Check if metadata files at revision match those downloaded by TUF updater #389
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…F updater + + TUF updater does not always check the validity of all metadata files + if timestamp is not updated, the updater will determine that a new version + of the snapshot file does not need to be downloaded and it will not be validated + during the update process, the metadata files that TUF updater downloads is stored + in a separate folder within the temp directory + For each commit, check if the metadata files inside that directory are the same + as the ones in the auth repository's metadata folder at that revision
n-dusan
requested changes
Feb 15, 2024
taf/updater/updater_pipeline.py
Outdated
Comment on lines
1210
to
1217
|
|
||
| # TUF updater does not always check the validity of all metadata files | ||
| # if timestamp is not updated, the updater will determine that a new version | ||
| # of the snapshot file does not need to be downloaded and it will not be validated | ||
| # during the update process, the metadata files that TUF updater downloads is stored | ||
| # in a separate folder within the temp directory | ||
| # For each commit, check if the metadata files inside that directory are the same | ||
| # as the ones in the auth repository's metadata folder at that revision |
There was a problem hiding this comment.
This explanation looks like a good candidate to be a docstring. Could we move the code to a function?
taf/updater/updater_pipeline.py
Outdated
| # in a separate folder within the temp directory | ||
| # For each commit, check if the metadata files inside that directory are the same | ||
| # as the ones in the auth repository's metadata folder at that revision | ||
| pattern = r"\d+\.[^\.\s]+\.\w+" |
There was a problem hiding this comment.
Might want to add explanation as to what this pattern is searching for
taf/updater/updater_pipeline.py
Outdated
Comment on lines
1230
to
1238
| # this validation causes an issue with one of the first | ||
| # commits of our production repositories and it should | ||
| # not be enabled until we specify a later commit of those | ||
| # repositories as the initial valid ones | ||
| # this error happens when a metadata file is added, but | ||
| # snapshot is not updated | ||
| # raise UpdateFailedError( | ||
| # f"Invalid metadata file {metadata_file_name}" | ||
| # ) |
There was a problem hiding this comment.
Could we turn this into an issue?
taf/updater/updater_pipeline.py
Outdated
| # For each commit, check if the metadata files inside that directory are the same | ||
| # as the ones in the auth repository's metadata folder at that revision | ||
| pattern = r"\d+\.[^\.\s]+\.\w+" | ||
| for metadata_file_name in git_updater.get_current_metadata(): |
There was a problem hiding this comment.
Since we're reading all metadata files from disk for each commit, it's worth timing the updater to see how long this new validation takes, compared to the implementation we have on master.
There was a problem hiding this comment.
Ran SMC clone a couoek of times. The first was was slightly slower than on master, the second faster than on master, so I don't think that this impacts the performance. Other operations are much slower
n-dusan
approved these changes
Feb 21, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description (e.g. "Related to ...", etc.)
TUF updater does not always check the validity of all metadata files
if timestamp is not updated, the updater will determine that a new version
of the snapshot file does not need to be downloaded and it will not be validated
during the update process, the metadata files that TUF updater downloads is stored
in a separate folder within the temp directory
For each commit, check if the metadata files inside that directory are the same
as the ones in the auth repository's metadata folder at that revision
Closes #385
Code review checklist (for code reviewer to complete)