chore!: Remove deprecated client Init() function

znewman01 · znewman01 · commit 71c57e76fe3a · 2022-08-03T15:17:13.000-04:00
Has been deprecated for a release or so.

This fixes some tests and removes others; the removals are all
justified:

- TestInitRootExpired: testing of InitLocal checks the behavior on
  expired roots (which is *different*; it allows expired roots)
- TestInitRootTooLarge: covered now in TestUpdate

We also add a "RawMeta" function, used to get at the root json. I could
be persuaded that this should be a "RawRoot" instead.

BREAKING CHANGE: remove client.Init() in favor of InitLocal()

Signed-off-by: Zachary Newman &lt;z@znewman.net&gt;
diff --git a/client/client.go b/client/client.go
@@ -106,49 +106,6 @@ func NewClient(local LocalStore, remote RemoteStore) *Client {
 	}
 }
 
-// Init initializes a local repository.
-//
-// The latest root.json is fetched from remote storage, verified using rootKeys
-// and threshold, and then saved in local storage. It is expected that rootKeys
-// were securely distributed with the software being updated.
-//
-// Deprecated: Use c.InitLocal and c.Update to initialize a local repository.
-func (c *Client) Init(rootKeys []*data.PublicKey, threshold int) error {
-	if len(rootKeys) < threshold {
-		return ErrInsufficientKeys
-	}
-	rootJSON, err := c.downloadMetaUnsafe("root.json", defaultRootDownloadLimit)
-	if err != nil {
-		return err
-	}
-
-	// create a new key database, and add all the public `rootKeys` to it.
-	c.db = verify.NewDB()
-	rootKeyIDs := make([]string, 0, len(rootKeys))
-	for _, key := range rootKeys {
-		for _, id := range key.IDs() {
-			rootKeyIDs = append(rootKeyIDs, id)
-			if err := c.db.AddKey(id, key); err != nil {
-				return err
-			}
-		}
-	}
-
-	// add a mock "root" role that trusts the passed in key ids. These keys
-	// will be used to verify the `root.json` we just fetched.
-	role := &data.Role{Threshold: threshold, KeyIDs: rootKeyIDs}
-	if err := c.db.AddRole("root", role); err != nil {
-		return err
-	}
-
-	// verify that the new root is valid.
-	if err := c.decodeRoot(rootJSON); err != nil {
-		return err
-	}
-
-	return c.local.SetMeta("root.json", rootJSON)
-}
-
 // InitLocal initializes a local repository from root metadata.
 //
 // The root's keys are extracted from the root and saved in local storage.
diff --git a/client/client_test.go b/client/client_test.go
@@ -174,17 +174,16 @@ func (s *ClientSuite) addRemoteTarget(c *C, name string) {
 	s.syncRemote(c)
 }
 
-func (s *ClientSuite) rootKeys(c *C) []*data.PublicKey {
-	rootKeys, err := s.repo.RootKeys()
+func (s *ClientSuite) rootMeta(c *C) []byte {
+	meta, err := s.repo.RawMeta("root.json")
 	c.Assert(err, IsNil)
-	c.Assert(rootKeys, HasLen, 1)
-	return rootKeys
+	return meta
 }
 
 func (s *ClientSuite) newClient(c *C) *Client {
 	s.local = MemoryLocalStore()
 	client := NewClient(s.local, s.remote)
-	c.Assert(client.Init(s.rootKeys(c), 1), IsNil)
+	c.Assert(client.InitLocal(s.rootMeta(c)), IsNil)
 	return client
 }
 
@@ -243,39 +242,21 @@ func (s *ClientSuite) assertErrExpired(c *C, err error, file string) {
 	c.Assert(expiredErr.Expired.Unix(), Equals, s.expiredTime.Round(time.Second).Unix())
 }
 
-func (s *ClientSuite) TestInitRootTooLarge(c *C) {
-	client := NewClient(MemoryLocalStore(), s.remote)
-	s.remote.meta["root.json"] = newFakeFile(make([]byte, defaultRootDownloadLimit+1))
-	c.Assert(client.Init(s.rootKeys(c), 0), Equals, ErrMetaTooLarge{"root.json", defaultRootDownloadLimit + 1, defaultRootDownloadLimit})
-}
-
-func (s *ClientSuite) TestInitRootExpired(c *C) {
-	s.genKeyExpired(c, "targets")
-	c.Assert(s.repo.Snapshot(), IsNil)
-	c.Assert(s.repo.Timestamp(), IsNil)
-	c.Assert(s.repo.Commit(), IsNil)
-	s.syncRemote(c)
-	client := NewClient(MemoryLocalStore(), s.remote)
-	s.withMetaExpired(func() {
-		s.assertErrExpired(c, client.Init(s.rootKeys(c), 1), "root.json")
-	})
-}
-
 func (s *ClientSuite) TestInit(c *C) {
 	client := NewClient(MemoryLocalStore(), s.remote)
 
-	// check Init() returns keys.ErrInvalidThreshold with an invalid threshold
-	c.Assert(client.Init(s.rootKeys(c), 0), Equals, verify.ErrInvalidThreshold)
-
-	// check Init() returns signed.ErrRoleThreshold when not enough keys
-	c.Assert(client.Init(s.rootKeys(c), 2), Equals, ErrInsufficientKeys)
+	// check invalid json
+	c.Assert(client.InitLocal(make([]byte, 0)), NotNil)
+	rootJson := `{ "signatures": [], "signed": {"version": "wrongtype"}, "spec_version": "1.0.0", "version": 1}`
+	err := client.InitLocal([]byte(rootJson))
+	c.Assert(err.Error(), Matches, "json: cannot unmarshal string.*")
 
 	// check Update() returns ErrNoRootKeys when uninitialized
-	_, err := client.Update()
+	_, err = client.Update()
 	c.Assert(err, Equals, ErrNoRootKeys)
 
 	// check Update() does not return ErrNoRootKeys after initialization
-	c.Assert(client.Init(s.rootKeys(c), 1), IsNil)
+	c.Assert(client.InitLocal(s.rootMeta(c)), IsNil)
 	_, err = client.Update()
 	c.Assert(err, IsNil)
 }
@@ -489,6 +470,8 @@ func (s *ClientSuite) TestUpdateRoots(c *C) {
 		{"testdata/Published2Times_targets_keyrotated", nil, map[string]int64{"root": 2, "timestamp": 2, "snapshot": 2, "targets": 2}},
 		// timestamp role key rotation increase the timestamp.
 		{"testdata/Published2Times_timestamp_keyrotated", nil, map[string]int64{"root": 2, "timestamp": 2, "snapshot": 1, "targets": 1}},
+		//root file size > defaultRootDownloadLimit
+		{"testdata/Published2Times_roottoolarge", ErrMetaTooLarge{Name: "2.root.json", Size: defaultRootDownloadLimit + 1, MaxSize: defaultRootDownloadLimit}, map[string]int64{}},
 	}
 
 	for _, test := range tests {
@@ -1053,10 +1036,11 @@ func (s *ClientSuite) TestUpdateHTTP(c *C) {
 		remote, err := HTTPRemoteStore(fmt.Sprintf("http://%s/%s/repository", addr, dir), nil, nil)
 		c.Assert(err, IsNil)
 		client := NewClient(MemoryLocalStore(), remote)
-		rootKeys, err := repo.RootKeys()
+		rootMeta, err := repo.SignedMeta("root.json")
+		c.Assert(err, IsNil)
+		rootJsonBytes, err := json.Marshal(rootMeta)
 		c.Assert(err, IsNil)
-		c.Assert(rootKeys, HasLen, 1)
-		c.Assert(client.Init(rootKeys, 1), IsNil)
+		c.Assert(client.InitLocal(rootJsonBytes), IsNil)
 
 		// check update is ok
 		targets, err := client.Update()
diff --git a/repo.go b/repo.go
@@ -1591,3 +1591,12 @@ func (r *Repo) CheckRoleUnexpired(role string, validAt time.Time) error {
 	}
 	return nil
 }
+
+// RawMeta returns the bytes from the repo metadata dictionary, as-is
+func (r *Repo) RawMeta(roleFilename string) ([]byte, error) {
+	meta, ok := r.meta[roleFilename]
+	if !ok {
+		return nil, ErrMissingMetadata{roleFilename}
+	}
+	return meta, nil
+}

Original file line number	Diff line number	Diff line change
`@@ -1591,3 +1591,12 @@ func (r *Repo) CheckRoleUnexpired(role string, validAt time.Time) error {`
`1591`	`1591`	`}`
`1592`	`1592`	`return nil`
`1593`	`1593`	`}`
	`1594`	`+`
	`1595`	`+// RawMeta returns the bytes from the repo metadata dictionary, as-is`
	`1596`	`+func (r *Repo) RawMeta(roleFilename string) ([]byte, error) {`
	`1597`	`+ meta, ok := r.meta[roleFilename]`
	`1598`	`+ if !ok {`
	`1599`	`+ return nil, ErrMissingMetadata{roleFilename}`
	`1600`	`+ }`
	`1601`	`+ return meta, nil`
	`1602`	`+}`