forked from theupdateframework/go-tuf
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathupdater.go
737 lines (700 loc) · 25.2 KB
/
updater.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
// Copyright 2024 The Update Framework Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License
//
// SPDX-License-Identifier: Apache-2.0
//
package updater
import (
"encoding/hex"
"errors"
"fmt"
"io"
"net/http"
"net/url"
"os"
"path/filepath"
"regexp"
"strconv"
"strings"
"time"
"github.com/theupdateframework/go-tuf/v2/metadata"
"github.com/theupdateframework/go-tuf/v2/metadata/config"
"github.com/theupdateframework/go-tuf/v2/metadata/trustedmetadata"
)
// Client update workflow implementation
//
// The "Updater" provides an implementation of the TUF client workflow (ref. https://theupdateframework.github.io/specification/latest/#detailed-client-workflow).
// "Updater" provides an API to query available targets and to download them in a
// secure manner: All downloaded files are verified by signed metadata.
// High-level description of "Updater" functionality:
// - Initializing an "Updater" loads and validates the trusted local root
// metadata: This root metadata is used as the source of trust for all other
// metadata.
// - Refresh() can optionally be called to update and load all top-level
// metadata as described in the specification, using both locally cached
// metadata and metadata downloaded from the remote repository. If refresh is
// not done explicitly, it will happen automatically during the first target
// info lookup.
// - Updater can be used to download targets. For each target:
// - GetTargetInfo() is first used to find information about a
// specific target. This will load new targets metadata as needed (from
// local cache or remote repository).
// - FindCachedTarget() can optionally be used to check if a
// target file is already locally cached.
// - DownloadTarget() downloads a target file and ensures it is
// verified correct by the metadata.
type Updater struct {
trusted *trustedmetadata.TrustedMetadata
cfg *config.UpdaterConfig
}
type roleParentTuple struct {
Role string
Parent string
}
// New creates a new Updater instance and loads trusted root metadata
func New(config *config.UpdaterConfig) (*Updater, error) {
// make sure the trusted root metadata and remote URL were provided
if len(config.LocalTrustedRoot) == 0 || len(config.RemoteMetadataURL) == 0 {
return nil, fmt.Errorf("no initial trusted root metadata or remote URL provided")
}
// create a new trusted metadata instance using the trusted root.json
trustedMetadataSet, err := trustedmetadata.New(config.LocalTrustedRoot)
if err != nil {
return nil, err
}
// create an updater instance
updater := &Updater{
cfg: config,
trusted: trustedMetadataSet, // save trusted metadata set
}
// ensure paths exist, doesn't do anything if caching is disabled
err = updater.cfg.EnsurePathsExist()
if err != nil {
return nil, err
}
// persist the initial root metadata to the local metadata folder
err = updater.persistMetadata(metadata.ROOT, updater.cfg.LocalTrustedRoot)
if err != nil {
return nil, err
}
// all okay, return the updater instance
return updater, nil
}
// Refresh loads and possibly refreshes top-level metadata.
// Downloads, verifies, and loads metadata for the top-level roles in the
// specified order (root -> timestamp -> snapshot -> targets) implementing
// all the checks required in the TUF client workflow.
// A Refresh() can be done only once during the lifetime of an Updater.
// If Refresh() has not been explicitly called before the first
// GetTargetInfo() call, it will be done implicitly at that time.
// The metadata for delegated roles is not updated by Refresh():
// that happens on demand during GetTargetInfo(). However, if the
// repository uses consistent snapshots (ref. https://theupdateframework.github.io/specification/latest/#consistent-snapshots),
// then all metadata downloaded by the Updater will use the same consistent repository state.
//
// If UnsafeLocalMode is set, no network interaction is performed, only
// the cached files on disk are used. If the cached data is not complete,
// this call will fail.
func (update *Updater) Refresh() error {
if update.cfg.UnsafeLocalMode {
return update.unsafeLocalRefresh()
}
return update.onlineRefresh()
}
// onlineRefresh implements the TUF client workflow as described for
// the Refresh function.
func (update *Updater) onlineRefresh() error {
err := update.loadRoot()
if err != nil {
return err
}
err = update.loadTimestamp()
if err != nil {
return err
}
err = update.loadSnapshot()
if err != nil {
return err
}
_, err = update.loadTargets(metadata.TARGETS, metadata.ROOT)
if err != nil {
return err
}
return nil
}
// unsafeLoadRefresh tries to load the persisted metadata already cached
// on disk. Note that this is an usafe function, and does deviate from the
// TUF specification section 5.3 to 5.7 (update phases).
// The metadata on disk are verified against the provided root though,
// and expiration dates are verified.
func (update *Updater) unsafeLocalRefresh() error {
// Root is already loaded
// load timestamp
var p = filepath.Join(update.cfg.LocalMetadataDir, metadata.TIMESTAMP)
data, err := update.loadLocalMetadata(p)
if err != nil {
return err
}
_, err = update.trusted.UpdateTimestamp(data)
if err != nil {
return err
}
// load snapshot
p = filepath.Join(update.cfg.LocalMetadataDir, metadata.SNAPSHOT)
data, err = update.loadLocalMetadata(p)
if err != nil {
return err
}
_, err = update.trusted.UpdateSnapshot(data, false)
if err != nil {
return err
}
// targets
p = filepath.Join(update.cfg.LocalMetadataDir, metadata.TARGETS)
data, err = update.loadLocalMetadata(p)
if err != nil {
return err
}
// verify and load the new target metadata
_, err = update.trusted.UpdateDelegatedTargets(data, metadata.TARGETS, metadata.ROOT)
if err != nil {
return err
}
return nil
}
// GetTargetInfo returns metadata.TargetFiles instance with information
// for targetPath. The return value can be used as an argument to
// DownloadTarget() and FindCachedTarget().
// If Refresh() has not been called before calling
// GetTargetInfo(), the refresh will be done implicitly.
// As a side-effect this method downloads all the additional (delegated
// targets) metadata it needs to return the target information.
func (update *Updater) GetTargetInfo(targetPath string) (*metadata.TargetFiles, error) {
// do a Refresh() in case there's no trusted targets.json yet
if update.trusted.Targets[metadata.TARGETS] == nil {
err := update.Refresh()
if err != nil {
return nil, err
}
}
return update.preOrderDepthFirstWalk(targetPath)
}
// DownloadTarget downloads the target file specified by targetFile
func (update *Updater) DownloadTarget(targetFile *metadata.TargetFiles, filePath, targetBaseURL string) (string, []byte, error) {
log := metadata.GetLogger()
var err error
if filePath == "" {
filePath, err = update.generateTargetFilePath(targetFile)
if err != nil {
return "", nil, err
}
}
if targetBaseURL == "" {
if update.cfg.RemoteTargetsURL == "" {
return "", nil, &metadata.ErrValue{Msg: "targetBaseURL must be set in either DownloadTarget() or the Updater struct"}
}
targetBaseURL = ensureTrailingSlash(update.cfg.RemoteTargetsURL)
} else {
targetBaseURL = ensureTrailingSlash(targetBaseURL)
}
targetFilePath := targetFile.Path
targetRemotePath := targetFilePath
consistentSnapshot := update.trusted.Root.Signed.ConsistentSnapshot
if consistentSnapshot && update.cfg.PrefixTargetsWithHash {
hashes := ""
// get first hex value of hashes
for _, v := range targetFile.Hashes {
hashes = hex.EncodeToString(v)
break
}
baseName := filepath.Base(targetFilePath)
dirName, ok := strings.CutSuffix(targetFilePath, "/"+baseName)
if !ok {
// <hash>.<target-name>
targetRemotePath = fmt.Sprintf("%s.%s", hashes, baseName)
} else {
// <dir-prefix>/<hash>.<target-name>
targetRemotePath = fmt.Sprintf("%s/%s.%s", dirName, hashes, baseName)
}
}
fullURL := fmt.Sprintf("%s%s", targetBaseURL, targetRemotePath)
data, err := update.cfg.Fetcher.DownloadFile(fullURL, targetFile.Length, time.Second*15)
if err != nil {
return "", nil, err
}
err = targetFile.VerifyLengthHashes(data)
if err != nil {
return "", nil, err
}
// do not persist the target file if cache is disabled
if !update.cfg.DisableLocalCache {
err = os.WriteFile(filePath, data, 0644)
if err != nil {
return "", nil, err
}
}
log.Info("Downloaded target", "path", targetFile.Path)
return filePath, data, nil
}
// FindCachedTarget checks whether a local file is an up to date target
func (update *Updater) FindCachedTarget(targetFile *metadata.TargetFiles, filePath string) (string, []byte, error) {
var err error
targetFilePath := ""
// do not look for cached target file if cache is disabled
if update.cfg.DisableLocalCache {
return "", nil, nil
}
// get its path if not provided
if filePath == "" {
targetFilePath, err = update.generateTargetFilePath(targetFile)
if err != nil {
return "", nil, err
}
} else {
targetFilePath = filePath
}
// get file content
data, err := readFile(targetFilePath)
if err != nil {
