Merge pull request #844 from theupdateframework/improve_spec_version_…

…handling_2 Specification version support code cleanup
theupdateframework · Mar 29, 2019 · 3a4c613 · 3a4c613
2 parents 7a3b04c + d58bcf9
commit 3a4c613
Show file tree

Hide file tree

Showing 4 changed files with 40 additions and 24 deletions.
diff --git a/tests/test_updater.py b/tests/test_updater.py
@@ -752,8 +752,11 @@ def test_3__get_metadata_file(self):
     badly-formatted TUF specification version numbers....
     '''
 
-    valid_tuf_version = tuf.formats.TUF_VERSION_NUMBER
-    tuf.formats.TUF_VERSION_NUMBER = '9.0'
+    # Make note of the correct supported TUF specification version.
+    correct_specification_version = tuf.SPECIFICATION_VERSION
+
+    # Change it long enough to write new metadata.
+    tuf.SPECIFICATION_VERSION = '9.0'
 
     repository = repo_tool.load_repository(self.repository_directory)
     repository.timestamp.load_signing_key(self.role_keys['timestamp']['private'])
@@ -764,6 +767,12 @@ def test_3__get_metadata_file(self):
     shutil.copytree(os.path.join(self.repository_directory, 'metadata.staged'),
                     os.path.join(self.repository_directory, 'metadata'))
 
+
+    # Change the supported TUF specification version back to what it should be
+    # so that we can parse the metadata and see that the spec version in the
+    # metadata does not match the code's expected spec version.
+    tuf.SPECIFICATION_VERSION = correct_specification_version
+
     upperbound_filelength = tuf.settings.DEFAULT_TIMESTAMP_REQUIRED_LENGTH
     try:
       self.repository_updater._get_metadata_file('timestamp', 'timestamp.json',
@@ -784,7 +793,8 @@ def test_3__get_metadata_file(self):
           'No error was raised.')
 
     # Test for an improperly formatted TUF version number.
-    tuf.formats.TUF_VERSION_NUMBER = 'BAD'
+    # Tell the TUF code to write 'BAD' as its specification version number.
+    tuf.SPECIFICATION_VERSION = 'BAD'
     repository = repo_tool.load_repository(self.repository_directory)
     repository.timestamp.load_signing_key(self.role_keys['timestamp']['private'])
     repository.writeall()
@@ -794,6 +804,11 @@ def test_3__get_metadata_file(self):
     shutil.copytree(os.path.join(self.repository_directory, 'metadata.staged'),
                     os.path.join(self.repository_directory, 'metadata'))
 
+    # Change the supported TUF specification version back to what it should be,
+    # so that code expects the correct specification version, and gets nonsense
+    # instead.
+    tuf.SPECIFICATION_VERSION = correct_specification_version
+
     try:
       self.repository_updater._get_metadata_file('timestamp', 'timestamp.json',
       upperbound_filelength, 1)
@@ -808,9 +823,10 @@ def test_3__get_metadata_file(self):
           'specification version number that was not in the correct format.  '
           'No error was raised.')
 
-    # Reset the TUF_VERSION_NUMBER so that subsequent unit tests use the
-    # expected value.
-    tuf.formats.TUF_VERSION_NUMBER = valid_tuf_version
+    # REDUNDANTLY reset the specification version the code thinks it supports
+    # as the last step in this test, in case future changes to the tests above
+    # neglect to reset it above....
+    tuf.SPECIFICATION_VERSION = correct_specification_version
 
