From 4575637efd5dc2f0964fcb2a79af10d5ccbbd30f Mon Sep 17 00:00:00 2001 From: Jussi Kukkonen Date: Mon, 11 Jan 2021 19:34:13 +0200 Subject: [PATCH] imports: Make 'formats' imports vendoring-compatible Use "from tuf import " instead of "import tuf.": this makes it possible for vendoring tool to vendor tuf. Fix all references to in the code. Signed-off-by: Jussi Kukkonen --- tuf/api/metadata.py | 4 +-- tuf/client/updater.py | 34 +++++++++--------- tuf/developer_tool.py | 8 ++--- tuf/download.py | 6 ++-- tuf/keydb.py | 4 +-- tuf/mirrors.py | 6 ++-- tuf/repository_lib.py | 72 ++++++++++++++++++------------------- tuf/repository_tool.py | 82 +++++++++++++++++++++--------------------- tuf/roledb.py | 14 ++++---- tuf/scripts/repo.py | 4 +-- tuf/sig.py | 14 ++++---- 11 files changed, 124 insertions(+), 124 deletions(-) diff --git a/tuf/api/metadata.py b/tuf/api/metadata.py index 0bbe1541..725c4438 100644 --- a/tuf/api/metadata.py +++ b/tuf/api/metadata.py @@ -25,7 +25,7 @@ from securesystemslib.util import persist_temp_file from tuf import exceptions -import tuf.formats +from tuf import formats from tuf.api.serialization import ( MetadataDeserializer, MetadataSerializer, @@ -337,7 +337,7 @@ def _common_fields_from_dict(signed_dict: Mapping[str, Any]) -> list: # Convert 'expires' TUF metadata string to a datetime object, which is # what the constructor expects and what we store. The inverse operation # is implemented in '_common_fields_to_dict'. - expires = tuf.formats.expiry_string_to_datetime(expires_str) + expires = formats.expiry_string_to_datetime(expires_str) return [_type, version, spec_version, expires] def _common_fields_to_dict(self) -> Dict[str, Any]: diff --git a/tuf/client/updater.py b/tuf/client/updater.py index dc5e625b..cd7e8a65 100755 --- a/tuf/client/updater.py +++ b/tuf/client/updater.py @@ -133,8 +133,8 @@ import tuf from tuf import download from tuf import exceptions +from tuf import formats import tuf.requests_fetcher -import tuf.formats import tuf.settings import tuf.keydb import tuf.log @@ -212,7 +212,7 @@ def __init__(self, map_file): # Raise securesystemslib.exceptions.FormatError if the map file is # improperly formatted. - tuf.formats.MAPFILE_SCHEMA.check_match(self.map_file) + formats.MAPFILE_SCHEMA.check_match(self.map_file) # Save the "repositories" entry of the map file, with the following # example format: @@ -263,11 +263,11 @@ def get_valid_targetinfo(self, target_filename, match_custom_field=True): # Is the argument properly formatted? If not, raise # 'tuf.exceptions.FormatError'. - tuf.formats.RELPATH_SCHEMA.check_match(target_filename) + formats.RELPATH_SCHEMA.check_match(target_filename) # TAP 4 requires that the following attributes be present in mappings: # "paths", "repositories", "terminating", and "threshold". - tuf.formats.MAPPING_SCHEMA.check_match(self.map_file['mapping']) + formats.MAPPING_SCHEMA.check_match(self.map_file['mapping']) # Set the top-level directory containing the metadata for each repository. repositories_directory = tuf.settings.repositories_directory @@ -486,7 +486,7 @@ def get_updater(self, repository_name): # Are the arguments properly formatted? If not, raise # 'tuf.exceptions.FormatError'. - tuf.formats.NAME_SCHEMA.check_match(repository_name) + formats.NAME_SCHEMA.check_match(repository_name) updater = self.repository_names_to_updaters.get(repository_name) @@ -688,7 +688,7 @@ def __init__(self, repository_name, repository_mirrors, fetcher=None): # keys are properly named. # Raise 'securesystemslib.exceptions.FormatError' if there is a mistmatch. securesystemslib.formats.NAME_SCHEMA.check_match(repository_name) - tuf.formats.MIRRORDICT_SCHEMA.check_match(repository_mirrors) + formats.MIRRORDICT_SCHEMA.check_match(repository_mirrors) # Save the validated arguments. self.repository_name = repository_name @@ -852,7 +852,7 @@ def _load_metadata_from_file(self, metadata_set, metadata_role): except securesystemslib.exceptions.Error: return - tuf.formats.check_signable_object_format(metadata_signable) + formats.check_signable_object_format(metadata_signable) # Extract the 'signed' role object from 'metadata_signable'. metadata_object = metadata_signable['signed'] @@ -1439,7 +1439,7 @@ def _verify_metadata_file(self, metadata_file_object, else: # Ensure the loaded 'metadata_signable' is properly formatted. Raise # 'securesystemslib.exceptions.FormatError' if not. - tuf.formats.check_signable_object_format(metadata_signable) + formats.check_signable_object_format(metadata_signable) # Is 'metadata_signable' expired? self._ensure_not_expired(metadata_signable['signed'], metadata_role) @@ -2009,7 +2009,7 @@ def _update_versioninfo(self, metadata_filename): # client's copy of snapshot.json. try: timestamp_version_number = self.metadata['current']['snapshot']['version'] - trusted_versioninfo = tuf.formats.make_versioninfo( + trusted_versioninfo = formats.make_versioninfo( timestamp_version_number) except KeyError: @@ -2025,7 +2025,7 @@ def _update_versioninfo(self, metadata_filename): targets_version_number = \ self.metadata['current'][metadata_filename[:-len('.json')]]['version'] trusted_versioninfo = \ - tuf.formats.make_versioninfo(targets_version_number) + formats.make_versioninfo(targets_version_number) except KeyError: trusted_versioninfo = \ @@ -2152,7 +2152,7 @@ def _update_fileinfo(self, metadata_filename): # to the fileinfo store. file_length, hashes = securesystemslib.util.get_file_details( current_filepath) - metadata_fileinfo = tuf.formats.make_targets_fileinfo(file_length, hashes) + metadata_fileinfo = formats.make_targets_fileinfo(file_length, hashes) self.fileinfo[metadata_filename] = metadata_fileinfo @@ -2273,9 +2273,9 @@ def _ensure_not_expired(self, metadata_object, metadata_rolename): # Extract the expiration time. Convert it to a unix timestamp and compare it # against the current time.time() (also in Unix/POSIX time format, although # with microseconds attached.) - expires_datetime = tuf.formats.expiry_string_to_datetime( + expires_datetime = formats.expiry_string_to_datetime( metadata_object['expires']) - expires_timestamp = tuf.formats.datetime_to_unix_timestamp(expires_datetime) + expires_timestamp = formats.datetime_to_unix_timestamp(expires_datetime) current_time = int(time.time()) if expires_timestamp <= current_time: @@ -2557,7 +2557,7 @@ def targets_of_role(self, rolename='targets'): # Does 'rolename' have the correct format? # Raise 'securesystemslib.exceptions.FormatError' if there is a mismatch. - tuf.formats.RELPATH_SCHEMA.check_match(rolename) + formats.RELPATH_SCHEMA.check_match(rolename) # If we've been given a delegated targets role, we don't know how to # validate it without knowing what the delegating role is -- there could @@ -2623,7 +2623,7 @@ def get_one_valid_targetinfo(self, target_filepath): # Does 'target_filepath' have the correct format? # Raise 'securesystemslib.exceptions.FormatError' if there is a mismatch. - tuf.formats.RELPATH_SCHEMA.check_match(target_filepath) + formats.RELPATH_SCHEMA.check_match(target_filepath) target_filepath = target_filepath.replace('\\', '/') @@ -3058,7 +3058,7 @@ def updated_targets(self, targets, destination_directory): # Do the arguments have the correct format? # Raise 'securesystemslib.exceptions.FormatError' if there is a mismatch. - tuf.formats.TARGETINFOS_SCHEMA.check_match(targets) + formats.TARGETINFOS_SCHEMA.check_match(targets) securesystemslib.formats.PATH_SCHEMA.check_match(destination_directory) # Keep track of the target objects and filepaths of updated targets. @@ -3156,7 +3156,7 @@ def download_target(self, target, destination_directory, # number of objects and object types, and that all dict # keys are properly named. # Raise 'securesystemslib.exceptions.FormatError' if the check fail. - tuf.formats.TARGETINFO_SCHEMA.check_match(target) + formats.TARGETINFO_SCHEMA.check_match(target) securesystemslib.formats.PATH_SCHEMA.check_match(destination_directory) # Extract the target file information. diff --git a/tuf/developer_tool.py b/tuf/developer_tool.py index c7c6d9e3..25cdff1a 100755 --- a/tuf/developer_tool.py +++ b/tuf/developer_tool.py @@ -40,7 +40,7 @@ import tuf from tuf import exceptions -import tuf.formats +from tuf import formats import tuf.keydb import tuf.roledb import tuf.sig @@ -723,7 +723,7 @@ def _save_project_configuration(metadata_directory, targets_directory, securesystemslib.formats.PATH_SCHEMA.check_match(metadata_directory) securesystemslib.formats.PATH_SCHEMA.check_match(prefix) securesystemslib.formats.PATH_SCHEMA.check_match(targets_directory) - tuf.formats.RELPATH_SCHEMA.check_match(project_name) + formats.RELPATH_SCHEMA.check_match(project_name) cfg_file_directory = metadata_directory @@ -818,7 +818,7 @@ def load_project(project_directory, prefix='', new_targets_location=None, config_filename = os.path.join(project_directory, PROJECT_FILENAME) project_configuration = securesystemslib.util.load_json_file(config_filename) - tuf.formats.PROJECT_CFG_SCHEMA.check_match(project_configuration) + formats.PROJECT_CFG_SCHEMA.check_match(project_configuration) targets_directory = os.path.join(project_directory, project_configuration['targets_location']) @@ -864,7 +864,7 @@ def load_project(project_directory, prefix='', new_targets_location=None, project_filename) signable = securesystemslib.util.load_json_file(targets_metadata_path) try: - tuf.formats.check_signable_object_format(signable) + formats.check_signable_object_format(signable) except exceptions.UnsignedMetadataError: # Downgrade the error to a warning because a use case exists where # metadata may be generated unsigned on one machine and signed on another. diff --git a/tuf/download.py b/tuf/download.py index 5f93e4f5..3156ed7b 100755 --- a/tuf/download.py +++ b/tuf/download.py @@ -41,7 +41,7 @@ import tuf from tuf import exceptions -import tuf.formats +from tuf import formats # See 'log.py' to learn how logging is handled in TUF. logger = logging.getLogger(__name__) @@ -87,7 +87,7 @@ def safe_download(url, required_length, fetcher): # Do all of the arguments have the appropriate format? # Raise 'securesystemslib.exceptions.FormatError' if there is a mismatch. securesystemslib.formats.URL_SCHEMA.check_match(url) - tuf.formats.LENGTH_SCHEMA.check_match(required_length) + formats.LENGTH_SCHEMA.check_match(required_length) return _download_file(url, required_length, fetcher, STRICT_REQUIRED_LENGTH=True) @@ -135,7 +135,7 @@ def unsafe_download(url, required_length, fetcher): # Do all of the arguments have the appropriate format? # Raise 'securesystemslib.exceptions.FormatError' if there is a mismatch. securesystemslib.formats.URL_SCHEMA.check_match(url) - tuf.formats.LENGTH_SCHEMA.check_match(required_length) + formats.LENGTH_SCHEMA.check_match(required_length) return _download_file(url, required_length, fetcher, STRICT_REQUIRED_LENGTH=False) diff --git a/tuf/keydb.py b/tuf/keydb.py index c4a85cff..dc153d88 100755 --- a/tuf/keydb.py +++ b/tuf/keydb.py @@ -45,7 +45,7 @@ import copy from tuf import exceptions -import tuf.formats +from tuf import formats import six import securesystemslib @@ -100,7 +100,7 @@ def create_keydb_from_root_metadata(root_metadata, repository_name='default'): # This check will ensure 'root_metadata' has the appropriate