Elgato_dark/python-tuf
1
0
Fork 0
mirror of https://github.com/theupdateframework/python-tuf synced 2026-05-24 10:08:28 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Added simple_settings, now it is a requirement of TuF.

Browse source 
Rename conf.py into the settings.py an changed import call.
This commit is contained in:
Artiom Baloian 2016-11-01 15:38:40 -04:00
parent b21ad871b9
commit b793c81739
40 changed files with 232 additions and 222 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
dev-requirements.txt
View file

@ -19,6 +19,7 @@ cffi==1.7.0
pycrypto==2.6.1
pynacl==1.0.1
cryptography==1.4.0
simple-settings==0.10.0
# Testing requirements. The rest of the testing dependencies available in
# 'tox.ini'

2
examples/client/example_client.py
View file

@ -36,7 +36,7 @@
tuf.log.set_log_level(logging.INFO)
# Set the local repository directory containing the metadata files.
tuf.conf.repository_directory = '.'
settings.repository_directory = '.'
# Set the repository mirrors. This dictionary is needed by the Updater
# class of updater.py. The client will download metadata and target

1
requirements.txt
View file

@ -1,3 +1,4 @@
simple-settings
cryptography
pynacl
pycrypto

2
setup.py
View file

@ -108,7 +108,7 @@
'Topic :: Security',
'Topic :: Software Development'
],
install_requires = ['iso8601', 'six'],
install_requires = ['iso8601', 'six', 'simple-settings'],
packages = find_packages(exclude=['tests']),
extras_require = extras,
scripts = [

1
tests/aggregate_tests.py
View file

@ -35,6 +35,7 @@
import unittest
import glob
import random
from simple_settings import settings
# 'unittest2' required for testing under Python < 2.7.
if sys.version_info >= (2, 7):

2
tests/slow_retrieval_server.py
View file

@ -73,7 +73,7 @@ def do_GET(self):
# Throttle the file by sending a character every few seconds.
# NOTE: The for-loop below completes early if the download file
# (len(data)) is small. 'download.py' waits at least
# 'tuf.conf.SLOW_START_GRACE_PERIOD' seconds before triggering a
# 'settings.SLOW_START_GRACE_PERIOD' seconds before triggering a
# potential slow retrieval error.
for i in range(len(data)):
self.wfile.write(data[i].encode('utf-8'))

5
tests/test_arbitrary_package_attack.py
View file

@ -58,6 +58,7 @@
import tuf.log
import tuf.client.updater as updater
import tuf.unittest_toolbox as unittest_toolbox
from simple_settings import settings
import six
@ -145,9 +146,9 @@ def setUp(self):
url_prefix = \
'http://localhost:' + str(self.SERVER_PORT) + repository_basepath
# Setting 'tuf.conf.repository_directory' with the temporary client
# Setting 'settings.repository_directory' with the temporary client
# directory copied from the original repository files.
tuf.conf.repository_directory = self.client_directory
settings.repository_directory = self.client_directory
self.repository_mirrors = {'mirror1': {'url_prefix': url_prefix,
'metadata_path': 'metadata',
'targets_path': 'targets',

8
tests/test_download.py
View file

@ -37,7 +37,7 @@
import unittest
import tuf
import tuf.conf
from simple_settings import settings
import tuf.download as download
import tuf.log
import tuf.unittest_toolbox as unittest_toolbox
@ -195,9 +195,9 @@ def test__get_opener(self):
with open(fake_cacert, 'wt') as file_object:
file_object.write('fake cacert')
tuf.conf.ssl_certificates = fake_cacert
settings.ssl_certificates = fake_cacert
tuf.download._get_opener('https')
tuf.conf.ssl_certificates = None
settings.ssl_certificates = None
@ -225,7 +225,7 @@ def test_https_connection(self):
https_url = 'https://localhost:' + str(port) + '/' + relative_target_filepath
# Download the target file using an https connection.
tuf.conf.ssl_certificates = 'ssl_cert.crt'
settings.ssl_certificates = 'ssl_cert.crt'
message = 'Downloading target file from https server: ' + https_url
logger.info(message)
try:

10
tests/test_endless_data_attack.py
View file

@ -61,7 +61,7 @@
import tuf.unittest_toolbox as unittest_toolbox
import tuf.roledb
import tuf.keydb
from simple_settings import settings
import six
logger = logging.getLogger('tuf.test_endless_data_attack')
@ -148,9 +148,9 @@ def setUp(self):
url_prefix = \
'http://localhost:' + str(self.SERVER_PORT) + repository_basepath
# Setting 'tuf.conf.repository_directory' with the temporary client
# Setting 'settings.repository_directory' with the temporary client
# directory copied from the original repository files.
tuf.conf.repository_directory = self.client_directory
settings.repository_directory = self.client_directory
self.repository_mirrors = {'mirror1': {'url_prefix': url_prefix,
'metadata_path': 'metadata',
'targets_path': 'targets',
@ -176,7 +176,7 @@ def test_without_tuf(self):
# a non-TUF client that does not verify hashes, detect mix-and-mix attacks,
# etc.) A tuf client, on the other hand, should only download target files
# up to their expected lengths, as explicitly specified in metadata, or
# 'tuf/conf.py' (when retrieving 'timestamp.json' and 'root.json unsafely'.)
# 'tuf/settings.py' (when retrieving 'timestamp.json' and 'root.json unsafely'.)
# Test: Download a valid target file from the repository.
# Ensure the target file to be downloaded has not already been downloaded,
@ -279,7 +279,7 @@ def test_with_tuf(self):
# Does the TUF client download the upper limit of an unsafely fetched
# 'timestamp.json'? 'timestamp.json' must not be greater than
# 'tuf.conf.DEFAULT_TIMESTAMP_REQUIRED_LENGTH'.
# 'settings.DEFAULT_TIMESTAMP_REQUIRED_LENGTH'.
try:
self.repository_updater.refresh()

6
tests/test_extraneous_dependencies_attack.py
View file

@ -62,7 +62,7 @@
import tuf.roledb
import tuf.keydb
import tuf.unittest_toolbox as unittest_toolbox
from simple_settings import settings
import six
logger = logging.getLogger('tuf.test_extraneous_dependencies_attack')
@ -153,9 +153,9 @@ def setUp(self):
url_prefix = \
'http://localhost:' + str(self.SERVER_PORT) + repository_basepath
# Setting 'tuf.conf.repository_directory' with the temporary client
# Setting 'settings.repository_directory' with the temporary client
# directory copied from the original repository files.
tuf.conf.repository_directory = self.client_directory
settings.repository_directory = self.client_directory
self.repository_mirrors = {'mirror1': {'url_prefix': url_prefix,
'metadata_path': 'metadata',
'targets_path': 'targets',

5
tests/test_indefinite_freeze_attack.py
View file

@ -67,6 +67,7 @@
import tuf.unittest_toolbox as unittest_toolbox
import tuf.roledb
import tuf.keydb
from simple_settings import settings
import six
@ -161,9 +162,9 @@ def setUp(self):
url_prefix = \
'http://localhost:' + str(self.SERVER_PORT) + repository_basepath
# Setting 'tuf.conf.repository_directory' with the temporary client
# Setting 'settings.repository_directory' with the temporary client
# directory copied from the original repository files.
tuf.conf.repository_directory = self.client_directory
settings.repository_directory = self.client_directory
self.repository_mirrors = {'mirror1': {'url_prefix': url_prefix,
'metadata_path': 'metadata',
'targets_path': 'targets',

10
tests/test_interpose_updater.py
View file

@ -35,7 +35,7 @@
import tuf
import tuf.util
import tuf.conf
from simple_settings import settings
import tuf.log
import tuf.interposition.updater as updater
import tuf.interposition.configuration as configuration
@ -140,9 +140,9 @@ def setUp(self):
port = self.SERVER_PORT
url_prefix = 'http://localhost:' + str(port) + repository_basepath
# Setting 'tuf.conf.repository_directory' with the temporary client
# Setting 'settings.repository_directory' with the temporary client
# directory copied from the original repository files.
tuf.conf.repository_directory = self.client_directory
settings.repository_directory = self.client_directory
self.repository_mirrors = {'mirror': {'url_prefix': url_prefix,
'metadata_path': 'metadata',
@ -394,9 +394,9 @@ def setUp(self):
port = self.SERVER_PORT
url_prefix = 'http://localhost:' + str(port) + repository_basepath
# Setting 'tuf.conf.repository_directory' with the temporary client
# Setting 'settings.repository_directory' with the temporary client
# directory copied from the original repository files.
tuf.conf.repository_directory = self.client_directory
settings.repository_directory = self.client_directory
self.repository_mirrors = {'mirror': {'url_prefix': url_prefix,
'metadata_path': 'metadata',

6
tests/test_key_revocation_integration.py
View file

@ -53,7 +53,7 @@
import tuf
import tuf.log
import tuf.conf
from simple_settings import settings
import tuf.roledb
import tuf.keydb
import tuf.repository_tool as repo_tool
@ -153,9 +153,9 @@ def setUp(self):
url_prefix = \
'http://localhost:' + str(self.SERVER_PORT) + repository_basepath
# Setting 'tuf.conf.repository_directory' with the temporary client
# Setting 'settings.repository_directory' with the temporary client
# directory copied from the original repository files.
tuf.conf.repository_directory = self.client_directory
settings.repository_directory = self.client_directory
self.repository_mirrors = {'mirror1': {'url_prefix': url_prefix,
'metadata_path': 'metadata',

3
tests/test_keydb.py
View file

@ -33,6 +33,7 @@
import tuf.keys
import tuf.keydb
import tuf.log
from simple_settings import settings
logger = logging.getLogger('tuf.test_keydb')
@ -41,7 +42,7 @@
KEYS = []
for junk in range(3):
rsa_key = tuf.keys.generate_rsa_key(2048)
rsa_key['keyid_hash_algorithms'] = tuf.conf.REPOSITORY_HASH_ALGORITHMS
rsa_key['keyid_hash_algorithms'] = settings.REPOSITORY_HASH_ALGORITHMS
KEYS.append(rsa_key)

5
tests/test_log.py
View file

@ -23,6 +23,7 @@
import tuf
import tuf.log
from simple_settings import settings
logger = logging.getLogger('tuf.test_log')
@ -67,8 +68,8 @@ def test_set_filehandler_log_level(self):
tuf.log.set_log_level(level)
# Test that the log level of the file handler cannot be set because
# file logging is disabled (via tuf.conf.ENABLE_FILE_LOGGING).
tuf.conf.ENABLE_FILE_LOGGING = False
# file logging is disabled (via settings.ENABLE_FILE_LOGGING).
settings.ENABLE_FILE_LOGGING = False
imp.reload(tuf.log)
#self.assertRaises(tuf.ssl_commons.exceptions.Error, tuf.log.set_filehandler_log_level, logging.INFO)

5
tests/test_mix_and_match_attack.py
View file

@ -60,6 +60,7 @@
import tuf.unittest_toolbox as unittest_toolbox
import tuf.roledb
import tuf.keydb
from simple_settings import settings
import six
@ -155,9 +156,9 @@ def setUp(self):
url_prefix = \
'http://localhost:' + str(self.SERVER_PORT) + repository_basepath
# Setting 'tuf.conf.repository_directory' with the temporary client
# Setting 'settings.repository_directory' with the temporary client
# directory copied from the original repository files.
tuf.conf.repository_directory = self.client_directory
settings.repository_directory = self.client_directory
self.repository_mirrors = {'mirror1': {'url_prefix': url_prefix,
'metadata_path': 'metadata',
'targets_path': 'targets',

6
tests/test_replay_attack.py
View file

@ -59,7 +59,7 @@
import tuf.client.updater as updater
import tuf.repository_tool as repo_tool
import tuf.unittest_toolbox as unittest_toolbox
from simple_settings import settings
import six
# The repository tool is imported and logs console messages by default. Disable
@ -154,9 +154,9 @@ def setUp(self):
url_prefix = \
'http://localhost:' + str(self.SERVER_PORT) + repository_basepath
# Setting 'tuf.conf.repository_directory' with the temporary client
# Setting 'settings.repository_directory' with the temporary client
# directory copied from the original repository files.
tuf.conf.repository_directory = self.client_directory
settings.repository_directory = self.client_directory
self.repository_mirrors = {'mirror1': {'url_prefix': url_prefix,
'metadata_path': 'metadata',
'targets_path': 'targets',

