diff --git a/docs/METADATA.md b/docs/METADATA.md index 8bd6c17cd3..9f140fe8fe 100644 --- a/docs/METADATA.md +++ b/docs/METADATA.md @@ -64,7 +64,7 @@ of delegated Targets metadata and [example](https://raw.githubusercontent.com/th Signed by: Snapshot role. -The snapshot.json metadata file lists hashes and sizes of all metadata files other than timestamp.json. This file ensures that clients will see a consistent view of the files on the repository. That is, metadata files (and thus target file) that existed on the repository at different times cannot be combined and presented to clients by an attacker. +The snapshot.json metadata file lists the version, and optionally the file hashes and sizes, of the top-level targets metadata and all delegated targets metadata. This file ensures that clients will see a consistent view of the files on the repository. That is, metadata files (and thus target file) that existed on the repository at different times cannot be combined and presented to clients by an attacker. ​See [example](https://raw.githubusercontent.com/theupdateframework/tuf/develop/tests/repository_data/repository/metadata/snapshot.json) of Snapshot metadata. diff --git a/tests/repository_data/client/test_repository1/metadata/current/1.root.json b/tests/repository_data/client/test_repository1/metadata/current/1.root.json index 9cc9d4dc87..214d8db01b 100644 --- a/tests/repository_data/client/test_repository1/metadata/current/1.root.json +++ b/tests/repository_data/client/test_repository1/metadata/current/1.root.json @@ -2,7 +2,7 @@ "signatures": [ { "keyid": "4e777de0d275f9d28588dd9a1606cc748e548f9e22b6795b7cb3f63f98035fcb", - "sig": "5dd6c2691d6c33a082c02b3de398f80b947c75cd22fb9d03790437bd1051860fcb4b3407309cd656b4b2e8ad2858d80282210c8396f7ef18e6216b73ce08dea74c8b7578363784cfef2f0d2785acd901322a2546ffa641f1dc16ff700edcff4a208cc4c7cbddeca6d6f94c4c460e8b17138e6ad4ac8669a3b2fa9d67f5549cca48b74723eb962903adce1c2fd2e09a7046322fa5f2f9ef0de1f0d59a910dac6b19511071606a779bf2bcf62d93adb79dedb18b49c8b83dab49c8556eded2a1b8e2367bafb0b126bad986c992296cacea644d2ec96682ad4c667f0631422cd2e099c660dd21a80bc2dc02ca7e31d43e97f713a2f999e86f1a5e343b5e90d2fd01cf24ab95b21ebff633344c5221f2925a1d46d4c1792f7c4cc8efa2332f88b71eead2c6115da86bc4114343da0e6457fade53286835911f669e988670b4675715caff7ad158c0bcd67f805f153ca187d7e558588d85462297f304e05c1b31afb9f56030b4b3bce12863ed3b75f89dae48b3fd5544580c669527e6a341bd007ccc" + "sig": "a337d6375fedd2eabfcd6c2ef6c8a9c3bb85dc5a857715f6a6bd41123e7670c4972d8548bcd7248154f3d864bf25f1823af59d74c459f41ea09a02db057ca1245612ebbdb97e782c501dc3e094f7fa8aa1402b03c6ed0635f565e2a26f9f543a89237e15a2faf0c267e2b34c3c38f2a43a28ddcdaf8308a12ead8c6dc47d1b762de313e9ddda8cc5bc25aea1b69d0e5b9199ca02f5dda48c3bff615fd12a7136d00634b9abc6e75c3256106c4d6f12e6c43f6195071355b2857bbe377ce028619b58837696b805040ce144b393d50a472531f430fadfb68d3081b6a8b5e49337e328c9a0a3f11e80b0bc8eb2dc6e78d1451dd857e6e6e6363c3fd14c590aa95e083c9bfc77724d78af86eb7a7ef635eeddaa353030c79f66b3ba9ea11fab456cfe896a826fdfb50a43cd444f762821aada9bcd7b022c0ee85b8768f960343d5a1d3d76374cc0ac9e12a500de0bf5d48569e5398cadadadab045931c398e3bcb6cec88af2437ba91959f956079cbed159fed3938016e6c3b5e446131f81cc5981" } ], "signed": { diff --git a/tests/repository_data/client/test_repository1/metadata/current/root.json b/tests/repository_data/client/test_repository1/metadata/current/root.json index 9cc9d4dc87..214d8db01b 100644 --- a/tests/repository_data/client/test_repository1/metadata/current/root.json +++ b/tests/repository_data/client/test_repository1/metadata/current/root.json @@ -2,7 +2,7 @@ "signatures": [ { "keyid": "4e777de0d275f9d28588dd9a1606cc748e548f9e22b6795b7cb3f63f98035fcb", - "sig": "5dd6c2691d6c33a082c02b3de398f80b947c75cd22fb9d03790437bd1051860fcb4b3407309cd656b4b2e8ad2858d80282210c8396f7ef18e6216b73ce08dea74c8b7578363784cfef2f0d2785acd901322a2546ffa641f1dc16ff700edcff4a208cc4c7cbddeca6d6f94c4c460e8b17138e6ad4ac8669a3b2fa9d67f5549cca48b74723eb962903adce1c2fd2e09a7046322fa5f2f9ef0de1f0d59a910dac6b19511071606a779bf2bcf62d93adb79dedb18b49c8b83dab49c8556eded2a1b8e2367bafb0b126bad986c992296cacea644d2ec96682ad4c667f0631422cd2e099c660dd21a80bc2dc02ca7e31d43e97f713a2f999e86f1a5e343b5e90d2fd01cf24ab95b21ebff633344c5221f2925a1d46d4c1792f7c4cc8efa2332f88b71eead2c6115da86bc4114343da0e6457fade53286835911f669e988670b4675715caff7ad158c0bcd67f805f153ca187d7e558588d85462297f304e05c1b31afb9f56030b4b3bce12863ed3b75f89dae48b3fd5544580c669527e6a341bd007ccc" + "sig": "a337d6375fedd2eabfcd6c2ef6c8a9c3bb85dc5a857715f6a6bd41123e7670c4972d8548bcd7248154f3d864bf25f1823af59d74c459f41ea09a02db057ca1245612ebbdb97e782c501dc3e094f7fa8aa1402b03c6ed0635f565e2a26f9f543a89237e15a2faf0c267e2b34c3c38f2a43a28ddcdaf8308a12ead8c6dc47d1b762de313e9ddda8cc5bc25aea1b69d0e5b9199ca02f5dda48c3bff615fd12a7136d00634b9abc6e75c3256106c4d6f12e6c43f6195071355b2857bbe377ce028619b58837696b805040ce144b393d50a472531f430fadfb68d3081b6a8b5e49337e328c9a0a3f11e80b0bc8eb2dc6e78d1451dd857e6e6e6363c3fd14c590aa95e083c9bfc77724d78af86eb7a7ef635eeddaa353030c79f66b3ba9ea11fab456cfe896a826fdfb50a43cd444f762821aada9bcd7b022c0ee85b8768f960343d5a1d3d76374cc0ac9e12a500de0bf5d48569e5398cadadadab045931c398e3bcb6cec88af2437ba91959f956079cbed159fed3938016e6c3b5e446131f81cc5981" } ], "signed": { diff --git a/tests/repository_data/client/test_repository1/metadata/current/snapshot.json b/tests/repository_data/client/test_repository1/metadata/current/snapshot.json index af56f045be..7c8c091a2e 100644 --- a/tests/repository_data/client/test_repository1/metadata/current/snapshot.json +++ b/tests/repository_data/client/test_repository1/metadata/current/snapshot.json @@ -2,7 +2,7 @@ "signatures": [ { "keyid": "59a4df8af818e9ed7abe0764c0b47b4240952aa0d179b5b78346c470ac30278d", - "sig": "661c1ac156ebccc57671855d8394ef49e0ec5405b64104e273e5c2283d3c1150e3df8d856b1d6c96c60fdc9a1aa829f009cb5dfb25b3766af07379a53e05850f" + "sig": "085672c70dffe26610e58542ee552843633cfed973abdad94c56138dbf0cd991644f2d3f27e4dda3098e08ab676e7f52627b587947ae69db1012d59a6da18e0c" } ], "signed": { @@ -15,9 +15,6 @@ "role2.json": { "version": 1 }, - "root.json": { - "version": 1 - }, "targets.json": { "version": 1 } diff --git a/tests/repository_data/client/test_repository1/metadata/current/timestamp.json