// do not want to return err, instead we say that there's no cached target available
return "", nil, nil
}
// verify if the length and hashes of this target file match the expected values
err = targetFile.VerifyLengthHashes(data)
if err != nil {
// do not want to return err, instead we say that there's no cached target available
return "", nil, nil
}
// if all okay, return its path
return targetFilePath, data, nil
}
// loadTimestamp load local and remote timestamp metadata
func (update *Updater) loadTimestamp() error {
log := metadata.GetLogger()
// try to read local timestamp
data, err := update.loadLocalMetadata(filepath.Join(update.cfg.LocalMetadataDir, metadata.TIMESTAMP))
if err != nil {
// this means there's no existing local timestamp so we should proceed downloading it without the need to UpdateTimestamp
log.Info("Local timestamp does not exist")
} else {
// local timestamp exists, let's try to verify it and load it to the trusted metadata set
_, err := update.trusted.UpdateTimestamp(data)
if err != nil {
if errors.Is(err, &metadata.ErrRepository{}) {
// local timestamp is not valid, proceed downloading from remote; note that this error type includes several other subset errors
log.Info("Local timestamp is not valid")
} else {
// another error
return err
}
}
log.Info("Local timestamp is valid")
// all okay, local timestamp exists and it is valid, nevertheless proceed with downloading from remote
}
// load from remote (whether local load succeeded or not)
data, err = update.downloadMetadata(metadata.TIMESTAMP, update.cfg.TimestampMaxLength, "")
if err != nil {
return err
}
// try to verify and load the newly downloaded timestamp
_, err = update.trusted.UpdateTimestamp(data)
if err != nil {
if errors.Is(err, &metadata.ErrEqualVersionNumber{}) {
// if the new timestamp version is the same as current, discard the
// new timestamp; this is normal and it shouldn't raise any error
return nil
} else {
// another error
return err
}
}
// proceed with persisting the new timestamp
err = update.persistMetadata(metadata.TIMESTAMP, data)
if err != nil {
return err
}
return nil
}
// loadSnapshot load local (and if needed remote) snapshot metadata
func (update *Updater) loadSnapshot() error {
log := metadata.GetLogger()
// try to read local snapshot
data, err := update.loadLocalMetadata(filepath.Join(update.cfg.LocalMetadataDir, metadata.SNAPSHOT))
if err != nil {
// this means there's no existing local snapshot so we should proceed downloading it without the need to UpdateSnapshot
log.Info("Local snapshot does not exist")
} else {
// successfully read a local snapshot metadata, so let's try to verify and load it to the trusted metadata set
_, err = update.trusted.UpdateSnapshot(data, true)
if err != nil {
// this means snapshot verification/loading failed
if errors.Is(err, &metadata.ErrRepository{}) {
// local snapshot is not valid, proceed downloading from remote; note that this error type includes several other subset errors
log.Info("Local snapshot is not valid")
} else {
// another error
return err
}
} else {
// this means snapshot verification/loading succeeded
log.Info("Local snapshot is valid: not downloading new one")
return nil
}
}
// local snapshot does not exist or is invalid, update from remote
log.Info("Failed to load local snapshot")
if update.trusted.Timestamp == nil {
return fmt.Errorf("trusted timestamp not set")
}
// extract the snapshot meta from the trusted timestamp metadata
snapshotMeta := update.trusted.Timestamp.Signed.Meta[fmt.Sprintf("%s.json", metadata.SNAPSHOT)]
// extract the length of the snapshot metadata to be downloaded
length := snapshotMeta.Length
if length == 0 {
length = update.cfg.SnapshotMaxLength
}
// extract which snapshot version should be downloaded in case of consistent snapshots
version := ""
if update.trusted.Root.Signed.ConsistentSnapshot {
version = strconv.FormatInt(snapshotMeta.Version, 10)
}
// download snapshot metadata
data, err = update.downloadMetadata(metadata.SNAPSHOT, length, version)
if err != nil {
return err
}
// verify and load the new snapshot
_, err = update.trusted.UpdateSnapshot(data, false)
if err != nil {
return err
}
// persist the new snapshot
