mirror of
https://github.com/theupdateframework/python-tuf
synced 2026-05-24 10:08:28 +00:00
Modify installation setup.
Support the following installation setup: # Minimal install intended for clients (pure Python, only ed25519 signatures). pip install tuf # Optional installation required by the TUF repository tools (RSA keys and rsassa-pss # signatures, faster ed25519 cryptographic computations, general-purpose cryptography, etc.) pip install tuf[tools] Re-implement the fix for issue #167. Update comments and docstrings related to the fixes above.
This commit is contained in:
vladdd
parent
e3f067d673
commit
845b98fda1
5 changed files with 18 additions and 15 deletions
|
|
@ -2,13 +2,15 @@
|
|||
# and installation. It can be executed as follows:
|
||||
# $ pip install --requirement dev-requirements.txt
|
||||
#
|
||||
# pip install TUF in editable mode (i.e., setuptools "develop mode").
|
||||
# The current working directory must contain 'setup.py'.
|
||||
# pip install TUF (minimal install) in editable mode (i.e., setuptools
|
||||
# "develop mode"). The current working directory must contain 'setup.py'.
|
||||
--editable .
|
||||
|
||||
# Install PyNaCl for faster generation and verification of ed25519 keys and
|
||||
# signatures. It also includes protection against side-channel attacks.
|
||||
# NOTE: TUF only uses the pure Python implementation of ed25519 for signature
|
||||
# verification. PyNaCl is required for ed25519 key and signature generation
|
||||
# with the TUF repository tools.
|
||||
# with the TUF repository tools. Also install PyCrypto for RSA key & signature
|
||||
# support and general-purpose cryptography needed by the repository tools.
|
||||
pycrypto==2.6.1
|
||||
pynacl==0.2.3
|
||||
|
|
|
|||
13
setup.py
13
setup.py
|
|
@ -37,10 +37,11 @@
|
|||
$ pip install .
|
||||
|
||||
# Installing optional requirements (i.e., after installing tuf).
|
||||
# 'fast_ed25519' currently supported, which enables faster and more secure
|
||||
# ed25519 key generation and signature verification computations with
|
||||
# pynacl+libsodium.
|
||||
$ pip install tuf[fast_ed25519]
|
||||
# The 'tools' optional requirement is currently supported, which enables
|
||||
# fast and secure ed25519 key generation and signature verification
|
||||
# computations with PyNaCl+libsodium. General-purpose cryptography is also
|
||||
# provided. 'tools' is needed by the TUF repository tools.
|
||||
$ pip install tuf[tools]
|
||||
|
||||
|
||||
Alternate installation options:
|
||||
|
|
@ -70,7 +71,7 @@
|
|||
from setuptools import find_packages
|
||||
|
||||
extras = {
|
||||
'fast_ed25519': ['pynacl>=0.2.3']
|
||||
'tools': ['pycrypto>=2.6.1', 'pynacl>=0.2.3']
|
||||
}
|
||||
|
||||
setup(
|
||||
|
|
@ -98,7 +99,7 @@
|
|||
'Topic :: Security',
|
||||
'Topic :: Software Development'
|
||||
],
|
||||
install_requires = ['pycrypto>=2.6.1'],
|
||||
install_requires = [],
|
||||
packages = find_packages(exclude=['tests', 'tuf.tests']),
|
||||
extras_require = extras,
|
||||
scripts = [
|
||||
|
|
|
|||
|
|
@ -116,7 +116,6 @@
|
|||
import tuf.keydb
|
||||
import tuf.log
|
||||
import tuf.mirrors
|
||||
import tuf.repo.signerlib
|
||||
import tuf.roledb
|
||||
import tuf.sig
|
||||
import tuf.util
|
||||
|
|
|
|||
|
|
@ -161,6 +161,7 @@ def generate_public_and_private():
|
|||
try:
|
||||
nacl_key = nacl.signing.SigningKey(seed)
|
||||
public = str(nacl_key.verify_key)
|
||||
|
||||
except NameError:
|
||||
message = 'The PyNaCl library and/or its dependencies unavailable.'
|
||||
raise tuf.UnsupportedLibraryError(message)
|
||||
|
|
@ -354,7 +355,7 @@ def verify_signature(public_key, method, signature, data, use_pynacl=False):
|
|||
except nacl.exceptions.BadSignatureError:
|
||||
pass
|
||||
|
||||
# Verify 'ed25519' signature with pure Python implementation.
|
||||
# Verify 'ed25519' signature with the pure Python implementation.
|
||||
else:
|
||||
try:
|
||||
tuf._vendor.ed25519.ed25519.checkvalid(signature, data, public)
|
||||
|
|
|
|||
|
|
@ -3380,8 +3380,8 @@ def import_rsa_privatekey_from_file(filepath, password=None):
|
|||
|
||||
# If the caller does not provide a password argument, prompt for one.
|
||||
if password is None:
|
||||
message = 'Enter a password for the encrypted RSA key file: '
|
||||
password = _get_password(message, confirm=True)
|
||||
message = 'Enter a password for the encrypted RSA file: '
|
||||
password = _get_password(message, confirm=False)
|
||||
|
||||
# Does 'password' have the correct format?
|
||||
tuf.formats.PASSWORD_SCHEMA.check_match(password)
|
||||
|
|
@ -3636,8 +3636,8 @@ def import_ed25519_privatekey_from_file(filepath, password=None):
|
|||
|
||||
# If the caller does not provide a password argument, prompt for one.
|
||||
if password is None:
|
||||
message = 'Enter a password for the encrypted ED25519 key file: '
|
||||
password = _get_password(message, confirm=True)
|
||||
message = 'Enter a password for the encrypted ED25519 key: '
|
||||
password = _get_password(message, confirm=False)
|
||||
|
||||
# Does 'password' have the correct format?
|
||||
tuf.formats.PASSWORD_SCHEMA.check_match(password)
|
||||
|
|
|
|||
Loading…
Reference in a new issue