b/tests/repository_data/client/test_repository1/metadata/current/timestamp.json index 6c8a58d153..9a0daf078b 100644 --- a/tests/repository_data/client/test_repository1/metadata/current/timestamp.json +++ b/tests/repository_data/client/test_repository1/metadata/current/timestamp.json @@ -2,7 +2,7 @@ "signatures": [ { "keyid": "8a1c4a3ac2d515dec982ba9910c5fd79b91ae57f625b9cff25d06bf0a61c1758", - "sig": "135be7694185005de4ad2da1ac89c3f6536abeda1667801a43f9ab6a522bacd997f6f347f0a5f4e6cb7852461aabe5aefa1be7817b1939aadbd0eeb8ec454d0d" + "sig": "de0e16920f87bf5500cc65736488ac17e09788cce808f6a4e85eb9e4e478a312b4c1a2d7723af56f7bfb1df533c67d8c93b6f49d39eabe7fae391a08e1f72f01" } ], "signed": { @@ -11,9 +11,9 @@ "meta": { "snapshot.json": { "hashes": { - "sha256": "1f72d907a95612ecbea8b6f7c7e88c2782a2e0a6e9ac6332e8ec89edb9d83a06" + "sha256": "8f88e2ba48b412c3843e9bb26e1b6f8fc9e98aceb0fbaa97ba37b4c98717d7ab" }, - "length": 556, + "length": 515, "version": 1 } }, diff --git a/tests/repository_data/client/test_repository1/metadata/previous/1.root.json b/tests/repository_data/client/test_repository1/metadata/previous/1.root.json index 9cc9d4dc87..214d8db01b 100644 --- a/tests/repository_data/client/test_repository1/metadata/previous/1.root.json +++ b/tests/repository_data/client/test_repository1/metadata/previous/1.root.json @@ -2,7 +2,7 @@ "signatures": [ { "keyid": "4e777de0d275f9d28588dd9a1606cc748e548f9e22b6795b7cb3f63f98035fcb", - "sig": "5dd6c2691d6c33a082c02b3de398f80b947c75cd22fb9d03790437bd1051860fcb4b3407309cd656b4b2e8ad2858d80282210c8396f7ef18e6216b73ce08dea74c8b7578363784cfef2f0d2785acd901322a2546ffa641f1dc16ff700edcff4a208cc4c7cbddeca6d6f94c4c460e8b17138e6ad4ac8669a3b2fa9d67f5549cca48b74723eb962903adce1c2fd2e09a7046322fa5f2f9ef0de1f0d59a910dac6b19511071606a779bf2bcf62d93adb79dedb18b49c8b83dab49c8556eded2a1b8e2367bafb0b126bad986c992296cacea644d2ec96682ad4c667f0631422cd2e099c660dd21a80bc2dc02ca7e31d43e97f713a2f999e86f1a5e343b5e90d2fd01cf24ab95b21ebff633344c5221f2925a1d46d4c1792f7c4cc8efa2332f88b71eead2c6115da86bc4114343da0e6457fade53286835911f669e988670b4675715caff7ad158c0bcd67f805f153ca187d7e558588d85462297f304e05c1b31afb9f56030b4b3bce12863ed3b75f89dae48b3fd5544580c669527e6a341bd007ccc" + "sig": "a337d6375fedd2eabfcd6c2ef6c8a9c3bb85dc5a857715f6a6bd41123e7670c4972d8548bcd7248154f3d864bf25f1823af59d74c459f41ea09a02db057ca1245612ebbdb97e782c501dc3e094f7fa8aa1402b03c6ed0635f565e2a26f9f543a89237e15a2faf0c267e2b34c3c38f2a43a28ddcdaf8308a12ead8c6dc47d1b762de313e9ddda8cc5bc25aea1b69d0e5b9199ca02f5dda48c3bff615fd12a7136d00634b9abc6e75c3256106c4d6f12e6c43f6195071355b2857bbe377ce028619b58837696b805040ce144b393d50a472531f430fadfb68d3081b6a8b5e49337e328c9a0a3f11e80b0bc8eb2dc6e78d1451dd857e6e6e6363c3fd14c590aa95e083c9bfc77724d78af86eb7a7ef635eeddaa353030c79f66b3ba9ea11fab456cfe896a826fdfb50a43cd444f762821aada9bcd7b022c0ee85b8768f960343d5a1d3d76374cc0ac9e12a500de0bf5d48569e5398cadadadab045931c398e3bcb6cec88af2437ba91959f956079cbed159fed3938016e6c3b5e446131f81cc5981" } ], "signed": { diff --git a/tests/repository_data/client/test_repository1/metadata/previous/root.json b/tests/repository_data/client/test_repository1/metadata/previous/root.json index 9cc9d4dc87..214d8db01b 100644 --- a/tests/repository_data/client/test_repository1/metadata/previous/root.json +++ b/tests/repository_data/client/test_repository1/metadata/previous/root.json @@ -2,7 +2,7 @@ "signatures": [ { "keyid": "4e777de0d275f9d28588dd9a1606cc748e548f9e22b6795b7cb3f63f98035fcb", - "sig": "5dd6c2691d6c33a082c02b3de398f80b947c75cd22fb9d03790437bd1051860fcb4b3407309cd656b4b2e8ad2858d80282210c8396f7ef18e6216b73ce08dea74c8b7578363784cfef2f0d2785acd901322a2546ffa641f1dc16ff700edcff4a208cc4c7cbddeca6d6f94c4c460e8b17138e6ad4ac8669a3b2fa9d67f5549cca48b74723eb962903adce1c2fd2e09a7046322fa5f2f9ef0de1f0d59a910dac6b19511071606a779bf2bcf62d93adb79dedb18b49c8b83dab49c8556eded2a1b8e2367bafb0b126bad986c992296cacea644d2ec96682ad4c667f0631422cd2e099c660dd21a80bc2dc02ca7e31d43e97f713a2f999e86f1a5e343b5e90d2fd01cf24ab95b21ebff633344c5221f2925a1d46d4c1792f7c4cc8efa2332f88b71eead2c6115da86bc4114343da0e6457fade53286835911f669e988670b4675715caff7ad158c0bcd67f805f153ca187d7e558588d85462297f304e05c1b31afb9f56030b4b3bce12863ed3b75f89dae48b3fd5544580c669527e6a341bd007ccc" + "sig": "a337d6375fedd2eabfcd6c2ef6c8a9c3bb85dc5a857715f6a6bd41123e7670c4972d8548bcd7248154f3d864bf25f1823af59d74c459f41ea09a02db057ca1245612ebbdb97e782c501dc3e094f7fa8aa1402b03c6ed0635f565e2a26f9f543a89237e15a2faf0c267e2b34c3c38f2a43a28ddcdaf8308a12ead8c6dc47d1b762de313e9ddda8cc5bc25aea1b69d0e5b9199ca02f5dda48c3bff615fd12a7136d00634b9abc6e75c3256106c4d6f12e6c43f6195071355b2857bbe377ce028619b58837696b805040ce144b393d50a472531f430fadfb68d3081b6a8b5e49337e328c9a0a3f11e80b0bc8eb2dc6e78d1451dd857e6e6e6363c3fd14c590aa95e083c9bfc77724d78af86eb7a7ef635eeddaa353030c79f66b3ba9ea11fab456cfe896a826fdfb50a43cd444f762821aada9bcd7b022c0ee85b8768f960343d5a1d3d76374cc0ac9e12a500de0bf5d48569e5398cadadadab045931c398e3bcb6cec88af2437ba91959f956079cbed159fed3938016e6c3b5e446131f81cc5981" } ], "signed": { diff --git a/tests/repository_data/client/test_repository1/metadata/previous/snapshot.json b/tests/repository_data/client/test_repository1/metadata/previous/snapshot.json index af56f045be..7c8c091a2e 100644 --- a/tests/repository_data/client/test_repository1/metadata/previous/snapshot.json +++ b/tests/repository_data/client/test_repository1/metadata/previous/snapshot.json @@ -2,7 +2,7 @@ "signatures": [ { "keyid": "59a4df8af818e9ed7abe0764c0b47b4240952aa0d179b5b78346c470ac30278d", - "sig": "661c1ac156ebccc57671855d8394ef49e0ec5405b64104e273e5c2283d3c1150e3df8d856b1d6c96c60fdc9a1aa829f009cb5dfb25b3766af07379a53e05850f" + "sig": "085672c70dffe26610e58542ee552843633cfed973abdad94c56138dbf0cd991644f2d3f27e4dda3098e08ab676e7f52627b587947ae69db1012d59a6da18e0c" } ], "signed": { @@ -15,9 +15,6 @@ "role2.json": { "version": 1 }, - "root.json": { - "version": 1 - }, "targets.json": { "version": 1 } diff --git a/tests/repository_data/client/test_repository1/metadata/previous/timestamp.json b/tests/repository_data/client/test_repository1/metadata/previous/timestamp.json index 6c8a58d153..9a0daf078b 100644 --- a/tests/repository_data/client/test_repository1/metadata/previous/timestamp.json +++ b/tests/repository_data/client/test_repository1/metadata/previous/timestamp.json @@ -2,7 +2,7 @@ "signatures": [ { "keyid": "8a1c4a3ac2d515dec982ba9910c5fd79b91ae57f625b9cff25d06bf0a61c1758", - "sig": "135be7694185005de4ad2da1ac89c3f6536abeda1667801a43f9ab6a522bacd997f6f347f0a5f4e6cb7852461aabe5aefa1be7817b1939aadbd0eeb8ec454d0d" + "sig": "de0e16920f87bf5500cc65736488ac17e09788cce808f6a4e85eb9e4e478a312b4c1a2d7723af56f7bfb1df533c67d8c93b6f49d39eabe7fae391a08e1f72f01" } ], "signed": { @@ -11,9 +11,9 @@ "meta": { "snapshot.json": { "hashes": { - "sha256": "1f72d907a95612ecbea8b6f7c7e88c2782a2e0a6e9ac6332e8ec89edb9d83a06" + "sha256": "8f88e2ba48b412c3843e9bb26e1b6f8fc9e98aceb0fbaa97ba37b4c98717d7ab" }, - "length": 556, + "length": 515, "version": 1 } }, diff --git a/tests/repository_data/client/test_repository2/metadata/current/1.root.json b/tests/repository_data/client/test_repository2/metadata/current/1.root.json index 9cc9d4dc87..214d8db01b 100644 --- a/tests/repository_data/client/test_repository2/metadata/current/1.root.json +++ b/tests/repository_data/client/test_repository2/metadata/current/1.root.json @@ -2,7 +2,7 @@ "signatures": [ { "keyid": "4e777de0d275f9d28588dd9a1606cc748e548f9e22b6795b7cb3f63f98035fcb", - "sig": "5dd6c2691d6c33a082c02b3de398f80b947c75cd22fb9d03790437bd1051860fcb4b3407309cd656b4b2e8ad2858d80282210c8396f7ef18e6216b73ce08dea74c8b7578363784cfef2f0d2785acd901322a2546ffa641f1dc16ff700edcff4a208cc4c7cbddeca6d6f94c4c460e8b17138e6ad4ac8669a3b2fa9d67f5549cca48b74723eb962903adce1c2fd2e09a7046322fa5f2f9ef0de1f0d59a910dac6b19511071606a779bf2bcf62d93adb79dedb18b49c8b83dab49c8556eded2a1b8e2367bafb0b126bad986c992296cacea644d2ec96682ad4c667f0631422cd2e099c660dd21a80bc2dc02ca7e31d43e97f713a2f999e86f1a5e343b5e90d2fd01cf24ab95b21ebff633344c5221f2925a1d46d4c1792f7c4cc8efa2332f88b71eead2c6115da86bc4114343da0e6457fade53286835911f669e988670b4675715caff7ad158c0bcd67f805f153ca187d7e558588d85462297f304e05c1b31afb9f56030b4b3bce12863ed3b75f89dae48b3fd5544580c669527e6a341bd007ccc" + "sig": "a337d6375fedd2eabfcd6c2ef6c8a9c3bb85dc5a857715f6a6bd41123e7670c4972d8548bcd7248154f3d864bf25f1823af59d74c459f41ea09a02db057ca1245612ebbdb97e782c501dc3e094f7fa8aa1402b03c6ed0635f565e2a26f9f543a89237e15a2faf0c267e2b34c3c38f2a43a28ddcdaf8308a12ead8c6dc47d1b762de313e9ddda8cc5bc25aea1b69d0e5b9199ca02f5dda48c3bff615fd12a7136d00634b9abc6e75c3256106c4d6f12e6c43f6195071355b2857bbe377ce028619b58837696b805040ce144b393d50a472531f430fadfb68d3081b6a8b5e49337e328c9a0a3f11e80b0bc8eb2dc6e78d1451dd857e6e6e6363c3fd14c590aa95e083c9bfc77724d78af86eb7a7ef635eeddaa353030c79f66b3ba9ea11fab456cfe896a826fdfb50a43cd444f762821aada9bcd7b022c0ee85b8768f960343d5a1d3d76374cc0ac9e12a500de0bf5d48569e5398cadadadab045931c398e3bcb6cec88af2437ba91959f956079cbed159fed3938016e6c3b5e446131f81cc5981" } ], "signed": { diff --git a/tests/repository_data/client/test_repository2/metadata/current/root.json b/tests/repository_data/client/test_repository2/metadata/current/root.json index 9cc9d4dc87..214d8db01b 100644 --- a/tests/repository_data/client/test_repository2/metadata/current/root.json +++ b/tests/repository_data/client/test_repository2/metadata/current/root.json @@ -2,7 +2,7 @@ "signatures": [ { "keyid": "4e777de0d275f9d28588dd9a1606cc748e548f9e22b6795b7cb3f63f98035fcb", - "sig": "5dd6c2691d6c33a082c02b3de398f80b947c75cd22fb9d03790437bd1051860fcb4b3407309cd656b4b2e8ad2858d80282210c8396f7ef18e6216b73ce08dea74c8b7578363784cfef2f0d2785acd901322a2546ffa641f1dc16ff700edcff4a208cc4c7cbddeca6d6f94c4c460e8b17138e6ad4ac8669a3b2fa9d67f5549cca48b74723eb962903adce1c2fd2e09a7046322fa5f2f9ef0de1f0d59a910dac6b19511071606a779bf2bcf62d93adb79dedb18b49c8b83dab49c8556eded2a1b8e2367bafb0b126bad986c992296cacea644d2ec96682ad4c667f0631422cd2e099c660dd21a80bc2dc02ca7e31d43e97f713a2f999e86f1a5e343b5e90d2fd01cf24ab95b21ebff633344c5221f2925a1d46d4c1792f7c4cc8efa2332f88b71eead2c6115da86bc4114343da0e6457fade53286835911f669e988670b4675715caff7ad158c0bcd67f805f153ca187d7e558588d85462297f304e05c1b31afb9f56030b4b3bce12863ed3b75f89dae48b3fd5544580c669527e6a341bd007ccc" + "sig": "a337d6375fedd2eabfcd6c2ef6c8a9c3bb85dc5a857715f6a6bd41123e7670c4972d8548bcd7248154f3d864bf25f1823af59d74c459f41ea09a02db057ca1245612ebbdb97e782c501dc3e094f7fa8aa1402b03c6ed0635f565e2a26f9f543a89237e15a2faf0c267e2b34c3c38f2a43a28ddcdaf8308a12ead8c6dc47d1b762de313e9ddda8cc5bc25aea1b69d0e5b9199ca02f5dda48c3bff615fd12a7136d00634b9abc6e75c3256106c4d6f12e6c43f6195071355b2857bbe377ce028619b58837696b805040ce144b393d50a472531f430fadfb68d3081b6a8b5e49337e328c9a0a3f11e80b0bc8eb2dc6e78d1451dd857e6e6e6363c3fd14c590aa95e083c9bfc77724d78af86eb7a7ef635eeddaa353030c79f66b3ba9ea11fab456cfe896a826fdfb50a43cd444f762821aada9bcd7b022c0ee85b8768f960343d5a1d3d76374cc0ac9e12a500de0bf5d48569e5398cadadadab045931c398e3bcb6cec88af2437ba91959f956079cbed159fed3938016e6c3b5e446131f81cc5981" } ], "signed": { diff --git a/tests/repository_data/client/test_repository2/metadata/current/snapshot.json b/tests/repository_data/client/test_repository2/metadata/current/snapshot.json index af56f045be..7c8c091a2e 100644 --- a/tests/repository_data/client/test_repository2/metadata/current/snapshot.json +++ b/tests/repository_data/client/test_repository2/metadata/current/snapshot.json @@ -2,7 +2,7 @@ "signatures": [ { "keyid": "59a4df8af818e9ed7abe0764c0b47b4240952aa0d179b5b78346c470ac30278d", - "sig": "661c1ac156ebccc57671855d8394ef49e0ec5405b64104e273e5c2283d3c1150e3df8d856b1d6c96c60fdc9a1aa829f009cb5dfb25b3766af07379a53e05850f" + "sig": "085672c70dffe26610e58542ee552843633cfed973abdad94c56138dbf0cd991644f2d3f27e4dda3098e08ab676e7f52627b587947ae69db1012d59a6da18e0c" } ], "signed": { @@ -15,9 +15,6 @@ "role2.json": { "version": 1 }, - "root.json": { - "version": 1 - }, "targets.json": { "version": 1 } diff --git a/tests/repository_data/client/test_repository2/metadata/current/timestamp.json b/tests/repository_data/client/test_repository2/metadata/current/timestamp.json index 6c8a58d153..9a0daf078b 100644 --- a/tests/repository_data/client/test_repository2/metadata/current/timestamp.json +++ b/tests/repository_data/client/test_repository2/metadata/current/timestamp.json @@ -2,7 +2,7 @@ "signatures": [ { "keyid": "8a1c4a3ac2d515dec982ba9910c5fd79b91ae57f625b9cff25d06bf0a61c1758", - "sig": "135be7694185005de4ad2da1ac89c3f6536abeda1667801a43f9ab6a522bacd997f6f347f0a5f4e6cb7852461aabe5aefa1be7817b1939aadbd0eeb8ec454d0d" + "sig": "de0e16920f87bf5500cc65736488ac17e09788cce808f6a4e85eb9e4e478a312b4c1a2d7723af56f7bfb1df533c67d8c93b6f49d39eabe7fae391a08e1f72f01" } ], "signed": { @@ -11,9 +11,9 @@ "meta": { "snapshot.json": { "hashes": { - "sha256": "1f72d907a95612ecbea8b6f7c7e88c2782a2e0a6e9ac6332e8ec89edb9d83a06" + "sha256": "8f88e2ba48b412c3843e9bb26e1b6f8fc9e98aceb0fbaa97ba37b4c98717d7ab" }, - "length": 556, + "length": 515, "version": 1 } }, diff --git a/tests/repository_data/client/test_repository2/metadata/previous/1.root.json b/tests/repository_data/client/test_repository2/metadata/previous/1.root.json index 9cc9d4dc87..214d8db01b 100644 --- a/tests/repository_data/client/test_repository2/metadata/previous/1.root.json +++ b/tests/repository_data/client/test_repository2/metadata/previous/1.root.json @@ -2,7 +2,7 @@ "signatures": [ { "keyid": "4e777de0d275f9d28588dd9a1606cc748e548f9e22b6795b7cb3f63f98035fcb", - "sig": "5dd6c2691d6c33a082c02b3de398f80b947c75cd22fb9d03790437bd1051860fcb4b3407309cd656b4b2e8ad2858d80282210c8396f7ef18e6216b73ce08dea74c8b7578363784cfef2f0d2785acd901322a2546ffa641f1dc16ff700edcff4a208cc4c7cbddeca6d6f94c4c460e8b17138e6ad4ac8669a3b2fa9d67f5549cca48b74723eb962903adce1c2fd2e09a7046322fa5f2f9ef0de1f0d59a910dac6b19511071606a779bf2bcf62d93adb79dedb18b49c8b83dab49c8556eded2a1b8e2367bafb0b126bad986c992296cacea644d2ec96682ad4c667f0631422cd2e099c660dd21a80bc2dc02ca7e31d43e97f713a2f999e86f1a5e343b5e90d2fd01cf24ab95b21ebff633344c5221f2925a1d46d4c1792f7c4cc8efa2332f88b71eead2c6115da86bc4114343da0e6457fade53286835911f669e988670b4675715caff7ad158c0bcd67f805f153ca187d7e558588d85462297f304e05c1b31afb9f56030b4b3bce12863ed3b75f89dae48b3fd5544580c669527e6a341bd007ccc" + "sig": "a337d6375fedd2eabfcd6c2ef6c8a9c3bb85dc5a857715f6a6bd41123e7670c4972d8548bcd7248154f3d864bf25f1823af59d74c459f41ea09a02db057ca1245612ebbdb97e782c501dc3e094f7fa8aa1402b03c6ed0635f565e2a26f9f543a89237e15a2faf0c267e2b34c3c38f2a43a28ddcdaf8308a12ead8c6dc47d1b762de313e9ddda8cc5bc25aea1b69d0e5b9199ca02f5dda48c3bff615fd12a7136d00634b9abc6e75c3256106c4d6f12e6c43f6195071355b2857bbe377ce028619b58837696b805040ce144b393d50a472531f430fadfb68d3081b6a8b5e49337e328c9a0a3f11e80b0bc8eb2dc6e78d1451dd857e6e6e6363c3fd14c590aa95e083c9bfc77724d78af86eb7a7ef635eeddaa353030c79f66b3ba9ea11fab456cfe896a826fdfb50a43cd444f762821aada9bcd7b022c0ee85b8768f960343d5a1d3d76374cc0ac9e12a500de0bf5d48569e5398cadadadab045931c398e3bcb6cec88af2437ba91959f956079cbed159fed3938016e6c3b5e446131f81cc5981" } ], "signed": { diff --git a/tests/repository_data/client/test_repository2/metadata/previous/root.json b/tests/repository_data/client/test_repository2/metadata/previous/root.json index 9cc9d4dc87..214d8db01b 100644 --- a/tests/repository_data/client/test_repository2/metadata/previous/root.json +++ b/tests/repository_data/client/test_repository2/metadata/previous/root.json @@ -2,7 +2,7 @@ "signatures": [ { "keyid": "4e777de0d275f9d28588dd9a1606cc748e548f9e22b6795b7cb3f63f98035fcb", - "sig": "5dd6c2691d6c33a082c02b3de398f80b947c75cd22fb9d03790437bd1051860fcb4b3407309cd656b4b2e8ad2858d80282210c8396f7ef18e6216b73ce08dea74c8b7578363784cfef2f0d2785acd901322a2546ffa641f1dc16ff700edcff4a208cc4c7cbddeca6d6f94c4c460e8b17138e6ad4ac8669a3b2fa9d67f5549cca48b74723eb962903adce1c2fd2e09a7046322fa5f2f9ef0de1f0d59a910dac6b19511071606a779bf2bcf62d93adb79dedb18b49c8b83dab49c8556eded2a1b8e2367bafb0b126bad986c992296cacea644d2ec96682ad4c667f0631422cd2e099c660dd21a80bc2dc02ca7e31d43e97f713a2f999e86f1a5e343b5e90d2fd01cf24ab95b21ebff633344c5221f2925a1d46d4c1792f7c4cc8efa2332f88b71eead2c6115da86bc4114343da0e6457fade53286835911f669e988670b4675715caff7ad158c0bcd67f805f153ca187d7e558588d85462297f304e05c1b31afb9f56030b4b3bce12863ed3b75f89dae48b3fd5544580c669527e6a341bd007ccc" + "sig": "a337d6375fedd2eabfcd6c2ef6c8a9c3bb85dc5a857715f6a6bd41123e7670c4972d8548bcd7248154f3d864bf25f1823af59d74c459f41ea09a02db057ca1245612ebbdb97e782c501dc3e094f7fa8aa1402b03c6ed0635f565e2a26f9f543a89237e15a2faf0c267e2b34c3c38f2a43a28ddcdaf8308a12ead8c6dc47d1b762de313e9ddda8cc5bc25aea1b69d0e5b9199ca02f5dda48c3bff615fd12a7136d00634b9abc6e75c3256106c4d6f12e6c43f6195071355b2857bbe377ce028619b58837696b805040ce144b393d50a472531f430fadfb68d3081b6a8b5e49337e328c9a0a3f11e80b0bc8eb2dc6e78d1451dd857e6e6e6363c3fd14c590aa95e083c9bfc77724d78af86eb7a7ef635eeddaa353030c79f66b3ba9ea11fab456cfe896a826fdfb50a43cd444f762821aada9bcd7b022c0ee85b8768f960343d5a1d3d76374cc0ac9e12a500de0bf5d48569e5398cadadadab045931c398e3bcb6cec88af2437ba91959f956079cbed159fed3938016e6c3b5e446131f81cc5981" } ], "signed": { diff --git a/tests/repository_data/client/test_repository2/metadata/previous/snapshot.json b/tests/repository_data/client/test_repository2/metadata/previous/snapshot.json index af56f045be..7c8c091a2e 100644 --- a/tests/repository_data/client/test_repository2/metadata/previous/snapshot.json +++ b/tests/repository_data/client/test_repository2/metadata/previous/snapshot.json @@ -2,7 +2,7 @@ "signatures": [ { "keyid": "59a4df8af818e9ed7abe0764c0b47b4240952aa0d179b5b78346c470ac30278d", - "sig": "661c1ac156ebccc57671855d8394ef49e0ec5405b64104e273e5c2283d3c1150e3df8d856b1d6c96c60fdc9a1aa829f009cb5dfb25b3766af07379a53e05850f" + "sig": "085672c70dffe26610e58542ee552843633cfed973abdad94c56138dbf0cd991644f2d3f27e4dda3098e08ab676e7f52627b587947ae69db1012d59a6da18e0c" } ], "signed": { @@ -15,9 +15,6 @@ "role2.json": { "version": 1 }, - "root.json": { - "version": 1 - }, "targets.json": { "version": 1 } diff --git a/tests/repository_data/client/test_repository2/metadata/previous/timestamp.json b/tests/repository_data/client/test_repository2/metadata/previous/timestamp.json index 6c8a58d153..9a0daf078b 100644 --- a/tests/repository_data/client/test_repository2/metadata/previous/timestamp.json +++ b/tests/repository_data/client/test_repository2/metadata/previous/timestamp.json @@ -2,7 +2,7 @@ "signatures": [ { "keyid": "8a1c4a3ac2d515dec982ba9910c5fd79b91ae57f625b9cff25d06bf0a61c1758", - "sig": "135be7694185005de4ad2da1ac89c3f6536abeda1667801a43f9ab6a522bacd997f6f347f0a5f4e6cb7852461aabe5aefa1be7817b1939aadbd0eeb8ec454d0d" + "sig": "de0e16920f87bf5500cc65736488ac17e09788cce808f6a4e85eb9e4e478a312b4c1a2d7723af56f7bfb1df533c67d8c93b6f49d39eabe7fae391a08e1f72f01" } ], "signed": { @@ -11,9 +11,9 @@ "meta": { "snapshot.json": { "hashes": { - "sha256": "1f72d907a95612ecbea8b6f7c7e88c2782a2e0a6e9ac6332e8ec89edb9d83a06" + "sha256": "8f88e2ba48b412c3843e9bb26e1b6f8fc9e98aceb0fbaa97ba37b4c98717d7ab" }, - "length": 556, + "length": 515, "version": 1 } }, diff --git a/tests/repository_data/generate.py b/tests/repository_data/generate.py index de0f0d70de..fc253c2c78 100755 --- a/tests/repository_data/generate.py +++ b/tests/repository_data/generate.py @@ -20,7 +20,7 @@ Provide a set of pre-generated key files and a basic repository that unit tests can use in their test cases. The pre-generated files created by this script should be copied by the unit tests as needed. The original versions - should be preserved. 'tuf/tests/unit/repository_files/' will store the files + should be preserved. 'tuf/tests/repository_data/' will store the files generated. 'generate.py' should not require re-execution if the pre-generated repository files have already been created, unless they need to change in some way. @@ -107,6 +107,11 @@ if not options.dry_run: with open(target1_filepath, 'wt') as file_object: file_object.write('This is an example target file.') + # As we will add this file's permissions to the custom_attribute in the + # target's metadata we need to ensure that the file has the same + # permissions when created by this script regardless of umask value on + # the host system generating the data + os.chmod(target1_filepath, 0o644) with open(target2_filepath, 'wt') as file_object: file_object.write('This is an another example target file.') @@ -119,12 +124,12 @@ # about the target (i.e., file permissions in octal format.) octal_file_permissions = oct(os.stat(target1_filepath).st_mode)[4:] file_permissions = {'file_permissions': octal_file_permissions} -repository.targets.add_target(target1_filepath, file_permissions) -repository.targets.add_target(target2_filepath) +repository.targets.add_target(os.path.basename(target1_filepath), file_permissions) +repository.targets.add_target(os.path.basename(target2_filepath)) repository.targets.delegate('role1', [delegation_public], [os.path.basename(target3_filepath)]) -repository.targets('role1').add_target(target3_filepath) +repository.targets('role1').add_target(os.path.basename(target3_filepath)) repository.targets('role1').load_signing_key(delegation_private) repository.targets('role1').delegate('role2', [delegation_public], []) diff --git a/tests/repository_data/repository/metadata.staged/1.root.json b/tests/repository_data/repository/metadata.staged/1.root.json index 9cc9d4dc87..214d8db01b 100644 --- a/tests/repository_data/repository/metadata.staged/1.root.json +++ b/tests/repository_data/repository/metadata.staged/1.root.json @@ -2,7 +2,7 @@ "signatures": [ { "keyid": "4e777de0d275f9d28588dd9a1606cc748e548f9e22b6795b7cb3f63f98035fcb", - "sig": "5dd6c2691d6c33a082c02b3de398f80b947c75cd22fb9d03790437bd1051860fcb4b3407309cd656b4b2e8ad2858d80282210c8396f7ef18e6216b73ce08dea74c8b7578363784cfef2f0d2785acd901322a2546ffa641f1dc16ff700edcff4a208cc4c7cbddeca6d6f94c4c460e8b17138e6ad4ac8669a3b2fa9d67f5549cca48b74723eb962903adce1c2fd2e09a7046322fa5f2f9ef0de1f0d59a910dac6b19511071606a779bf2bcf62d93adb79dedb18b49c8b83dab49c8556eded2a1b8e2367bafb0b126bad986c992296cacea644d2ec96682ad4c667f0631422cd2e099c660dd21a80bc2dc02ca7e31d43e97f713a2f999e86f1a5e343b5e90d2fd01cf24ab95b21ebff633344c5221f2925a1d46d4c1792f7c4cc8efa2332f88b71eead2c6115da86bc4114343da0e6457fade53286835911f669e988670b4675715caff7ad158c0bcd67f805f153ca187d7e558588d85462297f304e05c1b31afb9f56030b4b3bce12863ed3b75f89dae48b3fd5544580c669527e6a341bd007ccc" + "sig": "a337d6375fedd2eabfcd6c2ef6c8a9c3bb85dc5a857715f6a6bd41123e7670c4972d8548bcd7248154f3d864bf25f1823af59d74c459f41ea09a02db057ca1245612ebbdb97e782c501dc3e094f7fa8aa1402b03c6ed0635f565e2a26f9f543a89237e15a2faf0c267e2b34c3c38f2a43a28ddcdaf8308a12ead8c6dc47d1b762de313e9ddda8cc5bc25aea1b69d0e5b9199ca02f5dda48c3bff615fd12a7136d00634b9abc6e75c3256106c4d6f12e6c43f6195071355b2857bbe377ce028619b58837696b805040ce144b393d50a472531f430fadfb68d3081b6a8b5e49337e328c9a0a3f11e80b0bc8eb2dc6e78d1451dd857e6e6e6363c3fd14c590aa95e083c9bfc77724d78af86eb7a7ef635eeddaa353030c79f66b3ba9ea11fab456cfe896a826fdfb50a43cd444f762821aada9bcd7b022c0ee85b8768f960343d5a1d3d76374cc0ac9e12a500de0bf5d48569e5398cadadadab045931c398e3bcb6cec88af2437ba91959f956079cbed159fed3938016e6c3b5e446131f81cc5981" } ], "signed": { diff --git a/tests/repository_data/repository/metadata.staged/root.json b/tests/repository_data/repository/metadata.staged/root.json index 9cc9d4dc87..214d8db01b 100644 --- a/tests/repository_data/repository/metadata.staged/root.json +++ b/tests/repository_data/repository/metadata.staged/root.json @@ -2,7 +2,7 @@ "signatures": [ { "keyid": "4e777de0d275f9d28588dd9a1606cc748e548f9e22b6795b7cb3f63f98035fcb", - "sig": "5dd6c2691d6c33a082c02b3de398f80b947c75cd22fb9d03790437bd1051860fcb4b3407309cd656b4b2e8ad2858d80282210c8396f7ef18e6216b73ce08dea74c8b7578363784cfef2f0d2785acd901322a2546ffa641f1dc16ff700edcff4a208cc4c7cbddeca6d6f94c4c460e8b17138e6ad4ac8669a3b2fa9d67f5549cca48b74723eb962903adce1c2fd2e09a7046322fa5f2f9ef0de1f0d59a910dac6b19511071606a779bf2bcf62d93adb79dedb18b49c8b83dab49c8556eded2a1b8e2367bafb0b126bad986c992296cacea644d2ec96682ad4c667f0631422cd2e099c660dd21a80bc2dc02ca7e31d43e97f713a2f999e86f1a5e343b5e90d2fd01cf24ab95b21ebff633344c5221f2925a1d46d4c1792f7c4cc8efa2332f88b71eead2c6115da86bc4114343da0e6457fade53286835911f669e988670b4675715caff7ad158c0bcd67f805f153ca187d7e558588d85462297f304e05c1b31afb9f56030b4b3bce12863ed3b75f89dae48b3fd5544580c669527e6a341bd007ccc" + "sig": "a337d6375fedd2eabfcd6c2ef6c8a9c3bb85dc5a857715f6a6bd41123e7670c4972d8548bcd7248154f3d864bf25f1823af59d74c459f41ea09a02db057ca1245612ebbdb97e782c501dc3e094f7fa8aa1402b03c6ed0635f565e2a26f9f543a89237e15a2faf0c267e2b34c3c38f2a43a28ddcdaf8308a12ead8c6dc47d1b762de313e9ddda8cc5bc25aea1b69d0e5b9199ca02f5dda48c3bff615fd12a7136d00634b9abc6e75c3256106c4d6f12e6c43f6195071355b2857bbe377ce028619b58837696b805040ce144b393d50a472531f430fadfb68d3081b6a8b5e49337e328c9a0a3f11e80b0bc8eb2dc6e78d1451dd857e6e6e6363c3fd14c590aa95e083c9bfc77724d78af86eb7a7ef635eeddaa353030c79f66b3ba9ea11fab456cfe896a826fdfb50a43cd444f762821aada9bcd7b022c0ee85b8768f960343d5a1d3d76374cc0ac9e12a500de0bf5d48569e5398cadadadab045931c398e3bcb6cec88af2437ba91959f956079cbed159fed3938016e6c3b5e446131f81cc5981" } ], "signed": { diff --git a/tests/repository_data/repository/metadata.staged/snapshot.json b/tests/repository_data/repository/metadata.staged/snapshot.json index af56f045be..7c8c091a2e 100644 --- a/tests/repository_data/repository/metadata.staged/snapshot.json +++ b/tests/repository_data/repository/metadata.staged/snapshot.json @@ -2,7 +2,7 @@ "signatures": [ { "keyid": "59a4df8af818e9ed7abe0764c0b47b4240952aa0d179b5b78346c470ac30278d", - "sig": "661c1ac156ebccc57671855d8394ef49e0ec5405b64104e273e5c2283d3c1150e3df8d856b1d6c96c60fdc9a1aa829f009cb5dfb25b3766af07379a53e05850f" + "sig": "085672c70dffe26610e58542ee552843633cfed973abdad94c56138dbf0cd991644f2d3f27e4dda3098e08ab676e7f52627b587947ae69db1012d59a6da18e0c" } ], "signed": { @@ -15,9 +15,6 @@ "role2.json": { "version": 1 }, - "root.json": { - "version": 1 - }, "targets.json": { "version": 1 } diff --git a/tests/repository_data/repository/metadata.staged/timestamp.json b/tests/repository_data/repository/metadata.staged/timestamp.json index 6c8a58d153..9a0daf078b 100644 --- a/tests/repository_data/repository/metadata.staged/timestamp.json +++ b/tests/repository_data/repository/metadata.staged/timestamp.json @@ -2,7 +2,7 @@ "signatures": [ { "keyid": "8a1c4a3ac2d515dec982ba9910c5fd79b91ae57f625b9cff25d06bf0a61c1758", - "sig": "135be7694185005de4ad2da1ac89c3f6536abeda1667801a43f9ab6a522bacd997f6f347f0a5f4e6cb7852461aabe5aefa1be7817b1939aadbd0eeb8ec454d0d" + "sig": "de0e16920f87bf5500cc65736488ac17e09788cce808f6a4e85eb9e4e478a312b4c1a2d7723af56f7bfb1df533c67d8c93b6f49d39eabe7fae391a08e1f72f01" } ], "signed": { @@ -11,9 +11,9 @@ "meta": { "snapshot.json": { "hashes": { - "sha256": "1f72d907a95612ecbea8b6f7c7e88c2782a2e0a6e9ac6332e8ec89edb9d83a06" + "sha256": "8f88e2ba48b412c3843e9bb26e1b6f8fc9e98aceb0fbaa97ba37b4c98717d7ab" }, - "length": 556, + "length": 515, "version": 1 } }, diff --git a/tests/repository_data/repository/metadata/1.root.json b/tests/repository_data/repository/metadata/1.root.json index 9cc9d4dc87..214d8db01b 100644 --- a/tests/repository_data/repository/metadata/1.root.json +++ b/tests/repository_data/repository/metadata/1.root.json @@ -2,7 +2,7 @@ "signatures": [ { "keyid": "4e777de0d275f9d28588dd9a1606cc748e548f9e22b6795b7cb3f63f98035fcb", - "sig": "5dd6c2691d6c33a082c02b3de398f80b947c75cd22fb9d03790437bd1051860fcb4b3407309cd656b4b2e8ad2858d80282210c8396f7ef18e6216b73ce08dea74c8b7578363784cfef2f0d2785acd901322a2546ffa641f1dc16ff700edcff4a208cc4c7cbddeca6d6f94c4c460e8b17138e6ad4ac8669a3b2fa9d67f5549cca48b74723eb962903adce1c2fd2e09a7046322fa5f2f9ef0de1f0d59a910dac6b19511071606a779bf2bcf62d93adb79dedb18b49c8b83dab49c8556eded2a1b8e2367bafb0b126bad986c992296cacea644d2ec96682ad4c667f0631422cd2e099c660dd21a80bc2dc02ca7e31d43e97f713a2f999e86f1a5e343b5e90d2fd01cf24ab95b21ebff633344c5221f2925a1d46d4c1792f7c4cc8efa2332f88b71eead2c6115da86bc4114343da0e6457fade53286835911f669e988670b4675715caff7ad158c0bcd67f805f153ca187d7e558588d85462297f304e05c1b31afb9f56030b4b3bce12863ed3b75f89dae48b3fd5544580c669527e6a341bd007ccc" + "sig": "a337d6375fedd2eabfcd6c2ef6c8a9c3bb85dc5a857715f6a6bd41123e7670c4972d8548bcd7248154f3d864bf25f1823af59d74c459f41ea09a02db057ca1245612ebbdb97e782c501dc3e094f7fa8aa1402b03c6ed0635f565e2a26f9f543a89237e15a2faf0c267e2b34c3c38f2a43a28ddcdaf8308a12ead8c6dc47d1b762de313e9ddda8cc5bc25aea1b69d0e5b9199ca02f5dda48c3bff615fd12a7136d00634b9abc6e75c3256106c4d6f12e6c43f6195071355b2857bbe377ce028619b58837696b805040ce144b393d50a472531f430fadfb68d3081b6a8b5e49337e328c9a0a3f11e80b0bc8eb2dc6e78d1451dd857e6e6e6363c3fd14c590aa95e083c9bfc77724d78af86eb7a7ef635eeddaa353030c79f66b3ba9ea11fab456cfe896a826fdfb50a43cd444f762821aada9bcd7b022c0ee85b8768f960343d5a1d3d76374cc0ac9e12a500de0bf5d48569e5398cadadadab045931c398e3bcb6cec88af2437ba91959f956079cbed159fed3938016e6c3b5e446131f81cc5981" } ], "signed": { diff --git a/tests/repository_data/repository/metadata/root.json b/tests/repository_data/repository/metadata/root.json index 9cc9d4dc87..214d8db01b 100644 --- a/tests/repository_data/repository/metadata/root.json +++ b/tests/repository_data/repository/metadata/root.json @@ -2,7 +2,7 @@ "signatures": [ { "keyid": "4e777de0d275f9d28588dd9a1606cc748e548f9e22b6795b7cb3f63f98035fcb", - "sig": "5dd6c2691d6c33a082c02b3de398f80b947c75cd22fb9d03790437bd1051860fcb4b3407309cd656b4b2e8ad2858d80282210c8396f7ef18e6216b73ce08dea74c8b7578363784cfef2f0d2785acd901322a2546ffa641f1dc16ff700edcff4a208cc4c7cbddeca6d6f94c4c460e8b17138e6ad4ac8669a3b2fa9d67f5549cca48b74723eb962903adce1c2fd2e09a7046322fa5f2f9ef0de1f0d59a910dac6b19511071606a779bf2bcf62d93adb79dedb18b49c8b83dab49c8556eded2a1b8e2367bafb0b126bad986c992296cacea644d2ec96682ad4c667f0631422cd2e099c660dd21a80bc2dc02ca7e31d43e97f713a2f999e86f1a5e343b5e90d2fd01cf24ab95b21ebff633344c5221f2925a1d46d4c1792f7c4cc8efa2332f88b71eead2c6115da86bc4114343da0e6457fade53286835911f669e988670b4675715caff7ad158c0bcd67f805f153ca187d7e558588d85462297f304e05c1b31afb9f56030b4b3bce12863ed3b75f89dae48b3fd5544580c669527e6a341bd007ccc" + "sig": "a337d6375fedd2eabfcd6c2ef6c8a9c3bb85dc5a857715f6a6bd41123e7670c4972d8548bcd7248154f3d864bf25f1823af59d74c459f41ea09a02db057ca1245612ebbdb97e782c501dc3e094f7fa8aa1402b03c6ed0635f565e2a26f9f543a89237e15a2faf0c267e2b34c3c38f2a43a28ddcdaf8308a12ead8c6dc47d1b762de313e9ddda8cc5bc25aea1b69d0e5b9199ca02f5dda48c3bff615fd12a7136d00634b9abc6e75c3256106c4d6f12e6c43f6195071355b2857bbe377ce028619b58837696b805040ce144b393d50a472531f430fadfb68d3081b6a8b5e49337e328c9a0a3f11e80b0bc8eb2dc6e78d1451dd857e6e6e6363c3fd14c590aa95e083c9bfc77724d78af86eb7a7ef635eeddaa353030c79f66b3ba9ea11fab456cfe896a826fdfb50a43cd444f762821aada9bcd7b022c0ee85b8768f960343d5a1d3d76374cc0ac9e12a500de0bf5d48569e5398cadadadab045931c398e3bcb6cec88af2437ba91959f956079cbed159fed3938016e6c3b5e446131f81cc5981" } ], "signed": { diff --git