Class: Sigstore::TUF::TrustUpdater

Inherits:
Object
  • Object
show all
Includes:
Loggable
Defined in:
lib/sigstore/tuf.rb

Constant Summary collapse

Net = 
defined?(Gem::Net) ? Gem::Net : Net

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from Loggable

included, #logger

Constructor Details

#initialize(metadata_url, offline, metadata_dir: nil, targets_dir: nil, target_base_url: nil, config: UpdaterConfig.new) ⇒ TrustUpdater

Returns a new instance of TrustUpdater.



35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
 
# File 'lib/sigstore/tuf.rb', line 35

def initialize(metadata_url, offline, metadata_dir: nil, targets_dir: nil, target_base_url: nil,
               config: UpdaterConfig.new)
  @repo_url = metadata_url

  default_metadata_dir, default_targets_dir = get_dirs(metadata_url) unless metadata_dir && targets_dir
  @metadata_dir = metadata_dir || default_metadata_dir
  @targets_dir = targets_dir || default_targets_dir

  @offline = offline

  rsrc_prefix = if @repo_url == DEFAULT_TUF_URL
                  "prod"
                elsif @repo_url == STAGING_TUF_URL
                  "staging"
                end

  FileUtils.mkdir_p @metadata_dir
  FileUtils.mkdir_p @targets_dir

  if rsrc_prefix
    tuf_root = File.join(@metadata_dir, "root.json")

    unless File.exist?(tuf_root)
      File.open(tuf_root, "wb") do |f|
        File.open(File.expand_path("../../data/_store/#{rsrc_prefix}/root.json", __dir__), "rb") do |r|
          logger.info { "Copying root.json from #{r.path} to #{f.path}" }
          IO.copy_stream(r, f)
        end
      end
    end

    trusted_root_target = File.join(@targets_dir, "trusted_root.json")

    unless File.exist?(trusted_root_target)
      File.open(trusted_root_target, "wb") do |f|
        File.open(File.expand_path("../../data/_store/#{rsrc_prefix}/trusted_root.json", __dir__),
                  "rb") do |r|
          logger.info { "Copying trusted_root.json from #{r.path} to #{f.path}" }
          IO.copy_stream(r, f)
        end
      end
    end
  end

  return if @offline

  @updater = Updater.new(
    metadata_dir: @metadata_dir,
    metadata_base_url: @repo_url,
    target_base_url: (target_base_url && URI.parse(target_base_url)) ||
                     URI.join("#{@repo_url.to_s.chomp("/")}/", "targets/"),
    target_dir: @targets_dir,
    fetcher: method(:fetch),
    config:
  )
end

Instance Attribute Details

#updaterObject (readonly)

Returns the value of attribute updater.



33
34
35
 
# File 'lib/sigstore/tuf.rb', line 33

def updater
  @updater
end

Instance Method Details

#get_dirs(url) ⇒ Object 



92
93
94
95
96
97
98
99
100
101
102
103
104
105
 
# File 'lib/sigstore/tuf.rb', line 92

def get_dirs(url)
  app_name = "sigstore-ruby"
  app_author = "sigstore"

  repo_base = URI.encode_uri_component(url)
  home = Dir.home

  data_home = ENV.fetch("XDG_DATA_HOME", File.join(home, ".local", "share"))
  cache_home = ENV.fetch("XDG_CACHE_HOME", File.join(home, ".cache"))
  tuf_data_dir = File.join(data_home, app_name, app_author, "tuf")
  tuf_cache_dir = File.join(cache_home, app_name, app_author, "tuf")

  [File.join(tuf_data_dir, repo_base), File.join(tuf_cache_dir, repo_base)]
end

#refreshObject

Raises:

  • (ArgumentError) 


122
123
124
125
126
 
# File 'lib/sigstore/tuf.rb', line 122

def refresh
  raise ArgumentError, "Offline mode: cannot refresh" if @offline || !@updater

  @updater.refresh
end

#trusted_root_pathObject

Raises:



107
108
109
110
111
112
113
114
115
116
117
118
119
120
 
# File 'lib/sigstore/tuf.rb', line 107

def trusted_root_path
  unless @updater
    logger.info { "Offline mode: using cached trusted root" }
    return File.join(@targets_dir, "trusted_root.json")
  end

  root_info = @updater.get_targetinfo("trusted_root.json")
  raise Error::NoTrustedRoot, "Unsupported TUF configuration: no trusted_root.json" unless root_info

  path = @updater.find_cached_target(root_info)
  path ||= @updater.download_target(root_info)

  path
end