5acab543e4
Update the client to have an old builder and a new builder, and to only use
...
cached version numbers to check downloaded version numbers of cached data
validates against the old builder.
This also removes the `GetRepo` function of the builder and adds some data
accessors instead that are necessary to do a consistent download and check
versions, that way the downloader doesn't need to fish around in the repo
itself for data in order to figure out what to download.
Signed-off-by: Ying Li <ying.li@docker.com>
2016-04-27 10:58:58 -07:00
5f3eaf411b
Update the downloading client to use the builder.
...
Delete the remaining TUF client download tests because they are already covered by
the client update tests.
Signed-off-by: Ying Li <ying.li@docker.com>
2016-04-27 10:58:57 -07:00
053c2a5a79
Remove a redundant ErrChecksumMismatch error in tuf/client, since we
...
already have a ErrMismatchedChecksum in tuf/data/errors.
Also, have the CheckHashes function take a role name so that the
ErrMismatchedChecksum error can include the role name.
Signed-off-by: Ying Li <ying.li@docker.com>
2016-04-20 11:08:03 -07:00
0a60261fab
Use constant for root role
...
Signed-off-by: Hu Keping <hukeping@huawei.com>
2016-03-29 07:08:23 +08:00
ddff581bd8
Use constant for targets role
...
Signed-off-by: Hu Keping <hukeping@huawei.com>
2016-03-29 07:08:16 +08:00
67b0ec3771
Use constant for snapshot
...
Signed-off-by: Hu Keping <hukeping@huawei.com>
2016-03-28 17:21:24 +08:00
2136ca54ba
[MISC 4/4] distinguish nil and empty map
...
Since the function len(X) will return 0 no matter X is nil or
an empty map.
We should distinguish that.
Signed-off-by: Hu Keping <hukeping@huawei.com>
2016-03-11 17:24:47 +08:00
bf97855897
[PATCH 6/8] Add sha512 check when downloading TUF roles
...
Since the timestamp role need not the hash checking during the downloading,
thi patch only includes:
- snapshot.json
- root.json
- target.json
Signed-off-by: Hu Keping <hukeping@huawei.com>
2016-03-11 10:44:56 +08:00
a7153aeccb
WalkTargets on tuf repo, use in getting targets/roles
...
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-02-23 11:55:31 -08:00
9e9802bdd0
Merge pull request #573 from docker/validate-meta-on-parse
...
Adds extra validation when calling `XFromSigned` functions
2016-02-23 10:17:02 -08:00
1e99830716
check validity of children during download and don't overwrite already loaded children
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-02-22 20:47:58 -08:00
d8938f76e7
When downloading snapshot, return ErrNotLoaded if timestamp hasn't been loaded. Similarly for targets.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2016-02-22 19:16:32 -08:00
314cfb9a17
Add targets metadata validation to the targets data structure
...
Signed-off-by: Ying Li <ying.li@docker.com>
2016-02-22 19:16:32 -08:00
8335d194ce
Add timestamp metadata validation to the timestamp data structure
...
Signed-off-by: Ying Li <ying.li@docker.com>
2016-02-22 19:16:32 -08:00
c625402ef7
Merge pull request #572 from docker/per-metadata-type-mutation
...
Per metadata type mutation tests
2016-02-22 16:34:33 -08:00
3a5fbf0033
remove path hash prefix from TargetsDelegations
...
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-02-18 17:40:50 -08:00
14edbe33e1
add snapshot meta check in download root, update tests
...
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-02-17 19:40:11 -08:00
d1ac37fd33
addressing review comments
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-02-17 16:31:48 -08:00
1db128778d
completely removing KeyDB
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-02-16 21:11:13 -08:00
b46391ee8f
Remove RoleWithKeys
...
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-02-16 10:07:00 -08:00
ac265186ee
Rename repo.GetRole to repo.GetRoleWithNames and use the Keys data structure more.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2016-02-11 09:51:08 -08:00
c88461d485
Change the client to pass the RoleWithKeys to signed.Verify instead of a KeyDB.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2016-02-10 15:21:05 -08:00
1bf3dd08db
Addressing comments from review
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-02-01 17:21:25 -08:00
dec9a5a95c
cleaning up some dead code and fixing memorystore consistency
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-01-29 16:52:58 -08:00
637a2331d4
client side of consistent downloads
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-01-29 16:52:58 -08:00
237561a2a9
Fixed timestamp downloading so if verification fails, we fall back to cached.
...
Signed-off-by: Ying Li <ying.li@docker.com>
Conflicts:
tuf/client/client.go
2016-01-29 11:05:21 -08:00
41643d4a9c
make -1 read up to 100MB of data, use for non-timestamps. Reduce
...
timestamp to 1MB max
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-01-28 10:17:17 -08:00
a6159a45d1
ensure filestore GetMeta only returns up to size bytes. Standardize constant for max size
...
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-01-28 10:16:19 -08:00
ceca4c233e
move verifier and update logs down to debug level
...
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-01-26 23:02:54 -08:00
dde9531b4a
Fix an error where we get a JSON syntax error on server 404 or 50X.
...
We were testing to see if the cached metadata was nil, but we actually
set it to an empty data.Signed object, but didn't always set it to nil
if we failed to get local metadata.
Signed-off-by: Ying Li <ying.li@docker.com>
2016-01-21 13:23:30 -08:00
36684a3290
Use cached timestamp if we get a 404 when updating timestamp.
...
We use the cached timestamp for all other errors, so this makes the
error consistent. The only special metadata is the root.json, where a 404
signifies that the repository doesn't exist. Also update the message
when a cached timestamp is used.
Signed-off-by: Ying Li <ying.li@docker.com>
2016-01-21 13:23:16 -08:00
ef3932d6b1
Fix a wrong function call
...
Signed-off-by: Hu Keping <hukeping@huawei.com>
2016-01-18 19:27:28 +08:00
72c209083a
Improve client logging
...
Signed-off-by: Hu Keping <hukeping@huawei.com>
2016-01-14 14:40:39 +08:00
d52dbde683
removing the ability to configure role names. It adds a lot of complexity without adding much value. If somebody wants custom role names they can implement it at the display level
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-01-07 17:38:05 -08:00
c826329d66
improve message for ErrMetaNotFound
...
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-01-06 11:50:43 -08:00
30c488b3b4
Merge pull request #393 from docker/path-fix
...
use path instead of filepath to express TUF roles
2016-01-04 19:26:13 -08:00
077c28b65d
Use path operation for delegation role check, update RoleTargetsPath to
...
use path for role name URL
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-01-04 16:23:02 -08:00
ecd96c8218
Fix potential infinite loop in tuf/Client.TargetMeta
...
Signed-off-by: Ying Li <ying.li@docker.com>
2016-01-04 10:50:35 -08:00
9252d9d892
Update client.Target to include a RoleName, so we know where the target is when listed.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2016-01-04 10:49:54 -08:00
2900423fa2
Minor error message changes
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-22 16:29:28 -08:00
3ecba24410
When publishing, also publish all the dirty targets roles.
...
This is in addition to the canonical targets role, which always gets
re-signed and publish (we may want to revisit this later).
This makes some tests pass - still need to do fallback of roles
and publishing a created delegation role without necessarily
having the signing key for that role.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-18 16:37:24 -08:00
d49228ad70
fixing copy paste bad var name
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-18 11:54:01 -08:00
882df3d429
downloadTargets should continue on ErrMissingMeta, not ErrMetaNotFound. ErrMetaNotFoudn will ocurr when we expect to find the data and don't. ErrMissingMeta indicates it's not in the snapshot and that's OK for targets delegations (technically it's OK for the targets role too, indicating simply an empty repository with lazy targets file creation).
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-18 11:33:50 -08:00
594049b24f
fixing download to continue if we get ErrMetaNotFound
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-17 15:53:57 -08:00
f72f799806
fixing up ListTargets and GetTargetByName to process prioritized roles more efficiently
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-17 14:56:05 -08:00
4243b258b3
making GetTargetsByName work with delegations
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-17 10:46:41 -08:00
8f7e7adcef
making stack thread safe
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-17 10:09:34 -08:00
33d39afdf5
download all delegated roles when doing downloadTargets
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-17 10:09:34 -08:00
29ae808472
Don't compute an unnecessary cryptographic hash
...
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2015-11-02 15:27:02 +01:00
2833a88292
adding gotuf to notary
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-10-27 16:36:06 -07:00
Ying Li
HuKeping
Riyaz Faizullabhoy
David Lawrence
David Lawrence
Ying Li
Diogo Mónica
Miloslav Trmač