From d58bcf9c62fa29119ae3ead80ee120053d87b11a Mon Sep 17 00:00:00 2001 From: Sebastien Awwad Date: Fri, 29 Mar 2019 11:02:39 -0400 Subject: [PATCH] spec version support code cleanup Specification version now only lives in tuf/__init__.py, and will only be derived from there. Specification version info is no longer in tuf.formats, where it was previously moved from tuf.updater, since this was redundant. Also finally corrects spec version testing in test_updater.py. Signed-off-by: Sebastien Awwad --- tests/test_updater.py | 28 ++++++++++++++++++++++------ tuf/__init__.py | 8 ++++++++ tuf/client/updater.py | 11 ++++++----- tuf/formats.py | 17 ++++------------- 4 files changed, 40 insertions(+), 24 deletions(-) diff --git a/tests/test_updater.py b/tests/test_updater.py index d576397e74..f798535605 100644 --- a/tests/test_updater.py +++ b/tests/test_updater.py @@ -752,8 +752,11 @@ def test_3__get_metadata_file(self): badly-formatted TUF specification version numbers.... ''' - valid_tuf_version = tuf.formats.TUF_VERSION_NUMBER - tuf.formats.TUF_VERSION_NUMBER = '9.0' + # Make note of the correct supported TUF specification version. + correct_specification_version = tuf.SPECIFICATION_VERSION + + # Change it long enough to write new metadata. + tuf.SPECIFICATION_VERSION = '9.0' repository = repo_tool.load_repository(self.repository_directory) repository.timestamp.load_signing_key(self.role_keys['timestamp']['private']) @@ -764,6 +767,12 @@ def test_3__get_metadata_file(self): shutil.copytree(os.path.join(self.repository_directory, 'metadata.staged'), os.path.join(self.repository_directory, 'metadata')) + + # Change the supported TUF specification version back to what it should be + # so that we can parse the metadata and see that the spec version in the + # metadata does not match the code's expected spec version. + tuf.SPECIFICATION_VERSION = correct_specification_version + upperbound_filelength = tuf.settings.DEFAULT_TIMESTAMP_REQUIRED_LENGTH try: self.repository_updater._get_metadata_file('timestamp', 'timestamp.json', @@ -784,7 +793,8 @@ def test_3__get_metadata_file(self): 'No error was raised.') # Test for an improperly formatted TUF version number. - tuf.formats.TUF_VERSION_NUMBER = 'BAD' + # Tell the TUF code to write 'BAD' as its specification version number. + tuf.SPECIFICATION_VERSION = 'BAD' repository = repo_tool.load_repository(self.repository_directory) repository.timestamp.load_signing_key(self.role_keys['timestamp']['private']) repository.writeall() @@ -794,6 +804,11 @@ def test_3__get_metadata_file(self): shutil.copytree(os.path.join(self.repository_directory, 'metadata.staged'), os.path.join(self.repository_directory, 'metadata')) + # Change the supported TUF specification version back to what it should be, + # so that code expects the correct specification version, and gets nonsense + # instead. + tuf.SPECIFICATION_VERSION = correct_specification_version + try: self.repository_updater._get_metadata_file('timestamp', 'timestamp.json', upperbound_filelength, 1) @@ -808,9 +823,10 @@ def test_3__get_metadata_file(self): 'specification version number that was not in the correct format. ' 'No error was raised.') - # Reset the TUF_VERSION_NUMBER so that subsequent unit tests use the - # expected value. - tuf.formats.TUF_VERSION_NUMBER = valid_tuf_version + # REDUNDANTLY reset the specification version the code thinks it supports + # as the last step in this test, in case future changes to the tests above + # neglect to reset it above.... + tuf.SPECIFICATION_VERSION = correct_specification_version diff --git a/tuf/__init__.py b/tuf/__init__.py index 179d835ad6..c2a1841250 100755 --- a/tuf/__init__.py +++ b/tuf/__init__.py @@ -3,3 +3,11 @@ # Currently, when the version is changed, it must be set in both locations. # TODO: Single-source the version number. __version__ = "0.11.2.dev3" + +# This