12
tests/test_repository_lib.py
View file

@ -49,7 +49,7 @@
import tuf.roledb
import tuf.keydb
import tuf.ssl_crypto.hash
import tuf.conf
from simple_settings import settings
import tuf.repository_lib as repo_lib
import tuf.repository_tool as repo_tool
@ -760,7 +760,7 @@ def test_write_metadata_file(self):
# this case. For testing purposes, root.json should be a hard link to the
# consistent metadata file. We should verify that root.json points to
# the latest consistent files.
tuf.conf.CONSISTENT_METHOD = 'hard_link'
settings.CONSISTENT_METHOD = 'hard_link'
repo_lib.write_metadata_file(root_signable, output_filename,
version_number,
compression_algorithms,
@ -787,8 +787,8 @@ def test_write_metadata_file(self):
self.assertNotEqual(os.stat(output_filename).st_ino, os.stat(first_version_output_file).st_ino)
self.assertEqual(os.stat(output_filename).st_ino, os.stat(second_version_output_file).st_ino)
# Test for an improper tuf.conf.CONSISTENT_METHOD string value.
tuf.conf.CONSISTENT_METHOD = 'somebadidea'
# Test for an improper settings.CONSISTENT_METHOD string value.
settings.CONSISTENT_METHOD = 'somebadidea'
self.assertRaises(tuf.ssl_commons.exceptions.InvalidConfigurationError, repo_lib.write_metadata_file,
root_signable, output_filename,
version_number,
@ -797,7 +797,7 @@ def test_write_metadata_file(self):
# Try to create a link to root.json when root.json doesn't exist locally.
# repository_lib should log a message if this is the case.
tuf.conf.CONSISTENT_METHOD = 'hard_link'
settings.CONSISTENT_METHOD = 'hard_link'
os.remove(output_filename)
repo_lib.write_metadata_file(root_signable, output_filename,
version_number,
@ -805,7 +805,7 @@ def test_write_metadata_file(self):
consistent_snapshot=True)
# Reset CONSISTENT_METHOD so that subsequent tests work as expected.
tuf.conf.CONSISTENT_METHOD = 'copy'
settings.CONSISTENT_METHOD = 'copy'
# Test for unknown compression algorithm.
self.assertRaises(tuf.ssl_commons.exceptions.FormatError, repo_lib.write_metadata_file,

18
tests/test_slow_retrieval_attack.py
View file

@ -25,7 +25,7 @@
never complete. Test cases included for two types of slow retrievals: data
that slowly trickles in, and data that is only returned after a long time
delay. TUF prevents slow retrieval attacks by ensuring the download rate
does not fall below a required rate (tuf.conf.MIN_AVERAGE_DOWNLOAD_SPEED).
does not fall below a required rate (settings.MIN_AVERAGE_DOWNLOAD_SPEED).
Note: There is no difference between 'updates' and 'target' files.
"""
@ -64,7 +64,7 @@
import tuf.repository_tool as repo_tool
import tuf.roledb
import tuf.keydb
from simple_settings import settings
import six
logger = logging.getLogger('tuf.test_slow_retrieval_attack')
@ -161,9 +161,9 @@ def setUp(self):
# sleep for a total of (target file size) seconds. Add a target file
# that contains sufficient number of bytes to trigger a slow retrieval
# error. "sufficient number of bytes" assumed to be
# >> 'tuf.conf.SLOW_START_GRACE_PERIOD' bytes.
# >> 'settings.SLOW_START_GRACE_PERIOD' bytes.
extra_bytes = 8
total_bytes = tuf.conf.SLOW_START_GRACE_PERIOD + extra_bytes
total_bytes = settings.SLOW_START_GRACE_PERIOD + extra_bytes
repository = repo_tool.load_repository(self.repository_directory)
file1_filepath = os.path.join(self.repository_directory, 'targets',
@ -199,9 +199,9 @@ def setUp(self):
url_prefix = \
'http://localhost:' + str(self.SERVER_PORT) + repository_basepath
# Setting 'tuf.conf.repository_directory' with the temporary client
# Setting 'settings.repository_directory' with the temporary client
# directory copied from the original repository files.
tuf.conf.repository_directory = self.client_directory
settings.repository_directory = self.client_directory
self.repository_mirrors = {'mirror1': {'url_prefix': url_prefix,
'metadata_path': 'metadata',
'targets_path': 'targets',
@ -262,8 +262,8 @@ def test_with_tuf_mode_2(self):
server_process = self._start_slow_server('mode_2')
client_filepath = os.path.join(self.client_directory, 'file1.txt')
original_average_download_speed = tuf.conf.MIN_AVERAGE_DOWNLOAD_SPEED
tuf.conf.MIN_AVERAGE_DOWNLOAD_SPEED = 3
original_average_download_speed = settings.MIN_AVERAGE_DOWNLOAD_SPEED
settings.MIN_AVERAGE_DOWNLOAD_SPEED = 3
try:
file1_target = self.repository_updater.target('file1.txt')
@ -289,7 +289,7 @@ def test_with_tuf_mode_2(self):
finally:
self._stop_slow_server(server_process)
tuf.conf.MIN_AVERAGE_DOWNLOAD_SPEED = original_average_download_speed
settings.MIN_AVERAGE_DOWNLOAD_SPEED = original_average_download_speed
if __name__ == '__main__':