a/tests/repository_data/repository/metadata/snapshot.json b/tests/repository_data/repository/metadata/snapshot.json index af56f045be..7c8c091a2e 100644 --- a/tests/repository_data/repository/metadata/snapshot.json +++ b/tests/repository_data/repository/metadata/snapshot.json @@ -2,7 +2,7 @@ "signatures": [ { "keyid": "59a4df8af818e9ed7abe0764c0b47b4240952aa0d179b5b78346c470ac30278d", - "sig": "661c1ac156ebccc57671855d8394ef49e0ec5405b64104e273e5c2283d3c1150e3df8d856b1d6c96c60fdc9a1aa829f009cb5dfb25b3766af07379a53e05850f" + "sig": "085672c70dffe26610e58542ee552843633cfed973abdad94c56138dbf0cd991644f2d3f27e4dda3098e08ab676e7f52627b587947ae69db1012d59a6da18e0c" } ], "signed": { @@ -15,9 +15,6 @@ "role2.json": { "version": 1 }, - "root.json": { - "version": 1 - }, "targets.json": { "version": 1 } diff --git a/tests/repository_data/repository/metadata/timestamp.json b/tests/repository_data/repository/metadata/timestamp.json index 6c8a58d153..9a0daf078b 100644 --- a/tests/repository_data/repository/metadata/timestamp.json +++ b/tests/repository_data/repository/metadata/timestamp.json @@ -2,7 +2,7 @@ "signatures": [ { "keyid": "8a1c4a3ac2d515dec982ba9910c5fd79b91ae57f625b9cff25d06bf0a61c1758", - "sig": "135be7694185005de4ad2da1ac89c3f6536abeda1667801a43f9ab6a522bacd997f6f347f0a5f4e6cb7852461aabe5aefa1be7817b1939aadbd0eeb8ec454d0d" + "sig": "de0e16920f87bf5500cc65736488ac17e09788cce808f6a4e85eb9e4e478a312b4c1a2d7723af56f7bfb1df533c67d8c93b6f49d39eabe7fae391a08e1f72f01" } ], "signed": { @@ -11,9 +11,9 @@ "meta": { "snapshot.json": { "hashes": { - "sha256": "1f72d907a95612ecbea8b6f7c7e88c2782a2e0a6e9ac6332e8ec89edb9d83a06" + "sha256": "8f88e2ba48b412c3843e9bb26e1b6f8fc9e98aceb0fbaa97ba37b4c98717d7ab" }, - "length": 556, + "length": 515, "version": 1 } }, diff --git a/tests/test_repository_lib.py b/tests/test_repository_lib.py index e80f2954d2..9d6f9de0fe 100755 --- a/tests/test_repository_lib.py +++ b/tests/test_repository_lib.py @@ -433,7 +433,6 @@ def test_generate_snapshot_metadata(self): metadata_directory = os.path.join(repository_directory, repo_lib.METADATA_STAGED_DIRECTORY_NAME) targets_directory = os.path.join(repository_directory, repo_lib.TARGETS_DIRECTORY_NAME) - root_filename = os.path.join(metadata_directory, repo_lib.ROOT_FILENAME) targets_filename = os.path.join(metadata_directory, repo_lib.TARGETS_FILENAME) version = 1 @@ -453,12 +452,11 @@ def test_generate_snapshot_metadata(self): with open(invalid_metadata_file, 'w') as file_object: file_object.write('bad extension on metadata file') - root_filename = 'root' targets_filename = 'targets' snapshot_metadata = \ repo_lib.generate_snapshot_metadata(metadata_directory, version, - expiration_date, root_filename, + expiration_date, targets_filename, consistent_snapshot=False) self.assertTrue(tuf.formats.SNAPSHOT_SCHEMA.matches(snapshot_metadata)) @@ -467,22 +465,19 @@ def test_generate_snapshot_metadata(self): # Test improperly formatted arguments. self.assertRaises(securesystemslib.exceptions.FormatError, repo_lib.generate_snapshot_metadata, 3, version, expiration_date, - root_filename, targets_filename, consistent_snapshot=False) + targets_filename, consistent_snapshot=False) self.assertRaises(securesystemslib.exceptions.FormatError, repo_lib.generate_snapshot_metadata, metadata_directory, '3', expiration_date, - root_filename, targets_filename, consistent_snapshot=False) + targets_filename, consistent_snapshot=False) self.assertRaises(securesystemslib.exceptions.FormatError, repo_lib.generate_snapshot_metadata, metadata_directory, version, '3', - root_filename, targets_filename, consistent_snapshot=False) + targets_filename, consistent_snapshot=False) self.assertRaises(securesystemslib.exceptions.FormatError, repo_lib.generate_snapshot_metadata, metadata_directory, version, expiration_date, - 3, targets_filename, consistent_snapshot=False) + 3, consistent_snapshot=False) self.assertRaises(securesystemslib.exceptions.FormatError, repo_lib.generate_snapshot_metadata, metadata_directory, version, expiration_date, - root_filename, 3, consistent_snapshot=False) - self.assertRaises(securesystemslib.exceptions.FormatError, repo_lib.generate_snapshot_metadata, - metadata_directory, version, expiration_date, - root_filename, targets_filename, 3) + targets_filename, 3) diff --git a/tests/test_updater.py b/tests/test_updater.py index 1fa8969819..25a193aeec 100644 --- a/tests/test_updater.py +++ b/tests/test_updater.py @@ -886,7 +886,6 @@ def test_3__update_metadata_if_changed(self): self.repository_updater._update_metadata('timestamp', DEFAULT_TIMESTAMP_FILELENGTH) self.repository_updater._update_metadata_if_changed('snapshot', 'timestamp') self.repository_updater._update_metadata_if_changed('targets') - self.repository_updater._update_metadata_if_changed('root') targets_path = os.path.join(self.client_metadata_current, 'targets.json') self.assertTrue(os.path.exists(targets_path)) self.assertTrue(self.repository_updater.metadata['current']['targets']) diff --git a/tuf/client/updater.py b/tuf/client/updater.py index 6222942147..17d2394e52 100755 --- a/tuf/client/updater.py +++ b/tuf/client/updater.py @@ -589,7 +589,7 @@ class Updater(object): refresh(): This method downloads, verifies, and loads metadata for the top-level - roles in a specific order (i.e., timestamp -> snapshot -> root -> targets) + roles in a specific order (i.e., root -> timestamp -> snapshot -> targets) The expiration time for downloaded metadata is also verified. The metadata for delegated roles are not refreshed by this method, but by @@ -1002,7 +1002,7 @@ def refresh(self, unsafely_update_root_if_necessary=True): Update the latest copies of the metadata for the top-level roles. The update request process follows a specific order to ensure the metadata files are securely updated: - timestamp -> snapshot -> root (if necessary) -> targets. + root (if necessary) -> timestamp -> snapshot -> targets. Delegated metadata is not refreshed by this method. After this method is called, the use of get_one_valid_targetinfo() will update delegated @@ -1072,10 +1072,8 @@ def refresh(self, unsafely_update_root_if_necessary=True): logger.info('An expired Root metadata was loaded and must be updated.') raise - # TODO: How should