored in the roledb.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-04-01 12:09:27 +01:00
Joshua Lock
6c69daefa2 Enable passing a fileinfo to add_target[_to_bin]()
Add an additional optional parameter to add_target() and
add_target_to_bin() which is a fileinfo object matching
tuf.formats.FILEINFO_OBJECT

This parameter and the custom parameter are mutually exclusive and
thus cannot be passed at the same time.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-04-01 12:09:18 +01:00
Joshua Lock
468a380ea4 Fix replacing targets in add_targets()
Match the pattern in add_target() where if the filepath already exists
in roleinfo['paths'] it is updated to replace the existing entry with
the new fileinfo.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-04-01 12:06:50 +01:00
Joshua Lock
095fd40dcb Do not check target file exists in add_target[s]()
The file isn't strictly needed on-disk at the time add_target() and
add_targets() are called and this duplicates the check for the file's
presence in write[_all]()

By removing this check we allow extra versatility in adding targets.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-04-01 12:06:50 +01:00
Joshua Lock
642639e2af Hash target file path's as they appear in metadata
In delegate_to_hashed_bins() duplicate the code which determines the
target's file path for writing to the metadata in repository_lib's
generate_targets_metadata to ensure that the target path hashed by
delegate_hashed_bins() matches the target path in the metadata file.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-04-01 12:06:50 +01:00
Joshua Lock
78e2edfac1 Refactor delegate_hashed_bins
Simplify the delegate_hashed_bins function based on the semi-pseudo-code
by Lukas Puehringer in #995.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-04-01 12:06:50 +01:00
Joshua Lock
ab788e306a Refactor add_target_to_bin & remove_target_from_bin
Vastly simplify the implementation, using the _get_hash() and
_find_bin_for_hash() helpers added in earlier commits.

Furthermore, enable passing of the custom parameter to
add_target_to_bin() to better match add_target()

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-04-01 12:06:50 +01:00
Joshua Lock
40d1dcfa6c Add _find_bin_for_hash() helper to repository_tool
Add a helper function to determine the name of a bin that a hashed
targetfile will be delegated to.

Based sketches by Lukas Puehringer in issues #994 & #995

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-03-30 19:03:52 +01:00
Joshua Lock
eb01374c3b Add _get_hash() helper function to repository_tool
This helper will generate a hash of the passed target_filepath using the
algorithm defined by the repository_tool's HASH_FUNCTION variable.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-03-26 11:11:03 +00:00
Joshua Lock
e2407a1f66 Simplify delegated hash bin tests
As we are adding and removing items from the hashed bins and checking
for their presence/absence it's simplest if we being with the hashed
bins initially empty.

If we pass a list of targets when we call delgate_hashed_bins() the
delegated roles have an initial set of targets delegated to them,
which complicates testing of adding then removing a target to a
delegated bin.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-03-26 11:10:56 +00:00
Joshua Lock
790f21fefe Test to ensure delegated bin names match prefixes
Add test to ensure delegated bin names are consistent with the hash
prefixes that are delegated to the role.

This is an implicit assumption of the current implementation, the
testing of which will enable us to modify the code with greater
confidence.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-03-26 11:10:50 +00:00
lukpueh
c63b7f3bdc
Merge pull request #1001 from lukpueh/rm-obsolete-client-doc
Remove obsolete client documentation
2020-03-16 13:03:32 +01:00
Lukas Puehringer
7816000abc Remove incomplete and outdated client doc
An up-to-date version of the minimal client usage instructions
from client_setup_and_repository_example.md can be found in
the main TUF tutorial.

More comprehensive documentation of the tuf client can be found in
tuf/client/README.md, which also needs a revision.

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2020-03-16 10:33:57 +01:00
Lukas Puehringer
6f94aa1653 Remove link to outdated client docs in tutorial
Remove link to incomplete and severely outdated
client_setup_and_repository_example.md in client section of
TUTORIAL.md.

Instead we should link (or move the entire client tutorial part) to
tuf/client/README.md, which is more comprehensive and less outdated
than above document (see #808).

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2020-03-16 10:31:14 +01:00
lukpueh
45a82945be
Merge pull request #997 from joshuagl/joshuagl/maint
Update MAINTAINERS
2020-03-11 16:12:41 +01:00
Joshua Lock
ca953c3335 Update MAINTAINERS
Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-03-11 14:58:51 +00:00
lukpueh
1cf085a360
Merge pull request #988 from joshuagl/joshuagl/issue-933
Remove root from snapshot
2020-03-11 14:34:09 +01:00
lukpueh
256aef8695
Merge pull request #989 from joshuagl/logger
Use __name__ for loggers, per convention
2020-03-11 14:33:35 +01:00
Joshua Lock
99ba904cbb Remove redundant code branch in Updater
Remove logic for handling of root metadata in _update_metadata_if_changed()
as root metadata is no longer fetched with this function, instead
_update_root_metadata() serves this purpose.