22
tests/test_updater.py
View file

@ -65,7 +65,7 @@
import tuf
import tuf.util
import tuf.conf
from simple_settings import settings
import tuf.log
import tuf.tufformats
import tuf.keydb
@ -167,9 +167,9 @@ def setUp(self):
url_prefix = \
'http://localhost:' + str(self.SERVER_PORT) + repository_basepath
# Setting 'tuf.conf.repository_directory' with the temporary client
# Setting 'settings.repository_directory' with the temporary client
# directory copied from the original repository files.
tuf.conf.repository_directory = self.client_directory
settings.repository_directory = self.client_directory
self.repository_mirrors = {'mirror1': {'url_prefix': url_prefix,
'metadata_path': 'metadata',
@ -219,12 +219,12 @@ def test_1__init__exceptions(self):
# 'tuf.client.updater.py' requires that the client's repository directory
# be configured in 'tuf.conf.py'.
tuf.conf.repository_directory = None
# be configured in 'tuf.settings.py'.
settings.repository_directory = None
self.assertRaises(tuf.ssl_commons.exceptions.RepositoryError, updater.Updater, 'test_repository',
self.repository_mirrors)
# Restore 'tuf.conf.repository_directory' to the original client directory.
tuf.conf.repository_directory = self.client_directory
# Restore 'settings.repository_directory' to the original client directory.
settings.repository_directory = self.client_directory
# Test: empty client repository (i.e., no metadata directory).
@ -619,10 +619,10 @@ def test_3__update_metadata(self):
# This is the default metadata that we would create for the timestamp role,
# because it has no signed metadata for itself.
DEFAULT_TIMESTAMP_FILELENGTH = tuf.conf.DEFAULT_TIMESTAMP_REQUIRED_LENGTH
DEFAULT_TIMESTAMP_FILELENGTH = settings.DEFAULT_TIMESTAMP_REQUIRED_LENGTH
# This is the the upper bound length for Targets metadata.
DEFAULT_TARGETS_FILELENGTH = tuf.conf.DEFAULT_TARGETS_REQUIRED_LENGTH
DEFAULT_TARGETS_FILELENGTH = settings.DEFAULT_TARGETS_REQUIRED_LENGTH
# Save the versioninfo of 'targets.json,' needed later when re-installing
# with _update_metadata().
@ -754,7 +754,7 @@ def test_3__update_metadata_if_changed(self):
# Update 'targets.json' and verify that the client's current 'targets.json'
# has been updated. 'timestamp' and 'snapshot' must be manually updated
# so that new 'targets' can be recognized.
DEFAULT_TIMESTAMP_FILELENGTH = tuf.conf.DEFAULT_TIMESTAMP_REQUIRED_LENGTH
DEFAULT_TIMESTAMP_FILELENGTH = settings.DEFAULT_TIMESTAMP_REQUIRED_LENGTH
self.repository_updater._update_metadata('timestamp', DEFAULT_TIMESTAMP_FILELENGTH)
self.repository_updater._update_metadata_if_changed('snapshot', 'timestamp')
@ -1079,7 +1079,7 @@ def test_6_download_target(self):
download_filepath = \
os.path.join(destination_directory, target_filepath1.lstrip('/'))
self.assertTrue(os.path.exists(download_filepath))
length, hashes = tuf.util.get_file_details(download_filepath, tuf.conf.REPOSITORY_HASH_ALGORITHMS)
length, hashes = tuf.util.get_file_details(download_filepath, settings.REPOSITORY_HASH_ALGORITHMS)
download_targetfileinfo = tuf.tufformats.make_fileinfo(length, hashes)
# Add any 'custom' data from the repository's target fileinfo to the

6
tests/test_updater_root_rotation_integration.py
View file

@ -57,7 +57,7 @@
import tuf
import tuf.util
import tuf.conf
from simple_settings import settings
import tuf.log
import tuf.tufformats
import tuf.keydb
@ -159,9 +159,9 @@ def setUp(self):
url_prefix = \
'http://localhost:' + str(self.SERVER_PORT) + repository_basepath
# Setting 'tuf.conf.repository_directory' with the temporary client
# Setting 'settings.repository_directory' with the temporary client
# directory copied from the original repository files.
tuf.conf.repository_directory = self.client_directory
settings.repository_directory = self.client_directory
self.repository_mirrors = {'mirror1': {'url_prefix': url_prefix,
'metadata_path': 'metadata',

17
tests/test_util.py
View file

@ -38,6 +38,7 @@
import tuf.log
import tuf.ssl_crypto.hash
import tuf.util
from simple_settings import settings
import tuf.unittest_toolbox as unittest_toolbox
import six
@ -68,15 +69,15 @@ def test_A1_tempfile_close_temp_file(self):
def _extract_tempfile_directory(self, config_temp_dir=None):
"""
Takes a directory (essentially specified in the conf.py as
Takes a directory (essentially specified in the settings.py as
'temporary_directory') and substitutes tempfile.TemporaryFile() with
tempfile.mkstemp() in order to extract actual directory of the stored
tempfile. Returns the config's temporary directory (or default temp
directory) and actual directory.
"""
# Patching 'tuf.conf.temporary_directory'.
tuf.conf.temporary_directory = config_temp_dir
# Patching 'settings.temporary_directory'.
settings.temporary_directory = config_temp_dir
if config_temp_dir is None:
# 'config_temp_dir' needs to be set to default.
@ -104,22 +105,22 @@ def _extract_tempfile_directory(self, config_temp_dir=None):
def test_A2_tempfile_init(self):
# Goal: Verify that temporary files are stored in the appropriate temp
# directory. The location of the temporary files is set in 'tuf.conf.py'.
# directory. The location of the temporary files is set in 'tuf.settings.py'.
# Test: Expected input verification.
# Assumed 'tuf.conf.temporary_directory' is 'None' initially.
# Assumed 'settings.temporary_directory' is 'None' initially.
temp_file = tuf.util.TempFile()
temp_file_directory = os.path.dirname(temp_file.temporary_file.name)
self.assertEqual(tempfile.gettempdir(), temp_file_directory)
saved_temporary_directory = tuf.conf.temporary_directory
saved_temporary_directory = settings.temporary_directory
temp_directory = self.make_temp_directory()
tuf.conf.temporary_directory = temp_directory
settings.temporary_directory = temp_directory
temp_file = tuf.util.TempFile()
temp_file_directory = os.path.dirname(temp_file.temporary_file.name)
self.assertEqual(temp_directory, temp_file_directory)
tuf.conf.temporary_directory = saved_temporary_directory
settings.temporary_directory = saved_temporary_directory
# Test: Unexpected input handling.
config_temp_dirs = [self.random_string(), 123, ['a'], {'a':1}]

4
tuf/README.md
View file

@ -84,7 +84,7 @@ The repository tool supports multiple public-key algorithms, such as
[RSA](https://en.wikipedia.org/wiki/RSA_%28cryptosystem%29) and
[Ed25519](http://ed25519.cr.yp.to/), and multiple cryptography libraries.
Which cryptography library to use is determined by the default, or user modified,
settings in [conf.py](conf.py).
settings in [settings.py](settings.py).
The [PyCrypto](https://www.dlitz.net/software/pycrypto/) library may be
selected to generate RSA keys and
@ -911,7 +911,7 @@ $ python slow_retrieval_server.py 8002 mode_2
The client may now make a request to the slow retrieval server on port 8002.
However, before doing so, we'll reduce (for the purposes of this demo) the
minimum average download rate allowed and download chunk size. Open the
'conf.py' module and set MIN_AVERAGE_DOWNLOAD_SPEED = 5 and CHUNK_SIZE = 1.
'settings.py' module and set MIN_AVERAGE_DOWNLOAD_SPEED = 5 and CHUNK_SIZE = 1.
This should make it so that the client detects the slow retrieval server's
delayed streaming.

3
tuf/__init__.py
View file

@ -1 +1,2 @@
import os
os.environ['SIMPLE_SETTINGS'] = "tuf.settings"

4
tuf/client/README.md
View file

@ -54,10 +54,10 @@ can decide how to proceed rather than automatically downloading a new Root file.
# from this module.
import tuf.client.updater
# The only other module the client interacts with is 'tuf.conf'. The
# The only other module the client interacts with is 'settings'. The
# client accesses this module solely to set the repository directory.
# This directory will hold the files downloaded from a remote repository.
tuf.conf.repository_directory = 'path/to/local_repository'
settings.repository_directory = 'path/to/local_repository'
# Next, the client creates a dictionary object containing the repository
# mirrors. The client may download content from any one of these mirrors.

36
tuf/client/updater.py
View file

@ -51,10 +51,10 @@
# from this module.
import tuf.client.updater
# The only other module the client interacts with is 'tuf.conf'. The
# The only other module the client interacts with is 'settings'. The
# client accesses this module solely to set the repository directory.
# This directory will hold the files downloaded from a remote repository.
tuf.conf.repository_directory = 'local-repository'
settings.repository_directory = 'local-repository'
# Next, the client creates a dictionary object containing the repository
# mirrors. The client may download content from any one of these mirrors.
@ -116,7 +116,7 @@
import fnmatch
import tuf
import tuf.conf
from simple_settings import settings
import tuf.download
import tuf.tufformats
import tuf.ssl_crypto.hash
@ -238,12 +238,12 @@ def __init__(self, updater_name, repository_mirrors):
In order to use an updater, the following directories must already
exist locally:
{tuf.conf.repository_directory}/metadata/current
{tuf.conf.repository_directory}/metadata/previous
{settings.repository_directory}/metadata/current
{settings.repository_directory}/metadata/previous
and, at a minimum, the root metadata file must exist:
{tuf.conf.repository_directory}/metadata/current/root.json
{settings.repository_directory}/metadata/current/root.json
<Arguments>
updater_name:
@ -320,13 +320,13 @@ def __init__(self, updater_name, repository_mirrors):
self.consistent_snapshot = False
# Ensure the repository metadata directory has been set.
if tuf.conf.repository_directory is None:
if settings.repository_directory is None:
raise tuf.ssl_commons.exceptions.RepositoryError('The TUF update client module must specify the'
' directory containing the local repository files.'
' "tuf.conf.repository_directory" MUST be set.')
' "settings.repository_directory" MUST be set.')
# Set the path for the current set of metadata files.
repository_directory = tuf.conf.repository_directory
repository_directory = settings.repository_directory
current_path = os.path.join(repository_directory, 'metadata', 'current')
# Ensure the current path is valid/exists before saving it.
@ -637,14 +637,14 @@ def refresh(self, unsafely_update_root_if_necessary=True):
# The Timestamp role does not have signed metadata about it; otherwise we
# would need an infinite regress of metadata. Therefore, we use some
# default, but sane, upper file length for its metadata.
DEFAULT_TIMESTAMP_UPPERLENGTH = tuf.conf.DEFAULT_TIMESTAMP_REQUIRED_LENGTH
DEFAULT_TIMESTAMP_UPPERLENGTH = settings.DEFAULT_TIMESTAMP_REQUIRED_LENGTH
# The Root role may be updated without knowing its version number if
# top-level metadata cannot be safely downloaded (e.g., keys may have been
# revoked, thus requiring a new Root file that includes the updated keys)
# and 'unsafely_update_root_if_necessary' is True.
# We use some default, but sane, upper file length for its metadata.
DEFAULT_ROOT_UPPERLENGTH = tuf.conf.DEFAULT_ROOT_REQUIRED_LENGTH
DEFAULT_ROOT_UPPERLENGTH = settings.DEFAULT_ROOT_REQUIRED_LENGTH
# Update the top-level metadata. The _update_metadata_if_changed() and
# _update_metadata() calls below do NOT perform an update if there
@ -715,7 +715,7 @@ def _update_root_metadata(self, current_root_metadata, compression_algorithm=Non
# Retrieve the latest, remote root.json.
latest_root_metadata_file = \
self._get_metadata_file('root', 'root.json',
tuf.conf.DEFAULT_ROOT_REQUIRED_LENGTH, None,
settings.DEFAULT_ROOT_REQUIRED_LENGTH, None,
compression_algorithm=compression_algorithm)
latest_root_metadata = \
tuf.util.load_json_string(latest_root_metadata_file.read().decode('utf-8'))
@ -734,7 +734,7 @@ def _update_root_metadata(self, current_root_metadata, compression_algorithm=Non
# in the latest root.json after running through the intermediates with
# _update_metadata().
self.consistent_snapshot = True
self._update_metadata('root', tuf.conf.DEFAULT_ROOT_REQUIRED_LENGTH, version=version,
self._update_metadata('root', settings.DEFAULT_ROOT_REQUIRED_LENGTH, version=version,
compression_algorithm=compression_algorithm)
@ -1542,14 +1542,14 @@ def _update_metadata_if_changed(self, metadata_role,
# expected role. Note: The Timestamp role is not updated via this
# function.
if metadata_role == 'snapshot':
upperbound_filelength = tuf.conf.DEFAULT_SNAPSHOT_REQUIRED_LENGTH
upperbound_filelength = settings.DEFAULT_SNAPSHOT_REQUIRED_LENGTH
elif metadata_role == 'root':
upperbound_filelength = tuf.conf.DEFAULT_ROOT_REQUIRED_LENGTH
upperbound_filelength = settings.DEFAULT_ROOT_REQUIRED_LENGTH
# The metadata is considered Targets (or delegated Targets metadata).
else:
upperbound_filelength = tuf.conf.DEFAULT_TARGETS_REQUIRED_LENGTH
upperbound_filelength = settings.DEFAULT_TARGETS_REQUIRED_LENGTH
try:
self._update_metadata(metadata_role, upperbound_filelength,
@ -2320,7 +2320,7 @@ def _preorder_depth_first_walk(self, target_filepath):
current_metadata = self.metadata['current']
role_names = ['targets']
visited_role_names = set()
number_of_delegations = tuf.conf.MAX_NUMBER_OF_DELEGATIONS
number_of_delegations = settings.MAX_NUMBER_OF_DELEGATIONS
# Ensure the client has the most up-to-date version of 'targets.json'.
# Raise 'tuf.ssl_commons.exceptions.NoWorkingMirrorError' if the changed metadata cannot be
@ -2393,7 +2393,7 @@ def _preorder_depth_first_walk(self, target_filepath):
if target is None and number_of_delegations == 0 and len(role_names) > 0:
logger.debug(repr(len(role_names)) + ' roles left to visit, ' +
'but allowed to visit at most ' +
repr(tuf.conf.MAX_NUMBER_OF_DELEGATIONS) + ' delegations.')
repr(settings.MAX_NUMBER_OF_DELEGATIONS) + ' delegations.')
return target