the latest root metadata be verified? According to the - # currently trusted root keys? What if all of the currently trusted - # root keys have since been revoked by the latest metadata? Alternatively, - # do we blindly trust the downloaded root metadata here? + # Update the root metadata and verify it by building a chain of trusted root + # keys from the current trusted root metadata file self._update_root_metadata(root_metadata) # Ensure that the role and key information of the top-level roles is the @@ -1093,9 +1091,6 @@ def refresh(self, unsafely_update_root_if_necessary=True): # require strict checks on its required length. self._update_metadata('timestamp', DEFAULT_TIMESTAMP_UPPERLENGTH) - # TODO: After fetching snapshot.json, we should either verify the root - # fileinfo referenced there matches what was fetched earlier in - # _update_root_metadata() or make another attempt to download root.json. self._update_metadata_if_changed('snapshot', referenced_metadata='timestamp') self._update_metadata_if_changed('targets') @@ -1836,21 +1831,23 @@ def _update_metadata_if_changed(self, metadata_role, """ Non-public method that updates the metadata for 'metadata_role' if it has - changed. With the exception of the 'timestamp' role, all the top-level + changed. All top-level roles other than the 'timestamp' and 'root' roles are updated by this method. The 'timestamp' role is always downloaded from a mirror without first checking if it has been updated; it is updated in refresh() by calling _update_metadata('timestamp'). + The 'root' role is always updated first and verified based on the trusted + root metadata file the client already has a copy of; it is updated in + refresh() by calling _update_root_metadata(). This method is also called for delegated role metadata, which are referenced by 'snapshot'. If the metadata needs to be updated but an update cannot be obtained, - this method will delete the file (with the exception of the root - metadata, which never gets removed without a replacement). + this method will delete the file. Due to the way in which metadata files are updated, it is expected that 'referenced_metadata' is not out of date and trusted. The refresh() - method updates the top-level roles in 'timestamp -> snapshot -> - root -> targets' order. For delegated metadata, the parent role is + method updates the top-level roles in 'root -> timestamp -> snapshot -> + targets' order. For delegated metadata, the parent role is updated before the delegated role. Taking into account that 'referenced_metadata' is updated and verified before 'metadata_role', this method determines if 'metadata_role' has changed by checking @@ -1925,9 +1922,9 @@ def _update_metadata_if_changed(self, metadata_role, self._ensure_not_expired(self.metadata['current'][metadata_role], metadata_role) - # TODO: If 'metadata_role' is root or snapshot, we should verify that - # root's hash matches what's in snapshot, and that snapshot hash matches - # what's listed in timestamp.json. + # TODO: If metadata role is snapshot, we should verify that snapshot's + # hash matches what's listed in timestamp.json per step 3.1 of the + # detailed workflows in the specification return @@ -1940,9 +1937,6 @@ def _update_metadata_if_changed(self, metadata_role, if metadata_role == 'snapshot': upperbound_filelength = tuf.settings.DEFAULT_SNAPSHOT_REQUIRED_LENGTH - elif metadata_role == 'root': - upperbound_filelength = DEFAULT_ROOT_UPPERLENGTH - # The metadata is considered Targets (or delegated Targets metadata). else: upperbound_filelength = tuf.settings.DEFAULT_TARGETS_REQUIRED_LENGTH diff --git a/tuf/repository_lib.py b/tuf/repository_lib.py index 11c5173dea..965e9d709d 100755 --- a/tuf/repository_lib.py +++ b/tuf/repository_lib.py @@ -121,11 +121,10 @@ def _generate_and_write_metadata(rolename, metadata_filename, elif rolename == 'snapshot': - root_filename = ROOT_FILENAME[:-len(METADATA_EXTENSION)] targets_filename = TARGETS_FILENAME[:-len(METADATA_EXTENSION)] metadata = generate_snapshot_metadata(metadata_directory, - roleinfo['version'], roleinfo['expires'], root_filename, - targets_filename, consistent_snapshot, repository_name) + roleinfo['version'], roleinfo['expires'], targets_filename, + consistent_snapshot, repository_name) _log_warning_if_expires_soon(SNAPSHOT_FILENAME, roleinfo['expires'], @@ -1356,8 +1355,7 @@ def generate_targets_metadata(targets_directory, target_files, version, def generate_snapshot_metadata(metadata_directory, version, expiration_date, - root_filename, targets_filename, consistent_snapshot=False, - repository_name='default'): + targets_filename, consistent_snapshot=False, repository_name='default'): """ Create the snapshot metadata. The minimum metadata must exist (i.e., @@ -1379,10 +1377,6 @@ def generate_snapshot_metadata(metadata_directory, version, expiration_date, The expiration date of the metadata file. Conformant to 'securesystemslib.formats.ISO8601_DATETIME_SCHEMA'. - root_filename: - The filename of the top-level root role. The hash and file size of this - file is listed in the snapshot role. - targets_filename: The filename of the top-level targets role. The hash and file size of this file is listed in the snapshot role. @@ -1417,7 +1411,6 @@ def generate_snapshot_metadata(metadata_directory, version, expiration_date, securesystemslib.formats.PATH_SCHEMA.check_match(metadata_directory) tuf.formats.METADATAVERSION_SCHEMA.check_match(version) securesystemslib.formats.ISO8601_DATETIME_SCHEMA.check_match(expiration_date) - securesystemslib.formats.PATH_SCHEMA.check_match(root_filename) securesystemslib.formats.PATH_SCHEMA.check_match(targets_filename) securesystemslib.formats.BOOLEAN_SCHEMA.check_match(consistent_snapshot) securesystemslib.formats.NAME_SCHEMA.check_match(repository_name) @@ -1427,8 +1420,6 @@ def generate_snapshot_metadata(metadata_directory, version, expiration_date, # Snapshot's 'fileinfodict' shall contain the version number of Root, # Targets, and all delegated roles fo the repository. fileinfodict = {} - fileinfodict[ROOT_FILENAME] = get_metadata_versioninfo(root_filename, - repository_name) fileinfodict[TARGETS_FILENAME] = get_metadata_versioninfo(targets_filename, repository_name)