Commit graph

6224 commits

Author SHA1 Message Date
Joshua Lock
6ee53a9a6c
Merge pull request #1022 from theupdateframework/dependabot/pip/urllib3-1.25.9
build(deps): bump urllib3 from 1.25.8 to 1.25.9
2020-04-22 15:54:11 +01:00
Joshua Lock
f63ff03741
Merge pull request #1023 from theupdateframework/dependabot/pip/cryptography-2.9.1
build(deps): bump cryptography from 2.9 to 2.9.1
2020-04-22 15:53:49 +01:00
dependabot-preview[bot]
cbeb7846dd
build(deps): bump cryptography from 2.9 to 2.9.1
Bumps [cryptography](https://github.com/pyca/cryptography) from 2.9 to 2.9.1.
- [Release notes](https://github.com/pyca/cryptography/releases)
- [Changelog](https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/2.9...2.9.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-04-22 10:35:40 +00:00
dependabot-preview[bot]
32f3979e49
build(deps): bump urllib3 from 1.25.8 to 1.25.9
Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.25.8 to 1.25.9.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/master/CHANGES.rst)
- [Commits](https://github.com/urllib3/urllib3/compare/1.25.8...1.25.9)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-04-17 10:35:53 +00:00
Martin Vrachev
1b53101f5f Fix typo in comment
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2020-04-16 17:42:42 +03:00
lukpueh
56f8f7214a
Merge pull request #1020 from lukpueh/oob-consistent-targets
Allow consistent snapshots and out-of-band targets
2020-04-15 10:29:24 +02:00
Lukas Puehringer
51516c5efa Clarify consistent snapshots in repolib docstrings
Update docstrings in repository lib's write and writeall
docstrings, to remove inaccurate information and add missing
information about consistent_snapshots.

In particular this commit adds details about how
consistent_snapshots and the recently added use_existing_fileinfo
options play together.

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2020-04-14 13:22:45 +02:00
Lukas Puehringer
b9891e171b Allow consistent snapshots and out-of-band targets
'repository_lib._generate_and_write_metadata' used to pass on the
'consistent_snapshot' option as 'write_consistent_targets' to the
'generate_targets_metadata' function.

This equation prevented using `consistent_snapshot` (to create
version-prefixed metadata) together with the recently added
`use_existing_fileinfo` option (to handle target files out of
band), because `generate_targets_metadata` rightfully does not
accept `write_consistent_targets` and `use_existing_fileinfo`.

This PR fixes the issue by assuming write_consistent_targets == \
	consistent_snapshot and not use_existing_fileinfo

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2020-04-14 13:21:15 +02:00
lukpueh
60a4da0992
Merge pull request #1008 from sechkova/rework_path_checks
Adopt a consistent behavior when adding targets and paths
2020-04-08 18:48:38 +02:00
Teodora Sechkova
882df8e26d
Remove unnecessary variables
Remove unnecessary copying of paths to another list in
add_targets() and add_paths() methods.

Fix incorrect docstring text.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2020-04-08 18:58:27 +03:00
Teodora Sechkova
f035cf4e34
Replace os.sep with '/' in _check_path()
Use a hard-coded unix separator ('/') so that an
exception is also raised for paths starting with '/'
when executing on Windows systems.

Update test_check_path to explicitly test invalid paths
starting with Windows style separator.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2020-04-08 18:58:27 +03:00
Teodora Sechkova
a71b3c2b67
Update TUTORIAL and test_tutorial
Improve the coding style in TUTORIAL in the case
where absolute path to a file is needed to perform file system
access and at the same time is rejected by Targets methods.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2020-04-08 18:58:27 +03:00
Teodora Sechkova
57b40518c8
Update test_delegate_hashed_bins()
Test is updated to include checks for incorrect target paths.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2020-04-08 18:58:26 +03:00
Teodora Sechkova
77f5f730f3
Add and update tests for _check_path() method
- add a test for _check_path() method of Targets class.
- update all tests calling _check_path() respectively
- update test_tutorial

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2020-04-08 18:58:26 +03:00
Teodora Sechkova
ead737d4b0
Remove get_filepaths_in_directory() from tutorial
Replace the absolute paths returned by get_filepaths_in_directory()
in the tutorial with a hard-coded list of relaive filepaths since
add_target(s) and delegate() methods raise excception on absolute
paths.