2
tuf/developer_tool.py
View file

@ -44,7 +44,7 @@
import tuf.keys
import tuf.sig
import tuf.log
import tuf.conf
from simple_settings import settings
import tuf.repository_tool
import six

46
tuf/download.py
View file

@ -37,7 +37,7 @@
import time
import tuf
import tuf.conf
from simple_settings import settings
import tuf.ssl_crypto.hash
import tuf.util
import tuf.tufformats
@ -73,7 +73,7 @@ def safe_download(url, required_length):
<Arguments>
url:
A URL string that represents the location of the file. The URI scheme
component must be one of 'tuf.conf.SUPPORTED_URI_SCHEMES'.
component must be one of 'settings.SUPPORTED_URI_SCHEMES'.
required_length:
An integer value representing the length of the file. This is an exact
@ -101,17 +101,17 @@ def safe_download(url, required_length):
tuf.ssl_crypto.formats.LENGTH_SCHEMA.check_match(required_length)
# Ensure 'url' specifies one of the URI schemes in
# 'tuf.conf.SUPPORTED_URI_SCHEMES'. Be default, ['http', 'https'] is
# 'settings.SUPPORTED_URI_SCHEMES'. Be default, ['http', 'https'] is
# supported. If the URI scheme of 'url' is empty or "file", files on the
# local system can be accessed. Unexpected files may be accessed by
# compromised metadata (unlikely to happen if targets.json metadata is signed
# with offline keys).
parsed_url = six.moves.urllib.parse.urlparse(url)
if parsed_url.scheme not in tuf.conf.SUPPORTED_URI_SCHEMES:
if parsed_url.scheme not in settings.SUPPORTED_URI_SCHEMES:
message = \
repr(url) + ' specifies an unsupported URI scheme. Supported ' + \
' URI Schemes: ' + repr(tuf.conf.SUPPORTED_URI_SCHEMES)
' URI Schemes: ' + repr(settings.SUPPORTED_URI_SCHEMES)
raise tuf.ssl_commons.exceptions.FormatError(message)
return _download_file(url, required_length, STRICT_REQUIRED_LENGTH=True)
@ -137,7 +137,7 @@ def unsafe_download(url, required_length):
<Arguments>
url:
A URL string that represents the location of the file. The URI scheme
component must be one of 'tuf.conf.SUPPORTED_URI_SCHEMES'.
component must be one of 'settings.SUPPORTED_URI_SCHEMES'.
required_length:
An integer value representing the length of the file. This is an upper
@ -165,17 +165,17 @@ def unsafe_download(url, required_length):
tuf.ssl_crypto.formats.LENGTH_SCHEMA.check_match(required_length)
# Ensure 'url' specifies one of the URI schemes in
# 'tuf.conf.SUPPORTED_URI_SCHEMES'. Be default, ['http', 'https'] is
# 'settings.SUPPORTED_URI_SCHEMES'. Be default, ['http', 'https'] is
# supported. If the URI scheme of 'url' is empty or "file", files on the
# local system can be accessed. Unexpected files may be accessed by
# compromised metadata (unlikely to happen if targets.json metadata is signed
# with offline keys).
parsed_url = six.moves.urllib.parse.urlparse(url)
if parsed_url.scheme not in tuf.conf.SUPPORTED_URI_SCHEMES:
if parsed_url.scheme not in settings.SUPPORTED_URI_SCHEMES:
message = \
repr(url) + ' specifies an unsupported URI scheme. Supported ' + \
' URI Schemes: ' + repr(tuf.conf.SUPPORTED_URI_SCHEMES)
' URI Schemes: ' + repr(settings.SUPPORTED_URI_SCHEMES)
raise tuf.ssl_commons.exceptions.FormatError(message)
return _download_file(url, required_length, STRICT_REQUIRED_LENGTH=False)
@ -308,10 +308,10 @@ def _download_fixed_amount_of_data(connection, temp_file, required_length):
"""
# Tolerate servers with a slow start by ignoring their delivery speed for
# 'tuf.conf.SLOW_START_GRACE_PERIOD' seconds. Set 'seconds_spent_receiving'
# 'settings.SLOW_START_GRACE_PERIOD' seconds. Set 'seconds_spent_receiving'
# to negative SLOW_START_GRACE_PERIOD seconds, and begin checking the average
# download speed once it is positive.
grace_period = -tuf.conf.SLOW_START_GRACE_PERIOD
grace_period = -settings.SLOW_START_GRACE_PERIOD
# Keep track of total bytes downloaded.
number_of_bytes_received = 0
@ -328,7 +328,7 @@ def _download_fixed_amount_of_data(connection, temp_file, required_length):
# in the while loop.
time.sleep(0.05)
data = b''
read_amount = min(tuf.conf.CHUNK_SIZE,
read_amount = min(settings.CHUNK_SIZE,
required_length - number_of_bytes_received)
try:
@ -355,14 +355,14 @@ def _download_fixed_amount_of_data(connection, temp_file, required_length):
# Measure the average download speed.
average_download_speed = number_of_bytes_received / seconds_spent_receiving
if average_download_speed < tuf.conf.MIN_AVERAGE_DOWNLOAD_SPEED:
if average_download_speed < settings.MIN_AVERAGE_DOWNLOAD_SPEED:
logger.debug('The average download speed dropped below the minimum'
' average download speed set in conf.py.')
' average download speed set in settings.py.')
break
else:
logger.debug('The average download speed has not dipped below the'
' mimimum average download speed set in conf.py.')
' mimimum average download speed set in settings.py.')
# We might have no more data to read. Check number of bytes downloaded.
if not data:
@ -411,7 +411,7 @@ def _get_opener(scheme=None):
"""
if scheme == "https":
assert os.path.isfile(tuf.conf.ssl_certificates)
assert os.path.isfile(settings.ssl_certificates)
# If we are going over https, use an opener which will provide SSL
# certificate verification.
@ -470,7 +470,7 @@ def _open_connection(url):
opener = _get_opener(scheme=parsed_url.scheme)
request = _get_request(url)
return opener.open(request, timeout = tuf.conf.SOCKET_TIMEOUT)
return opener.open(request, timeout = settings.SOCKET_TIMEOUT)
@ -608,7 +608,7 @@ def _check_downloaded_length(total_downloaded, required_length,
total_downloaded is not equal required_length.
tuf.ssl_commons.exceptions.SlowRetrievalError, if the total downloaded was done in in less than
the acceptable download speed (as set in tuf.conf.py).
the acceptable download speed (as set in tuf.settings.py).
<Returns>
None.
@ -631,9 +631,9 @@ def _check_downloaded_length(total_downloaded, required_length,
# If the average download speed is below a certain threshold, we flag
# this as a possible slow-retrieval attack.
logger.debug('Average download speed: ' + repr(average_download_speed))
logger.debug('Minimum average download speed: ' + repr(tuf.conf.MIN_AVERAGE_DOWNLOAD_SPEED))
logger.debug('Minimum average download speed: ' + repr(settings.MIN_AVERAGE_DOWNLOAD_SPEED))
if average_download_speed < tuf.conf.MIN_AVERAGE_DOWNLOAD_SPEED:
if average_download_speed < settings.MIN_AVERAGE_DOWNLOAD_SPEED:
raise tuf.ssl_commons.exceptions.SlowRetrievalError(average_download_speed)
else:
@ -647,7 +647,7 @@ def _check_downloaded_length(total_downloaded, required_length,
# will log a warning anyway. This is useful when we wish to download the
# Timestamp or Root metadata, for which we have no signed metadata; so,
# we must guess a reasonable required_length for it.
if average_download_speed < tuf.conf.MIN_AVERAGE_DOWNLOAD_SPEED:
if average_download_speed < settings.MIN_AVERAGE_DOWNLOAD_SPEED:
raise tuf.ssl_commons.exceptions.SlowRetrievalError(average_download_speed)
else:
@ -688,8 +688,8 @@ def connect(self):
self._tunnel()
# set location of certificate authorities
assert os.path.isfile(tuf.conf.ssl_certificates)
cert_path = tuf.conf.ssl_certificates
assert os.path.isfile(settings.ssl_certificates)
cert_path = settings.ssl_certificates
# TODO: Disallow SSLv2.
# http://docs.python.org/dev/library/ssl.html#protocol-versions

