Review download code #1448
Review download code #1448
Conversation
|
Looks great at first glance. This maybe a dumb question but is there something that prevents us from putting the new FileDownloader functionality directly into FetcherInterface? Are the RequestsFetcher improvements dependent on the other changes or just included in same PR for convenience? |
Only me not thinking enough about it ... 🙄
No, they are not dependent, I just consider fetcher as part of the download code. I do like the idea of simplifying further and keeping only a single download/fetcher module instead of the two. How should we do it? Build on top of this PR, a separate PR or I can rewrite these commits here and directly move download.py functions into FetcherInterface? |
I think merging a PR that adds a new object would be weird if we intend to remove it soon in a followup PR... otherwise whatever works for you I think |
sechkova
force-pushed
the
review-download-code
branch
from
7e288a0 to
b87fb5f
Compare
|
Rewrote part of the commits here. Now the simplified download functions are made part of |
|
I don't know what is blocking GitHub actions here? |
quite strange. It never actually started the action (https://github.com/theupdateframework/tuf/actions) so I can't even restart it. Looks really nice btw... Net result of removing 200 lines and ending up with a cleaner implementation is not too bad. |
sechkova
force-pushed
the
review-download-code
branch
from
b87fb5f to
5b3a4de
Compare
There was a problem hiding this comment.
I like it a lot: this makes download code much easier to understand (and I agree with the decisions made)! Left several comments but the only one that I think needs to be fixed here is the argument name: required_length does not seem to represent what it is.
Feel free to file issues for the other things
|
I think all suggestions are added with 959ab5a. |
The average download speed check does not achieve its purpose of protecting against slow retrieval attacks. Such protection is highly dependent on the networking stack which could be user-provided and not under tuf's control. The slow retrieval attack protection has been removed from the specification for similar reasons. Signed-off-by: Teodora Sechkova <[email protected]>
Remove the strict length check in download.py and check only if an upper bowndary is exceeded. Exact length is not known for some metadata files during download. The check makes the code unnecessarily complicated and is better suited for the later metadata verification step. Signed-off-by: Teodora Sechkova <[email protected]>
Remove format checking of download_file() parameters. The function is internal and receives trusted input from updater.py. Signed-off-by: Teodora Sechkova <[email protected]>
Remove logging when an exception is raised. Reduce logging level to debug. Signed-off-by: Teodora Sechkova <[email protected]>
It allows us to remove the disable of pylint consider-using-with warning and does not require any manual file closing. Signed-off-by: Teodora Sechkova <[email protected]>
Make the internal function chunks() a separate private method of Reqests fetcher. Signed-off-by: Teodora Sechkova <[email protected]>
Remove repetitive debug logging. Signed-off-by: Teodora Sechkova <[email protected]>
Add missing type annotations in download.py, fetcher.py and requests_fetcher.py Update docstrings to match the new style. Signed-off-by: Teodora Sechkova <[email protected]>
Make download_file and download_bytes functions part of the FetcherInterface class. Remove download.py module. Signed-off-by: Teodora Sechkova <[email protected]>
sechkova
force-pushed
the
review-download-code
branch
from
959ab5a to
f91182a
Compare
|
Rebased on latest changes in develop. |
| @@ -53,7 +53,7 @@ def __init__(self): | |||
| self.chunk_size: int = 400000 # bytes | |||
| self.sleep_before_round: Optional[int] = None | |||
|
|
|||
| def fetch(self, url, required_length): | |||
| def fetch(self, url: str, required_length: int) -> Iterator[bytes]: | |||
There was a problem hiding this comment.
I guess this is more max_length than required_length as well?
the docstring could be better as well
tuf/ngclient/fetcher.py
Outdated
| @@ -20,7 +29,7 @@ class FetcherInterface: | |||
| __metaclass__ = abc.ABCMeta | |||
|
|
|||
| @abc.abstractmethod | |||
| def fetch(self, url, required_length): | |||
| def fetch(self, url: str, required_length: int) -> Iterator[bytes]: | |||
There was a problem hiding this comment.
maybe should be max_length (also docstring could be better)?
This is sort of API already but the change maybe worth it as required_length really is misleading...
Rename required_length argument in fetcher to max_length to better match its purpose. Docstring improvements. Signed-off-by: Teodora Sechkova <[email protected]>
sechkova
force-pushed
the
review-download-code
branch
from
f91182a to
0eff004
Compare
|
Amended the last commit 0eff004 with the suggestion. |
Fixes #1399
Description of the changes being introduced by the pull request:
This PR builds on top of #1408 and will remain a draft until its merge.
FileDownloadclassRequestsFetcher.fetch()Please verify and check that the pull request fulfills the following
requirements: