From 660ff951e58cf8d37467a60999a652dff45b4e83 Mon Sep 17 00:00:00 2001 From: Samuel Mendoza-Jonas Date: Wed, 16 Oct 2019 14:23:42 -0700 Subject: [PATCH 1/2] tuftool: Require flag to download root.json If the user doesn't provide a root.json require the --allow-root-download flag before downloading a remote root.json, and follow it up with a big warning. Fixes #353 Signed-off-by: Samuel Mendoza-Jonas --- workspaces/tuftool/src/download.rs | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/workspaces/tuftool/src/download.rs b/workspaces/tuftool/src/download.rs index 12d5f2d2909..c0e6d203167 100644 --- a/workspaces/tuftool/src/download.rs +++ b/workspaces/tuftool/src/download.rs @@ -27,16 +27,30 @@ pub(crate) struct DownloadArgs { #[structopt(short = "t", long = "target-url")] target_base_url: String, + /// Allow downloading the root.json file (unsafe) + #[structopt(long)] + allow_root_download: bool, + /// Output directory of targets indir: PathBuf, } +fn root_warning(path: &PathBuf) { + #[rustfmt::skip] + eprintln!("\ +================================================================= +WARNING: Downloading root.json to {:?} +This is unsafe and will not establish trust, use only for testing +=================================================================", + path); +} + impl DownloadArgs { pub(crate) fn run(&self) -> Result<()> { // use local root.json or download from repository let root_path = if let Some(path) = &self.root { PathBuf::from(path) - } else { + } else if self.allow_root_download { let name = if let Some(version) = self.root_version { format!("{}.root.json", version) } else { @@ -53,7 +67,9 @@ impl DownloadArgs { .context(error::UrlParse { url: &self.metadata_base_url, })?; - println!("Downloading {} to {:?}", &name, &path); + + root_warning(&path); + let mut f = OpenOptions::new() .write(true) .create(true) @@ -64,6 +80,9 @@ impl DownloadArgs { .copy_to(&mut f) .context(error::ReqwestCopy)?; path + } else { + eprintln!("No root.json available"); + std::process::exit(1); }; // load repository From a5497b3e105ef956f09d14a98ca488d557c810dd Mon Sep 17 00:00:00 2001 From: Samuel Mendoza-Jonas <53018225+sam-aws@users.noreply.github.com> Date: Wed, 16 Oct 2019 16:06:57 -0700 Subject: [PATCH 2/2] Apply suggestions from code review Use AsRef for root_warning() Co-Authored-By: Tom Kirchner --- workspaces/tuftool/src/download.rs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/workspaces/tuftool/src/download.rs b/workspaces/tuftool/src/download.rs index c0e6d203167..32eee215335 100644 --- a/workspaces/tuftool/src/download.rs +++ b/workspaces/tuftool/src/download.rs @@ -3,7 +3,7 @@ use snafu::{OptionExt, ResultExt}; use std::fs::{File, OpenOptions}; use std::io::{self}; use std::num::NonZeroU64; -use std::path::PathBuf; +use std::path::{Path, PathBuf}; use structopt::StructOpt; use tempdir::TempDir; use tough::{Limits, Repository, Settings}; @@ -35,14 +35,14 @@ pub(crate) struct DownloadArgs { indir: PathBuf, } -fn root_warning(path: &PathBuf) { +fn root_warning>(path: P) { #[rustfmt::skip] eprintln!("\ ================================================================= -WARNING: Downloading root.json to {:?} +WARNING: Downloading root.json to {} This is unsafe and will not establish trust, use only for testing =================================================================", - path); + path.as_ref().display()); } impl DownloadArgs {