Update unit tests for download.py, repository_lib.py, repository_tool.py, and updater.py.
Re-generate repository data so that compressed metadata may be tested.
Add test_formats_rsakey_from_pem() test case and test conditions for improperly formatted PEM.
Add test condition to verify trailing whitespace is removed and matches the expected PEM format generated
internally. Public PEMs generated externally (with the expected trailing newline) was not previously considered.
A few test conditions in test_updater.py incorrectly used self.assertTrue() instead of self.assertEqual().
Fix updater.remove_obsolete_targets(), where targets in the destination directory were not being removed because target paths were treated as absolute paths by os.path.join().
Fix test conditions for updated_targets(), which incorrectly verified the expected number of updated targets with assertTrue().
Update comment for PR fix to clarify os.path.join() behavior and the expected file paths.
The updater client may reference target information (including 'custom') by accessing the dictionary returned by updater.py.
Example:
target = updater.target('LICENSE.txt')
target['filepath']
target['fileinfo']['length']
target['fileinfo']['hashes']
target['fileinfo']['custom']
After seeing the coveralls report I realized the projects were not
relocatable. While this might be convenient for some uses, moving a
project from one place to another might not be optimal. This has been
changed now.
The only place where absolute filepaths are handled now is with flat
project layouts. However, it is possible to overwrite this filepath if
the targets folder is to be changed.
The generate_repository_data script works in the exact same way as the
generate script and it generates a fresh batch of pre-signed metadata to
test the load_project function.
Added two switches to the generate script:
-k (or --keys), which forces the creation of new keys.
-d (or --dry-run), which skips the actual writing or copying phases
The second option might be useful in the future, and helped me debug the
optparse module, so I left it there.
The new test tries to make the fact that the datetime object given will
contain microseconds. It also tests for the fact that the microseconds
value is truncated after being set.
The test case for the expiration setter now includes a set case in which
the microseconds value is forced to be one. This is likely to happen
when users try to set expirations using datetime.datetime.today() or
functions that return the actual clock, which have microsecond
resolution.
Reject downloaded metadata as early as possible. The top-level roles were all downloaded as a group and then their
expiration inspected. All metadata provided by a mirror that has already expired is discarded immediately and the next mirror tried. The update process stops if a requested role cannot be successfully validated, or one of its parents.
[2014-04-29 02:00:32,308 UTC] [tuf.download] [INFO] [_download_file:745@download.py]
Downloading: http://localhost:8001/metadata/timestamp.json
[2014-04-29 02:00:32,324 UTC] [tuf.download] [INFO] [_check_downloaded_length:676@download.py]
Downloaded 544 bytes out of an upper limit of 16384 bytes.
[2014-04-29 02:00:32,324 UTC] [tuf.client.updater] [INFO] [_get_file:1189@updater.py]
Not decompressing http://localhost:8001/metadata/timestamp.json
[2014-04-29 02:00:32,331 UTC] [tuf.download] [INFO] [_download_file:745@download.py]
Downloading: http://localhost:8001/metadata/snapshot.json
[2014-04-29 02:00:32,333 UTC] [tuf.download] [INFO] [_check_downloaded_length:654@download.py]
Downloaded 1003 bytes out of the expected 1003 bytes.
[2014-04-29 02:00:32,334 UTC] [tuf.client.updater] [INFO] [_get_file:1189@updater.py]
Not decompressing http://localhost:8001/metadata/snapshot.json
[2014-04-29 02:00:32,334 UTC] [tuf.client.updater] [INFO] [_check_hashes:696@updater.py]
The file's sha256 hash is correct: 5b3aec7cf295a25e4b39d875c7474511da9645bc6d27f9e86fb7e439c82e0ec7
[2014-04-29 02:00:32,335 UTC] [tuf.client.updater] [ERROR] [_ensure_not_expired:1789@updater.py]
Metadata 'snapshot' expired on Tue Apr 29 01:59:01 2014 (UTC).
Do not request, download, and install top-level roles if the root of trust has already expired after the inital load. If requested, update an expired root role:
[2014-04-29 01:18:02,457 UTC] [tuf.client.updater] [ERROR] [_ensure_not_expired:1789@updater.py]
Metadata 'root' expired on Mon Apr 28 23:23:57 2014 (UTC).
[2014-04-29 01:18:02,458 UTC] [tuf.client.updater] [INFO] [refresh:628@updater.py]
Expired Root metadata was loaded from disk. Try to update it now.
[2014-04-29 01:18:02,458 UTC] [tuf.download] [INFO] [_download_file:745@download.py]
Downloading: http://localhost:8001/metadata/root.json
[2014-04-29 01:18:02,461 UTC] [tuf.download] [INFO] [_check_downloaded_length:676@download.py]
Downloaded 1198 bytes out of an upper limit of 512000 bytes.
[2014-04-29 01:18:02,461 UTC] [tuf.client.updater] [INFO] [_get_file:1189@updater.py]
Not decompressing http://localhost:8001/metadata/root.json
[2014-04-29 01:18:02,462 UTC] [tuf.client.updater] [ERROR] [_ensure_not_expired:1789@updater.py]
Metadata 'root' expired on Mon Apr 28 23:23:57 2014 (UTC).
Note: An expired 'root' was provided by the server. The requested root must also be signed by keys trusted by the client.
Ensure the target file used in the slow retrieval attack is larger than tuf.conf.SLOW_START_GRACE_PERIOD. The previous size of the test file might have led to inconsistent triggering of a slow retrieval error.