Remove an obsolete warning about path pattern's location.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2020-04-08 18:58:26 +03:00
Teodora Sechkova
3572e73cd4
Remove secondary target path normalization
Normalization of the target path is no longer necessary
during metadata generation, since an exception is raised
earlier, on the addition of an incorrect target path or pattern.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2020-04-08 18:58:26 +03:00
Teodora Sechkova
c9b4344515
Rework _check_relpath() method
Adopt a stict behavor allowing only paths that match
the definition of a PATHPATTERN or aTARGETPATH (use the forward
slash (/) as directory separator and do not start with a
directory separator). Raise an exception otherwise.

Rename the method to a more general  _check_path().

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2020-04-08 18:58:26 +03:00
Teodora Sechkova
368be61be3
Make methods adding targets consistent
Adopt the same path verification strategy in all methods
of Targets class that add new target files by utilizing
the _check_relpath() method.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2020-04-08 18:58:26 +03:00
Teodora Sechkova
187be96889
Make methods adding 'paths' consistent
Adopt the same behavior in all methods of Targets class
(add_paths(), delegate()) that add new paths to a role.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2020-04-08 18:58:26 +03:00
Teodora Sechkova
2e84c3a9d7
Add _check_relpath() method to Targets class
This method checks if the passed path is relative and returns
the normalized path. Checks are performed without accessing the
file system.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2020-04-08 18:58:25 +03:00
lukpueh
efd901f1cc
Merge pull request #1017 from theupdateframework/dependabot/pip/certifi-2020.4.5.1
build(deps): bump certifi from 2019.11.28 to 2020.4.5.1
2020-04-08 16:56:04 +02:00
dependabot-preview[bot]
fdb86c6734
build(deps): bump certifi from 2019.11.28 to 2020.4.5.1
Bumps [certifi](https://github.com/certifi/python-certifi) from 2019.11.28 to 2020.4.5.1.
- [Release notes](https://github.com/certifi/python-certifi/releases)
- [Commits](https://github.com/certifi/python-certifi/commits)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-04-08 09:10:50 +00:00
lukpueh
eba4ad4f1e
Merge pull request #1015 from theupdateframework/dependabot/pip/cryptography-2.9
build(deps): bump cryptography from 2.8 to 2.9
2020-04-08 11:09:33 +02:00
lukpueh
c842c739ad
Merge pull request #1012 from joshuagl/joshuagl/hashed-bins-perf
Improve performance of `delegate_hashed_bins` when delegating to a large number of bins
2020-04-06 10:27:40 +02:00
Joshua Lock
6703b51a3b Improve performance of delegate_hashed_bins
Due to the performance overhead of deepcopy(), as used extensively in
roledb, the delegate function is rather slow. This is especially
noticeable when we have a large number_of_bins when calling
delegate_hashed_bins.

In order to be able to easily reduce the number of deepcopy() operations
we remove direct calls to delegate() and instead use the newly added
helper functions to replicate the behaviour, only with a single call
update to the roledb.

This improves the performance of a 16k bins delegation from a 1hr 24min
operation on my laptop to 33s.

Ideally once Issue #1005 has been properly fixed this commit can be
reverted and we can once again just call delegate() here.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-04-03 14:10:05 +01:00
Joshua Lock
9be463464c Factor out aspects of delegate() into helpers
Due to the performance overhead of deepcopy(), as used extensively in
roledb, the delegate function is rather slow. This is especially
noticeable when we have a large number_of_bins when calling
delegate_hashed_bins.

