From 623fe6f4f3103a00dd407a07eb25a5f3f33c1dbc Mon Sep 17 00:00:00 2001 From: Vladimir Diaz Date: Thu, 26 Apr 2018 11:55:33 -0400 Subject: [PATCH 1/2] Minor changes to indentation in test_repository_tool.py Signed-off-by: Vladimir Diaz --- tests/test_repository_tool.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tests/test_repository_tool.py b/tests/test_repository_tool.py index a60eaf3d..4bb0f759 100755 --- a/tests/test_repository_tool.py +++ b/tests/test_repository_tool.py @@ -137,7 +137,8 @@ def test_writeall(self): # sub-directory in 'temporary_directory' if it does not exist. repository_directory = os.path.join(temporary_directory, 'repository') metadata_directory = os.path.join(repository_directory, - repo_tool.METADATA_STAGED_DIRECTORY_NAME) + repo_tool.METADATA_STAGED_DIRECTORY_NAME) + repository = repo_tool.create_new_repository(repository_directory, repository_name) # (1) Load the public and private keys of the top-level roles, and one @@ -230,7 +231,8 @@ def test_writeall(self): role_filepath = os.path.join(metadata_directory, role) role_signable = securesystemslib.util.load_json_file(role_filepath) - # Raise 'securesystemslib.exceptions.FormatError' if 'role_signable' is an invalid signable. + # Raise 'securesystemslib.exceptions.FormatError' if 'role_signable' is + # an invalid signable. tuf.formats.check_signable_object_format(role_signable) self.assertTrue(os.path.exists(role_filepath)) From 9f0c495f195d827089ab43d6a4dc79fca71d1bd3 Mon Sep 17 00:00:00 2001 From: Vladimir Diaz Date: Thu, 26 Apr 2018 12:01:04 -0400 Subject: [PATCH 2/2] Copy with list() to avoid unintentially modifying roleinfo['keyids'] Signed-off-by: Vladimir Diaz --- tuf/repository_tool.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/tuf/repository_tool.py b/tuf/repository_tool.py index e5f1368a..68d6f657 100755 --- a/tuf/repository_tool.py +++ b/tuf/repository_tool.py @@ -671,10 +671,13 @@ def add_verification_key(self, key, expires=None): keyid = key['keyid'] roleinfo = tuf.roledb.get_roleinfo(self.rolename, self._repository_name) - previous_keyids = roleinfo['keyids'] + # Save the keyids that are being replaced since certain roles will need to + # re-sign metadata with these keys (e.g., root). Use list() to make a copy + # of roleinfo['keyids'] to ensure we're modifying distinct lists. + previous_keyids = list(roleinfo['keyids']) - # Add 'key' to the role's entry in 'tuf.roledb.py' and avoid duplicates. - if keyid not in previous_keyids: + # Add 'key' to the role's entry in 'tuf.roledb.py', and avoid duplicates. + if keyid not in roleinfo['keyids']: roleinfo['keyids'].append(keyid) roleinfo['previous_keyids'] = previous_keyids