number of objects # and object types, and that all dict keys are properly named. # Raise 'securesystemslib.exceptions.FormatError' if the check fails. - tuf.formats.ROOT_SCHEMA.check_match(root_metadata) + formats.ROOT_SCHEMA.check_match(root_metadata) # Does 'repository_name' have the correct format? securesystemslib.formats.NAME_SCHEMA.check_match(repository_name) diff --git a/tuf/mirrors.py b/tuf/mirrors.py index 50d32a3b..4ba90654 100755 --- a/tuf/mirrors.py +++ b/tuf/mirrors.py @@ -33,7 +33,7 @@ import os import tuf -import tuf.formats +from tuf import formats import securesystemslib import six @@ -84,8 +84,8 @@ def get_list_of_mirrors(file_type, file_path, mirrors_dict): """ # Checking if all the arguments have appropriate format. - tuf.formats.RELPATH_SCHEMA.check_match(file_path) - tuf.formats.MIRRORDICT_SCHEMA.check_match(mirrors_dict) + formats.RELPATH_SCHEMA.check_match(file_path) + formats.MIRRORDICT_SCHEMA.check_match(mirrors_dict) securesystemslib.formats.NAME_SCHEMA.check_match(file_type) # Verify 'file_type' is supported. diff --git a/tuf/repository_lib.py b/tuf/repository_lib.py index af2947bd..a54940c4 100644 --- a/tuf/repository_lib.py +++ b/tuf/repository_lib.py @@ -40,8 +40,8 @@ import tempfile import tuf -import tuf.formats from tuf import exceptions +from tuf import formats import tuf.keydb import tuf.roledb import tuf.sig @@ -500,7 +500,7 @@ def _load_top_level_metadata(repository, top_level_filenames, repository_name): # Initialize the key and role metadata of the top-level roles. signable = securesystemslib.util.load_json_file(root_filename) try: - tuf.formats.check_signable_object_format(signable) + formats.check_signable_object_format(signable) except exceptions.UnsignedMetadataError: # Downgrade the error to a warning because a use case exists where # metadata may be generated unsigned on one machine and signed on another. @@ -587,7 +587,7 @@ def _load_top_level_metadata(repository, top_level_filenames, repository_name): try: signable = securesystemslib.util.load_json_file(snapshot_filename) try: - tuf.formats.check_signable_object_format(signable) + formats.check_signable_object_format(signable) except exceptions.UnsignedMetadataError: # Downgrade the error to a warning because a use case exists where # metadata may be generated unsigned on one machine and signed on another. @@ -629,7 +629,7 @@ def _load_top_level_metadata(repository, top_level_filenames, repository_name): try: signable = securesystemslib.util.load_json_file(targets_filename) try: - tuf.formats.check_signable_object_format(signable) + formats.check_signable_object_format(signable) except exceptions.UnsignedMetadataError: # Downgrade the error to a warning because a use case exists where # metadata may be generated unsigned on one machine and signed on another. @@ -698,10 +698,10 @@ def _log_warning_if_expires_soon(rolename, expires_iso8601_timestamp, # unix timestamp, subtract from current time.time() (also in POSIX time) # and compare against 'seconds_remaining_to_warn'. Log a warning message # to console if 'rolename' expires soon. - datetime_object = tuf.formats.expiry_string_to_datetime( + datetime_object = formats.expiry_string_to_datetime( expires_iso8601_timestamp) expires_unix_timestamp = \ - tuf.formats.datetime_to_unix_timestamp(datetime_object) + formats.datetime_to_unix_timestamp(datetime_object) seconds_until_expires = expires_unix_timestamp - int(time.time()) if seconds_until_expires <= seconds_remaining_to_warn: @@ -985,7 +985,7 @@ def get_targets_metadata_fileinfo(filename, storage_backend, custom=None): # Raise 'securesystemslib.exceptions.FormatError' if there is a mismatch. securesystemslib.formats.PATH_SCHEMA.check_match(filename) if custom is not None: - tuf.formats.CUSTOM_SCHEMA.check_match(custom) + formats.CUSTOM_SCHEMA.check_match(custom) # Note: 'filehashes' is a dictionary of the form # {'sha256': 1233dfba312, ...}. 'custom' is an optional @@ -995,7 +995,7 @@ def get_targets_metadata_fileinfo(filename, storage_backend, custom=None): filesize, filehashes = securesystemslib.util.get_file_details(filename, tuf.settings.FILE_HASH_ALGORITHMS, storage_backend) - return tuf.formats.make_targets_fileinfo(filesize, filehashes, custom=custom) + return formats.make_targets_fileinfo(filesize, filehashes, custom=custom) @@ -1037,7 +1037,7 @@ def get_metadata_versioninfo(rolename, repository_name): # Does 'rolename' have the correct format? # Ensure the arguments have the appropriate number of objects and object # types, and that all dict keys are properly named. - tuf.formats.ROLENAME_SCHEMA.check_match(rolename) + formats.ROLENAME_SCHEMA.check_match(rolename) roleinfo = tuf.roledb.get_roleinfo(rolename, repository_name) versioninfo = {'version': roleinfo['version']} @@ -1182,7 +1182,7 @@ def get_target_hash(target_filepath): The hash of 'target_filepath'. """ - tuf.formats.RELPATH_SCHEMA.check_match(target_filepath) + formats.RELPATH_SCHEMA.check_match(target_filepath) digest_object = securesystemslib.hash.digest(algorithm=HASH_FUNCTION) digest_object.update(target_filepath.encode('utf-8')) @@ -1238,7 +1238,7 @@ def generate_root_metadata(version, expiration_date, consistent_snapshot, # types, and that all dict keys are properly named. Raise # 'securesystemslib.exceptions.FormatError' if any of the arguments are # improperly formatted. - tuf.formats.METADATAVERSION_SCHEMA.check_match(version) + formats.METADATAVERSION_SCHEMA.check_match(version) securesystemslib.formats.ISO8601_DATETIME_SCHEMA.check_match(expiration_date) securesystemslib.formats.BOOLEAN_SCHEMA.check_match(consistent_snapshot) securesystemslib.formats.NAME_SCHEMA.check_match(repository_name) @@ -1268,8 +1268,8 @@ def generate_root_metadata(version, expiration_date, consistent_snapshot, # Generate the authentication information Root establishes for each # top-level role. role_threshold = tuf.roledb.get_role_threshold(rolename, repository_name) - role_metadata = tuf.formats.build_dict_conforming_to_schema( - tuf.formats.ROLE_SCHEMA, + role_metadata = formats.build_dict_conforming_to_schema( + formats.ROLE_SCHEMA, keyids=keyids, threshold=role_threshold) roledict[rolename] = role_metadata @@ -1285,8 +1285,8 @@ def generate_root_metadata(version, expiration_date, consistent_snapshot, # generate_root_metadata, etc. with one function that generates # metadata, possibly rolling that upwards into the calling function. # There are very few things that really need to be done differently. - return tuf.formats.build_dict_conforming_to_schema( - tuf.formats.ROOT_SCHEMA, + return formats.build_dict_conforming_to_schema( + formats.ROOT_SCHEMA, version=version, expires=expiration_date, keys=keydict, @@ -1389,8 +1389,8 @@ def generate_targets_metadata(targets_directory, target_files, version, # types, and that all dict keys are properly named. # Raise 'securesystemslib.exceptions.FormatError' if there is a mismatch. securesystemslib.formats.PATH_SCHEMA.check_match(targets_directory) - tuf.formats.PATH_FILEINFO_SCHEMA.check_match(target_files) - tuf.formats.METADATAVERSION_SCHEMA.check_match(version) + formats.PATH_FILEINFO_SCHEMA.check_match(target_files) + formats.METADATAVERSION_SCHEMA.check_match(version) securesystemslib.formats.ISO8601_DATETIME_SCHEMA.check_match(expiration_date) securesystemslib.formats.BOOLEAN_SCHEMA.check_match(write_consistent_targets) securesystemslib.formats.BOOLEAN_SCHEMA.check_match(use_existing_fileinfo) @@ -1400,7 +1400,7 @@ def generate_targets_metadata(targets_directory, target_files, version, ' targets and using existing fileinfo.') if delegations is not None: - tuf.formats.DELEGATIONS_SCHEMA.check_match(delegations) + formats.DELEGATIONS_SCHEMA.check_match(delegations) # If targets role has delegations, collect the up-to-date 'keyids' and # 'threshold' for each role. Update the delegations keys dictionary. delegations_keys = [] @@ -1460,15 +1460,15 @@ def generate_targets_metadata(targets_directory, target_files, version, # metadata, possibly rolling that upwards into the calling function. # There are very few things that really need to be done differently. if delegations is not None: - return tuf.formats.build_dict_conforming_to_schema( - tuf.formats.TARGETS_SCHEMA, + return formats.build_dict_conforming_to_schema( + formats.TARGETS_SCHEMA, version=version, expires=expiration_date, targets=filedict, delegations=delegations) else: - return tuf.formats.build_dict_conforming_to_schema( - tuf.formats.TARGETS_SCHEMA, + return formats.build_dict_conforming_to_schema( + formats.TARGETS_SCHEMA, version=version, expires=expiration_date, targets=filedict) @@ -1621,7 +1621,7 @@ def generate_snapshot_metadata(metadata_directory, version, expiration_date, # object types, and that all dict keys are properly named. # Raise 'securesystemslib.exceptions.FormatError' if the check fails. securesystemslib.formats.PATH_SCHEMA.check_match(metadata_directory) - tuf.formats.METADATAVERSION_SCHEMA.check_match(version) + formats.METADATAVERSION_SCHEMA.check_match(version) securesystemslib.formats.ISO8601_DATETIME_SCHEMA.check_match(expiration_date) securesystemslib.formats.BOOLEAN_SCHEMA.check_match(consistent_snapshot) securesystemslib.formats.NAME_SCHEMA.check_match(repository_name) @@ -1643,7 +1643,7 @@ def generate_snapshot_metadata(metadata_directory, version, expiration_date, # Make file info dictionary with make_metadata_fileinfo because # in the tuf spec length and hashes are optional for all # METAFILES in snapshot.json including the top-level targets file. - fileinfodict[TARGETS_FILENAME] = tuf.formats.make_metadata_fileinfo( + fileinfodict[TARGETS_FILENAME] = formats.make_metadata_fileinfo( targets_file_version['version'], length, hashes) # Search the metadata directory and generate the versioninfo of all the role @@ -1675,7 +1675,7 @@ def generate_snapshot_metadata(metadata_directory, version, expiration_date, file_version = get_metadata_versioninfo(rolename, repository_name) - fileinfodict[metadata_name] = tuf.formats.make_metadata_fileinfo( + fileinfodict[metadata_name] = formats.make_metadata_fileinfo( file_version['version'], length, hashes) else: @@ -1691,8 +1691,8 @@ def generate_snapshot_metadata(metadata_directory, version, expiration_date, # generate_root_metadata, etc. with one function that generates # metadata, possibly rolling that upwards into the calling function. # There are very few things that really need to be done differently. - return tuf.formats.build_dict_conforming_to_schema( - tuf.formats.SNAPSHOT_SCHEMA, + return formats.build_dict_conforming_to_schema( + formats.SNAPSHOT_SCHEMA, version=version, expires=expiration_date, meta=fileinfodict) @@ -1758,7 +1758,7 @@ def generate_timestamp_metadata(snapshot_file_path, version, expiration_date, # object types, and that all dict keys are properly named. # Raise 'securesystemslib.exceptions.FormatError' if the check fails. securesystemslib.formats.PATH_SCHEMA.check_match(snapshot_file_path) - tuf.formats.METADATAVERSION_SCHEMA.check_match(version) + formats.METADATAVERSION_SCHEMA.check_match(version) securesystemslib.formats.ISO8601_DATETIME_SCHEMA.check_match(expiration_date) securesystemslib.formats.NAME_SCHEMA.check_match(repository_name) securesystemslib.formats.BOOLEAN_SCHEMA.check_match(use_length) @@ -1773,7 +1773,7 @@ def generate_timestamp_metadata(snapshot_file_path, version, expiration_date, # Retrieve the versioninfo of the Snapshot metadata file. snapshot_version = get_metadata_versioninfo('snapshot', repository_name) snapshot_fileinfo[snapshot_filename] = \ - tuf.formats.make_metadata_fileinfo(snapshot_version['version'], + formats.make_metadata_fileinfo(snapshot_version['version'], length, hashes) # Generate the timestamp metadata object. @@ -1785,8 +1785,8 @@ def generate_timestamp_metadata(snapshot_file_path, version, expiration_date, # generate_root_metadata, etc. with one function that generates # metadata, possibly rolling that upwards into the calling function. # There are very few things that really need to be done differently. - return tuf.formats.build_dict_conforming_to_schema( - tuf.formats.TIMESTAMP_SCHEMA, + return formats.build_dict_conforming_to_schema( + formats.TIMESTAMP_SCHEMA, version=version, expires=expiration_date, meta=snapshot_fileinfo) @@ -1838,7 +1838,7 @@ def sign_metadata(metadata_object, keyids, filename, repository_name): # This check ensures arguments have the appropriate number of objects and # object types, and that all dict keys are properly named. # Raise 'securesystemslib.exceptions.FormatError' if the check fails. - tuf.formats.ANYROLE_SCHEMA.check_match(metadata_object) + formats.ANYROLE_SCHEMA.check_match(metadata_object) securesystemslib.formats.KEYIDS_SCHEMA.check_match(keyids) securesystemslib.formats.PATH_SCHEMA.check_match(filename) securesystemslib.formats.NAME_SCHEMA.check_match(repository_name) @@ -1847,7 +1847,7 @@ def sign_metadata(metadata_object, keyids, filename, repository_name): # it contains a 'signatures' field containing the result # of signing the 'signed' field of 'metadata' with each # keyid of 'keyids'. - signable = tuf.formats.make_signable(metadata_object) + signable = formats.make_signable(metadata_object) # Sign the metadata with each keyid in 'keyids'. 'signable' should have # zero signatures (metadata_object contained none). @@ -1876,7 +1876,7 @@ def sign_metadata(metadata_object, keyids, filename, repository_name): # Raise 'securesystemslib.exceptions.FormatError' if the resulting 'signable' # is not formatted correctly. try: - tuf.formats.check_signable_object_format(signable) + formats.check_signable_object_format(signable) except exceptions.UnsignedMetadataError: # Downgrade the error to a warning because a use case exists where # metadata may be generated unsigned on one machine and signed on another. @@ -1936,9 +1936,9 @@ def write_metadata_file(metadata, filename, version_number, consistent_snapshot, # This check ensures arguments have the appropriate number of objects and # object types, and that all dict keys are properly named. # Raise 'securesystemslib.exceptions.FormatError' if the check fails. - tuf.formats.SIGNABLE_SCHEMA.check_match(metadata) + formats.SIGNABLE_SCHEMA.check_match(metadata) securesystemslib.formats.PATH_SCHEMA.check_match(filename) - tuf.formats.METADATAVERSION_SCHEMA.check_match(version_number) + formats.METADATAVERSION_SCHEMA.check_match(version_number) securesystemslib.formats.BOOLEAN_SCHEMA.check_match(consistent_snapshot) if storage_backend is None: diff --git a/tuf/repository_tool.py b/tuf/repository_tool.py index ab3a6460..987204ab 100755 --- a/tuf/repository_tool.py +++ b/tuf/repository_tool.py @@ -43,11 +43,11 @@ from collections import deque import tuf -import tuf.formats +from tuf import exceptions +from tuf import formats import tuf.roledb import tuf.sig import tuf.log -from tuf import exceptions import tuf.repository_lib as repo_lib import securesystemslib.keys @@ -740,23 +740,23 @@ def add_verification_key(self, key, expires=None): if expires is None: if self.rolename == 'root': expires = \ - tuf.formats.unix_timestamp_to_datetime(int(time.time() + ROOT_EXPIRATION)) + formats.unix_timestamp_to_datetime(int(time.time() + ROOT_EXPIRATION)) elif self.rolename == 'Targets': expires = \ - tuf.formats.unix_timestamp_to_datetime(int(time.time() + TARGETS_EXPIRATION)) + formats.unix_timestamp_to_datetime(int(time.time() + TARGETS_EXPIRATION)) elif self.rolename == 'Snapshot': expires = \ - tuf.formats.unix_timestamp_to_datetime(int(time.time() + SNAPSHOT_EXPIRATION)) + formats.unix_timestamp_to_datetime(int(time.time() + SNAPSHOT_EXPIRATION)) elif self.rolename == 'Timestamp': expires = \ - tuf.formats.unix_timestamp_to_datetime(int(time.time() + TIMESTAMP_EXPIRATION)) + formats.unix_timestamp_to_datetime(int(time.time() + TIMESTAMP_EXPIRATION)) else: expires = \ - tuf.formats.unix_timestamp_to_datetime(int(time.time() + TIMESTAMP_EXPIRATION)) + formats.unix_timestamp_to_datetime(int(time.time() + TIMESTAMP_EXPIRATION)) # Is 'expires' a datetime.datetime() object? # Raise 'securesystemslib.exceptions.FormatError' if not. @@ -770,7 +770,7 @@ def add_verification_key(self, key, expires=None): # Ensure the expiration has not already passed. current_datetime = \ - tuf.formats.unix_timestamp_to_datetime(int(time.time())) + formats.unix_timestamp_to_datetime(int(time.time())) if expires < current_datetime: raise securesystemslib.exceptions.Error(repr(key) + ' has already' @@ -1234,7 +1234,7 @@ def version(self, version): # Ensure the arguments have the appropriate number of objects and object # types, and that all dict keys are properly named. Raise # 'securesystemslib.exceptions.FormatError' if any are improperly formatted. - tuf.formats.METADATAVERSION_SCHEMA.check_match(version) + formats.METADATAVERSION_SCHEMA.check_match(version) roleinfo = tuf.roledb.get_roleinfo(self.rolename, self._repository_name) roleinfo['version'] = version @@ -1306,7 +1306,7 @@ def threshold(self, threshold): # Ensure the arguments have the appropriate number of objects and object # types, and that all dict keys are properly named. Raise # 'securesystemslib.exceptions.FormatError' if any are improperly formatted. - tuf.formats.THRESHOLD_SCHEMA.check_match(threshold) + formats.THRESHOLD_SCHEMA.check_match(threshold) roleinfo = tuf.roledb.get_roleinfo(self._rolename, self._repository_name) roleinfo['previous_threshold'] = roleinfo['threshold'] @@ -1339,7 +1339,7 @@ def expiration(self): roleinfo = tuf.roledb.get_roleinfo(self.rolename, self._repository_name) expires = roleinfo['expires'] - return tuf.formats.expiry_string_to_datetime(expires) + return formats.expiry_string_to_datetime(expires) @@ -1386,7 +1386,7 @@ def expiration(self, datetime_object): # Ensure the expiration has not already passed. current_datetime_object = \ - tuf.formats.unix_timestamp_to_datetime(int(time.time())) + formats.unix_timestamp_to_datetime(int(time.time())) if datetime_object < current_datetime_object: raise securesystemslib.exceptions.Error(repr(self.rolename) + ' has' @@ -1477,11 +1477,11 @@ def __init__(self, repository_name): # Is 'repository_name' properly formatted? Otherwise, raise a # tuf.exceptions.FormatError exception. - tuf.formats.ROLENAME_SCHEMA.check_match(repository_name) + formats.ROLENAME_SCHEMA.check_match(repository_name) # By default, 'snapshot' metadata is set to expire 1 week from the current # time. The expiration may be modified. - expiration = tuf.formats.unix_timestamp_to_datetime( + expiration = formats.unix_timestamp_to_datetime( int(time.time() + ROOT_EXPIRATION)) expiration = expiration.isoformat() + 'Z' @@ -1549,7 +1549,7 @@ def __init__(self, repository_name): # By default, 'root' metadata is set to expire 1 year from the current # time. The expiration may be modified. - expiration = tuf.formats.unix_timestamp_to_datetime( + expiration = formats.unix_timestamp_to_datetime( int(time.time() + TIMESTAMP_EXPIRATION)) expiration = expiration.isoformat() + 'Z' @@ -1612,7 +1612,7 @@ def __init__(self, repository_name): # By default, 'snapshot' metadata is set to expire 1 week from the current # time. The expiration may be modified. - expiration = tuf.formats.unix_timestamp_to_datetime( + expiration = formats.unix_timestamp_to_datetime( int(time.time() + SNAPSHOT_EXPIRATION)) expiration = expiration.isoformat() + 'Z' @@ -1693,11 +1693,11 @@ def __init__(self, targets_directory, rolename='targets', roleinfo=None, # types, and that all dict keys are properly named. Raise # 'securesystemslib.exceptions.FormatError' if any are improperly formatted. securesystemslib.formats.PATH_SCHEMA.check_match(targets_directory) - tuf.formats.ROLENAME_SCHEMA.check_match(rolename) + formats.ROLENAME_SCHEMA.check_match(rolename) securesystemslib.formats.NAME_SCHEMA.check_match(repository_name) if roleinfo is not None: - tuf.formats.ROLEDB_SCHEMA.check_match(roleinfo) + formats.ROLEDB_SCHEMA.check_match(roleinfo) super(Targets, self).__init__() self._targets_directory = targets_directory @@ -1715,7 +1715,7 @@ def __init__(self, targets_directory, rolename='targets', roleinfo=None, # By default, Targets objects are set to expire 3 months from the current # time. May be later modified. - expiration = tuf.formats.unix_timestamp_to_datetime( + expiration = formats.unix_timestamp_to_datetime( int(time.time() + TARGETS_EXPIRATION)) expiration = expiration.isoformat() + 'Z' @@ -1766,7 +1766,7 @@ def __call__(self, rolename): # Ensure the arguments have the appropriate number of objects and object # types, and that all dict keys are properly named. Raise # 'securesystemslib.exceptions.FormatError' if any are improperly formatted. - tuf.formats.ROLENAME_SCHEMA.check_match(rolename) + formats.ROLENAME_SCHEMA.check_match(rolename) if rolename in self._delegated_roles: return self._delegated_roles[rolename] @@ -1808,7 +1808,7 @@ def add_delegated_role(self, rolename, targets_object): # Ensure the arguments have the appropriate number of objects and object # types, and that all dict keys are properly named. Raise # 'securesystemslib.exceptions.FormatError' if any are improperly formatted. - tuf.formats.ROLENAME_SCHEMA.check_match(rolename) + formats.ROLENAME_SCHEMA.check_match(rolename) if not isinstance(targets_object, Targets): raise securesystemslib.exceptions.FormatError(repr(targets_object) + ' is' @@ -1848,7 +1848,7 @@ def remove_delegated_role(self, rolename): # Ensure the arguments have the appropriate number of objects and object # types, and that all dict keys are properly named. Raise # 'securesystemslib.exceptions.FormatError' if any are improperly formatted. - tuf.formats.ROLENAME_SCHEMA.check_match(rolename) + formats.ROLENAME_SCHEMA.check_match(rolename) if rolename not in self._delegated_roles: logger.debug(repr(rolename) + ' has not been delegated.') @@ -1936,7 +1936,7 @@ def add_paths(self, paths, child_rolename): # types, and that all dict keys are properly named. # Raise 'securesystemslib.exceptions.FormatError' if there is a mismatch. securesystemslib.formats.PATHS_SCHEMA.check_match(paths) - tuf.formats.ROLENAME_SCHEMA.check_match(child_rolename) + formats.ROLENAME_SCHEMA.check_match(child_rolename) # Ensure that 'child_rolename' exists, otherwise it will not have an entry # in the parent role's delegations field. @@ -2024,19 +2024,19 @@ def add_target(self, filepath, custom=None, fileinfo=None): # Ensure the arguments have the appropriate number of objects and object # types, and that all dict keys are properly named. Raise # 'securesystemslib.exceptions.FormatError' if there is a mismatch. - tuf.formats.RELPATH_SCHEMA.check_match(filepath) + formats.RELPATH_SCHEMA.check_match(filepath) if fileinfo and custom: raise securesystemslib.exceptions.Error("Can only take one of" " custom or fileinfo, not both.") if fileinfo: - tuf.formats.TARGETS_FILEINFO_SCHEMA.check_match(fileinfo) + formats.TARGETS_FILEINFO_SCHEMA.check_match(fileinfo) if custom is None: custom = {} else: - tuf.formats.CUSTOM_SCHEMA.check_match(custom) + formats.CUSTOM_SCHEMA.check_match(custom) # Add 'filepath' (i.e., relative to the targets directory) to the role's # list of targets. 