docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fixing version check

This commit is contained in:
David Lawrence 2015-06-18 14:30:43 -07:00
parent c68d837670
commit 6bb833f7ff
3 changed files with 44 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Godeps/Godeps.json generated
View File

@ -47,7 +47,7 @@
}, },
{ {
"ImportPath": "github.com/endophage/gotuf", "ImportPath": "github.com/endophage/gotuf",
"Rev": "98e5e9aeb4dd213e0be82df82575930a1e6a2122" "Rev": "429e2920d26a5703bb9cbdeaf893d3b79d6b2085"
}, },
{ {
"ImportPath": "github.com/go-sql-driver/mysql", "ImportPath": "github.com/go-sql-driver/mysql",

53
Godeps/_workspace/src/github.com/endophage/gotuf/tuf.go generated vendored
View File

@ -417,11 +417,14 @@ func (tr *TufRepo) UpdateTimestamp(s *data.Signed) error {
func (tr *TufRepo) SignRoot(expires time.Time) (*data.Signed, error) { func (tr *TufRepo) SignRoot(expires time.Time) (*data.Signed, error) {
logrus.Debug("SignRoot") logrus.Debug("SignRoot")
if tr.Root.Dirty {
tr.Root.Signed.Version++
}
root := tr.keysDB.GetRole(data.ValidRoles["root"])
signed, err := tr.Root.ToSigned() signed, err := tr.Root.ToSigned()
if err != nil { if err != nil {
return nil, err return nil, err
} }
root := tr.keysDB.GetRole(data.ValidRoles["root"])
signed, err = tr.sign(signed, *root) signed, err = tr.sign(signed, *root)
if err != nil { if err != nil {
return nil, err return nil, err
@ -432,13 +435,14 @@ func (tr *TufRepo) SignRoot(expires time.Time) (*data.Signed, error) {
func (tr *TufRepo) SignTargets(role string, expires time.Time) (*data.Signed, error) { func (tr *TufRepo) SignTargets(role string, expires time.Time) (*data.Signed, error) {
logrus.Debug("SignTargets") logrus.Debug("SignTargets")
signed, err := tr.Targets[role].ToSigned()
if err != nil {
logrus.Debug("errored getting targets data.Signed object")
return nil, err
}
logrus.Debug("Got targets data.Signed object") logrus.Debug("Got targets data.Signed object")
if tr.Targets[role].Dirty { if tr.Targets[role].Dirty {
tr.Targets[role].Signed.Version++
signed, err := tr.Targets[role].ToSigned()
if err != nil {
logrus.Debug("errored getting targets data.Signed object")
return nil, err
}
targets := tr.keysDB.GetRole(role) targets := tr.keysDB.GetRole(role)
logrus.Debug("About to sign ", role) logrus.Debug("About to sign ", role)
signed, err = tr.sign(signed, *targets) signed, err = tr.sign(signed, *targets)
@ -448,8 +452,15 @@ func (tr *TufRepo) SignTargets(role string, expires time.Time) (*data.Signed, er
} }
logrus.Debug("success signing ", role) logrus.Debug("success signing ", role)
tr.Targets[role].Signatures = signed.Signatures tr.Targets[role].Signatures = signed.Signatures
return signed, nil
} else {
signed, err := tr.Targets[role].ToSigned()
if err != nil {
logrus.Debug("errored getting targets data.Signed object")
return nil, err
}
return signed, nil
} }
return signed, nil
} }
func (tr *TufRepo) SignSnapshot(expires time.Time) (*data.Signed, error) { func (tr *TufRepo) SignSnapshot(expires time.Time) (*data.Signed, error) {
@ -479,19 +490,26 @@ func (tr *TufRepo) SignSnapshot(expires time.Time) (*data.Signed, error) {
} }
tr.Targets[role].Dirty = false // target role dirty until changes captured in snapshot tr.Targets[role].Dirty = false // target role dirty until changes captured in snapshot
} }
signed, err := tr.Snapshot.ToSigned()
if err != nil {
return nil, err
}
if tr.Snapshot.Dirty { if tr.Snapshot.Dirty {
tr.Snapshot.Signed.Version++
signed, err := tr.Snapshot.ToSigned()
if err != nil {
return nil, err
}
snapshot := tr.keysDB.GetRole(data.ValidRoles["snapshot"]) snapshot := tr.keysDB.GetRole(data.ValidRoles["snapshot"])
signed, err = tr.sign(signed, *snapshot) signed, err = tr.sign(signed, *snapshot)
if err != nil { if err != nil {
return nil, err return nil, err
} }
tr.Snapshot.Signatures = signed.Signatures tr.Snapshot.Signatures = signed.Signatures
return signed, nil
} else {
signed, err := tr.Snapshot.ToSigned()
if err != nil {
return nil, err
}
return signed, nil
} }
return signed, nil
} }
func (tr *TufRepo) SignTimestamp(expires time.Time) (*data.Signed, error) { func (tr *TufRepo) SignTimestamp(expires time.Time) (*data.Signed, error) {
@ -506,8 +524,9 @@ func (tr *TufRepo) SignTimestamp(expires time.Time) (*data.Signed, error) {
return nil, err return nil, err
} }
} }
signed, err := tr.Timestamp.ToSigned()
if tr.Timestamp.Dirty { if tr.Timestamp.Dirty {
tr.Timestamp.Signed.Version++
signed, err := tr.Timestamp.ToSigned()
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -518,8 +537,14 @@ func (tr *TufRepo) SignTimestamp(expires time.Time) (*data.Signed, error) {
} }
tr.Timestamp.Signatures = signed.Signatures tr.Timestamp.Signatures = signed.Signatures
tr.Snapshot.Dirty = false // snapshot is dirty until changes have been captured in timestamp tr.Snapshot.Dirty = false // snapshot is dirty until changes have been captured in timestamp
return signed, nil
} else {
signed, err := tr.Timestamp.ToSigned()
if err != nil {
return nil, err
}
return signed, nil
} }
return signed, nil
} }
func (tr TufRepo) sign(signed *data.Signed, role data.Role) (*data.Signed, error) { func (tr TufRepo) sign(signed *data.Signed, role data.Role) (*data.Signed, error) {

