-
Notifications
You must be signed in to change notification settings - Fork 107
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: configurable temp file directory #638
fix: configurable temp file directory #638
Conversation
Codecov ReportAttention: Patch coverage is
❗ Your organization needs to install the Codecov GitHub app to enable full functionality. Additional details and impacted files@@ Coverage Diff @@
## master #638 +/- ##
==========================================
+ Coverage 70.51% 73.27% +2.75%
==========================================
Files 10 10
Lines 2123 1635 -488
==========================================
- Hits 1497 1198 -299
+ Misses 505 322 -183
+ Partials 121 115 -6 ☔ View full report in Codecov by Sentry. |
e7bb364
to
1a40475
Compare
I can see where you're coming from, but before we remove it, do we know why it is there in the first place? We wouldn't want to accidentally run into the risk of removing a Chesterton fence... |
@trishankatdatadog it appears that the temp file and rename logic is here to produce an atomic file write so that there is never a partially written or 0-byte file for persisted metadata. Although, the go-tuf edit: opened #639 and moved summary there |
Excellent summary, thanks very much, @mrjoelkamp! I suspect you are right that this is a reliability but not a security issue, and so I don't mind Option 2. @JustinCappos do you see any security issues? If not, we should be able to simplify the code. |
I'm more concerned about a file being verified, being overwritten, and then being re-read with the assumption it was verified. Could this occur? |
I just looked to python-tuf for consistency between the two clients, which leads me to think that option 1 is probably best to keep them the same, see #639 (comment) I also think I found the culprit for the windows |
No, whenever the metadata files are read from persisted storage in |
1a40475
to
5eb28f2
Compare
Signed-off-by: mrjoelkamp <joel.kamp@docker.com>
5eb28f2
to
bba12ec
Compare
Okay, and one other related question. Could one possibly use this to overwrite old, cached files in some way? (I don't see how, but wanted to ask.) If not then I don't have any concerns... |
|
This looks good to me. Do you think we need any regression test at least for this behaviour? |
Before these changes I'd say yes, but now that this removes |
Got it. I'll let @kommendorkapten or @rdimitrov approve this PR since they have more SITG than I do here 🙂 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is awesome, very pleased to se that we are now back to using os.Rename
. Thank you so much for this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good! 🚀
I have to check the code again but for future work I'm thinking that we can get this a step further and use memfs so we don't rely on having any disk permissions at all.
In any case thank you for addressing this @mrjoelkamp 🙏
Just to clarify, this already exists today: https://github.com/theupdateframework/go-tuf/blob/master/metadata/config/config.go#L42
|
Funny that I added it and then forgot about its existence 😃 |
😄 no problem! I did see that option, however we do need cache enabled for performance. |
Summary
When cache is enabled, using the current working directory (cwd) for temporary file storage has been a bit problematic for container based workflows and various operating systems.
This is especially true for k8s workloads that have
readOnlyRootFilesystem
set, which is a security best practice. The creation of the temporary file in the working directory is not permitted with a read-only root filesystem.Changes
update.cfg.LocalMetadataDir
for temporary file storage, so that it can be configured to a writable volume.moveFile
as it is no longer neededrepository_similator_setup.go
leading toos.Rename
error on windowsfixes
#639