Merge pull request #1653 from advancedtelematic/fix/abort-ostree-with…

…-fake-pacman Refuse to download OSTree targets with the fake/binary package manager.
advancedtelematic · Apr 28, 2020 · d81e2c5 · d81e2c5
2 parents 20c88a8 + 2fe1cb6
commit d81e2c5
Show file tree

Hide file tree

Showing 4 changed files with 44 additions and 2 deletions.
diff --git a/src/libaktualizr/package_manager/fetcher_test.cc b/src/libaktualizr/package_manager/fetcher_test.cc
@@ -260,6 +260,8 @@ TEST(Fetcher, DownloadLengthZero) {
   Json::Value empty_target_json;
   empty_target_json["hashes"]["sha256"] = "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855";
   empty_target_json["length"] = 0;
+  // Make sure this isn't confused for an old-style OSTree target.
+  empty_target_json["custom"]["targetFormat"] = "binary";
   Uptane::Target empty_target("empty_file", empty_target_json);
   EXPECT_TRUE(pacman->fetchTarget(empty_target, fetcher, keys, progress_cb, nullptr));
   EXPECT_EQ(pacman->verifyTarget(empty_target), TargetStatus::kGood);
@@ -315,6 +317,39 @@ TEST(Fetcher, NotEnoughDiskSpace) {
   EXPECT_EQ(http->counter, 1);
 }
 
+/* Abort downloading an OSTree target with the fake/binary package manager. */
+TEST(Fetcher, DownloadOstreeFail) {
+  TemporaryDirectory temp_dir;
+  config.storage.path = temp_dir.Path();
+  config.uptane.repo_server = server;
+
+  std::shared_ptr<INvStorage> storage(new SQLStorage(config.storage, false));
+  auto http = std::make_shared<HttpZeroLength>(temp_dir.Path());
+  auto pacman = std::make_shared<PackageManagerFake>(config.pacman, config.bootloader, storage, http);
+  KeyManager keys(storage, config.keymanagerConfig());
+  Uptane::Fetcher fetcher(config, http);
+
+  // Empty target: download succeeds, but http module is never called.
+  Json::Value empty_target_json;
+  empty_target_json["hashes"]["sha256"] = "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855";
+  empty_target_json["length"] = 0;
+  empty_target_json["custom"]["targetFormat"] = "OSTREE";
+  Uptane::Target empty_target("empty_file", empty_target_json);
+  EXPECT_FALSE(pacman->fetchTarget(empty_target, fetcher, keys, progress_cb, nullptr));
+  EXPECT_NE(pacman->verifyTarget(empty_target), TargetStatus::kGood);
+  EXPECT_EQ(http->counter, 0);
+
+  // Non-empty target: download succeeds, and http module is called. This is
+  // done purely to make sure the test is designed correctly.
+  Json::Value nonempty_target_json;
+  nonempty_target_json["hashes"]["sha256"] = "5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9";
+  nonempty_target_json["length"] = 1;
+  Uptane::Target nonempty_target("fake_file", nonempty_target_json);
+  EXPECT_TRUE(pacman->fetchTarget(nonempty_target, fetcher, keys, progress_cb, nullptr));
+  EXPECT_EQ(pacman->verifyTarget(nonempty_target), TargetStatus::kGood);
+  EXPECT_EQ(http->counter, 1);
+}
+
 #ifndef __NO_MAIN__
 int main(int argc, char** argv) {
   ::testing::InitGoogleTest(&argc, argv);

diff --git a/src/libaktualizr/package_manager/packagemanagerfake.cc b/src/libaktualizr/package_manager/packagemanagerfake.cc
@@ -110,5 +110,10 @@ bool PackageManagerFake::fetchTarget(const Uptane::Target& target, Uptane::Fetch
     return false;
   }
 
+  if (target.IsOstree()) {
+    LOG_ERROR << "Cannot download OSTree target " << target.filename() << " with the fake package manager!";
+    return false;
+  }
+
   return PackageManagerInterface::fetchTarget(target, fetcher, keys, progress_cb, token);
 }
diff --git a/src/libaktualizr/uptane/tuf.cc b/src/libaktualizr/uptane/tuf.cc
@@ -127,6 +127,7 @@ Target::Target(std::string filename, const Json::Value &content) : filename_(std
   std::sort(hashes_.begin(), hashes_.end(), [](const Hash &l, const Hash &r) { return l.type() < r.type(); });
 }
 
+// Internal use only.
 Target::Target(std::string filename, EcuMap ecus, std::vector<Hash> hashes, uint64_t length, std::string correlation_id)
     : filename_(std::move(filename)),
       ecus_(std::move(ecus)),
@@ -135,6 +136,7 @@ Target::Target(std::string filename, EcuMap ecus, std::vector<Hash> hashes, uint
       correlation_id_(std::move(correlation_id)) {
   // sort hashes so that higher priority hash algorithm goes first
   std::sort(hashes_.begin(), hashes_.end(), [](const Hash &l, const Hash &r) { return l.type() < r.type(); });
+  type_ = "UNKNOWN";
 }
 
 Target Target::Unknown() {

diff --git a/src/libaktualizr/uptane/tuf.h b/src/libaktualizr/uptane/tuf.h
@@ -211,8 +211,8 @@ class Target {
  public:
   // From Uptane metadata
   Target(std::string filename, const Json::Value &content);
-  // Internal, does not have type. Only used for reading installation_versions
-  // list and by various tests.
+  // Internal use only. Only used for reading installed_versions list and by
+  // various tests.
   Target(std::string filename, EcuMap ecus, std::vector<Hash> hashes, uint64_t length, std::string correlation_id = "");
 
   static Target Unknown();