22
tuf/interposition/updater.py
View file

@ -126,7 +126,7 @@
}
}
# After creating 'tuf.configuration.json' and the example updater module, run
# After creating 'settingsiguration.json' and the example updater module, run
# 'interposition.py'. The urllib calls will be intercepted, and information
# about the update process is generated to a log file named 'tuf.log' in the
# same directory, which can be reviewed.
@ -148,7 +148,7 @@
import logging
import tuf.client.updater
import tuf.conf
from simple_settings import settings
import tuf.log
import six
@ -198,7 +198,7 @@ class Updater(object):
switch_context():
There is an updater object for each network location that is interposed.
Context switching is required because there are multiple
'tuf.client.updater' objects and each one depends on tuf.conf settings
'tuf.client.updater' objects and each one depends on settings settings
that are shared.
"""
@ -264,7 +264,7 @@ def __init__(self, configuration):
logger.debug('Created temporary directory at ' + repr(self.tempdir))
# Switching context before instantiating updater because updater depends
# on some module (tuf.conf) variables.
# on some module (settings) variables.
self.switch_context()
# Instantiating a 'tuf.client.updater' object causes all the configurations
@ -396,7 +396,7 @@ def download_target(self, target_filepath):
os.path.join(destination_directory, target_filepath.lstrip(os.sep))
# Switch TUF context. Switching context before instantiating updater
# because updater depends on some module (tuf.conf) variables.
# because updater depends on some module (settings) variables.
self.switch_context()
# Locate the fileinfo of 'target_filepath'. updater.target() searches
@ -626,12 +626,12 @@ def switch_context(self):
<Purpose>
There is an updater object for each network location that is interposed.
Context switching is required because there are multiple
'tuf.client.updater' objects and each one depends on tuf.conf settings
'tuf.client.updater' objects and each one depends on settings settings
that are shared.
For this, two settings are required:
1. Setting local repository directory in 'tuf.conf'.
1. Setting local repository directory in 'settings'.
2. Setting the local SSL certificate PEM file.
<Arguments>
@ -642,18 +642,18 @@ def switch_context(self):
<Side Effects>
The given configuration's 'repository_directory' and ssl_certificates
settings are set to 'tuf.conf.repository_directory' and
'tuf.conf.ssl_certificates', respectively.
settings are set to 'settings.repository_directory' and
'settings.ssl_certificates', respectively.
<Returns>
None
"""
# Set the local repository directory containing the metadata files.
tuf.conf.repository_directory = self.configuration.repository_directory
settings.repository_directory = self.configuration.repository_directory
# Set the local SSL certificates PEM file.
tuf.conf.ssl_certificates = self.configuration.ssl_certificates
settings.ssl_certificates = self.configuration.ssl_certificates

2
tuf/keydb.py
View file

@ -116,7 +116,7 @@ def create_keydb_from_root_metadata(root_metadata, repository_name='default'):
# format, which is the format expected by 'add_key()'. Note:
# The 'keyids' returned by format_metadata_to_key() include keyids in
# addition to the default keyid listed in 'key_dict'. The additional
# keyids are generated according to tuf.conf.REPOSITORY_HASH_ALGORITHMS.
# keyids are generated according to settings.REPOSITORY_HASH_ALGORITHMS.
key_dict, keyids = tuf.keys.format_metadata_to_key(key_metadata)
try:

