Skip to content

Commit

Permalink
chore!: Remove deprecated client Init() function
Browse files Browse the repository at this point in the history
Has been deprecated for a release or so.

This fixes some tests and removes others; the removals are all
justified:

- TestInitRootExpired: testing of InitLocal checks the behavior on
  expired roots (which is *different*; it allows expired roots)
- TestInitRootTooLarge: covered now in TestUpdate

We also add a "RawMeta" function, used to get at the root json. I could
be persuaded that this should be a "RawRoot" instead.

BREAKING CHANGE: remove client.Init() in favor of InitLocal()

Signed-off-by: Zachary Newman <[email protected]>
  • Loading branch information
znewman01 committed Aug 3, 2022
1 parent 2b415d0 commit 71c57e7
Show file tree
Hide file tree
Showing 3 changed files with 26 additions and 76 deletions.
43 changes: 0 additions & 43 deletions client/client.go
Original file line number Diff line number Diff line change
Expand Up @@ -106,49 +106,6 @@ func NewClient(local LocalStore, remote RemoteStore) *Client {
}
}

// Init initializes a local repository.
//
// The latest root.json is fetched from remote storage, verified using rootKeys
// and threshold, and then saved in local storage. It is expected that rootKeys
// were securely distributed with the software being updated.
//
// Deprecated: Use c.InitLocal and c.Update to initialize a local repository.
func (c *Client) Init(rootKeys []*data.PublicKey, threshold int) error {
if len(rootKeys) < threshold {
return ErrInsufficientKeys
}
rootJSON, err := c.downloadMetaUnsafe("root.json", defaultRootDownloadLimit)
if err != nil {
return err
}

// create a new key database, and add all the public `rootKeys` to it.
c.db = verify.NewDB()
rootKeyIDs := make([]string, 0, len(rootKeys))
for _, key := range rootKeys {
for _, id := range key.IDs() {
rootKeyIDs = append(rootKeyIDs, id)
if err := c.db.AddKey(id, key); err != nil {
return err
}
}
}

// add a mock "root" role that trusts the passed in key ids. These keys
// will be used to verify the `root.json` we just fetched.
role := &data.Role{Threshold: threshold, KeyIDs: rootKeyIDs}
if err := c.db.AddRole("root", role); err != nil {
return err
}

// verify that the new root is valid.
if err := c.decodeRoot(rootJSON); err != nil {
return err
}

return c.local.SetMeta("root.json", rootJSON)
}

// InitLocal initializes a local repository from root metadata.
//
// The root's keys are extracted from the root and saved in local storage.
Expand Down
50 changes: 17 additions & 33 deletions client/client_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -174,17 +174,16 @@ func (s *ClientSuite) addRemoteTarget(c *C, name string) {
s.syncRemote(c)
}

func (s *ClientSuite) rootKeys(c *C) []*data.PublicKey {
rootKeys, err := s.repo.RootKeys()
func (s *ClientSuite) rootMeta(c *C) []byte {
meta, err := s.repo.RawMeta("root.json")
c.Assert(err, IsNil)
c.Assert(rootKeys, HasLen, 1)
return rootKeys
return meta
}

func (s *ClientSuite) newClient(c *C) *Client {
s.local = MemoryLocalStore()
client := NewClient(s.local, s.remote)
c.Assert(client.Init(s.rootKeys(c), 1), IsNil)
c.Assert(client.InitLocal(s.rootMeta(c)), IsNil)
return client
}

Expand Down Expand Up @@ -243,39 +242,21 @@ func (s *ClientSuite) assertErrExpired(c *C, err error, file string) {
c.Assert(expiredErr.Expired.Unix(), Equals, s.expiredTime.Round(time.Second).Unix())
}

func (s *ClientSuite) TestInitRootTooLarge(c *C) {
client := NewClient(MemoryLocalStore(), s.remote)
s.remote.meta["root.json"] = newFakeFile(make([]byte, defaultRootDownloadLimit+1))
c.Assert(client.Init(s.rootKeys(c), 0), Equals, ErrMetaTooLarge{"root.json", defaultRootDownloadLimit + 1, defaultRootDownloadLimit})
}