'filepath' will not be verified as an allowed path @@ -2104,7 +2104,7 @@ def add_targets(self, list_of_targets): # Ensure the arguments have the appropriate number of objects and object # types, and that all dict keys are properly named. # Raise 'securesystemslib.exceptions.FormatError' if there is a mismatch. - tuf.formats.RELPATHS_SCHEMA.check_match(list_of_targets) + formats.RELPATHS_SCHEMA.check_match(list_of_targets) # Ensure the paths in 'list_of_targets' are relative and use forward slash # as a separator or raise an exception. The paths of 'list_of_targets' @@ -2162,7 +2162,7 @@ def remove_target(self, filepath): # Ensure the arguments have the appropriate number of objects and object # types, and that all dict keys are properly named. Raise # 'securesystemslib.exceptions.FormatError' if there is a mismatch. - tuf.formats.RELPATH_SCHEMA.check_match(filepath) + formats.RELPATH_SCHEMA.check_match(filepath) # Remove 'relative_filepath', if found, and update this Targets roleinfo. fileinfo = tuf.roledb.get_roleinfo(self.rolename, self._repository_name) @@ -2241,7 +2241,7 @@ def _create_delegated_target(self, rolename, keyids, threshold, paths): expiration is set (3 months from the current time). """ - expiration = tuf.formats.unix_timestamp_to_datetime( + expiration = formats.unix_timestamp_to_datetime( int(time.time() + TARGETS_EXPIRATION)) expiration = expiration.isoformat() + 'Z' @@ -2363,17 +2363,17 @@ def delegate(self, rolename, public_keys, paths, threshold=1, # Ensure the arguments have the appropriate number of objects and object # types, and that all dict keys are properly named. # Raise 'securesystemslib.exceptions.FormatError' if there is a mismatch. - tuf.formats.ROLENAME_SCHEMA.check_match(rolename) + formats.ROLENAME_SCHEMA.check_match(rolename) securesystemslib.formats.ANYKEYLIST_SCHEMA.check_match(public_keys) - tuf.formats.RELPATHS_SCHEMA.check_match(paths) - tuf.formats.THRESHOLD_SCHEMA.check_match(threshold) + formats.RELPATHS_SCHEMA.check_match(paths) + formats.THRESHOLD_SCHEMA.check_match(threshold) securesystemslib.formats.BOOLEAN_SCHEMA.check_match(terminating) if list_of_targets is not None: - tuf.formats.RELPATHS_SCHEMA.check_match(list_of_targets) + formats.RELPATHS_SCHEMA.check_match(list_of_targets) if path_hash_prefixes is not None: - tuf.formats.PATH_HASH_PREFIXES_SCHEMA.check_match(path_hash_prefixes) + formats.PATH_HASH_PREFIXES_SCHEMA.check_match(path_hash_prefixes) # Keep track of the valid keyids (added to the new Targets object) and # their keydicts (added to this Targets delegations). @@ -2477,7 +2477,7 @@ def revoke(self, rolename): # Ensure the arguments have the appropriate number of objects and object # types, and that all dict keys are properly named. # Raise 'securesystemslib.exceptions.FormatError' if there is a mismatch. - tuf.formats.ROLENAME_SCHEMA.check_match(rolename) + formats.ROLENAME_SCHEMA.check_match(rolename) # Remove 'rolename' from this Target's delegations dict. roleinfo = tuf.roledb.get_roleinfo(self.rolename, self._repository_name) @@ -2569,7 +2569,7 @@ def delegate_hashed_bins(self, list_of_targets, keys_of_hashed_bins, # Raise 'securesystemslib.exceptions.FormatError' if there is a mismatch. securesystemslib.formats.PATHS_SCHEMA.check_match(list_of_targets) securesystemslib.formats.ANYKEYLIST_SCHEMA.check_match(keys_of_hashed_bins) - tuf.formats.NUMBINS_SCHEMA.check_match(number_of_bins) + formats.NUMBINS_SCHEMA.check_match(number_of_bins) prefix_length, prefix_count, bin_size = repo_lib.get_bin_numbers(number_of_bins) @@ -2712,7 +2712,7 @@ def add_target_to_bin(self, target_filepath, number_of_bins=DEFAULT_NUM_BINS, # types, and that all dict keys are properly named. # Raise 'securesystemslib.exceptions.FormatError' if there is a mismatch. securesystemslib.formats.PATH_SCHEMA.check_match(target_filepath) - tuf.formats.NUMBINS_SCHEMA.check_match(number_of_bins) + formats.NUMBINS_SCHEMA.check_match(number_of_bins) # TODO: check target_filepath is sane @@ -2774,7 +2774,7 @@ def remove_target_from_bin(self, target_filepath, # types, and that all dict keys are properly named. # Raise 'securesystemslib.exceptions.FormatError' if there is a mismatch. securesystemslib.formats.PATH_SCHEMA.check_match(target_filepath) - tuf.formats.NUMBINS_SCHEMA.check_match(number_of_bins) + formats.NUMBINS_SCHEMA.check_match(number_of_bins) # TODO: check target_filepath is sane? @@ -2843,7 +2843,7 @@ def _check_path(self, pathname): None. """ - tuf.formats.RELPATH_SCHEMA.check_match(pathname) + formats.RELPATH_SCHEMA.check_match(pathname) if '\\' in pathname: raise exceptions.InvalidNameError('Path ' + repr(pathname) @@ -3222,7 +3222,7 @@ def dump_signable_metadata(metadata_filepath): signable = securesystemslib.util.load_json_file(metadata_filepath) # Is 'signable' a valid metadata file? - tuf.formats.SIGNABLE_SCHEMA.check_match(signable) + formats.SIGNABLE_SCHEMA.check_match(signable) return securesystemslib.formats.encode_canonical(signable['signed']) @@ -3278,7 +3278,7 @@ def