tuf: improve TUF client concurrency and caching #1953
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -50,8 +50,8 @@ const ( | |
| var ( | ||
| // singletonTUF holds a single instance of TUF that will get reused on | ||
| // subsequent invocations of initializeTUF | ||
| singletonTUF *TUF | ||
| singletonTUFOnce = new(sync.Once) | ||
| ) | ||
|
|
||
| var GetRemoteRoot = func() string { | ||
|
|
@@ -109,9 +109,7 @@ type remoteCache struct { | |
| } | ||
|
|
||
| func resetForTests() { | ||
| singletonTUFOnce = new(sync.Once) | ||
| } | ||
|
|
||
| func getExpiration(metadata []byte) (*time.Time, error) { | ||
|
|
@@ -235,66 +233,62 @@ func GetRootStatus(ctx context.Context) (*RootStatus, error) { | |
| // targets in a targets/ subfolder. | ||
| // * forceUpdate: indicates checking the remote for an update, even when the local | ||
| // timestamp.json is up to date. | ||
| func initializeTUF(ctx context.Context, mirror string, root []byte, embedded fs.FS, forceUpdate bool) *TUF { | ||
| singletonTUFOnce.Do(func() { | ||
| t := &TUF{ | ||
| mirror: mirror, | ||
| embedded: embedded, | ||
| } | ||
|
|
||
| t.targets = newFileImpl() | ||
| var err error | ||
| t.local, err = newLocalStore() | ||
| if err != nil { | ||
| panic(err) | ||
|
There was a problem hiding this comment. Darn, is this the consequence of sync.Once? If so, this isn't viable imo, we shouldn't add a panic into the client because if a server starts depending on it, it opens up an opportunity for query of deaths. Is there a way to return an error? If not, what you had before would be fine. There was a problem hiding this comment. Could do a global variable - https://stackoverflow.com/questions/42069615/too-many-arguments-to-return-error Just ran into this same issue in fulcioroots |
||
| } | ||
|
|
||
| t.remote, err = remoteFromMirror(ctx, t.mirror) | ||
| if err != nil { | ||
| panic(err) | ||
| } | ||
|
|
||
| t.client = client.NewClient(t.local, t.remote) | ||
|
|
||
| trustedMeta, err := t.local.GetMeta() | ||
| if err != nil { | ||
| panic(fmt.Errorf("getting trusted meta: %w", err)) | ||
| } | ||
|
|
||
| // If the caller does not supply a root, then either use the root in the local store | ||
| // or default to the embedded one. | ||
| if root == nil { | ||
| root, err = getRoot(trustedMeta, t.embedded) | ||
| if err != nil { | ||
| panic(fmt.Errorf("getting trusted root: %w", err)) | ||
| } | ||
| } | ||
|
|
||
| if err := t.client.InitLocal(root); err != nil { | ||
| panic(fmt.Errorf("unable to initialize client, local cache may be corrupt: %w", err)) | ||
| } | ||
|
|
||
| // We may already have an up-to-date local store! Check to see if it needs to be updated. | ||
| trustedTimestamp, ok := trustedMeta["timestamp.json"] | ||
| if ok && !isExpiredTimestamp(trustedTimestamp) && !forceUpdate { | ||
| // We're golden so stash the TUF object for later use | ||
| singletonTUF = t | ||
| return | ||
|
There was a problem hiding this comment. Is this returning nil? There was a problem hiding this comment. It's returning out of the |
||
| } | ||
|
|
||
| // Update if local is not populated or out of date. | ||
| if err := t.updateMetadataAndDownloadTargets(); err != nil { | ||
| panic(fmt.Errorf("updating local metadata and targets: %w", err)) | ||
| } | ||
|
|
||
| // We're golden so stash the TUF object for later use | ||
| singletonTUF = t | ||
| }) | ||
| return singletonTUF | ||
| } | ||
|
|
||
| func NewFromEnv(ctx context.Context) (*TUF, error) { | ||
|
|
@@ -309,14 +303,12 @@ func NewFromEnv(ctx context.Context) (*TUF, error) { | |
| } | ||
|
|
||
| // Initializes a new TUF object from the local cache or defaults. | ||
| return initializeTUF(ctx, mirror, nil, GetEmbedded(), false), nil | ||
| } | ||
|
|
||
| func Initialize(ctx context.Context, mirror string, root []byte) error { | ||
asraa marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| // Initialize the client. Force an update with remote. | ||
| _ = initializeTUF(ctx, mirror, root, GetEmbedded(), true) | ||
|
|
||
| // Store the remote for later if we are caching. | ||
| if !noCache() { | ||
|
|
@@ -445,7 +437,7 @@ func (t *TUF) updateClient() (data.TargetFiles, error) { | |
| if noCache() { | ||
| return targets, nil | ||
| } | ||
| // Sync the on-disk cache with the metadata from the in-memory store. | ||
| tufDB := filepath.FromSlash(filepath.Join(rootCacheDir(), "tuf.db")) | ||
| diskLocal, err := tuf_leveldbstore.FileLocalStore(tufDB) | ||
|
There was a problem hiding this comment. Is this API expected to be used, or are we reaching into private APIs? I just wanna make sure this is maintainable. There was a problem hiding this comment. Yeah, |
||
| defer func() { | ||
|
|
@@ -563,7 +555,7 @@ func cachedTargetsDir(cacheRoot string) string { | |
| } | ||
|
|
||
| func syncLocalMeta(from client.LocalStore, to client.LocalStore) error { | ||
| // Copy trusted metadata in the from LocalStore into the to LocalStore. | ||
| tufLocalStoreMeta, err := from.GetMeta() | ||
| if err != nil { | ||
| return fmt.Errorf("getting metadata to sync: %w", err) | ||
|
|
@@ -593,6 +585,7 @@ func newLocalStore() (client.LocalStore, error) { | |
| if err != nil { | ||
| return nil, fmt.Errorf("creating cached local store: %w", err) | ||
| } | ||
| // Populate the in-memory local store with data fetched from the cache. | ||
| if err := syncLocalMeta(diskLocal, local); err != nil { | ||
| return nil, err | ||
| } | ||
|
|
@@ -652,7 +645,7 @@ func (m *memoryCache) Get(p string) ([]byte, error) { | |
| type diskCache struct { | ||
| // Base directory for accessing targets. | ||
| base string | ||
| // An in-memory map of targets that are kept in sync. | ||
| memory *memoryCache | ||
| } | ||
|
|
||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wow, I actually didn't know that go had allocation via
new.I don't mind this approach, but I found that someone else had the same problem and made sync but with Reset - https://github.com/matryer/resync
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yeah i saw this as well and ideally wanted to avoid a totally new dependency just for testing -- I'm not sure if there's a big downside to this approach though.