Version Management#854
Conversation
lukpueh
left a comment
lukpueh
left a comment
There was a problem hiding this comment.
It might be worth taking a look at version parsing libraries? distutils.version is in the standard library and should do the trick.
Or the third-party packaging.version, if PEP-440 compliance is required.
|
What's the goal here? Existing code on the develop branch already does this comparison. This adds some temp variables for minor and fix, only if they exist, and then checks them (whether or not they existed). |
|
I updated it to use parse_version which eliminates the temp variables and makes it a bit cleaner. The goal is to report to the user if the minor versions do not match. The update can still continue if the major versions are the same, but this allows users to know when their client is out of date. This is a small change to make the reference implementation consistent with a proposed TAP (https://github.com/theupdateframework/taps/pull/107/files) |
lukpueh
left a comment
lukpueh
left a comment
There was a problem hiding this comment.
Thanks for the patch. See my comments inline.
Please also consider reading our dev guidelines, especially the parts about uniform descriptive commit messages. They are very helpful for reviewers. :)
Thanks!
tuf/client/updater.py
Outdated
| metadata_spec_major_version = int(metadata_spec_version.split('.')[0]) | ||
| code_spec_major_version = int(tuf.SPECIFICATION_VERSION.split('.')[0]) | ||
|
|
||
There was a problem hiding this comment.
Please remove trailing whitespace
There was a problem hiding this comment.
OT: We might want to activate a corresponding lint policy (see in-toto's pylintrc).
| "spec_version. This code has version " + str(tuf.SPECIFICATION_VERSION) + | ||
| "and the metadata lists version number " + str(metadata_spec_version) + | ||
| ". The update will continue as the major versions match.") | ||
|
|
There was a problem hiding this comment.
OT: This is actually something we should have the linter check as well.
tuf/client/updater.py
Outdated
| 'metadata lists version number: ' + str(metadata_spec_version)) | ||
|
|
||
| #report to user if minor versions do not match, continue with update | ||
| if pkg_resources.parse_version(metadata_spec_version) != pkg_resources.parse_version(tuf.SPECIFICATION_VERSION): |
There was a problem hiding this comment.
If you compare the full versions you don't need to parse them. But if I understand correctly, you don't want to compare the full version, just the minor version. The major version you already compare above and patch/fix version you don't care about.
Also, your log message says that one version (part) is higher than the other, so you will need to compare with > operator.
I suggest you parse both metadata_spec_version and tuf.SPECIFICATION_VERSION only once and then use the major parts for the first (existing) check and the minor parts for the second (your new) check.
lukpueh
left a comment
lukpueh
left a comment
There was a problem hiding this comment.
Thanks or addressing my comments. I have two more minor concerns. Also you have trailing whitespace in three lines, consider taking a look at secure-systems-lab/code-style-guidelines#5, which describes how to detect them.
| repr(code_spec_major_version) + '; however, the obtained ' | ||
| 'metadata lists version number: ' + str(metadata_spec_version)) | ||
|
|
||
| #report to user if minor versions do not match, continue with update |
There was a problem hiding this comment.
The comment suggests != but the code and the log message >. Which one is it?
There was a problem hiding this comment.
I updated the operator and message to report any mismatch in the minor version.
tuf/client/updater.py
Outdated
| logger.info("Downloaded metadata that specifies a higher minor " + | ||
| "spec_version. This code has version " + | ||
| str(tuf.SPECIFICATION_VERSION) + | ||
| "and the metadata lists version number " + |
There was a problem hiding this comment.
I think you are missing a whitespace before and.
lukpueh
left a comment
lukpueh
left a comment
There was a problem hiding this comment.
LGTM! Please run the necessary git commands (e.g. as suggested by probot) to "sign them off" retroactively.
Signed-off-by: marinamoore <mmoore32@calpoly.edu>
Signed-off-by: marinamoore <mmoore32@calpoly.edu>
Signed-off-by: marinamoore <mmoore32@calpoly.edu>
Signed-off-by: marinamoore <mmoore32@calpoly.edu>
Signed-off-by: marinamoore <mmoore32@calpoly.edu>
Signed-off-by: marinamoore <mmoore32@calpoly.edu>
Signed-off-by: marinamoore <mmoore32@calpoly.edu>
…versions Signed-off-by: marinamoore <mmoore32@calpoly.edu>
Signed-off-by: marinamoore <mmoore32@calpoly.edu>
mnm678
force-pushed
the
version_management
branch
from
2495062 to
149d5bd
Compare
4 participants
Please fill in the fields below to submit a pull request. The more information
that is provided, the better.
Fixes issue #:
Reference implementation for Version Management TAP (https://github.com/theupdateframework/taps/pull/107/files)
Description of the changes being introduced by the pull request:
This pull request adds a comparison of minor spec_versions (in format major.minor.fix) during an update and reports an out of date client to that client. Minor versions will not have breaking changes, so the update may continue.
Please verify and check that the pull request fulfills the following
requirements: