mirror of
https://github.com/theupdateframework/python-tuf
synced 2026-05-24 10:08:28 +00:00
7d926720d1
Add support for prefixing targets with their hashes when downloading or using HASH.FILENAME.EXT as target names. The introduction of prefix_targets_with_hash was necessary, because there are use cases like Warehouse where you could use consistent_snapshot, but without adding a hash prefix to your targets. When prefix_targets_with_hash is set to True, target files conforming the format HASH.FILENAME.EXT will be downloaded from the server, but they will be saved on the client side without their hash prefixes or FILENAME.EXT. This makes sure the client won't understand the usage of prefix_targets_with_hash. Still, if you want to use HASH.FILENAME.EXT as target names when downloading, then additionally you need to provide consistent_snapshot set to True in your root.json. The reason is that the specification uses consistent_snapshot for the same purpose: "If consistent snapshots are not used (see § 6.2 Consistent snapshots), then the filename used to download the target file is of the fixed form FILENAME.EXT (e.g., foobar.tar.gz). Otherwise, the filename is of the form HASH.FILENAME.EXT (e.g., c14aeb4ac9f4a8fc0d83d12482b9197452f6adf3eb710e3b1e2b79e8d14cb681.foobar.tar.gz), where HASH is one of the hashes of the targets file listed in the targets metadata file found earlier in step § 5.6 Update the targets role. In either case, the client MUST write the file to non-volatile storage as FILENAME.EXT." The same behavior of using two flags is used in the legacy code when calling tuf.client.updater.download_target() in a repository using prefix_targets_with_hash and consistent_snapshot. See chapter 5.7.3: https://theupdateframework.github.io/specification/latest/index.html#fetch-target By default, prefix_targets_with_hash is set to true to make it easier to the user to provide uniquely identifiable targets file names by using consistent_snapshot set to True. Signed-off-by: Martin Vrachev <mvrachev@vmware.com> |
||
|---|---|---|
| .. | ||
| repository_data | ||
| ssl_certs | ||
| .coveragerc | ||
| __init__.py | ||
| aggregate_tests.py | ||
| fast_server_exit.py | ||
| simple_https_server.py | ||
| simple_server.py | ||
| slow_retrieval_server.py | ||
| test_api.py | ||
| test_arbitrary_package_attack.py | ||
| test_developer_tool.py | ||
| test_download.py | ||
| test_endless_data_attack.py | ||
| test_extraneous_dependencies_attack.py | ||
| test_fetcher.py | ||
| test_formats.py | ||
| test_indefinite_freeze_attack.py | ||
| test_key_revocation_integration.py | ||
| test_keydb.py | ||
| test_log.py | ||
| test_metadata_serialization.py | ||
| test_mirrors.py | ||
| test_mix_and_match_attack.py | ||
| test_multiple_repositories_integration.py | ||
| test_replay_attack.py | ||
| test_repository_lib.py | ||
| test_repository_tool.py | ||
| test_roledb.py | ||
| test_root_versioning_integration.py | ||
| test_sig.py | ||
| test_slow_retrieval_attack.py | ||
| test_trusted_metadata_set.py | ||
| test_tutorial.py | ||
| test_unittest_toolbox.py | ||
| test_updater.py | ||
| test_updater_ng.py | ||
| test_updater_root_rotation_integration.py | ||
| test_utils.py | ||
| utils.py | ||