turn off TUF and in-toto console logging by default

trishankatdatadog · trishankatdatadog · commit 741c37d9ce5c · 2018-10-17T12:12:42.000-04:00
* but you can turn it back on using the TUF_ENABLE_LOGGING env var
* also use `logger` instead of `logging` everywhere
diff --git a/src/pip/_internal/download.py b/src/pip/_internal/download.py
@@ -139,11 +139,8 @@ def __init__(self, path_to_tuf_config_file):
                          os.environ.get('TUF_ENABLE_LOGGING', False)
 
         if enable_logging:
-            # https://github.com/theupdateframework/tuf/pull/749
-            log_filename = os.path.join(tuf.settings.repositories_directory,
-                                        tuf_config['repository_dir'],
-                                        'tuf.log')
-            tuf.log.enable_file_logging(log_filename)
+            # NOTE: Also set TUF output to DEBUG and above.
+            logging.getLogger("tuf").setLevel(logging.DEBUG)
 
             # Also set verbose, non-quiet in-toto logging.
             # https://github.com/in-toto/in-toto/blob/8eb8eab8c94f47e67a24b5e7d56f4519092dd9d2/in_toto/in_toto_verify.py#L205
@@ -290,7 +287,7 @@ def __verify_in_toto_metadata(self, target_relpath,
                 params = self.__substitute_parameters(target_relpath)
                 verifylib.in_toto_verify(layout, layout_key_dict,
                                          substitution_parameters=params)
-                logging.info('E2E verified {}'.format(target_relpath))
+                logger.info('in-toto verified {}'.format(target_relpath))
         except:
             logger.exception('in-toto failed to verify {}'\
                              .format(target_relpath))
@@ -326,9 +323,7 @@ def _get_target(self, target_relpath, download_in_toto_metadata=True):
 
         # Either the target has not been updated...
         if not len(updated_targets):
-            logger.info('{} has not been updated'\
-                        .format(target_relpath))
-
+            logger.debug('{} has not been updated'.format(target_relpath))
         # or, it has been updated, in which case...
         else:
             # First, we use TUF to download and verify the target.
@@ -337,6 +332,8 @@ def _get_target(self, target_relpath, download_in_toto_metadata=True):
 	    assert updated_target == target
             self.__updater.download_target(updated_target, self.__targets_dir)
 
+        logger.info('TUF verified {}'.format(target_relpath))
+
 	# Next, we use in-toto to verify the supply chain of the target.
 	# NOTE: We use a flag to avoid recursively downloading in-toto
 	# metadata for in-toto metadata themselves, and so on ad infinitum.
@@ -355,8 +352,8 @@ def _get_target(self, target_relpath, download_in_toto_metadata=True):
 	   not target_relpath.endswith('.html'):
 	    self.__download_and_verify_in_toto_metadata(target, target_relpath)
 	else:
-	    logging.warning('Switched off in-toto verification for {}'\
-			    .format(target_relpath))
+	    logger.warning('Switched off in-toto verification for {}'\
+			   .format(target_relpath))
 
         target_path = os.path.join(self.__targets_dir, target_relpath)
         return target_path
@@ -385,12 +382,12 @@ def download(self, target_relpath, dest_dir, dest_filename):
     import tuf.log
     import tuf.settings
 
-    # NOTE: By default, we turn off TUF logging, and use the pip log instead.
-    # You may turn toggle this behaviour using the "enable_logging" flag in the
-    # TUF configuration file.
+    # We *always* turn off TUF logging.
     tuf.settings.ENABLE_FILE_LOGGING = False
-    # NOTE: We set the TUF console logging level to CRITICAL and above.
+    # By default, set the TUF console logging level to >= CRITICAL.
     logging.getLogger("tuf").setLevel(logging.CRITICAL)
+    # Also set non-verbose, quiet in-toto logging.
+    logging.getLogger("in_toto").setLevelVerboseOrQuiet(False, True)
     from tuf.client.updater import Updater
 
     from in_toto import verifylib