In order to be able to easily reduce the number of deepcopy() operations
we will need to to be able to replicate the logic of delegate() in
delegate_hashed_bins(), only with batched updates to the roledb.

To support that work we refactor delegate() to split out logic that will
be required in delegate_hashed_bins() into helper functions.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-04-03 14:10:05 +01:00
dependabot-preview[bot]
bbd0d5dde1
build(deps): bump cryptography from 2.8 to 2.9
Bumps [cryptography](https://github.com/pyca/cryptography) from 2.8 to 2.9.
- [Release notes](https://github.com/pyca/cryptography/releases)
- [Changelog](https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/2.8...2.9)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-04-03 10:37:44 +00:00
lukpueh
32326975e0
Merge pull request #1013 from joshuagl/joshuagl/consistency
Use consistent default value for num of hashed bins
2020-04-03 10:42:29 +02:00
Joshua Lock
c8174f5a9f Use consistent default value for num of hashed bins
delegate_hashed_bins() has a number_of_bins parameter which defaults to
1024. add_target_to_bin() and remove_target_from_bin() both have a
number_of_bins parameter with no default. This means that in the
(somewhat) unlikely case that someone is using the default
number_of_bins when creating hashed bins they will need know what that
default value is and pass it to add_target_to_bin() and
remove_target_from_bin().

In order to be consistent and simpler to use define the default number
of bins as a module level constant and use it as the default value for
the number_of_bins argument for each of:
* delegate_hashed_bins()
* add_target_to_bin()
* remove_target_from_bin()

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-04-02 21:26:24 +01:00
lukpueh
e095112be7
Merge pull request #1007 from joshuagl/joshuagl/hashed-bins
Enhancements for hashed bin delegation
2020-04-01 15:19:46 +02:00
Joshua Lock
62e4364c59 Add a test for add_target_to_bin that adds a fileinfo
Add some additional checks to test_add_target_to_bin to ensure the code
to add a target passing a fileinfo is tested.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-04-01 12:10:58 +01:00
Joshua Lock
8609927989 Factor out bin numbers calculations into a helper
Factor out code to calculate the prefix length, total number of prefixes
and number of prefixes to be allocated to each bin into a helper
function _get_bin_numbers() so that we a) do not duplicate logic,
b) can document the logic in one place and c) ensure the logic is
consistent.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-04-01 12:09:27 +01:00
Joshua Lock
05830e61a4 Remove custom parameter from add_target_to_bin()
We intend to deprecate the custom parameter of add_target() in favour
of using the fileinfo parameter with the custom value populated,
therefore it does not make sense to _add_ the custom parameter to
add_target_to_bin()

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-04-01 12:09:27 +01:00
Joshua Lock
694da236ba Test at least one delegated bin has path_hash_prefixes
When testing delegate_hashed_bins to ensure that hash_path_prefixes
map to the generated name of the bin, also check to ensure that at least
one of the delegations contains one or more path_hash_prefixes.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-04-01 12:09:27 +01:00
Joshua Lock
01498049da Add test for repo without access to target files
Test the newly added functionality to:
* add a target to the repository without access to the target file on disk
* write targets metadata without access to target files on disk, by using
  the existing fileinfo data from the roledb

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-04-01 12:09:27 +01:00
Joshua Lock
085c5480a7 Only call logger once for hashed bin info
Merge the logger calls reporting information about the hashed bin
delegations into a single logger.info() call to ensure the messages
will be grouped together even when integrated into a logging system
with multiple parallel sources.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-04-01 12:09:27 +01:00
Joshua Lock
68120baa9e Allow writing metadata without access to targets
Previously, at the time of writing targets metadata, we accessed all
targets files and ensured they exist on disk before generating a
filinfo dict containing hashes of the target file.

