def status(self):
"""
<Purpose>
Determine the status of the project, including its delegated roles.
status() checks if each role provides sufficient public keys, signatures,
and that a valid metadata file is generated if write() were to be called.
Metadata files are temporarily written to check that proper metadata files
is written, where file hashes and lengths are calculated and referenced
by the project. status() does not do a simple check for number of
threshold keys and signatures.
<Arguments>
None.
<Exceptions>
securesystemslib.exceptions.Error, if the project, or any of its
delegated roles, do not have a minimum threshold of signatures.
<Side Effects>
Generates and writes temporary metadata files.
<Returns>
None.
"""
temp_project_directory = None
try:
temp_project_directory = tempfile.mkdtemp()
metadata_directory = os.path.join(temp_project_directory,
'metadata')
targets_directory = self.targets_directory
os.makedirs(metadata_directory)
# TODO: We should do the schema check.
filenames = {}
filenames['targets'] = os.path.join(metadata_directory,
self.project_name)
# Delegated roles.
delegated_roles = roledb.get_delegated_rolenames(
self.project_name, self.repository_name)
insufficient_keys = []
insufficient_signatures = []
for delegated_role in delegated_roles:
try:
_check_role_keys(delegated_role, self.repository_name)
except exceptions.InsufficientKeysError:
insufficient_keys.append(delegated_role)
continue
try:
signable = _generate_and_write_metadata(
delegated_role,
filenames['targets'],
False,
targets_directory,
False,
repository_name=self.repository_name)
self._log_status(delegated_role, signable[0],
self.repository_name)
except sslib_exceptions.Error:
insufficient_signatures.append(delegated_role)
if len(insufficient_keys):
message = 'Delegated roles with insufficient keys: ' +\
repr(insufficient_keys)
logger.info(message)
return
if len(insufficient_signatures):
message = 'Delegated roles with insufficient signatures: ' +\
repr(insufficient_signatures)
logger.info(message)
return
# Targets role.
try:
_check_role_keys(self.rolename, self.repository_name)
except exceptions.InsufficientKeysError as e:
logger.info(str(e))
return
try:
signable, junk = _generate_and_write_metadata(
self.project_name, filenames['targets'], False,
targets_directory, metadata_directory,
self.repository_name)
self._log_status(self.project_name, signable,
self.repository_name)
except exceptions.UnsignedMetadataError as e:
# This error is raised if the metadata has insufficient signatures to
# meet the threshold.
self._log_status(self.project_name, e.signable,
self.repository_name)
return
finally:
shutil.rmtree(temp_project_directory, ignore_errors=True)
def status(self):
"""
<Purpose>
Determine the status of the project, including its delegated roles.
status() checks if each role provides sufficient public keys, signatures,
and that a valid metadata file is generated if write() were to be called.
Metadata files are temporarily written to check that proper metadata files
is written, where file hashes and lengths are calculated and referenced
by the project. status() does not do a simple check for number of
threshold keys and signatures.
<Arguments>
None.
<Exceptions>
tuf.Error, if the project, or any of its delegated roles, do not have a
minimum threshold of signatures.
<Side Effects>
Generates and writes temporary metadata files.
<Returns>
None.
"""
temp_project_directory = None
try:
temp_project_directory = tempfile.mkdtemp()
metadata_directory = os.path.join(temp_project_directory,
self._metadata_directory[1:])
targets_directory = self._targets_directory
os.makedirs(metadata_directory)
# TODO: We should do the schema check.
filenames = {}
filenames['targets'] = os.path.join(metadata_directory, self._project_name)
# Delegated roles.
delegated_roles = tuf.roledb.get_delegated_rolenames(self._project_name)
insufficient_keys = []
insufficient_signatures = []
for delegated_role in delegated_roles:
try:
_check_role_keys(delegated_role)
except tuf.InsufficientKeysError:
insufficient_keys.append(delegated_role)
continue
roleinfo = tuf.roledb.get_roleinfo(delegated_role)
try:
signable = _generate_and_write_metadata(delegated_role,
filenames['targets'], False,
targets_directory,
metadata_directory,
False)
self._log_status(delegated_role, signable[0])
except tuf.Error:
insufficient_signatures.append(delegated_role)
if len(insufficient_keys):
message = 'Delegated roles with insufficient keys: ' +\
repr(insufficient_keys)
logger.info(message)
return
if len(insufficient_signatures):
message = 'Delegated roles with insufficient signatures: ' +\
repr(insufficient_signatures)
logger.info(message)
return
# Targets role.
try:
_check_role_keys(self.rolename)
except tuf.InsufficientKeysError as e:
logger.info(str(e))
return
try:
signable, filename = _generate_and_write_metadata(self._project_name,
filenames['targets'], False,
targets_directory,
metadata_directory,
False)
self._log_status(self._project_name, signable)
except tuf.Error as e:
signable = e[1]
self._log_status(self._project_name, signable)
return
finally:
shutil.rmtree(temp_project_directory, ignore_errors=True)