Additionally remove redundant mention of root metadata in a TODO comment.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-03-11 12:55:16 +00:00
Joshua Lock
3720b2358e Re-generate repository and client test metadata
Re-generate metadata to adopt the change that root.json is no longer
listed in snapshot.json

```
 # Remove repository and client data
cd tests/repository_data && rm -rf repository client
 # Generate metadata
python generate.py
 # Duplicate metadata files
cp -r client/test_repository1 client/test_repository2
 # Recover non-signed file
git checkout client/map.json
```

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-03-11 11:35:37 +00:00
Joshua Lock
4bd9b5ef6b Improve determinism of test repository generator
One of the created target files has its file permissions encoded in the
targets metadata via the custom attribute of the add_target() function.
On Linux-based OS the umask value of the environment the script is run
in can result in different octal permissions for the created file, i.e.
on Fedora the default umask is 0002 (default permissions 664) whereas
on Debian/Ubuntu the default umask is 0022 (default permissions 644).

Explicitly chown 'file1' to octal permissions 644 so that the generated
data has the same custom attributes for targets regardless of which
Linux host they are generated on.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-03-11 11:35:37 +00:00
Joshua Lock
a134db0a43 Update test repository data generator
* Fix the path referenced in the Purpose
* Change add_target() calls to pass file paths relative to targets dir

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-03-11 11:35:37 +00:00
Joshua Lock
8dafe6018d Update docstrings and comments for the Updater object
The workflow for downloading metadata for top-level roles has changed.

Root is now updated and verified by stepping through a chain of trust
based on the currently available root metadata. For that reason
root.json is no longer needed in snapshot and has been dropped from
there per theupdateframework/specification#40

Update docstrings and comments in the Updater object to reflect the
correct flow of metadata updates:
root (if necessary) -> timestamp -> snapshot -> targets

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-03-11 11:35:37 +00:00
Joshua Lock
8dfee1a106 Update docs/METADATA.md to reflect recent spec change
The specification was updated in PR #40 to remove root.json from
snapshot.json

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-03-11 11:35:37 +00:00
Joshua Lock
8f13fe5add Update tests for removal of root.json from snapshot.json
Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-03-11 11:15:06 +00:00
Joshua Lock
0c972717d0 Remove root from snapshot
In PR #40 aginst the specification "root.json" has been removed from
the meta dictionary in "snapshot.json".

Update generate_snapshot_metadata() to no longer add an entry for
root.json to root.json

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-03-11 11:15:06 +00:00
lukpueh
ba57da0bb8
Merge pull request #993 from joshuagl/joshuagl/quickblake
Support blake algorithms for file hashing
2020-03-10 17:33:30 +01:00
lukpueh
4fe29d138d
Merge pull request #992 from lukpueh/fix-tutorial-typo
Quickfix critical tutorial typo
2020-03-06 11:41:46 +01:00
Lukas Puehringer
c490a8daee Quickfix critical tutorial typo
In tutorial code snippet fix a call to repository.mark_dirty that
passes a non-existing bin role name raising:
"tuf.exceptions.UnknownRoleError: Role name does not exist: 90-7"

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2020-03-06 10:47:52 +01:00
Joshua Lock
930d832f87 Don't hard-code hash algo used in timestamp for snapshot
Timestamp.json includes a METAFILES entry for snapshot.json. METAFILES
includes HASHES:
"HASHES is the dictionary that specifies one or more hashes, including the
cryptographic hash function. For example: { "sha256": HASH, ... }."

We've been hard-coding this to a single sha256 hash, as that's the default
algorithms argument of securesystemlib.util.get_file_details() -- this
feels wrong. Change to using the new tuf.settings.FILE_HASH_ALGORITHMS
setting.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-03-05 17:55:38 +00:00
Joshua Lock
1f0cb9cd52 Add new setting for file hashing algorithms
Using securesystemslib.settings.HASH_ALGORITHMS is undersirable, because
it binds tuf to an implementation detail of the underlying library.
In this specific instance of file hashing algorithms it's even more
undesirable because it's overloading the intended use of the setting
which is "algorithm(s) [...] used to generate key IDs".

