Comment lines from the individual commits include:
1. Fix#322 by detecting expiry of stale files. initial attempt
2. temp commit of files from Soma
3. removing freeze_attack_stale_expiry and leaving the test added to indefinite freeze attack
4. fixing indefinite freeze attack test: now incorporates old reject-freshly-downloaded-but-expired-timestamp test as well as reject-stale-already-present-but-expired-snapshot test
5. small refinements to indefinite freeze attack test
6. Pulled the recursion out of the except block in refresh() to avoid unprintable nested exceptions.
7. Added comments to the last commit (retry_once)
8. Merge pull request #1 from awwad/detect_expiry_322_temp (removing cruft in another branch)
_versioninfo_has_changed() --> _versioninfo_has_been_updated()
false --> False (typo)
Update comments to make it clear that metadata is considered updated when it's version number increases, rather than simply changed.
A few test conditions in test_updater.py incorrectly used self.assertTrue() instead of self.assertEqual().
Fix updater.remove_obsolete_targets(), where targets in the destination directory were not being removed because target paths were treated as absolute paths by os.path.join().
Fix test conditions for updated_targets(), which incorrectly verified the expected number of updated targets with assertTrue().
Update comment for PR fix to clarify os.path.join() behavior and the expected file paths.
os.path.join ignore previous parameters if one starts with '/'. All
targets start with '/', making updated_targets to try to open a file in
the root folder in case of a unix system.
1. Raise an exception for clients that do not wish to automatically fetch a Root file when an expired version is loaded from disk.
2. Properly 'install' compressed metadata downloaded. The compressed version of the rolename was added to the fileinfo store, which prevented detection of changed metadata and would unintentionally cause compressed metadata to always refresh (only the fileinfo of uncompressed metadata is stored and compared.)
3. Rename unsafely_verify_compressed_metadata_file() variable names, so that they match the other verify functions.
Reject downloaded metadata as early as possible. The top-level roles were all downloaded as a group and then their
expiration inspected. All metadata provided by a mirror that has already expired is discarded immediately and the next mirror tried. The update process stops if a requested role cannot be successfully validated, or one of its parents.
[2014-04-29 02:00:32,308 UTC] [tuf.download] [INFO] [_download_file:745@download.py]
Downloading: http://localhost:8001/metadata/timestamp.json
[2014-04-29 02:00:32,324 UTC] [tuf.download] [INFO] [_check_downloaded_length:676@download.py]
Downloaded 544 bytes out of an upper limit of 16384 bytes.
[2014-04-29 02:00:32,324 UTC] [tuf.client.updater] [INFO] [_get_file:1189@updater.py]
Not decompressing http://localhost:8001/metadata/timestamp.json
[2014-04-29 02:00:32,331 UTC] [tuf.download] [INFO] [_download_file:745@download.py]
Downloading: http://localhost:8001/metadata/snapshot.json
[2014-04-29 02:00:32,333 UTC] [tuf.download] [INFO] [_check_downloaded_length:654@download.py]
Downloaded 1003 bytes out of the expected 1003 bytes.
[2014-04-29 02:00:32,334 UTC] [tuf.client.updater] [INFO] [_get_file:1189@updater.py]
Not decompressing http://localhost:8001/metadata/snapshot.json
[2014-04-29 02:00:32,334 UTC] [tuf.client.updater] [INFO] [_check_hashes:696@updater.py]
The file's sha256 hash is correct: 5b3aec7cf295a25e4b39d875c7474511da9645bc6d27f9e86fb7e439c82e0ec7
[2014-04-29 02:00:32,335 UTC] [tuf.client.updater] [ERROR] [_ensure_not_expired:1789@updater.py]
Metadata 'snapshot' expired on Tue Apr 29 01:59:01 2014 (UTC).
Do not request, download, and install top-level roles if the root of trust has already expired after the inital load. If requested, update an expired root role:
[2014-04-29 01:18:02,457 UTC] [tuf.client.updater] [ERROR] [_ensure_not_expired:1789@updater.py]
Metadata 'root' expired on Mon Apr 28 23:23:57 2014 (UTC).
[2014-04-29 01:18:02,458 UTC] [tuf.client.updater] [INFO] [refresh:628@updater.py]
Expired Root metadata was loaded from disk. Try to update it now.
[2014-04-29 01:18:02,458 UTC] [tuf.download] [INFO] [_download_file:745@download.py]
Downloading: http://localhost:8001/metadata/root.json
[2014-04-29 01:18:02,461 UTC] [tuf.download] [INFO] [_check_downloaded_length:676@download.py]
Downloaded 1198 bytes out of an upper limit of 512000 bytes.
[2014-04-29 01:18:02,461 UTC] [tuf.client.updater] [INFO] [_get_file:1189@updater.py]
Not decompressing http://localhost:8001/metadata/root.json
[2014-04-29 01:18:02,462 UTC] [tuf.client.updater] [ERROR] [_ensure_not_expired:1789@updater.py]
Metadata 'root' expired on Mon Apr 28 23:23:57 2014 (UTC).
Note: An expired 'root' was provided by the server. The requested root must also be signed by keys trusted by the client.
