~bzr-pqm/bzr/bzr.dev

2052.3.2 by John Arbash Meinel
Change Copyright .. by Canonical to Copyright ... Canonical
1
# Copyright (C) 2005 Canonical Ltd
1185.16.12 by Martin Pool
- basic testament class
2
#
3
# This program is free software; you can redistribute it and/or modify
4
# it under the terms of the GNU General Public License as published by
5
# the Free Software Foundation; either version 2 of the License, or
6
# (at your option) any later version.
7
#
8
# This program is distributed in the hope that it will be useful,
9
# but WITHOUT ANY WARRANTY; without even the implied warranty of
10
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
11
# GNU General Public License for more details.
12
#
13
# You should have received a copy of the GNU General Public License
14
# along with this program; if not, write to the Free Software
15
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
16
17
"""Testament - a summary of a revision for signing.
18
19
A testament can be defined as "something that serves as tangible 
20
proof or evidence."  In bzr we use them to allow people to certify
21
particular revisions as authentic.  
22
1185.16.19 by Martin Pool
- testament now contains summary of parents and inventory
23
The goal is that if two revisions are semantically equal, then they will
24
have a byte-for-byte equal testament.  We can define different versions of
25
"semantically equal" by using different testament classes; e.g. one that
26
includes or ignores file-ids.
27
1185.16.12 by Martin Pool
- basic testament class
28
We sign a testament rather than the revision XML itself for several reasons.
29
The most important is that the form in which the revision is stored
30
internally is designed for that purpose, and contains information which need
31
not be attested to by the signer.  For example the inventory contains the
32
last-changed revision for a file, but this is not necessarily something the
33
user cares to sign.
34
35
Having unnecessary fields signed makes the signatures brittle when the same
36
revision is stored in different branches or when the format is upgraded.
37
38
Handling upgrades is another motivation for using testaments separate from
39
the stored revision.  We would like to be able to compare a signature
40
generated from an old-format tree to newer tree, or vice versa.  This could
41
be done by comparing the revisions but that makes it unclear about exactly
42
what is being compared or not.
43
44
Different signing keys might indicate different levels of trust; we can in
45
the future extend this to allow signatures indicating not just that a
46
particular version is authentic but that it has other properties.
1185.16.19 by Martin Pool
- testament now contains summary of parents and inventory
47
48
The signature can be applied to either the full testament or to just a
49
hash of it.
50
51
Testament format 1
52
~~~~~~~~~~~~~~~~~~
53
54
* timestamps are given as integers to avoid rounding errors
55
* parents given in lexicographical order
56
* indented-text form similar to log; intended to be human readable
57
* paths are given with forward slashes
58
* files are named using paths for ease of comparison/debugging
59
* the testament uses unix line-endings (\n)
1185.16.12 by Martin Pool
- basic testament class
60
"""
61
1185.16.19 by Martin Pool
- testament now contains summary of parents and inventory
62
# XXX: At the moment, clients trust that the graph described in a weave
63
# is accurate, but that's not covered by the testament.  Perhaps the best
64
# fix is when verifying a revision to make sure that every file mentioned 
65
# in the revision has compatible ancestry links.
66
1185.16.22 by Martin Pool
- more testament development
67
# TODO: perhaps write timestamp in a more readable form
68
1185.16.24 by Martin Pool
- add and test 'testament' builtin command
69
# TODO: Perhaps these should just be different formats in which inventories/
70
# revisions can be serialized.
71
1185.16.59 by mbp at sourcefrog
- store revprops in testaments
72
from copy import copy
1185.16.15 by Martin Pool
- test text form for testaments
73
3734.2.4 by Vincent Ladeuil
Fix python2.6 deprecation warnings related to hashlib.
74
from bzrlib.osutils import (
75
    contains_whitespace,
76
    contains_linebreaks,
77
    sha,
78
    )
1185.16.38 by Martin Pool
- move contains_whitespace and contains_linebreaks to osutils
79
1930.2.2 by John Arbash Meinel
Avoid needless encode/decode. Only encode at the boundary (as suggested by hpk)
80
1185.16.12 by Martin Pool
- basic testament class
81
class Testament(object):
82
    """Reduced summary of a revision.
83
84
    Testaments can be 
85
86
      - produced from a revision
1185.21.6 by Jelmer Vernooij
Fix typo
87
      - written to a stream
1185.16.12 by Martin Pool
- basic testament class
88
      - loaded from a stream
89
      - compared to a revision
90
    """
91
1551.7.1 by Aaron Bentley
Implement --strict at commandline, fix up strict format
92
    long_header = 'bazaar-ng testament version 1\n'
93
    short_header = 'bazaar-ng testament short form 1\n'
94
1185.16.12 by Martin Pool
- basic testament class
95
    @classmethod
1185.67.2 by Aaron Bentley
Renamed Branch.storage to Branch.repository
96
    def from_revision(cls, repository, revision_id):
1185.16.12 by Martin Pool
- basic testament class
97
        """Produce a new testament from a historical revision"""
1185.67.2 by Aaron Bentley
Renamed Branch.storage to Branch.repository
98
        rev = repository.get_revision(revision_id)
99
        inventory = repository.get_inventory(revision_id)
1442.1.62 by Robert Collins
Allow creation of testaments from uncommitted data, and use that to get signatures before committing revisions.
100
        return cls(rev, inventory)
101
102
    def __init__(self, rev, inventory):
103
        """Create a new testament for rev using inventory."""
2294.1.10 by John Arbash Meinel
Switch all apis over to utf8 file ids. All tests pass
104
        self.revision_id = rev.revision_id
1442.1.62 by Robert Collins
Allow creation of testaments from uncommitted data, and use that to get signatures before committing revisions.
105
        self.committer = rev.committer
106
        self.timezone = rev.timezone or 0
107
        self.timestamp = rev.timestamp
108
        self.message = rev.message
109
        self.parent_ids = rev.parent_ids[:]
110
        self.inventory = inventory
111
        self.revprops = copy(rev.properties)
3376.2.4 by Martin Pool
Remove every assert statement from bzrlib!
112
        if contains_whitespace(self.revision_id):
113
            raise ValueError(self.revision_id)
114
        if contains_linebreaks(self.committer):
115
            raise ValueError(self.committer)
1185.16.15 by Martin Pool
- test text form for testaments
116
1185.16.22 by Martin Pool
- more testament development
117
    def as_text_lines(self):
118
        """Yield text form as a sequence of lines.
1185.16.15 by Martin Pool
- test text form for testaments
119
120
        The result is returned in utf-8, because it should be signed or
121
        hashed in that encoding.
122
        """
1185.16.22 by Martin Pool
- more testament development
123
        r = []
1553.3.2 by Marien Zwart
Remove a useless local function.
124
        a = r.append
1551.7.1 by Aaron Bentley
Implement --strict at commandline, fix up strict format
125
        a(self.long_header)
1185.16.22 by Martin Pool
- more testament development
126
        a('revision-id: %s\n' % self.revision_id)
127
        a('committer: %s\n' % self.committer)
128
        a('timestamp: %d\n' % self.timestamp)
129
        a('timezone: %d\n' % self.timezone)
1185.16.15 by Martin Pool
- test text form for testaments
130
        # inventory length contains the root, which is not shown here
1185.16.22 by Martin Pool
- more testament development
131
        a('parents:\n')
1185.16.19 by Martin Pool
- testament now contains summary of parents and inventory
132
        for parent_id in sorted(self.parent_ids):
3376.2.4 by Martin Pool
Remove every assert statement from bzrlib!
