From 9c6950294e9f757c434568f5b94f048fb41fdcd7 Mon Sep 17 00:00:00 2001 From: Hind Montassif Date: Wed, 21 Feb 2024 16:57:27 +0100 Subject: [PATCH] Add const and reorganize repo_checker Add text in description for verify-package flag --- .../include/mamba/validation/repo_checker.hpp | 12 +-- libmamba/src/api/configuration.cpp | 5 +- libmamba/src/validation/repo_checker.cpp | 92 ++++++++++--------- 3 files changed, 58 insertions(+), 51 deletions(-) diff --git a/libmamba/include/mamba/validation/repo_checker.hpp b/libmamba/include/mamba/validation/repo_checker.hpp index 26b18377fd..e04360bf90 100644 --- a/libmamba/include/mamba/validation/repo_checker.hpp +++ b/libmamba/include/mamba/validation/repo_checker.hpp @@ -62,9 +62,8 @@ namespace mamba::validation void generate_index_checker(); - auto cache_path() -> const fs::u8path&; - - auto root_version() -> std::size_t; + auto cache_path() const -> const fs::u8path&; + auto root_version() const -> std::size_t; private: @@ -77,9 +76,10 @@ namespace mamba::validation std::size_t m_root_version; - auto initial_trusted_root() -> fs::u8path; - auto ref_root() -> fs::u8path; - auto cached_root() -> fs::u8path; + auto ref_root() const -> fs::u8path; + auto cached_root() const -> fs::u8path; + + auto initial_trusted_root() const -> fs::u8path; void persist_file(const fs::u8path& file_path); diff --git a/libmamba/src/api/configuration.cpp b/libmamba/src/api/configuration.cpp index 125f6a105f..3e37fbf8e7 100644 --- a/libmamba/src/api/configuration.cpp +++ b/libmamba/src/api/configuration.cpp @@ -1604,7 +1604,10 @@ namespace mamba .group("Extract, Link & Install") .set_rc_configurable() .set_env_var_names() - .description("Run verifications on packages signatures") + .description( // + "Run verifications on packages signatures.\n" + "This is still experimental and may not be stable yet.\n" + ) .long_description(unindent(R"( Spend extra time validating package contents. It consists of running cryptographic verifications on channels and packages metadata.)"))); diff --git a/libmamba/src/validation/repo_checker.cpp b/libmamba/src/validation/repo_checker.cpp index 25d2756686..a9b1644bf0 100644 --- a/libmamba/src/validation/repo_checker.cpp +++ b/libmamba/src/validation/repo_checker.cpp @@ -39,33 +39,6 @@ namespace mamba::validation auto RepoChecker::operator=(RepoChecker&&) noexcept -> RepoChecker& = default; - auto RepoChecker::cache_path() -> const fs::u8path& - { - return m_cache_path; - } - - void RepoChecker::generate_index_checker() - { - if (!p_index_checker) - { - // TUF spec 5.1 - Record fixed update start time - // Expiration computations will be done against - // this reference - // https://theupdateframework.github.io/specification/latest/#fix-time - const TimeRef time_reference; - - auto root = get_root_role(time_reference); - p_index_checker = root->build_index_checker( - m_context, - time_reference, - m_base_url, - cache_path() - ); - - LOG_INFO << "Index checker successfully generated for '" << m_base_url << "'"; - } - } - void RepoChecker::verify_index(const nlohmann::json& j) const { if (p_index_checker) @@ -118,17 +91,48 @@ namespace mamba::validation } } - auto RepoChecker::root_version() -> std::size_t + void RepoChecker::generate_index_checker() + { + if (!p_index_checker) + { + // TUF spec 5.1 - Record fixed update start time + // Expiration computations will be done against + // this reference + // https://theupdateframework.github.io/specification/latest/#fix-time + const TimeRef time_reference; + + auto root = get_root_role(time_reference); + p_index_checker = root->build_index_checker( + m_context, + time_reference, + m_base_url, + cache_path() + ); + + LOG_INFO << "Index checker successfully generated for '" << m_base_url << "'"; + } + } + + auto RepoChecker::cache_path() const -> const fs::u8path& + { + return m_cache_path; + } + + auto RepoChecker::root_version() const -> std::size_t { return m_root_version; } - auto RepoChecker::ref_root() -> fs::u8path + //////////////////////////// + ///// Private methods ///// + ////////////////////////// + + auto RepoChecker::ref_root() const -> fs::u8path { return m_ref_path / "root.json"; } - auto RepoChecker::cached_root() -> fs::u8path + auto RepoChecker::cached_root() const -> fs::u8path { if (cache_path().empty()) { @@ -140,19 +144,7 @@ namespace mamba::validation } } - void RepoChecker::persist_file(const fs::u8path& file_path) - { - if (fs::exists(cached_root())) - { - fs::remove(cached_root()); - } - if (!cached_root().empty()) - { - fs::copy(file_path, cached_root()); - } - } - - auto RepoChecker::initial_trusted_root() -> fs::u8path + auto RepoChecker::initial_trusted_root() const -> fs::u8path { if (fs::exists(cached_root())) { @@ -172,6 +164,18 @@ namespace mamba::validation } } + void RepoChecker::persist_file(const fs::u8path& file_path) + { + if (fs::exists(cached_root())) + { + fs::remove(cached_root()); + } + if (!cached_root().empty()) + { + fs::copy(file_path, cached_root()); + } + } + auto RepoChecker::get_root_role(const TimeRef& time_reference) -> std::unique_ptr { // TUF spec 5.3 - Update the root role @@ -268,5 +272,5 @@ namespace mamba::validation } return updated_root; - }; + } }