Module rugged.commands.lib.partial_root_metadata
Functions
def get_signatures_for_keys(metadata: Dict, root_keyids: list) ‑> list-
Expand source code
def get_signatures_for_keys(metadata: Dict, root_keyids: list) -> list: """ Return the signatures from metadata that were signed by any of the given root keyids. """ signatures = [] for signature in metadata['signatures']: if signature['keyid'] in root_keyids: signatures.append(signature) return signaturesReturn the signatures from metadata that were signed by any of the given root keyids.
def load_partial_root_metadata(version: str) ‑> Dict[str, Any]-
Expand source code
def load_partial_root_metadata(version: str) -> Dict[str, Any]: """ Load partial root metadata from disk. """ file_path = partial_root_metadata_path(version) log.debug(f"Checking for expected metadata file at: {file_path}.") if not os.path.exists(file_path): log.error(f"A metadata file was not found at the expected path: {file_path}") sys.exit(os.EX_NOINPUT) log.debug(f"Loading partial metadata file from: {file_path}.") metadata = load_metadata_from_file("root", file_path) log.debug(f"Loaded partial metadata file from: {file_path}.") return metadata.to_dict()Load partial root metadata from disk.
def partial_root_metadata_is_valid(metadata: Dict[str, Any]) ‑> bool-
Expand source code
def partial_root_metadata_is_valid(metadata: Dict[str, Any]) -> bool: """ Check whether partial root metadata is valid. """ if not partial_root_metadata_meets_new_signature_threshold(metadata): return False for name, role in metadata['signed']['roles'].items(): if not partial_root_metadata_meets_key_threshold_for_role(metadata, name): return False return TrueCheck whether partial root metadata is valid.
def partial_root_metadata_meets_key_threshold_for_role(metadata: Dict[str, Any], role: str) ‑> bool-
Expand source code
def partial_root_metadata_meets_key_threshold_for_role(metadata: Dict[str, Any], role: str) -> bool: """ Check whether partial root metadata has enough keys for a given role. """ threshold = metadata['signed']['roles'][role]['threshold'] log.debug(f"Partial root metadata has signature threshold for the '{role}' role set to {threshold}.") key_count = len(metadata['signed']['roles'][role]['keyids']) log.debug(f"Partial root metadata currently has {key_count} keys for the '{role}' role.") return key_count >= thresholdCheck whether partial root metadata has enough keys for a given role.
def partial_root_metadata_meets_new_signature_threshold(metadata: Dict[str, Any]) ‑> bool-
Expand source code
def partial_root_metadata_meets_new_signature_threshold(metadata: Dict[str, Any]) -> bool: """ Check whether partial root metadata has enough signatures from new keys. """ threshold = metadata['signed']['roles']['root']['threshold'] log.debug(f"Partial root metadata has signature threshold set to {threshold}.") signature_count = len(get_signatures_for_keys(metadata, metadata['signed']['roles']['root']['keyids'])) log.debug(f"Partial root metadata currently has {signature_count} signatures.") return signature_count >= thresholdCheck whether partial root metadata has enough signatures from new keys.
def partial_root_metadata_meets_old_signature_threshold(metadata: Dict[str, Any], old_root_metadata: Dict) ‑> bool-
Expand source code
def partial_root_metadata_meets_old_signature_threshold(metadata: Dict[str, Any], old_root_metadata: Dict) -> bool: """ Check whether partial root metadata has enough signatures from old keys. """ threshold = old_root_metadata['signed']['roles']['root']['threshold'] log.debug(f"Old root metadata has signature threshold set to {threshold}.") signature_count = len(get_signatures_for_keys(metadata, old_root_metadata['signed']['roles']['root']['keyids'])) log.debug(f"Old root metadata currently has {signature_count} signatures.") return signature_count >= thresholdCheck whether partial root metadata has enough signatures from old keys.
def partial_root_metadata_path(version: str) ‑> str-
Expand source code
def partial_root_metadata_path(version: str) -> str: """ Return the path to the partial root metadata. """ return f"{RUGGED_PARTIAL_METADATA_DIR}/{version}.root.json"Return the path to the partial root metadata.
def write_partial_root_metadata(metadata: Dict[str, Any]) ‑> None-
Expand source code
def write_partial_root_metadata(metadata: Dict[str, Any]) -> None: """ Write partial root metadata to disk. """ version = metadata['signed']['version'] file_path = partial_root_metadata_path(version) file_dir = os.path.dirname(file_path) if not os.path.exists(file_dir): log.info(f"Partial root metadata path not found. Creating: {file_dir}") os.mkdir(file_dir) write_signable_root_metadata(metadata) write_metadata_to_file("root", Metadata[Root].from_dict(metadata), file_path)Write partial root metadata to disk.
def write_signable_root_metadata(metadata: Dict[str, Any]) ‑> None-
Expand source code
def write_signable_root_metadata(metadata: Dict[str, Any]) -> None: """ Write signable root metadata to disk. """ version = metadata['signed']['version'] file_path = f"{RUGGED_PARTIAL_METADATA_DIR}/signable-{version}.root.json" try: with open(file_path, "w") as signable_file: signed: str | None = encode_canonical(metadata['signed']) if signed is None: error = "Error preparing signable root metadata." log.error(error) raise RuggedMetadataError(error) signable_file.write(signed) log.debug(f"Wrote signable root metadata to file '{file_path}'.") except Exception as e: log_exception(e) error = f"Failed to write signable root metadata to file '{file_path}'." log.error(error)Write signable root metadata to disk.