From 2876bfd76422cf8c3c5a4a06a35efc155d81b613 Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Tue, 20 Dec 2022 16:36:04 -0500 Subject: [PATCH 1/4] tuf: move INFO logs to DEBUG or WARNING Signed-off-by: William Woodruff --- tuf/api/metadata.py | 4 ++-- tuf/ngclient/_internal/trusted_metadata_set.py | 10 +++++----- tuf/ngclient/updater.py | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/tuf/api/metadata.py b/tuf/api/metadata.py index afd3e53175..1722d4400f 100644 --- a/tuf/api/metadata.py +++ b/tuf/api/metadata.py @@ -443,7 +443,7 @@ def verify_delegate( key.verify_signature(delegated_metadata, signed_serializer) signing_keys.add(key.keyid) except exceptions.UnsignedMetadataError: - logger.info("Key %s failed to verify %s", keyid, delegated_role) + logger.warning("Key %s failed to verify %s", keyid, delegated_role) if len(signing_keys) < role.threshold: raise exceptions.UnsignedMetadataError( @@ -776,7 +776,7 @@ def verify_signature( SerializationError, ) as e: # Log unexpected failure, but continue as if there was no signature - logger.info("Key %s failed to verify sig: %s", self.keyid, str(e)) + logger.warning("Key %s failed to verify sig: %s", self.keyid, str(e)) raise exceptions.UnsignedMetadataError( f"Failed to verify {self.keyid} signature" ) from e diff --git a/tuf/ngclient/_internal/trusted_metadata_set.py b/tuf/ngclient/_internal/trusted_metadata_set.py index fa788d0a1f..67d3eb4b6f 100644 --- a/tuf/ngclient/_internal/trusted_metadata_set.py +++ b/tuf/ngclient/_internal/trusted_metadata_set.py @@ -173,7 +173,7 @@ def update_root(self, data: bytes) -> Metadata[Root]: new_root.verify_delegate(Root.type, new_root) self._trusted_set[Root.type] = new_root - logger.info("Updated root v%d", new_root.signed.version) + logger.debug("Updated root v%d", new_root.signed.version) return new_root @@ -243,7 +243,7 @@ def update_timestamp(self, data: bytes) -> Metadata[Timestamp]: # protection of new timestamp: expiry is checked in update_snapshot() self._trusted_set[Timestamp.type] = new_timestamp - logger.info("Updated timestamp v%d", new_timestamp.signed.version) + logger.debug("Updated timestamp v%d", new_timestamp.signed.version) # timestamp is loaded: raise if it is not valid _final_ timestamp self._check_final_timestamp() @@ -338,7 +338,7 @@ def update_snapshot( # protection of new snapshot: it is checked when targets is updated self._trusted_set[Snapshot.type] = new_snapshot - logger.info("Updated snapshot v%d", new_snapshot.signed.version) + logger.debug("Updated snapshot v%d", new_snapshot.signed.version) # snapshot is loaded, but we raise if it's not valid _final_ snapshot self._check_final_snapshot() @@ -433,7 +433,7 @@ def update_delegated_targets( raise exceptions.ExpiredMetadataError(f"New {role_name} is expired") self._trusted_set[role_name] = new_delegate - logger.info("Updated %s v%d", role_name, version) + logger.debug("Updated %s v%d", role_name, version) return new_delegate @@ -453,4 +453,4 @@ def _load_trusted_root(self, data: bytes) -> None: new_root.verify_delegate(Root.type, new_root) self._trusted_set[Root.type] = new_root - logger.info("Loaded trusted root v%d", new_root.signed.version) + logger.debug("Loaded trusted root v%d", new_root.signed.version) diff --git a/tuf/ngclient/updater.py b/tuf/ngclient/updater.py index 5c1d1398d6..78d35b2a2f 100644 --- a/tuf/ngclient/updater.py +++ b/tuf/ngclient/updater.py @@ -260,7 +260,7 @@ def download_target( with open(filepath, "wb") as destination_file: shutil.copyfileobj(target_file, destination_file) - logger.info("Downloaded target %s", targetinfo.path) + logger.debug("Downloaded target %s", targetinfo.path) return filepath def _download_metadata( From 408bf9ba201e8a5e5b2cbf4d10b238a249c490c2 Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Tue, 20 Dec 2022 16:44:21 -0500 Subject: [PATCH 2/4] api/metadata: blacken Signed-off-by: William Woodruff --- tuf/api/metadata.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/tuf/api/metadata.py b/tuf/api/metadata.py index 1722d4400f..5c1d68b4f9 100644 --- a/tuf/api/metadata.py +++ b/tuf/api/metadata.py @@ -443,7 +443,9 @@ def verify_delegate( key.verify_signature(delegated_metadata, signed_serializer) signing_keys.add(key.keyid) except exceptions.UnsignedMetadataError: - logger.warning("Key %s failed to verify %s", keyid, delegated_role) + logger.warning( + "Key %s failed to verify %s", keyid, delegated_role + ) if len(signing_keys) < role.threshold: raise exceptions.UnsignedMetadataError( @@ -776,7 +778,9 @@ def verify_signature( SerializationError, ) as e: # Log unexpected failure, but continue as if there was no signature - logger.warning("Key %s failed to verify sig: %s", self.keyid, str(e)) + logger.warning( + "Key %s failed to verify sig: %s", self.keyid, str(e) + ) raise exceptions.UnsignedMetadataError( f"Failed to verify {self.keyid} signature" ) from e From d44fe52ce1ac05754e207652bb3eea344a0bd4cb Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Wed, 21 Dec 2022 10:34:19 -0500 Subject: [PATCH 3/4] api/metadata: use debug logging Signed-off-by: William Woodruff --- tuf/api/metadata.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/tuf/api/metadata.py b/tuf/api/metadata.py index 5c1d68b4f9..8e62e7eeab 100644 --- a/tuf/api/metadata.py +++ b/tuf/api/metadata.py @@ -778,9 +778,7 @@ def verify_signature( SerializationError, ) as e: # Log unexpected failure, but continue as if there was no signature - logger.warning( - "Key %s failed to verify sig: %s", self.keyid, str(e) - ) + logger.debug("Key %s failed to verify sig: %s", self.keyid, str(e)) raise exceptions.UnsignedMetadataError( f"Failed to verify {self.keyid} signature" ) from e From 7b89dd9532e7c8dc170d1ca951d64d94f662b192 Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Thu, 22 Dec 2022 09:56:35 -0500 Subject: [PATCH 4/4] api/metadata: third time's the charm Signed-off-by: William Woodruff --- tuf/api/metadata.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tuf/api/metadata.py b/tuf/api/metadata.py index 8e62e7eeab..8612080dea 100644 --- a/tuf/api/metadata.py +++ b/tuf/api/metadata.py @@ -443,7 +443,7 @@ def verify_delegate( key.verify_signature(delegated_metadata, signed_serializer) signing_keys.add(key.keyid) except exceptions.UnsignedMetadataError: - logger.warning( + logger.debug( "Key %s failed to verify %s", keyid, delegated_role ) @@ -778,7 +778,9 @@ def verify_signature( SerializationError, ) as e: # Log unexpected failure, but continue as if there was no signature - logger.debug("Key %s failed to verify sig: %s", self.keyid, str(e)) + logger.warning( + "Key %s failed to verify sig: %s", self.keyid, str(e) + ) raise exceptions.UnsignedMetadataError( f"Failed to verify {self.keyid} signature" ) from e