This change enables targets metadata to be generated using the
fileinfo data that is already stored in the roledb.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-04-01 12:09:27 +01:00
Joshua Lock
6c69daefa2 Enable passing a fileinfo to add_target[_to_bin]()
Add an additional optional parameter to add_target() and
add_target_to_bin() which is a fileinfo object matching
tuf.formats.FILEINFO_OBJECT

This parameter and the custom parameter are mutually exclusive and
thus cannot be passed at the same time.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-04-01 12:09:18 +01:00
Joshua Lock
468a380ea4 Fix replacing targets in add_targets()
Match the pattern in add_target() where if the filepath already exists
in roleinfo['paths'] it is updated to replace the existing entry with
the new fileinfo.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-04-01 12:06:50 +01:00
Joshua Lock
095fd40dcb Do not check target file exists in add_target[s]()
The file isn't strictly needed on-disk at the time add_target() and
add_targets() are called and this duplicates the check for the file's
presence in write[_all]()

By removing this check we allow extra versatility in adding targets.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-04-01 12:06:50 +01:00
Joshua Lock
642639e2af Hash target file path's as they appear in metadata
In delegate_to_hashed_bins() duplicate the code which determines the
target's file path for writing to the metadata in repository_lib's
generate_targets_metadata to ensure that the target path hashed by
delegate_hashed_bins() matches the target path in the metadata file.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-04-01 12:06:50 +01:00
Joshua Lock
78e2edfac1 Refactor delegate_hashed_bins
Simplify the delegate_hashed_bins function based on the semi-pseudo-code
by Lukas Puehringer in #995.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-04-01 12:06:50 +01:00
Joshua Lock
ab788e306a Refactor add_target_to_bin & remove_target_from_bin
Vastly simplify the implementation, using the _get_hash() and
_find_bin_for_hash() helpers added in earlier commits.

Furthermore, enable passing of the custom parameter to
add_target_to_bin() to better match add_target()

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-04-01 12:06:50 +01:00
Joshua Lock
40d1dcfa6c Add _find_bin_for_hash() helper to repository_tool
Add a helper function to determine the name of a bin that a hashed
targetfile will be delegated to.

Based sketches by Lukas Puehringer in issues #994 & #995

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-03-30 19:03:52 +01:00
Joshua Lock
eb01374c3b Add _get_hash() helper function to repository_tool
This helper will generate a hash of the passed target_filepath using the
algorithm defined by the repository_tool's HASH_FUNCTION variable.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-03-26 11:11:03 +00:00
Joshua Lock
e2407a1f66 Simplify delegated hash bin tests
As we are adding and removing items from the hashed bins and checking
for their presence/absence it's simplest if we being with the hashed
bins initially empty.

If we pass a list of targets when we call delgate_hashed_bins() the
delegated roles have an initial set of targets delegated to them,
which complicates testing of adding then removing a target to a
delegated bin.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-03-26 11:10:56 +00:00
Joshua Lock
790f21fefe Test to ensure delegated bin names match prefixes
Add test to ensure delegated bin names are consistent with the hash
prefixes that are delegated to the role.

This is an implicit assumption of the current implementation, the
testing of which will enable us to modify the code with greater
confidence.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-03-26 11:10:50 +00:00
lukpueh
c63b7f3bdc
Merge pull request #1001 from lukpueh/rm-obsolete-client-doc
Remove obsolete client documentation
2020-03-16 13:03:32 +01:00
Lukas Puehringer
7816000abc Remove incomplete and outdated client doc
An up-to-date version of the minimal client usage instructions
from client_setup_and_repository_example.md can be found in
the main TUF tutorial.

More comprehensive documentation of the tuf client can be found in
tuf/client/README.md, which also needs a revision.

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2020-03-16 10:33:57 +01:00
Lukas Puehringer
6f94aa1653 Remove link to outdated client docs in tutorial
Remove link to incomplete and severely outdated
client_setup_and_repository_example.md in client section of
TUTORIAL.md.

Instead we should link (or move the entire client tutorial part) to
tuf/client/README.md, which is more comprehensive and less outdated
than above document (see #808).

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2020-03-16 10:31:14 +01:00