Fix repo update order (Director first) by awwad · Pull Request #179 · uptane/obsolete-reference-implementation

demo/pinned.json

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -10,7 +10,7 @@
  
      "delegations": [

        {

          "paths": ["*"],

          "repositories": ["imagerepo", "director"]

          "repositories": ["director", "imagerepo"]

        }

      ]

    }

demo/pinned_primary_template.json

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -10,7 +10,7 @@
  
      "delegations": [

        {

          "paths": ["*"],

          "repositories": ["imagerepo", "director"]

          "repositories": ["director", "imagerepo"]

        }

      ]

    }

demo/pinned_secondary_template.json

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -10,7 +10,7 @@
  
      "delegations": [

        {

          "paths": ["*"],

          "repositories": ["imagerepo", "director"]

          "repositories": ["director", "imagerepo"]

        }

      ]

    }

tests/test_data/pinned.json

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -10,7 +10,7 @@
  
      "delegations": [

        {

          "paths": ["*"],

          "repositories": ["imagerepo", "director"]

          "repositories": ["director", "imagerepo"]

        }

      ]

    }

tests/test_primary.py

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -708,7 +708,7 @@ def test_25_generate_signed_vehicle_manifest(self):
  
      def test_30_refresh_toplevel_metadata_from_repositories(self):

      def test_30_refresh_toplevel_metadata(self):

        # Check that in the fresh temp directory for this test Primary client,

        # there aren't any metadata files except root.json yet.

    @@ -720,7 +720,7 @@ def test_30_refresh_toplevel_metadata_from_repositories(self):
  
            sorted(os.listdir(TEST_IMAGE_REPO_METADATA_DIR)))

        try:

          TestPrimary.instance.refresh_toplevel_metadata_from_repositories()

          TestPrimary.instance.refresh_toplevel_metadata()

        except (URLError, tuf.NoWorkingMirrorError) as e:

          pass

        else:

uptane/clients/primary.py

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -177,7 +177,7 @@ class Primary(object): # Consider inheriting from Secondary and refactoring.
  
        Lower-level methods called by primary_update_cycle() to perform retrieval

        and validation of metadata and data from central services:

          refresh_toplevel_metadata_from_repositories()

          refresh_toplevel_metadata()

          get_target_list_from_director()

          get_validated_target_info()

    @@ -332,16 +332,35 @@ def __init__(
  
      def refresh_toplevel_metadata_from_repositories(self):

      def refresh_toplevel_metadata(self):

        """

        Refreshes client's metadata for the top-level roles:

          root, targets, snapshot, and timestamp

        See tuf.client.updater.Updater.refresh() for details, or the

        Uptane Implementation Specification, section 8.3.2 (Full Verification of

        Metadata).

        Uptane Standard, section 5.4.4.2 (Full Verification).

        # TODO: This function is duplicated in primary.py and secondary.py. It must

        #       be moved to a general client.py as part of a fix to issue #14

        #       (github.com/uptane/uptane/issues/14).

         This can raise TUF update exceptions like

          - tuf.ExpiredMetadataError:

              if after attempts to update the Root metadata succeeded or failed,

              whatever currently trusted Root metadata we ended up with was expired.

          - tuf.NoWorkingMirrorError:

              if we could not obtain and verify all necessary metadata

        """

        self.updater.refresh()

        # Refresh the Director first, per the Uptane Standard.

        self.updater.refresh(repo_name=self.director_repo_name)

        # Now that we've dealt with the Director repository, deal with any and all

        # other repositories, presumably Image Repositories.

        for repository_name in self.updater.repositories:

          if repository_name == self.director_repo_name:

            continue

          self.updater.refresh(repo_name=repository_name)

    @@ -492,7 +511,7 @@ def primary_update_cycle(self):
  
              file of type tuf.conf.METADATA_FORMAT.

        """

        log.debug('Refreshing top level metadata from all repositories.')

        self.refresh_toplevel_metadata_from_repositories()

        self.refresh_toplevel_metadata()

        # Get the list of targets the director expects us to download and update to.

        # Note that at this line, this target info is not yet validated with the

uptane/clients/secondary.py

-Original file line number
+Diff line change
@@ Expand Up / @@ -470,6 +470,40 @@ def update_time(self, timeserver_attestation): @@
+      def refresh_toplevel_metadata(self):
+        """
+        Refreshes client's metadata for the top-level roles:
+          root, targets, snapshot, and timestamp
+        See tuf.client.updater.Updater.refresh() for details, or the
+        Uptane Standard, section 5.4.4.2 (Full Verification).
+        # TODO: This function is duplicated in primary.py and secondary.py. It must
+        #       be moved to a general client.py as part of a fix to issue #14
+        #       (github.com/uptane/uptane/issues/14).
+         This can raise TUF update exceptions like
+          - tuf.ExpiredMetadataError:
+              if after attempts to update the Root metadata succeeded or failed,
+              whatever currently trusted Root metadata we ended up with was expired.
+          - tuf.NoWorkingMirrorError:
+              if we could not obtain and verify all necessary metadata
+        """
+        # Refresh the Director first, per the Uptane Standard.
+        self.updater.refresh(repo_name=self.director_repo_name)
+        # Now that we've dealt with the Director repository, deal with any and all
+        # other repositories, presumably Image Repositories.
+        for repository_name in self.updater.repositories:
+          if repository_name == self.director_repo_name:
+            continue
+          self.updater.refresh(repo_name=repository_name)
       def fully_validate_metadata(self):
         """
         Treats the unvalidated metadata obtained from the Primary (which the
@@ Expand Down Expand Up / @@ -504,7 +538,7 @@ def fully_validate_metadata(self): @@
         """
         # Refresh the top-level metadata first (all repositories).
-        self.updater.refresh()
+        self.refresh_toplevel_metadata()
         validated_targets_for_this_ecu = []
@@ Expand Down @@

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix repo update order (Director first) #179

Uh oh!

Diff view

Diff view

There are no files selected for viewing