append_signature(signature, metadata_filepath): signable = securesystemslib.util.load_json_file(metadata_filepath) # Is 'signable' a valid metadata file? - tuf.formats.SIGNABLE_SCHEMA.check_match(signable) + formats.SIGNABLE_SCHEMA.check_match(signable) signable['signatures'].append(signature) diff --git a/tuf/roledb.py b/tuf/roledb.py index eccb4ddd..30a38223 100755 --- a/tuf/roledb.py +++ b/tuf/roledb.py @@ -54,8 +54,8 @@ import tuf from tuf import exceptions +from tuf import formats import tuf.log -import tuf.formats import securesystemslib import six @@ -112,7 +112,7 @@ def create_roledb_from_root_metadata(root_metadata, repository_name='default'): # This check will ensure 'root_metadata' has the appropriate number of objects # and object types, and that all dict keys are properly named. # Raises securesystemslib.exceptions.FormatError. - tuf.formats.ROOT_SCHEMA.check_match(root_metadata) + formats.ROOT_SCHEMA.check_match(root_metadata) # Is 'repository_name' formatted correctly? securesystemslib.formats.NAME_SCHEMA.check_match(repository_name) @@ -295,10 +295,10 @@ def add_role(rolename, roleinfo, repository_name='default'): # Does 'rolename' have the correct object format? # This check will ensure 'rolename' has the appropriate number of objects # and object types, and that all dict keys are properly named. - tuf.formats.ROLENAME_SCHEMA.check_match(rolename) + formats.ROLENAME_SCHEMA.check_match(rolename) # Does 'roleinfo' have the correct object format? - tuf.formats.ROLEDB_SCHEMA.check_match(roleinfo) + formats.ROLEDB_SCHEMA.check_match(roleinfo) # Is 'repository_name' correctly formatted? securesystemslib.formats.NAME_SCHEMA.check_match(repository_name) @@ -379,12 +379,12 @@ def update_roleinfo(rolename, roleinfo, mark_role_as_dirty=True, repository_name # Does the arguments have the correct object format? # This check will ensure arguments have the appropriate number of objects # and object types, and that all dict keys are properly named. - tuf.formats.ROLENAME_SCHEMA.check_match(rolename) + formats.ROLENAME_SCHEMA.check_match(rolename) securesystemslib.formats.BOOLEAN_SCHEMA.check_match(mark_role_as_dirty) securesystemslib.formats.NAME_SCHEMA.check_match(repository_name) # Does 'roleinfo' have the correct object format? - tuf.formats.ROLEDB_SCHEMA.check_match(roleinfo) + formats.ROLEDB_SCHEMA.check_match(roleinfo) # Raises securesystemslib.exceptions.InvalidNameError. _validate_rolename(rolename) @@ -1031,7 +1031,7 @@ def _check_rolename(rolename, repository_name='default'): # Does 'rolename' have the correct object format? # This check will ensure 'rolename' has the appropriate number of objects # and object types, and that all dict keys are properly named. - tuf.formats.ROLENAME_SCHEMA.check_match(rolename) + formats.ROLENAME_SCHEMA.check_match(rolename) # Does 'repository_name' have the correct format? securesystemslib.formats.NAME_SCHEMA.check_match(repository_name) diff --git a/tuf/scripts/repo.py b/tuf/scripts/repo.py index a2a0ffef..5557ca6e 100755 --- a/tuf/scripts/repo.py +++ b/tuf/scripts/repo.py @@ -149,8 +149,8 @@ import tuf from tuf import exceptions +from tuf import formats import tuf.log -import tuf.formats import tuf.repository_tool as repo_tool # 'pip install securesystemslib[crypto,pynacl]' is required for the CLI, @@ -624,7 +624,7 @@ def sign_role(parsed_arguments): role_privatekey, repository_name = repository._repository_name) # Set the delegated metadata file to expire in 3 months. - expiration = tuf.formats.unix_timestamp_to_datetime( + expiration = formats.unix_timestamp_to_datetime( int(time.time() + 7889230)) expiration = expiration.isoformat() + 'Z' diff --git a/tuf/sig.py b/tuf/sig.py index be1bee7d..221bdfa9 100755 --- a/tuf/sig.py +++ b/tuf/sig.py @@ -52,9 +52,9 @@ import tuf from tuf import exceptions +from tuf import formats import tuf.keydb import tuf.roledb -import tuf.formats import securesystemslib @@ -126,14 +126,14 @@ def get_signature_status(signable, role=None, repository_name='default', # arguments have the appropriate number of objects and object types, and that # all dict keys are properly named. Raise # 'securesystemslib.exceptions.FormatError' if the check fails. - tuf.formats.SIGNABLE_SCHEMA.check_match(signable) + formats.SIGNABLE_SCHEMA.check_match(signable) securesystemslib.formats.NAME_SCHEMA.check_match(repository_name) if role is not None: - tuf.formats.ROLENAME_SCHEMA.check_match(role) + formats.ROLENAME_SCHEMA.check_match(role) if threshold is not None: - tuf.formats.THRESHOLD_SCHEMA.check_match(threshold) + formats.THRESHOLD_SCHEMA.check_match(threshold) if keyids is not None: securesystemslib.formats.KEYIDS_SCHEMA.check_match(keyids) @@ -280,8 +280,8 @@ def verify(signable, role, repository_name='default', threshold=None, role's threshold, False otherwise. """ - tuf.formats.SIGNABLE_SCHEMA.check_match(signable) - tuf.formats.ROLENAME_SCHEMA.check_match(role) + formats.SIGNABLE_SCHEMA.check_match(signable) + formats.ROLENAME_SCHEMA.check_match(role) securesystemslib.formats.NAME_SCHEMA.check_match(repository_name) # Retrieve the signature status. tuf.sig.get_signature_status() raises: @@ -338,7 +338,7 @@ def may_need_new_keys(signature_status): # This check will ensure 'signature_status' has the appropriate number # of objects and object types, and that all dict keys are properly named. # Raise 'securesystemslib.exceptions.FormatError' if the check fails. - tuf.formats.SIGNATURESTATUS_SCHEMA.check_match(signature_status) + formats.SIGNATURESTATUS_SCHEMA.check_match(signature_status) unknown = signature_status['unknown_sigs'] untrusted = signature_status['untrusted_sigs']