This update addresses issue #86. It begins by removing the wholesale downloading of all targets metadata and only downloads & verifies the metadata for the roles it only needs; the "lazy walk" scheme.
This update addresses issue #86. It begins by removing the wholesale downloading of all targets metadata and only downloads & verifies the metadata for the roles it only needs; the "lazy walk" scheme.
Previously, _make_delegated_metadata() attempted to minimize the number of target directories in the "paths" field
of delegations by calculating common root-most directories. This bahavior was found to be unsafe and removed, and as a result,
the sort of delegated targets is no longer needed.
Previously, _make_delegated_metadata() attempted to minimize the number of target directories in the "paths" field
of delegations by calculating common root-most directories. This bahavior was found to be unsafe and removed, and as a result,
the sort of delegated targets is no longer needed.
Removed checking whether "path_hash_prefix" is consistent with the
delegated paths in the delegator, because now the delegated paths may
list directories instead of simply files.
Removed checking whether "path_hash_prefix" is consistent with the
delegated paths in the delegator, because now the delegated paths may
list directories instead of simply files.
Specifically, we do not intentionally set any file metadata to be None
and then download the file unsafely.
Some of the tuf.client.updater unit tests fail because it was previously
possible to unsafely download metadata for any role. We need to fix
this.
modification of updater.py for download.py
modification of conf.py for fix
modification of test_download.py for download.py
modification of test_updater.py for download.py
add a new test of endless data attack to metadata timestamp.txt
more readable and fix the endless data attack issue.
aggregate_tests now loads all the unit tests into one suite and runs them together,
so that any failures and errors show up together in a concise report.
aggregate_tests now loads all the unit tests into one suite and runs them together,
so that any failures and errors show up together in a concise report.
A directory listed under the "paths" field of a parent metadata delegation is understood to mean all
subdirectories and files the delegated role is trusted to update. The delegated role has the option
of specifying multiple, arbitrary, and explicit file paths & directories. The previous implementation
allowed explicit file paths in the "paths" field of the parent role metadata. This commit modified
this behaviour to allow directories (replicating wildcards) to minimize the size of parent metadata.