Add a new setting tuf.settings.FILE_HASH_ALGORITHMS, with a default
value of ['sha256', 'sha512'] (that matches the current value of
securesystemslib.settings.HASH_ALGORITHMS), to be used for file
hashing operations in tuf.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-03-05 17:55:38 +00:00
lukpueh
679348ffcf
Merge pull request #990 from theupdateframework/dependabot/pip/pycparser-2.20
build(deps): bump pycparser from 2.19 to 2.20
2020-03-05 14:43:14 +01:00
dependabot-preview[bot]
fe7c852293
build(deps): bump pycparser from 2.19 to 2.20
Bumps [pycparser](https://github.com/eliben/pycparser) from 2.19 to 2.20.
- [Release notes](https://github.com/eliben/pycparser/releases)
- [Changelog](https://github.com/eliben/pycparser/blob/master/CHANGES)
- [Commits](https://github.com/eliben/pycparser/compare/release_v2.19...release_v2.20)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-03-05 10:34:58 +00:00
lukpueh
bb94304eb8
Merge pull request #985 from lukpueh/quickfix-win-py27-tests
Fix failing AppVeyor Python2.7 tests
2020-03-03 12:04:53 +01:00
Joshua Lock
292b18926b Use __name__ for loggers, per convention
Replace hard-coded logger names with __name__. For the most part this just uses
the standard conventions to create the same logger hierarchy as existed before.
The only real difference is that loggers created for printing during tests are
no longer part of the 'tuf' hierarchy.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-03-03 10:36:39 +00:00
lukpueh
83d6ded134
Merge pull request #987 from theupdateframework/dependabot/pip/securesystemslib-colorscryptopynacl--0.14.2
build(deps): bump securesystemslib[colors,crypto,pynacl] from 0.14.0 to 0.14.2
2020-02-28 14:03:50 +01:00
dependabot-preview[bot]
797ccf0ac4
build(deps): bump securesystemslib[colors,crypto,pynacl]
Bumps [securesystemslib[colors,crypto,pynacl]](https://github.com/secure-systems-lab/securesystemslib) from 0.14.0 to 0.14.2.
- [Release notes](https://github.com/secure-systems-lab/securesystemslib/releases)
- [Changelog](https://github.com/secure-systems-lab/securesystemslib/blob/master/CHANGELOG.md)
- [Commits](https://github.com/secure-systems-lab/securesystemslib/compare/v0.14.0...v0.14.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-02-27 10:52:32 +00:00
Lukas Puehringer
842f843210 Remove duplicate testing simple_server.py
tests/simple_server.py was copied to tuf/scripts/ to "make testing
easier" (cf84d3f51f), although with
the current test setup the original (and recently patched to fix an
Windows/Py2 test issue) test simple_server.py can be used just as
well.

This commit:
- removes tuf/scripts/simple_server.py
  Note: that version slightly differed from the original test
  server, probably due to demands by the linter that is only executed
  on the tuf core code and not on the tests. However, for the testing
  purposes of simple_server.py these changes (i.e., `SystemRandom()`,
  `if __name__ =='__main__':`) are not necessary.
- updates the tests that used tuf.scripts.simple_server to instead
  use tests.simple_server,
- updates setup.py to not install the simple_server module as
  script, when installing tuf, as it is only a testing script and
  not meant for end-user usage.

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2020-02-25 14:55:36 +01:00
Lukas Puehringer
7dbb30ae10 Fix failing AppVeyor Python2.7 tests
Since #885 the tests in TestUpdater and TestKeyRevocation fail on
Appveyor Python 2.7 builds. After some live debugging, it turns out
that the tests fail due to the extra amount of http requests to
the simple http server (see tests/simple_server.py) that were
added in #885.

The simple server runs in a subprocess and is re-used for the
entire TestCase. After a certain amount of requests it becomes
unresponsive. Note that neither the subprocess exits (ps -W), nor
does the port get closed (netstat -a). It just doesn't serve the
request, making it time out and fail the test.

The following script can be used to reproduce the issue (run in
tests directory):

```python
import subprocess
import requests
import random

counter = 0

port = random.randint(30000, 45000)
command = ['python', 'simple_server.py', str(port)]
server_process = subprocess.Popen(command, stderr=subprocess.PIPE)
url = 'http://localhost:'+str(port) + '/'

sess = requests.Session()

try:
  while True:
    sess.get(url, timeout=3)
    counter +=1

finally:
  print(counter)
  server_process.kill()
```

It fails repeatedly on the 69th request, but only if
`stderr=subprocess.PIPE` is passed to Popen. Given that for each
request the simple server writes about ~60 characters to stderr,
e.g. ...
```
127.0.0.1 - - [24/Feb/2020 12:01:23] "GET / HTTP/1.1" 200 -
```
... it looks a lot like a full pipe buffer of size 4096. Note that the
`bufsize` argument to Popen does not change anything.

As a simple work around we silence the test server on
Windows/Python2 to not fill the buffer.

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2020-02-24 16:32:26 +01:00
lukpueh
a044d23eef
Merge pull request #984 from theupdateframework/dependabot/pip/requests-2.23.0
build(deps): bump requests from 2.22.0 to 2.23.0
2020-02-24 09:32:22 +01:00
lukpueh
c20888407e
Merge pull request #980 from theupdateframework/dependabot/pip/idna-2.9
build(deps): bump idna from 2.8 to 2.9
2020-02-24 09:31:21 +01:00
dependabot-preview[bot]
9c8e4ff609
build(deps): bump requests from 2.22.0 to 2.23.0
Bumps [requests](https://github.com/psf/requests) from 2.22.0 to 2.23.0.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/master/HISTORY.md)
- [Commits](https://github.com/psf/requests/compare/v2.22.0...v2.23.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-02-20 10:37:20 +00:00