reference implementation produces metadata intended to conform to +# version 1.0 of the TUF specification, and is expected to consume metadata +# conforming to version 1.0 of the TUF specification. +# All downloaded metadata must be equal to our supported major version of 1. +# For example, "1.4.3" and "1.0.0" are supported. "2.0.0" is not supported. +# See https://github.com/theupdateframework/specification +SPECIFICATION_VERSION = '1.0' diff --git a/tuf/client/updater.py b/tuf/client/updater.py index 425b7fb819..dce02f9f6b 100755 --- a/tuf/client/updater.py +++ b/tuf/client/updater.py @@ -1493,14 +1493,15 @@ def _get_metadata_file(self, metadata_role, remote_filename, # number, the new metadata is safe to parse. try: metadata_spec_version = metadata_signable['signed']['spec_version'] - spec_major_version = int(metadata_spec_version.split('.')[0]) - if spec_major_version != tuf.formats.SUPPORTED_MAJOR_VERSION: + metadata_spec_major_version = int(metadata_spec_version.split('.')[0]) + code_spec_major_version = int(tuf.SPECIFICATION_VERSION.split('.')[0]) + + if metadata_spec_major_version != code_spec_major_version: raise tuf.exceptions.UnsupportedSpecificationError( 'Downloaded metadata that specifies an unsupported ' 'spec_version. This code supports major version number: ' + - repr(tuf.formats.SUPPORTED_MAJOR_VERSION) + '; however, the ' - 'obtained metadata lists version number: ' + - str(metadata_spec_version)) + repr(code_spec_major_version) + '; however, the obtained ' + 'metadata lists version number: ' + str(metadata_spec_version)) except (ValueError, TypeError): raise securesystemslib.exceptions.FormatError('Improperly' diff --git a/tuf/formats.py b/tuf/formats.py index 9b32f0f47a..78a03a20c2 100755 --- a/tuf/formats.py +++ b/tuf/formats.py @@ -87,15 +87,6 @@ import six -# TUF specification version. The constant should be updated when the version -# number of the specification changes. All metadata should list this version -# number. -# Metadata includes the specification version number that it follows. -# All downloaded metadata must be equal to our supported major version of 1. -# For example, "1.4.3" and "1.0.0" are supported. "2.0.0" is not supported. -TUF_VERSION_NUMBER = '1.0' -SUPPORTED_MAJOR_VERSION = int(TUF_VERSION_NUMBER.split('.')[0]) - SPECIFICATION_VERSION_SCHEMA = SCHEMA.AnyString() # A datetime in 'YYYY-MM-DDTHH:MM:SSZ' ISO 8601 format. The "Z" zone designator @@ -543,7 +534,7 @@ def from_metadata(timestamp_metadata): @staticmethod def make_metadata(version, expiration_date, filedict): result = {'_type' : 'timestamp'} - result['spec_version'] = TUF_VERSION_NUMBER + result['spec_version'] = tuf.SPECIFICATION_VERSION result['version'] = version result['expires'] = expiration_date result['meta'] = filedict @@ -583,7 +574,7 @@ def from_metadata(root_metadata): @staticmethod def make_metadata(version, expiration_date, keydict, roledict, consistent_snapshot): result = {'_type' : 'root'} - result['spec_version'] = TUF_VERSION_NUMBER + result['spec_version'] = tuf.SPECIFICATION_VERSION result['version'] = version result['expires'] = expiration_date result['keys'] = keydict @@ -623,7 +614,7 @@ def from_metadata(snapshot_metadata): @staticmethod def make_metadata(version, expiration_date, versiondict): result = {'_type' : 'snapshot'} - result['spec_version'] = TUF_VERSION_NUMBER + result['spec_version'] = tuf.SPECIFICATION_VERSION result['version'] = version result['expires'] = expiration_date result['meta'] = versiondict @@ -671,7 +662,7 @@ def make_metadata(version, expiration_date, filedict=None, delegations=None): ' empty targets metadata.') result = {'_type' : 'targets'} - result['spec_version'] = TUF_VERSION_NUMBER + result['spec_version'] = tuf.SPECIFICATION_VERSION result['version'] = version result['expires'] = expiration_date result['targets'] = {}