1
# Copyright (C) 2005 Canonical Ltd
3
# This program is free software; you can redistribute it and/or modify
4
# it under the terms of the GNU General Public License as published by
5
# the Free Software Foundation; either version 2 of the License, or
6
# (at your option) any later version.
8
# This program is distributed in the hope that it will be useful,
9
# but WITHOUT ANY WARRANTY; without even the implied warranty of
10
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11
# GNU General Public License for more details.
13
# You should have received a copy of the GNU General Public License
14
# along with this program; if not, write to the Free Software
15
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
17
"""Testament - a summary of a revision for signing.
19
A testament can be defined as "something that serves as tangible
20
proof or evidence." In bzr we use them to allow people to certify
21
particular revisions as authentic.
23
The goal is that if two revisions are semantically equal, then they will
24
have a byte-for-byte equal testament. We can define different versions of
25
"semantically equal" by using different testament classes; e.g. one that
26
includes or ignores file-ids.
28
We sign a testament rather than the revision XML itself for several reasons.
29
The most important is that the form in which the revision is stored
30
internally is designed for that purpose, and contains information which need
31
not be attested to by the signer. For example the inventory contains the
32
last-changed revision for a file, but this is not necessarily something the
35
Having unnecessary fields signed makes the signatures brittle when the same
36
revision is stored in different branches or when the format is upgraded.
38
Handling upgrades is another motivation for using testaments separate from
39
the stored revision. We would like to be able to compare a signature
40
generated from an old-format tree to newer tree, or vice versa. This could
41
be done by comparing the revisions but that makes it unclear about exactly
42
what is being compared or not.
44
Different signing keys might indicate different levels of trust; we can in
45
the future extend this to allow signatures indicating not just that a
46
particular version is authentic but that it has other properties.
48
The signature can be applied to either the full testament or to just a
54
* timestamps are given as integers to avoid rounding errors
55
* parents given in lexicographical order
56
* indented-text form similar to log; intended to be human readable
57
* paths are given with forward slashes
58
* files are named using paths for ease of comparison/debugging
59
* the testament uses unix line-endings (\n)
62
# XXX: At the moment, clients trust that the graph described in a weave
63
# is accurate, but that's not covered by the testament. Perhaps the best
64
# fix is when verifying a revision to make sure that every file mentioned
65
# in the revision has compatible ancestry links.
67
# TODO: perhaps write timestamp in a more readable form
69
# TODO: Perhaps these should just be different formats in which inventories/
70
# revisions can be serialized.
74
from bzrlib.osutils import (
81
class Testament(object):
82
"""Reduced summary of a revision.
86
- produced from a revision
88
- loaded from a stream
89
- compared to a revision
92
long_header = 'bazaar-ng testament version 1\n'
93
short_header = 'bazaar-ng testament short form 1\n'
96
def from_revision(cls, repository, revision_id):
97
"""Produce a new testament from a historical revision"""
98
rev = repository.get_revision(revision_id)
99
inventory = repository.get_inventory(revision_id)
100
return cls(rev, inventory)
102
def __init__(self, rev, inventory):
103
"""Create a new testament for rev using inventory."""
104
self.revision_id = rev.revision_id
105
self.committer = rev.committer
106
self.timezone = rev.timezone or 0
107
self.timestamp = rev.timestamp
108
self.message = rev.message
109
self.parent_ids = rev.parent_ids[:]
110
self.inventory = inventory
111
self.revprops = copy(rev.properties)
112
if contains_whitespace(self.revision_id):
113
raise ValueError(self.revision_id)
114
if contains_linebreaks(self.committer):
115
raise ValueError(self.committer)
117
def as_text_lines(self):
118
"""Yield text form as a sequence of lines.
120
The result is returned in utf-8, because it should be signed or
121
hashed in that encoding.
126
a('revision-id: %s\n' % self.revision_id)
127
a('committer: %s\n' % self.committer)
128
a('timestamp: %d\n' % self.timestamp)
129
a('timezone: %d\n' % self.timezone)
130
# inventory length contains the root, which is not shown here
132
for parent_id in sorted(self.parent_ids):
133
if contains_whitespace(parent_id):
134
raise ValueError(parent_id)
135
a(' %s\n' % parent_id)
137
for l in self.message.splitlines():
140
for path, ie in self._get_entries():
141
a(self._entry_to_line(path, ie))
142
r.extend(self._revprops_to_lines())
143
return [line.encode('utf-8') for line in r]
145
def _get_entries(self):
146
entries = self.inventory.iter_entries()
150
def _escape_path(self, path):
151
if contains_linebreaks(path):
152
raise ValueError(path)
153
return unicode(path.replace('\\', '/').replace(' ', '\ '))
155
def _entry_to_line(self, path, ie):
156
"""Turn an inventory entry into a testament line"""
157
if contains_whitespace(ie.file_id):
158
raise ValueError(ie.file_id)
161
if ie.kind == 'file':
162
# TODO: avoid switching on kind
164
raise AssertionError()
165
content = ie.text_sha1
167
elif ie.kind == 'symlink':
168
if not ie.symlink_target:
169
raise AssertionError()
170
content = self._escape_path(ie.symlink_target)
173
l = u' %s %s %s%s%s\n' % (ie.kind, self._escape_path(path),
174
ie.file_id.decode('utf8'),
175
content_spacer, content)
179
return ''.join(self.as_text_lines())
181
def as_short_text(self):
182
"""Return short digest-based testament."""
183
return (self.short_header +
186
% (self.revision_id, self.as_sha1()))
188
def _revprops_to_lines(self):
189
"""Pack up revision properties."""
190
if not self.revprops:
192
r = ['properties:\n']
193
for name, value in sorted(self.revprops.items()):
194
if contains_whitespace(name):
195
raise ValueError(name)
196
r.append(' %s:\n' % name)
197
for line in value.splitlines():
198
r.append(u' %s\n' % line)
203
map(s.update, self.as_text_lines())
207
class StrictTestament(Testament):
208
"""This testament format is for use as a checksum in bundle format 0.8"""
210
long_header = 'bazaar-ng testament version 2.1\n'
211
short_header = 'bazaar-ng testament short form 2.1\n'
212
def _entry_to_line(self, path, ie):
213
l = Testament._entry_to_line(self, path, ie)[:-1]
214
l += ' ' + ie.revision
215
l += {True: ' yes\n', False: ' no\n'}[ie.executable]
219
class StrictTestament3(StrictTestament):
220
"""This testament format is for use as a checksum in bundle format 0.9+
222
It differs from StrictTestament by including data about the tree root.
225
long_header = 'bazaar testament version 3 strict\n'
226
short_header = 'bazaar testament short form 3 strict\n'
227
def _get_entries(self):
228
return self.inventory.iter_entries()
230
def _escape_path(self, path):
231
if contains_linebreaks(path):
232
raise ValueError(path)
235
return unicode(path.replace('\\', '/').replace(' ', '\ '))
added
removed
bzrlib/testament.py
