Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Adds a new raw file metadata storage for clients #347

Merged

Conversation

kommendorkapten
Copy link
Member

This came up during a discussion related to new features for the sigstore TUF client, as there is a desire to make implementations in different languages sharing the target and metadata cache.

Release Notes: Possibility to store metadata files as raw JSON files to allow for interoperability with other TUF implementations.

Types of changes:

  • [ ] Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)

Description of the changes being introduced by the pull request:
This pull request introduces a new implementation of the client's LocalStore interface. This storage stores the metadata files are regular files in a provided directory. This would improve compatibility to share metadata cache between different language implementations.

Please verify and check that the pull request fulfills the following requirements:

  • Tests have been added for the bug fix or new feature
  • Docs have been added for the bug fix or new feature

@kommendorkapten kommendorkapten changed the title Adds a new raw file metadata storage for clients Feat: Adds a new raw file metadata storage for clients Aug 1, 2022
@kommendorkapten kommendorkapten changed the title Feat: Adds a new raw file metadata storage for clients feat: Adds a new raw file metadata storage for clients Aug 1, 2022
@kommendorkapten kommendorkapten marked this pull request as ready for review August 2, 2022 14:27
joshuagl
joshuagl previously approved these changes Aug 3, 2022
Copy link
Member

@joshuagl joshuagl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, this LGTM.

It would be great to get a review from a maintainer who is more fluent in Go than I am.

client/filejsonstore/filejsonstore_test.go Outdated Show resolved Hide resolved
Copy link
Contributor

@asraa asraa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The change looks good to me as a start, but I wonder a few things and would love feedback:

Do we need a lock mechanism, esp for SetMeta()? If there are more than one client accessing the store.

@kommendorkapten
Copy link
Member Author

Yeah, let me add version that's safe for concurrent use!

@kommendorkapten
Copy link
Member Author

kommendorkapten commented Aug 4, 2022

I added a new wrapper, ConcurrentLocalStore which can be used to protect any LocalStore (e.g. the in memory one and the raw JSON one) for concurrent access.
This would let the client decide what use depending on their access pattern.

kommendorkapten and others added 9 commits August 4, 2022 08:21
Signed-off-by: Fredrik Skogman <[email protected]>
Changed package to client to align with leveldb storage.

Signed-off-by: Fredrik Skogman <[email protected]>
Fixed spelling error found during review.

Co-authored-by: Joshua Lock <[email protected]>
Signed-off-by: Fredrik Skogman <[email protected]>
client/concurrentlocalstore.go Outdated Show resolved Hide resolved
client/filejsonstore/filejsonstore.go Outdated Show resolved Hide resolved
client/filejsonstore/filejsonstore.go Outdated Show resolved Hide resolved
util/util.go Outdated Show resolved Hide resolved
client/filejsonstore/filejsonstore.go Outdated Show resolved Hide resolved
client/filejsonstore/filejsonstore_test.go Outdated Show resolved Hide resolved
client/filejsonstore/filejsonstore_test.go Outdated Show resolved Hide resolved
client/filejsonstore/filejsonstore_test.go Outdated Show resolved Hide resolved
client/filejsonstore/filejsonstore_test.go Outdated Show resolved Hide resolved
client/filejsonstore/filejsonstore_test.go Outdated Show resolved Hide resolved
kommendorkapten and others added 5 commits August 9, 2022 17:54
Co-authored-by: Ethan Lowman <[email protected]>
Signed-off-by: Fredrik Skogman <[email protected]>
Co-authored-by: Ethan Lowman <[email protected]>
Signed-off-by: Fredrik Skogman <[email protected]>
Co-authored-by: Ethan Lowman <[email protected]>
Signed-off-by: Fredrik Skogman <[email protected]>
Co-authored-by: Ethan Lowman <[email protected]>
Signed-off-by: Fredrik Skogman <[email protected]>
Moved IsMetaFile to new pkg, internal/fsutil
Permission bits are validated when access the cache.

Signed-off-by: Fredrik Skogman <[email protected]>
@kommendorkapten
Copy link
Member Author

Windows tests are failing, I will look into this tomorrow.