133
            if contains_whitespace(parent_id):
134
                raise ValueError(parent_id)
1185.16.22 by Martin Pool
- more testament development
135
            a('  %s\n' % parent_id)
136
        a('message:\n')
1185.16.15 by Martin Pool
- test text form for testaments
137
        for l in self.message.splitlines():
1185.16.22 by Martin Pool
- more testament development
138
            a('  %s\n' % l)
139
        a('inventory:\n')
1910.2.54 by Aaron Bentley
Implement testament format 3 strict
140
        for path, ie in self._get_entries():
1185.16.22 by Martin Pool
- more testament development
141
            a(self._entry_to_line(path, ie))
1185.16.59 by mbp at sourcefrog
- store revprops in testaments
142
        r.extend(self._revprops_to_lines())
1553.3.1 by Marien Zwart
Make Testament.as_text_lines return utf-8 instead of unicode objects and add a test for this.
143
        return [line.encode('utf-8') for line in r]
1185.16.22 by Martin Pool
- more testament development
144
1910.2.54 by Aaron Bentley
Implement testament format 3 strict
145
    def _get_entries(self):
146
        entries = self.inventory.iter_entries()
147
        entries.next()
148
        return entries
149
1185.16.22 by Martin Pool
- more testament development
150
    def _escape_path(self, path):
3376.2.4 by Martin Pool
Remove every assert statement from bzrlib!
151
        if contains_linebreaks(path):
152
            raise ValueError(path)
1930.2.2 by John Arbash Meinel
Avoid needless encode/decode. Only encode at the boundary (as suggested by hpk)
153
        return unicode(path.replace('\\', '/').replace(' ', '\ '))
1185.16.22 by Martin Pool
- more testament development
154
155
    def _entry_to_line(self, path, ie):
156
        """Turn an inventory entry into a testament line"""
3376.2.4 by Martin Pool
Remove every assert statement from bzrlib!
157
        if contains_whitespace(ie.file_id):
158
            raise ValueError(ie.file_id)
1930.2.2 by John Arbash Meinel
Avoid needless encode/decode. Only encode at the boundary (as suggested by hpk)
159
        content = ''
160
        content_spacer=''
1185.16.22 by Martin Pool
- more testament development
161
        if ie.kind == 'file':
162
            # TODO: avoid switching on kind
3376.2.4 by Martin Pool
Remove every assert statement from bzrlib!
163
            if not ie.text_sha1:
164
                raise AssertionError()
1930.2.2 by John Arbash Meinel
Avoid needless encode/decode. Only encode at the boundary (as suggested by hpk)
165
            content = ie.text_sha1
166
            content_spacer = ' '
1185.16.25 by Martin Pool
- testament symlink support
167
        elif ie.kind == 'symlink':
3376.2.4 by Martin Pool
Remove every assert statement from bzrlib!
168
            if not ie.symlink_target:
169
                raise AssertionError()
1930.2.2 by John Arbash Meinel
Avoid needless encode/decode. Only encode at the boundary (as suggested by hpk)
170
            content = self._escape_path(ie.symlink_target)
171
            content_spacer = ' '
172
173
        l = u'  %s %s %s%s%s\n' % (ie.kind, self._escape_path(path),
2294.1.10 by John Arbash Meinel
Switch all apis over to utf8 file ids. All tests pass
174
                                   ie.file_id.decode('utf8'),
1930.2.2 by John Arbash Meinel
Avoid needless encode/decode. Only encode at the boundary (as suggested by hpk)
175
                                   content_spacer, content)
176
        return l
1185.16.22 by Martin Pool
- more testament development
177
178
    def as_text(self):
179
        return ''.join(self.as_text_lines())
1185.16.15 by Martin Pool
- test text form for testaments
180
1185.16.20 by Martin Pool
- add short-form of testaments
181
    def as_short_text(self):
182
        """Return short digest-based testament."""
1551.7.1 by Aaron Bentley
Implement --strict at commandline, fix up strict format
183
        return (self.short_header + 
1185.16.25 by Martin Pool
- testament symlink support
184
                'revision-id: %s\n'
185
                'sha1: %s\n'
1551.7.2 by Aaron Bentley
Testament sha1 is the same as in short form (John A. Meinel)
186
                % (self.revision_id, self.as_sha1()))
1185.16.20 by Martin Pool
- add short-form of testaments
187
1185.16.59 by mbp at sourcefrog
- store revprops in testaments
188
    def _revprops_to_lines(self):
189
        """Pack up revision properties."""
190
        if not self.revprops:
191
            return []
192
        r = ['properties:\n']
193
        for name, value in sorted(self.revprops.items()):
3376.2.4 by Martin Pool
Remove every assert statement from bzrlib!
194
            if contains_whitespace(name):
195
                raise ValueError(name)
1185.16.59 by mbp at sourcefrog
- store revprops in testaments
196
            r.append('  %s:\n' % name)
197
            for line in value.splitlines():
1930.2.2 by John Arbash Meinel
Avoid needless encode/decode. Only encode at the boundary (as suggested by hpk)
198
                r.append(u'    %s\n' % line)
1185.16.59 by mbp at sourcefrog
- store revprops in testaments
199
        return r
1185.82.116 by Aaron Bentley
Introduce StrictTestament, get test failing for the right reasons
200
1185.82.121 by Aaron Bentley
Move calculation of Testament sha1s to Testament
201
    def as_sha1(self):
1551.7.2 by Aaron Bentley
Testament sha1 is the same as in short form (John A. Meinel)
202
        s = sha()
203
        map(s.update, self.as_text_lines())
204
        return s.hexdigest()
1185.82.121 by Aaron Bentley
Move calculation of Testament sha1s to Testament
205
1185.82.116 by Aaron Bentley
Introduce StrictTestament, get test failing for the right reasons
206
207
class StrictTestament(Testament):
1910.2.54 by Aaron Bentley
Implement testament format 3 strict
208
    """This testament format is for use as a checksum in bundle format 0.8"""
1185.82.116 by Aaron Bentley
Introduce StrictTestament, get test failing for the right reasons
209
1551.7.1 by Aaron Bentley
Implement --strict at commandline, fix up strict format
210
    long_header = 'bazaar-ng testament version 2.1\n'
211
    short_header = 'bazaar-ng testament short form 2.1\n'
1185.82.116 by Aaron Bentley
Introduce StrictTestament, get test failing for the right reasons
212
    def _entry_to_line(self, path, ie):
1551.7.1 by Aaron Bentley
Implement --strict at commandline, fix up strict format
213
        l = Testament._entry_to_line(self, path, ie)[:-1]
1930.2.2 by John Arbash Meinel
Avoid needless encode/decode. Only encode at the boundary (as suggested by hpk)
214
        l += ' ' + ie.revision
1551.7.1 by Aaron Bentley
Implement --strict at commandline, fix up strict format
215
        l += {True: ' yes\n', False: ' no\n'}[ie.executable]
1185.82.116 by Aaron Bentley
Introduce StrictTestament, get test failing for the right reasons
216
        return l
1910.2.54 by Aaron Bentley
Implement testament format 3 strict
217
1910.2.55 by Aaron Bentley
Bundle 0.9 uses Testament 3 strict
218
1910.2.64 by Aaron Bentley
Changes from review
219
class StrictTestament3(StrictTestament):
1910.2.54 by Aaron Bentley
Implement testament format 3 strict
220
    """This testament format is for use as a checksum in bundle format 0.9+
221
    
222
    It differs from StrictTestament by including data about the tree root.
223
    """
224
1910.2.64 by Aaron Bentley
Changes from review
225
    long_header = 'bazaar testament version 3 strict\n'
226
    short_header = 'bazaar testament short form 3 strict\n'
1910.2.54 by Aaron Bentley
Implement testament format 3 strict
227
    def _get_entries(self):
228
        return self.inventory.iter_entries()
229
230
    def _escape_path(self, path):
3376.2.4 by Martin Pool
Remove every assert statement from bzrlib!
231
        if contains_linebreaks(path):
232
            raise ValueError(path)
1910.2.54 by Aaron Bentley
Implement testament format 3 strict
233
        if path == '':
234
            path = '.'
235
        return unicode(path.replace('\\', '/').replace(' ', '\ '))