func (s *ClientSuite) TestInitRootExpired(c *C) {
s.genKeyExpired(c, "targets")
c.Assert(s.repo.Snapshot(), IsNil)
c.Assert(s.repo.Timestamp(), IsNil)
c.Assert(s.repo.Commit(), IsNil)
s.syncRemote(c)
client := NewClient(MemoryLocalStore(), s.remote)
s.withMetaExpired(func() {
s.assertErrExpired(c, client.Init(s.rootKeys(c), 1), "root.json")
})
}

func (s *ClientSuite) TestInit(c *C) {
client := NewClient(MemoryLocalStore(), s.remote)

// check Init() returns keys.ErrInvalidThreshold with an invalid threshold
c.Assert(client.Init(s.rootKeys(c), 0), Equals, verify.ErrInvalidThreshold)

// check Init() returns signed.ErrRoleThreshold when not enough keys
c.Assert(client.Init(s.rootKeys(c), 2), Equals, ErrInsufficientKeys)
// check invalid json
c.Assert(client.InitLocal(make([]byte, 0)), NotNil)
rootJson := `{ "signatures": [], "signed": {"version": "wrongtype"}, "spec_version": "1.0.0", "version": 1}`
err := client.InitLocal([]byte(rootJson))
c.Assert(err.Error(), Matches, "json: cannot unmarshal string.*")

// check Update() returns ErrNoRootKeys when uninitialized
_, err := client.Update()
_, err = client.Update()
c.Assert(err, Equals, ErrNoRootKeys)

// check Update() does not return ErrNoRootKeys after initialization
c.Assert(client.Init(s.rootKeys(c), 1), IsNil)
c.Assert(client.InitLocal(s.rootMeta(c)), IsNil)
_, err = client.Update()
c.Assert(err, IsNil)
}
Expand Down Expand Up @@ -489,6 +470,8 @@ func (s *ClientSuite) TestUpdateRoots(c *C) {
{"testdata/Published2Times_targets_keyrotated", nil, map[string]int64{"root": 2, "timestamp": 2, "snapshot": 2, "targets": 2}},
// timestamp role key rotation increase the timestamp.
{"testdata/Published2Times_timestamp_keyrotated", nil, map[string]int64{"root": 2, "timestamp": 2, "snapshot": 1, "targets": 1}},
//root file size > defaultRootDownloadLimit
{"testdata/Published2Times_roottoolarge", ErrMetaTooLarge{Name: "2.root.json", Size: defaultRootDownloadLimit + 1, MaxSize: defaultRootDownloadLimit}, map[string]int64{}},
}

for _, test := range tests {
Expand Down Expand Up @@ -1053,10 +1036,11 @@ func (s *ClientSuite) TestUpdateHTTP(c *C) {
remote, err := HTTPRemoteStore(fmt.Sprintf("http://%s/%s/repository", addr, dir), nil, nil)
c.Assert(err, IsNil)
client := NewClient(MemoryLocalStore(), remote)
rootKeys, err := repo.RootKeys()
rootMeta, err := repo.SignedMeta("root.json")
c.Assert(err, IsNil)
rootJsonBytes, err := json.Marshal(rootMeta)
c.Assert(err, IsNil)
c.Assert(rootKeys, HasLen, 1)
c.Assert(client.Init(rootKeys, 1), IsNil)
c.Assert(client.InitLocal(rootJsonBytes), IsNil)

// check update is ok
targets, err := client.Update()
Expand Down
9 changes: 9 additions & 0 deletions repo.go
Original file line number Diff line number Diff line change
Expand Up @@ -1591,3 +1591,12 @@ func (r *Repo) CheckRoleUnexpired(role string, validAt time.Time) error {
}
return nil
}

// RawMeta returns the bytes from the repo metadata dictionary, as-is
func (r *Repo) RawMeta(roleFilename string) ([]byte, error) {
meta, ok := r.meta[roleFilename]
if !ok {
return nil, ErrMissingMetadata{roleFilename}
}
return meta, nil
}

0 comments on commit 71c57e7

Please sign in to comment.