@kommendorkapten
Copy link
Member Author

kommendorkapten commented Aug 11, 2022

The failing tests are due to filesystem permission, which on Windows is very different from UNIX-like operating system.
I found this post on the topic: https://medium.com/@MichalPristas/go-and-file-perms-on-windows-3c944d55dd44
The summary is that in windows you can only create a file with either:

  • 0666 (Read/writeable by all users)
  • 0444 (Readable by all users)

And this seems to be correct according the source code: https://github.com/golang/go/blob/master/src/syscall/syscall_windows.go#L307
The provided permission is only used to determine if a file is intended to be create as read-only.
The same is valid for Mkdir, the permission mode bits are ignored on Windows: https://github.com/golang/go/blob/master/src/syscall/syscall_windows.go#L518
And for reference the Chmod call: https://github.com/golang/go/blob/master/src/syscall/syscall_windows.go#L646 (only the read-only flag is manipulated).

It seems that there are some ACL concept in Windows that we can rely on. But I'm not qualified to speak if the normal permission modes set (all-read or all-write) actually are system-wide or if the effective permission applies to the user only. I found this ACL implementation in go: https://github.com/hectane/go-acl
It haven't had any updates in three years, and I would not be comfortable relying on this, as I lack understanding on Windows filesystem access semantics.

As this feature of verifying the filesystem permission bits, is new for this implementation (LevelDB implementation does not care), nor is there any guidance for implementors of LocalStore to consider this, my suggestion is to skip file permissions for Windows.

Please advise on how to proceed.

Signed-off-by: Fredrik Skogman <[email protected]>
@kommendorkapten
Copy link
Member Author

kommendorkapten commented Aug 23, 2022

@trishankatdatadog Of course! Created this: #360

internal/fsutil/perm.go Outdated Show resolved Hide resolved
internal/fsutil/fsutil.go Outdated Show resolved Hide resolved
internal/fsutil/perm_windows.go Show resolved Hide resolved
internal/fsutil/perm.go Outdated Show resolved Hide resolved
internal/fsutil/perm.go Outdated Show resolved Hide resolved
client/filejsonstore/filejsonstore.go Outdated Show resolved Hide resolved
client/filejsonstore/filejsonstore.go Outdated Show resolved Hide resolved
client/filejsonstore/filejsonstore.go Outdated Show resolved Hide resolved
client/filejsonstore/filejsonstore.go Outdated Show resolved Hide resolved
client/filejsonstore/filejsonstore.go Outdated Show resolved Hide resolved
kommendorkapten and others added 2 commits August 24, 2022 07:40
Co-authored-by: Ethan Lowman <[email protected]>
Signed-off-by: Fredrik Skogman <[email protected]>
Mostly minor things like removing sentinel errors, wrapping errors from std
library.

Signed-off-by: Fredrik Skogman <[email protected]>
@kommendorkapten
Copy link
Member Author

Good feedback @ethan-lowman-dd, all your comments should be addressed now 👍

@ethan-lowman-dd
Copy link
Contributor

@asraa or @joshuagl Could you please provide a followup review when you get the chance?

@trishankatdatadog
Copy link
Member

Good feedback @ethan-lowman-dd, all your comments should be addressed now 👍

Nice work, thanks Ethan

joshuagl
joshuagl previously approved these changes Sep 6, 2022
Copy link
Member

@joshuagl joshuagl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lovely work here @kommendorkapten and @ethan-lowman-dd , thank you!

@trishankatdatadog
Copy link
Member

@kommendorkapten would you please rebase and resolve conflicts? thx!

@kommendorkapten
Copy link
Member Author

Was off on PTO, so didn't see you message @trishankatdatadog until now. PR is updated now.

@trishankatdatadog
Copy link
Member

Was off on PTO, so didn't see you message @trishankatdatadog until now. PR is updated now.

Thanks! Would you pls fix the linting errors?

@kommendorkapten
Copy link
Member Author

Thanks! Would you pls fix the linting errors?

Sorry, was not aware of them, fixed now.

@trishankatdatadog trishankatdatadog merged commit 7097fd8 into theupdateframework:master Sep 13, 2022
@kommendorkapten kommendorkapten deleted the md_raw_json branch September 14, 2022 05:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants