1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
|
package client
import (
"encoding/json"
"errors"
"fmt"
"io/fs"
"os"
"path/filepath"
"sync"
"github.com/theupdateframework/go-tuf/client"
"github.com/theupdateframework/go-tuf/internal/fsutil"
"github.com/theupdateframework/go-tuf/util"
)
const (
// user: rwx
// group: r-x
// other: ---
dirCreateMode = os.FileMode(0750)
// user: rw-
// group: r--
// other: ---
fileCreateMode = os.FileMode(0640)
)
// FileJSONStore represents a local metadata cache relying on raw JSON files
// as retrieved from the remote repository.
type FileJSONStore struct {
mtx sync.RWMutex
baseDir string
}
var _ client.LocalStore = (*FileJSONStore)(nil)
// NewFileJSONStore returns a new metadata cache, implemented using raw JSON
// files, stored in a directory provided by the client.
// If the provided directory does not exist on disk, it will be created.
// The provided metadata cache is safe for concurrent access.
func NewFileJSONStore(baseDir string) (*FileJSONStore, error) {
f := &FileJSONStore{
baseDir: baseDir,
}
// Does the directory exist?
fi, err := os.Stat(baseDir)
if err != nil {
if errors.Is(err, fs.ErrNotExist) {
// Create the directory
if err = os.MkdirAll(baseDir, dirCreateMode); err != nil {
return nil, fmt.Errorf("error creating directory for metadata cache: %w", err)
}
} else {
return nil, fmt.Errorf("error getting FileInfo for %s: %w", baseDir, err)
}
} else {
// Verify that it is a directory
if !fi.IsDir() {
return nil, fmt.Errorf("can not open %s, not a directory", baseDir)
}
// Verify file mode is not too permissive.
if err = fsutil.EnsureMaxPermissions(fi, dirCreateMode); err != nil {
return nil, err
}
}
return f, nil
}
// GetMeta returns the currently cached set of metadata files.
func (f *FileJSONStore) GetMeta() (map[string]json.RawMessage, error) {
f.mtx.RLock()
defer f.mtx.RUnlock()
names, err := os.ReadDir(f.baseDir)
if err != nil {
return nil, fmt.Errorf("error reading directory %s: %w", f.baseDir, err)
}
meta := map[string]json.RawMessage{}
for _, name := range names {
ok, err := fsutil.IsMetaFile(name)
if err != nil {
return nil, err
}
if !ok {
continue
}
// Verify permissions
info, err := name.Info()
if err != nil {
return nil, fmt.Errorf("error retrieving FileInfo for %s: %w", name.Name(), err)
}
if err = fsutil.EnsureMaxPermissions(info, fileCreateMode); err != nil {
return nil, err
}
p := filepath.Join(f.baseDir, name.Name())
b, err := os.ReadFile(p)
if err != nil {
return nil, fmt.Errorf("error reading file %s: %w", name.Name(), err)
}
meta[name.Name()] = b
}
return meta, nil
}
// SetMeta stores a metadata file in the cache. If the metadata file exist,
// it will be overwritten.
func (f *FileJSONStore) SetMeta(name string, meta json.RawMessage) error {
f.mtx.Lock()
defer f.mtx.Unlock()
if filepath.Ext(name) != ".json" {
return fmt.Errorf("file %s is not a JSON file", name)
}
p := filepath.Join(f.baseDir, name)
err := util.AtomicallyWriteFile(p, meta, fileCreateMode)
return err
}
// DeleteMeta deletes a metadata file from the cache.
// If the file does not exist, an *os.PathError is returned.
func (f *FileJSONStore) DeleteMeta(name string) error {
f.mtx.Lock()
defer f.mtx.Unlock()
if filepath.Ext(name) != ".json" {
return fmt.Errorf("file %s is not a JSON file", name)
}
p := filepath.Join(f.baseDir, name)
err := os.Remove(p)
if err == nil {
return nil
}
return fmt.Errorf("error deleting file %s: %w", name, err)
}
// Close closes the metadata cache. This is a no-op.
func (f *FileJSONStore) Close() error {
return nil
}
|