 
 

diff --git a/tuf/__init__.py b/tuf/__init__.py
@@ -3,3 +3,11 @@
 # Currently, when the version is changed, it must be set in both locations.
 # TODO: Single-source the version number.
 __version__ = "0.11.2.dev3"
+
+# This reference implementation produces metadata intended to conform to
+# version 1.0 of the TUF specification, and is expected to consume metadata
+# conforming to version 1.0 of the TUF specification.
+# All downloaded metadata must be equal to our supported major version of 1.
+# For example, "1.4.3" and "1.0.0" are supported.  "2.0.0" is not supported.
+# See https://github.com/theupdateframework/specification
+SPECIFICATION_VERSION = '1.0'
diff --git a/tuf/client/updater.py b/tuf/client/updater.py
@@ -1493,14 +1493,15 @@ def _get_metadata_file(self, metadata_role, remote_filename,
         # number, the new metadata is safe to parse.
         try:
           metadata_spec_version = metadata_signable['signed']['spec_version']
-          spec_major_version = int(metadata_spec_version.split('.')[0])
-          if spec_major_version != tuf.formats.SUPPORTED_MAJOR_VERSION:
+          metadata_spec_major_version = int(metadata_spec_version.split('.')[0])
+          code_spec_major_version = int(tuf.SPECIFICATION_VERSION.split('.')[0])
+
+          if metadata_spec_major_version != code_spec_major_version:
             raise tuf.exceptions.UnsupportedSpecificationError(
                 'Downloaded metadata that specifies an unsupported '
                 'spec_version.  This code supports major version number: ' +
-                repr(tuf.formats.SUPPORTED_MAJOR_VERSION) + '; however, the '
-                'obtained metadata lists version number: ' +
-                str(metadata_spec_version))
+                repr(code_spec_major_version) + '; however, the obtained '
+                'metadata lists version number: ' + str(metadata_spec_version))
 
         except (ValueError, TypeError):
           raise securesystemslib.exceptions.FormatError('Improperly'

diff --git a/tuf/formats.py b/tuf/formats.py
@@ -87,15 +87,6 @@
 import six
 
 
-# TUF specification version.  The constant should be updated when the version
-# number of the specification changes.  All metadata should list this version
-# number.
-# Metadata includes the specification version number that it follows.
-# All downloaded metadata must be equal to our supported major version of 1.
-# For example, "1.4.3" and "1.0.0" are supported.  "2.0.0" is not supported.
-TUF_VERSION_NUMBER = '1.0'
-SUPPORTED_MAJOR_VERSION = int(TUF_VERSION_NUMBER.split('.')[0])
-
 SPECIFICATION_VERSION_SCHEMA = SCHEMA.AnyString()
 
 # A datetime in 'YYYY-MM-DDTHH:MM:SSZ' ISO 8601 format.  The "Z" zone designator
@@ -543,7 +534,7 @@ def from_metadata(timestamp_metadata):
   @staticmethod
   def make_metadata(version, expiration_date, filedict):
     result = {'_type' : 'timestamp'}
-    result['spec_version'] = TUF_VERSION_NUMBER
+    result['spec_version'] = tuf.SPECIFICATION_VERSION
     result['version'] = version
     result['expires'] = expiration_date
     result['meta'] = filedict
@@ -583,7 +574,7 @@ def from_metadata(root_metadata):
   @staticmethod
   def make_metadata(version, expiration_date, keydict, roledict, consistent_snapshot):
     result = {'_type' : 'root'}
-    result['spec_version'] = TUF_VERSION_NUMBER
+    result['spec_version'] = tuf.SPECIFICATION_VERSION
     result['version'] = version
     result['expires'] = expiration_date
     result['keys'] = keydict
@@ -623,7 +614,7 @@ def from_metadata(snapshot_metadata):
   @staticmethod
   def make_metadata(version, expiration_date, versiondict):
     result = {'_type' : 'snapshot'}
-    result['spec_version'] = TUF_VERSION_NUMBER
+    result['spec_version'] = tuf.SPECIFICATION_VERSION
     result['version'] = version
     result['expires'] = expiration_date
     result['meta'] = versiondict
@@ -671,7 +662,7 @@ def make_metadata(version, expiration_date, filedict=None, delegations=None):
         ' empty targets metadata.')
 
     result = {'_type' : 'targets'}
-    result['spec_version'] = TUF_VERSION_NUMBER
+    result['spec_version'] = tuf.SPECIFICATION_VERSION
     result['version'] = version
     result['expires'] = expiration_date
     result['targets'] = {}