err = update.persistMetadata(metadata.SNAPSHOT, data)
if err != nil {
return err
}
return nil
}
// loadTargets load local (and if needed remote) metadata for roleName
func (update *Updater) loadTargets(roleName, parentName string) (*metadata.Metadata[metadata.TargetsType], error) {
log := metadata.GetLogger()
// avoid loading "roleName" more than once during "GetTargetInfo"
role, ok := update.trusted.Targets[roleName]
if ok {
return role, nil
}
// try to read local targets
data, err := update.loadLocalMetadata(filepath.Join(update.cfg.LocalMetadataDir, roleName))
if err != nil {
// this means there's no existing local target file so we should proceed downloading it without the need to UpdateDelegatedTargets
log.Info("Local role does not exist", "role", roleName)
} else {
// successfully read a local targets metadata, so let's try to verify and load it to the trusted metadata set
delegatedTargets, err := update.trusted.UpdateDelegatedTargets(data, roleName, parentName)
if err != nil {
// this means targets verification/loading failed
if errors.Is(err, &metadata.ErrRepository{}) {
// local target file is not valid, proceed downloading from remote; note that this error type includes several other subset errors
log.Info("Local role is not valid", "role", roleName)
} else {
// another error
return nil, err
}
} else {
// this means targets verification/loading succeeded
log.Info("Local role is valid: not downloading new one", "role", roleName)
return delegatedTargets, nil
}
}
// local "roleName" does not exist or is invalid, update from remote
log.Info("Failed to load local role", "role", roleName)
if update.trusted.Snapshot == nil {
return nil, fmt.Errorf("trusted snapshot not set")
}
// extract the targets meta from the trusted snapshot metadata
metaInfo := update.trusted.Snapshot.Signed.Meta[fmt.Sprintf("%s.json", roleName)]
// extract the length of the target metadata to be downloaded
length := metaInfo.Length
if length == 0 {
length = update.cfg.TargetsMaxLength
}
// extract which target metadata version should be downloaded in case of consistent snapshots
version := ""
if update.trusted.Root.Signed.ConsistentSnapshot {
version = strconv.FormatInt(metaInfo.Version, 10)
}
// download targets metadata
data, err = update.downloadMetadata(roleName, length, version)
if err != nil {
return nil, err
}
// verify and load the new target metadata
delegatedTargets, err := update.trusted.UpdateDelegatedTargets(data, roleName, parentName)
if err != nil {
return nil, err
}
// persist the new target metadata
err = update.persistMetadata(roleName, data)
if err != nil {
return nil, err
}
return delegatedTargets, nil
}
// loadRoot load remote root metadata. Sequentially load and
// persist on local disk every newer root metadata version
// available on the remote
func (update *Updater) loadRoot() error {
// calculate boundaries
lowerBound := update.trusted.Root.Signed.Version + 1
upperBound := lowerBound + update.cfg.MaxRootRotations
// loop until we find the latest available version of root (download -> verify -> load -> persist)
for nextVersion := lowerBound; nextVersion < upperBound; nextVersion++ {
data, err := update.downloadMetadata(metadata.ROOT, update.cfg.RootMaxLength, strconv.FormatInt(nextVersion, 10))
if err != nil {
// downloading the root metadata failed for some reason
var tmpErr *metadata.ErrDownloadHTTP
if errors.As(err, &tmpErr) {
if tmpErr.StatusCode != http.StatusNotFound && tmpErr.StatusCode != http.StatusForbidden {
// unexpected HTTP status code
return err
}
// 404/403 means current root is newest available, so we can stop the loop and move forward
break
}
// some other error ocurred
return err
} else {
// downloading root metadata succeeded, so let's try to verify and load it
_, err = update.trusted.UpdateRoot(data)
if err != nil {
return err
}
// persist root metadata to disk
err = update.persistMetadata(metadata.ROOT, data)
if err != nil {
return err
}
}
}
return nil
}
// preOrderDepthFirstWalk interrogates the tree of target delegations
// in order of appearance (which implicitly order trustworthiness),
// and returns the matching target found in the most trusted role.
func (update *Updater) preOrderDepthFirstWalk(targetFilePath string) (*metadata.TargetFiles, error) {
log := metadata.GetLogger()
// list of delegations to be interrogated. A (role, parent role) pair
// is needed to load and verify the delegated targets metadata
delegationsToVisit := []roleParentTuple{{
Role: metadata.TARGETS,
Parent: metadata.ROOT,
}}
visitedRoleNames := map[string]bool{}
// pre-order depth-first traversal of the graph of target delegations
for len(visitedRoleNames) <= update.cfg.MaxDelegations && len(delegationsToVisit) > 0 {
// pop the role name from the top of the stack
delegation := delegationsToVisit[len(delegationsToVisit)-1]
delegationsToVisit = delegationsToVisit[:len(delegationsToVisit)-1]
// skip any visited current role to prevent cycles
_, ok := visitedRoleNames[delegation.Role]
if ok {
log.Info("Skipping visited current role", "role", delegation.Role)
continue
}
// the metadata for delegation.Role must be downloaded/updated before
// its targets, delegations, and child roles can be inspected
targets, err := update.loadTargets(delegation.Role, delegation.Parent)
if err != nil {
return nil, err
}
target, ok := targets.Signed.Targets[targetFilePath]
if ok {
log.Info("Found target in current role", "role", delegation.Role)
return target, nil
}
// after pre-order check, add current role to set of visited roles
visitedRoleNames[delegation.Role] = true
if targets.Signed.Delegations != nil {
childRolesToVisit := []roleParentTuple{}
// note that this may be a slow operation if there are many
// delegated roles
roles := targets.Signed.Delegations.GetRolesForTarget(targetFilePath)
for child, terminating := range roles {
log.Info("Adding child role", "role", child)
childRolesToVisit = append(childRolesToVisit, roleParentTuple{Role: child, Parent: delegation.Role})
if terminating {
log.Info("Not backtracking to other roles")
delegationsToVisit = []roleParentTuple{}
break
}
}
// push childRolesToVisit in reverse order of appearance
// onto delegationsToVisit. Roles are popped from the end of
// the list
reverseSlice(childRolesToVisit)
delegationsToVisit = append(delegationsToVisit, childRolesToVisit...)
}
}
if len(delegationsToVisit) > 0 {
log.Info("Too many roles left to visit for max allowed delegations",
"roles-left", len(delegationsToVisit),
"allowed-delegations", update.cfg.MaxDelegations)
}
// if this point is reached then target is not found, return nil
return nil, fmt.Errorf("target %s not found", targetFilePath)
}
func moveFile(source, destination string) (err error) {
// can only safely rename on any OS if source and destination are in the same directory
if filepath.Dir(source) == filepath.Dir(destination) {
return os.Rename(source, destination)
}
inputFile, err := os.Open(source)
if err != nil {
return fmt.Errorf("couldn't open source file: %s", err)
}
defer inputFile.Close()
outputFile, err := os.Create(destination)
if err != nil {
return fmt.Errorf("couldn't open dest file: %s", err)
}
defer outputFile.Close()
c, err := io.Copy(outputFile, inputFile)
if err != nil {
return fmt.Errorf("writing to output file failed: %s", err)
}
if c <= 0 {
return fmt.Errorf("nothing copied to output file")
}
inputFile.Close()
// The copy was successful, so now delete the original file
err = os.Remove(source)
if err != nil {
return fmt.Errorf("failed removing original file: %s", err)
}
return nil
}
// persistMetadata writes metadata to disk atomically to avoid data loss
func (update *Updater) persistMetadata(roleName string, data []byte) error {
log := metadata.GetLogger()
// do not persist the metadata if we have disabled local caching
if update.cfg.DisableLocalCache {
return nil
}
// caching enabled, proceed with persisting the metadata locally
fileName := filepath.Join(update.cfg.LocalMetadataDir, fmt.Sprintf("%s.json", url.QueryEscape(roleName)))
cwd, err := os.Getwd()
if err != nil {
return err
}
// create a temporary file
file, err := os.CreateTemp(cwd, "tuf_tmp")
if err != nil {
return err
}
defer file.Close()
// write the data content to the temporary file
err = os.WriteFile(file.Name(), data, 0644)
if err != nil {
// delete the temporary file if there was an error while writing
errRemove := os.Remove(file.Name())
if errRemove != nil {
log.Info("Failed to delete temporary file", "name", file.Name())
}
return err
}
// can't move/rename an open file on windows, so close it first
file.Close()
// if all okay, rename the temporary file to the desired one
err = moveFile(file.Name(), fileName)
if err != nil {
return err
}
read, err := os.ReadFile(fileName)
if err != nil {
return err
}
if string(read) != string(data) {
return fmt.Errorf("failed to persist metadata")
}
return nil
}
// downloadMetadata download a metadata file and return it as bytes
func (update *Updater) downloadMetadata(roleName string, length int64, version string) ([]byte, error) {
urlPath := ensureTrailingSlash(update.cfg.RemoteMetadataURL)
// build urlPath
if version == "" {
urlPath = fmt.Sprintf("%s%s.json", urlPath, url.QueryEscape(roleName))
} else {
urlPath = fmt.Sprintf("%s%s.%s.json", urlPath, version, url.QueryEscape(roleName))
}
return update.cfg.Fetcher.DownloadFile(urlPath, length, time.Second*15)
}
// generateTargetFilePath generates path from TargetFiles
func (update *Updater) generateTargetFilePath(tf *metadata.TargetFiles) (string, error) {
// LocalTargetsDir can be omitted if caching is disabled
if update.cfg.LocalTargetsDir == "" && !update.cfg.DisableLocalCache {
return "", &metadata.ErrValue{Msg: "LocalTargetsDir must be set if filepath is not given"}
}
// Use URL encoded target path as filename
return filepath.Join(update.cfg.LocalTargetsDir, url.QueryEscape(tf.Path)), nil
}
// loadLocalMetadata reads a local <roleName>.json file and returns its bytes
func (update *Updater) loadLocalMetadata(roleName string) ([]byte, error) {
return readFile(fmt.Sprintf("%s.json", roleName))
}
// GetTopLevelTargets returns the top-level target files
func (update *Updater) GetTopLevelTargets() map[string]*metadata.TargetFiles {
return update.trusted.Targets[metadata.TARGETS].Signed.Targets
}
// GetTrustedMetadataSet returns the trusted metadata set
func (update *Updater) GetTrustedMetadataSet() trustedmetadata.TrustedMetadata {
return *update.trusted
}
func IsWindowsPath(path string) bool {
match, _ := regexp.MatchString(`^[a-zA-Z]:\\`, path)
return match
}
// ensureTrailingSlash ensures url ends with a slash
func ensureTrailingSlash(url string) string {
if IsWindowsPath(url) {
slash := string(filepath.Separator)
if strings.HasSuffix(url, slash) {
return url
}
return url + slash
}
if strings.HasSuffix(url, "/") {
return url
}
return url + "/"
}
// reverseSlice reverses the elements in a generic type of slice
func reverseSlice[S ~[]E, E any](s S) {
for i, j := 0, len(s)-1; i < j; i, j = i+1, j-1 {
s[i], s[j] = s[j], s[i]
}
}
// readFile reads the content of a file and return its bytes
func readFile(name string) ([]byte, error) {
in, err := os.Open(name)
if err != nil {
return nil, err
}
defer in.Close()
data, err := io.ReadAll(in)
if err != nil {
return nil, err
}
return data, nil
}