def status(self): """ <Purpose> Determine the status of the project, including its delegated roles. status() checks if each role provides sufficient public keys, signatures, and that a valid metadata file is generated if write() were to be called. Metadata files are temporarily written to check that proper metadata files is written, where file hashes and lengths are calculated and referenced by the project. status() does not do a simple check for number of threshold keys and signatures. <Arguments> None. <Exceptions> securesystemslib.exceptions.Error, if the project, or any of its delegated roles, do not have a minimum threshold of signatures. <Side Effects> Generates and writes temporary metadata files. <Returns> None. """ temp_project_directory = None try: temp_project_directory = tempfile.mkdtemp() metadata_directory = os.path.join(temp_project_directory, 'metadata') targets_directory = self.targets_directory os.makedirs(metadata_directory) # TODO: We should do the schema check. filenames = {} filenames['targets'] = os.path.join(metadata_directory, self.project_name) # Delegated roles. delegated_roles = roledb.get_delegated_rolenames( self.project_name, self.repository_name) insufficient_keys = [] insufficient_signatures = [] for delegated_role in delegated_roles: try: _check_role_keys(delegated_role, self.repository_name) except exceptions.InsufficientKeysError: insufficient_keys.append(delegated_role) continue try: signable = _generate_and_write_metadata( delegated_role, filenames['targets'], False, targets_directory, False, repository_name=self.repository_name) self._log_status(delegated_role, signable[0], self.repository_name) except sslib_exceptions.Error: insufficient_signatures.append(delegated_role) if len(insufficient_keys): message = 'Delegated roles with insufficient keys: ' +\ repr(insufficient_keys) logger.info(message) return if len(insufficient_signatures): message = 'Delegated roles with insufficient signatures: ' +\ repr(insufficient_signatures) logger.info(message) return # Targets role. try: _check_role_keys(self.rolename, self.repository_name) except exceptions.InsufficientKeysError as e: logger.info(str(e)) return try: signable, junk = _generate_and_write_metadata( self.project_name, filenames['targets'], False, targets_directory, metadata_directory, self.repository_name) self._log_status(self.project_name, signable, self.repository_name) except exceptions.UnsignedMetadataError as e: # This error is raised if the metadata has insufficient signatures to # meet the threshold. self._log_status(self.project_name, e.signable, self.repository_name) return finally: shutil.rmtree(temp_project_directory, ignore_errors=True)
def status(self): """ <Purpose> Determine the status of the project, including its delegated roles. status() checks if each role provides sufficient public keys, signatures, and that a valid metadata file is generated if write() were to be called. Metadata files are temporarily written to check that proper metadata files is written, where file hashes and lengths are calculated and referenced by the project. status() does not do a simple check for number of threshold keys and signatures. <Arguments> None. <Exceptions> tuf.Error, if the project, or any of its delegated roles, do not have a minimum threshold of signatures. <Side Effects> Generates and writes temporary metadata files. <Returns> None. """ temp_project_directory = None try: temp_project_directory = tempfile.mkdtemp() metadata_directory = os.path.join(temp_project_directory, self._metadata_directory[1:]) targets_directory = self._targets_directory os.makedirs(metadata_directory) # TODO: We should do the schema check. filenames = {} filenames['targets'] = os.path.join(metadata_directory, self._project_name) # Delegated roles. delegated_roles = tuf.roledb.get_delegated_rolenames(self._project_name) insufficient_keys = [] insufficient_signatures = [] for delegated_role in delegated_roles: try: _check_role_keys(delegated_role) except tuf.InsufficientKeysError: insufficient_keys.append(delegated_role) continue roleinfo = tuf.roledb.get_roleinfo(delegated_role) try: signable = _generate_and_write_metadata(delegated_role, filenames['targets'], False, targets_directory, metadata_directory, False) self._log_status(delegated_role, signable[0]) except tuf.Error: insufficient_signatures.append(delegated_role) if len(insufficient_keys): message = 'Delegated roles with insufficient keys: ' +\ repr(insufficient_keys) logger.info(message) return if len(insufficient_signatures): message = 'Delegated roles with insufficient signatures: ' +\ repr(insufficient_signatures) logger.info(message) return # Targets role. try: _check_role_keys(self.rolename) except tuf.InsufficientKeysError as e: logger.info(str(e)) return try: signable, filename = _generate_and_write_metadata(self._project_name, filenames['targets'], False, targets_directory, metadata_directory, False) self._log_status(self._project_name, signable) except tuf.Error as e: signable = e[1] self._log_status(self._project_name, signable) return finally: shutil.rmtree(temp_project_directory, ignore_errors=True)