diff --git a/pkg/autoupdate/tuf/autoupdate.go b/pkg/autoupdate/tuf/autoupdate.go index 57768b51c..e9b94c44d 100644 --- a/pkg/autoupdate/tuf/autoupdate.go +++ b/pkg/autoupdate/tuf/autoupdate.go @@ -5,10 +5,12 @@ package tuf import ( _ "embed" + "encoding/json" "fmt" "net/http" "os" "path/filepath" + "runtime" "strconv" "time" @@ -25,9 +27,8 @@ var rootJson []byte // Configuration defaults const ( - DefaultTufServer = "https://tuf.kolide.com" - tufDirectoryName = "tuf" - genericReleaseVersionFormat = "%s/%s/%s/release.json" // ///release.json + DefaultTufServer = "https://tuf.kolide.com" + tufDirectoryName = "tuf" ) // Binaries handled by autoupdater @@ -238,7 +239,7 @@ func (ta *TufAutoupdater) checkForUpdate() error { // downloadUpdate will download a new release for the given binary, if available from TUF // and not already downloaded. func (ta *TufAutoupdater) downloadUpdate(binary autoupdatableBinary, targets data.TargetFiles) (string, error) { - release, releaseMetadata, err := findRelease(binary, targets, ta.channel) + release, releaseMetadata, err := ta.findRelease(binary, targets) if err != nil { return "", fmt.Errorf("could not find release: %w", err) } @@ -258,6 +259,45 @@ func (ta *TufAutoupdater) downloadUpdate(binary autoupdatableBinary, targets dat return release, nil } +// findRelease checks the latest data from TUF (in `targets`) to see whether a new release +// has been published for our channel. If it has, it returns the target for that release +// and its associated metadata. +func (ta *TufAutoupdater) findRelease(binary autoupdatableBinary, targets data.TargetFiles) (string, data.TargetFileMeta, error) { + // First, find the target that the channel release file is pointing to + var releaseTarget string + targetReleaseFile := fmt.Sprintf("%s/%s/%s/release.json", binary, runtime.GOOS, ta.channel) + for targetName, target := range targets { + if targetName != targetReleaseFile { + continue + } + + // We found the release file that matches our OS and binary. Evaluate it + // to see if we're on this latest version. + var custom ReleaseFileCustomMetadata + if err := json.Unmarshal(*target.Custom, &custom); err != nil { + return "", data.TargetFileMeta{}, fmt.Errorf("could not unmarshal release file custom metadata: %w", err) + } + + releaseTarget = custom.Target + break + } + + if releaseTarget == "" { + return "", data.TargetFileMeta{}, fmt.Errorf("expected release file %s for binary %s to be in targets but it was not", targetReleaseFile, binary) + } + + // Now, get the metadata for our release target + for targetName, target := range targets { + if targetName != releaseTarget { + continue + } + + return filepath.Base(releaseTarget), target, nil + } + + return "", data.TargetFileMeta{}, fmt.Errorf("could not find metadata for release target %s for binary %s", targetReleaseFile, binary) +} + // storeError saves errors that occur during the periodic check for updates, so that they // can be queryable via the `kolide_tuf_autoupdater_errors` table. func (ta *TufAutoupdater) storeError(autoupdateErr error) { diff --git a/pkg/autoupdate/tuf/tuf_util.go b/pkg/autoupdate/tuf/tuf_util.go deleted file mode 100644 index 370d18458..000000000 --- a/pkg/autoupdate/tuf/tuf_util.go +++ /dev/null @@ -1,49 +0,0 @@ -package tuf - -import ( - "encoding/json" - "fmt" - "path/filepath" - "runtime" - - "github.com/theupdateframework/go-tuf/data" -) - -// findRelease checks the latest data from TUF (in `targets`) to see whether a new release -// has been published for the given channel. If it has, it returns the target for that release -// and its associated metadata. -func findRelease(binary autoupdatableBinary, targets data.TargetFiles, channel string) (string, data.TargetFileMeta, error) { - // First, find the target that the channel release file is pointing to - var releaseTarget string - targetReleaseFile := fmt.Sprintf(genericReleaseVersionFormat, binary, runtime.GOOS, channel) - for targetName, target := range targets { - if targetName != targetReleaseFile { - continue - } - - // We found the release file that matches our OS and binary. Evaluate it - // to see if we're on this latest version. - var custom ReleaseFileCustomMetadata - if err := json.Unmarshal(*target.Custom, &custom); err != nil { - return "", data.TargetFileMeta{}, fmt.Errorf("could not unmarshal release file custom metadata: %w", err) - } - - releaseTarget = custom.Target - break - } - - if releaseTarget == "" { - return "", data.TargetFileMeta{}, fmt.Errorf("expected release file %s for binary %s to be in targets but it was not", targetReleaseFile, binary) - } - - // Now, get the metadata for our release target - for targetName, target := range targets { - if targetName != releaseTarget { - continue - } - - return filepath.Base(releaseTarget), target, nil - } - - return "", data.TargetFileMeta{}, fmt.Errorf("could not find metadata for release target %s for binary %s", releaseTarget, binary) -}