8
server/version/database.go
View File

@ -30,18 +30,18 @@ func NewVersionDB(db *sql.DB) *VersionDB {
// Update multiple TUF records in a single transaction. // Update multiple TUF records in a single transaction.
// Always insert a new row. The unique constraint will ensure there is only ever // Always insert a new row. The unique constraint will ensure there is only ever
func (vdb *VersionDB) UpdateCurrent(qdn, role string, version int, data []byte) error { func (vdb *VersionDB) UpdateCurrent(qdn, role string, version int, data []byte) error {
checkStmt := "SELECT count(*) FROM `tuf_files` WHERE `qdn`=? AND `role`=? AND `version`=?;" checkStmt := "SELECT count(*) FROM `tuf_files` WHERE `qdn`=? AND `role`=? AND `version`>=?;"
insertStmt := "INSERT INTO `tuf_files` (`qdn`, `role`, `version`, `data`) VALUES (?,?,?,?) ;" insertStmt := "INSERT INTO `tuf_files` (`qdn`, `role`, `version`, `data`) VALUES (?,?,?,?) ;"
// ensure immediately previous version exists // ensure immediately previous version exists
row := vdb.QueryRow(checkStmt, qdn, role, version-1) row := vdb.QueryRow(checkStmt, qdn, role, version)
var exists int var exists int
err := row.Scan(&exists) err := row.Scan(&exists)
if err != nil { if err != nil {
return err return err
} }
if exists == 0 && version > 0 { if exists != 0 {
return fmt.Errorf("Attempting to increment version by more than 1 for QDN: %s, role: %s, version: %d", qdn, role, version) return fmt.Errorf("Attempting to write an old version for QDN: %s, role: %s, version: %d. A newer version is available.", qdn, role, version)
} }
// attempt to insert. Due to race conditions with the check this could fail. // attempt to insert. Due to race conditions with the check this could fail.