search

in-toto / apt-transport-in-toto

in-toto transport for apt
Other
8 stars 6 forks source link

`deserialize_one` attempts to parse `Message:` #23

Closed Foxboron closed 5 years ago

Foxboron commented 5 years ago

Description of issue or feature request: deserialize_one attempts to parse the Message: field in the test suite in develop during test_bad_target and fails to do so. Should be easy to replicate with tox -e py37

Current behavior:

message_str

Message: In-toto verification for '/home/fox/Git/prosjekter/master/apt-transport-in-toto/tests/data/bad/final-product_0.0.0.0-0_all.deb' failed, reason was: 'DISALLOW *.deb' matched the following artifacts: ['final-product_0.0.0.0-0_all.deb']
Full trace for 'expected_materials' of item 'verify-reprobuilds':
Available materials (used for queue):
['final-product_0.0.0.0-0_all.deb']
Available products:
['final-product_0.0.0.0-0_all.deb']
Queue after 'MATCH *.deb WITH PRODUCTS FROM rebuild':
['final-product_0.0.0.0-0_all.deb']

We are failing the check in the loop as the .splitlines() will provide lines with only one string.

    if len(header_field_parts) < 2:
      raise Exception("Invalid header field: {}, message was:\n{}"
          .format(line, message_str))

Traceback:

Traceback (most recent call last):
  File "/home/fox/Git/prosjekter/master/apt-transport-in-toto/tests/test_intoto.py", line 215, in test_bad_target
    acquire_args={"filename": FINAL_PRODUCT_PATH_BAD})
  File "/home/fox/Git/prosjekter/master/apt-transport-in-toto/tests/test_intoto.py", line 148, in mock_apt
    return intoto.deserialize_one(intoto.read_one(intoto_proc.stdout))
  File "/home/fox/Git/prosjekter/master/apt-transport-in-toto/intoto.py", line 334, in deserialize_one
    .format(line, message_str))
Exception: Invalid header field: ['final-product_0.0.0.0-0_all.deb'], message was:
400 URI Failure
Message: In-toto verification for '/home/fox/Git/prosjekter/master/apt-transport-in-toto/tests/data/bad/final-product_0.0.0.0-0_all.deb' failed, reason was: 'DISALLOW *.deb' matched the following artifacts: ['final-product_0.0.0.0-0_all.deb']
Full trace for 'expected_materials' of item 'verify-reprobuilds':
Available materials (used for queue):
['final-product_0.0.0.0-0_all.deb']
Available products:
['final-product_0.0.0.0-0_all.deb']
Queue after 'MATCH *.deb WITH PRODUCTS FROM rebuild':
['final-product_0.0.0.0-0_all.deb']

Expected behavior: I'm a little bit unsure if the error is that we are unable to parse Message: or if the fact that we have in-toto failure messages in Message:.

lukpueh commented 5 years ago

Thanks for catching this, @Foxboron! The problem seems to be that in the latest in-toto version we have nicely formatted multi-line error messages for rule verification errors, which the transport just relays to apt, which in turn breaks the lined-based message parsing...

I'll follow up with a PR that encodes the error message.

Foxboron commented 5 years ago

Awesome :)