104
tuf/keys.py
View file

@ -19,7 +19,7 @@
is designed to support multiple public-key algorithms, such as RSA and
Ed25519, and multiple cryptography libraries. Which cryptography library to
use is determined by the default, or user modified, values set in
'tuf.conf.py'
'tuf.settings.py'
https://en.wikipedia.org/wiki/RSA_(algorithm)
http://ed25519.cr.yp.to/
@ -132,7 +132,7 @@
import tuf
# Import the cryptography library settings.
import tuf.conf
from simple_settings import settings
# Digest objects needed to generate hashes.
import tuf.ssl_crypto.hash
@ -143,8 +143,8 @@
# The hash algorithm used in the generation of the key ID for each unique key.
# If multiple hash algorithms is desired for the generation of key IDs,
# 'tuf.conf.REPOSITORY_HASH_ALGORITHMS' can be used.
_KEY_ID_HASH_ALGORITHM = tuf.conf.DEFAULT_HASH_ALGORITHM
# 'settings.REPOSITORY_HASH_ALGORITHMS' can be used.
_KEY_ID_HASH_ALGORITHM = settings.DEFAULT_HASH_ALGORITHM
# Recommended RSA key sizes:
# http://www.emc.com/emc-plus/rsa-labs/historical/twirl-and-rsa-key-size.htm#table1
@ -155,9 +155,9 @@
# The crypto libraries to use in 'keys.py', set by default or by the user.
# The following cryptography libraries are currently supported:
# ['pycrypto', 'pynacl', 'ed25519', 'pyca-cryptography']
_RSA_CRYPTO_LIBRARY = tuf.conf.RSA_CRYPTO_LIBRARY
_ED25519_CRYPTO_LIBRARY = tuf.conf.ED25519_CRYPTO_LIBRARY
_GENERAL_CRYPTO_LIBRARY = tuf.conf.GENERAL_CRYPTO_LIBRARY
_RSA_CRYPTO_LIBRARY = settings.RSA_CRYPTO_LIBRARY
_ED25519_CRYPTO_LIBRARY = settings.ED25519_CRYPTO_LIBRARY
_GENERAL_CRYPTO_LIBRARY = settings.GENERAL_CRYPTO_LIBRARY
def generate_rsa_key(bits=_DEFAULT_RSA_KEY_BITS):
@ -203,11 +203,11 @@ def generate_rsa_key(bits=_DEFAULT_RSA_KEY_BITS):
and not at least 2048).
tuf.ssl_commons.exceptions.UnsupportedLibraryError, if any of the cryptography libraries specified
in 'tuf.conf.py' are unsupported or unavailable.
in 'tuf.settings.py' are unsupported or unavailable.
ValueError, if an exception occurs after calling the RSA key generation
routine. 'bits' must be a multiple of 256 if PyCrypto is set via
'tuf.conf.py'. The 'ValueError' exception is raised by the key generation
'tuf.settings.py'. The 'ValueError' exception is raised by the key generation
function of the cryptography library called.
<Side Effects>
@ -226,8 +226,8 @@ def generate_rsa_key(bits=_DEFAULT_RSA_KEY_BITS):
tuf.ssl_crypto.formats.RSAKEYBITS_SCHEMA.check_match(bits)
# Raise 'tuf.ssl_commons.exceptions.UnsupportedLibraryError' if the following libraries, specified
# in 'tuf.conf', are unsupported or unavailable:
# 'tuf.conf.RSA_CRYPTO_LIBRARY'.
# in 'settings', are unsupported or unavailable:
# 'settings.RSA_CRYPTO_LIBRARY'.
check_crypto_libraries(['rsa'])
# Begin building the RSA key dictionary.
@ -313,8 +313,8 @@ def generate_ed25519_key():
"""
# Raise 'tuf.ssl_commons.exceptions.UnsupportedLibraryError' if the following libraries, specified
# in 'tuf.conf', are unsupported or unavailable:
# 'tuf.conf.ED25519_CRYPTO_LIBRARY'.
# in 'settings', are unsupported or unavailable:
# 'settings.ED25519_CRYPTO_LIBRARY'.
check_crypto_libraries(['ed25519'])
# Begin building the Ed25519 key dictionary.
@ -439,7 +439,7 @@ def format_keyval_to_metadata(keytype, key_value, private=False):
public_key_value = {'public': key_value['public']}
return {'keytype': keytype,
'keyid_hash_algorithms': tuf.conf.REPOSITORY_HASH_ALGORITHMS,
'keyid_hash_algorithms': settings.REPOSITORY_HASH_ALGORITHMS,
'keyval': public_key_value}
@ -516,7 +516,7 @@ def format_metadata_to_key(key_metadata):
keyids = set()
keyids.add(default_keyid)
for hash_algorithm in tuf.conf.REPOSITORY_HASH_ALGORITHMS:
for hash_algorithm in settings.REPOSITORY_HASH_ALGORITHMS:
keyid = _get_keyid(keytype, key_value, hash_algorithm)
keyids.add(keyid)
@ -524,7 +524,7 @@ def format_metadata_to_key(key_metadata):
# 'keyid_hash_algorithms'
key_dict['keytype'] = keytype
key_dict['keyid'] = default_keyid
key_dict['keyid_hash_algorithms'] = tuf.conf.REPOSITORY_HASH_ALGORITHMS
key_dict['keyid_hash_algorithms'] = settings.REPOSITORY_HASH_ALGORITHMS
key_dict['keyval'] = key_value
return key_dict, keyids
@ -564,7 +564,7 @@ def check_crypto_libraries(required_libraries):
"""
<Purpose>
Public function that ensures the cryptography libraries specified in
'tuf.conf' are supported and available for each 'required_libraries'.
'settings' are supported and available for each 'required_libraries'.
<Arguments>
required_libraries:
@ -573,10 +573,10 @@ def check_crypto_libraries(required_libraries):
<Exceptions>
tuf.ssl_commons.exceptions.UnsupportedLibraryError, if the 'required_libraries' and the libraries
specified in 'tuf.conf' are not supported or unavailable.
specified in 'settings' are not supported or unavailable.
<Side Effects>
Validates the libraries set in 'tuf.conf'.
Validates the libraries set in 'settings'.
<Returns>
None.
@ -589,7 +589,7 @@ def check_crypto_libraries(required_libraries):
tuf.ssl_crypto.formats.REQUIRED_LIBRARIES_SCHEMA.check_match(required_libraries)
# The checks below all raise 'tuf.ssl_commons.exceptions.UnsupportedLibraryError' if the general,
# RSA, and Ed25519 crypto libraries specified in 'tuf.conf.py' are not
# RSA, and Ed25519 crypto libraries specified in 'tuf.settings.py' are not
# supported or unavailable. The appropriate error message is added to the
# exception. The funcions of this module that depend on user-installed
# crypto libraries should call this private function to ensure the called
@ -600,40 +600,40 @@ def check_crypto_libraries(required_libraries):
if 'rsa' in required_libraries and _RSA_CRYPTO_LIBRARY not in \
_SUPPORTED_RSA_CRYPTO_LIBRARIES:
raise tuf.ssl_commons.exceptions.UnsupportedLibraryError('The ' + repr(_RSA_CRYPTO_LIBRARY) +
' crypto library specified in "tuf.conf.RSA_CRYPTO_LIBRARY" is not '
' crypto library specified in "settings.RSA_CRYPTO_LIBRARY" is not '
' supported.\nSupported crypto libraries: ' +
repr(_SUPPORTED_RSA_CRYPTO_LIBRARIES) + '.')
if 'ed25519' in required_libraries and _ED25519_CRYPTO_LIBRARY not in \
_SUPPORTED_ED25519_CRYPTO_LIBRARIES:
raise tuf.ssl_commons.exceptions.UnsupportedLibraryError('The ' + repr(_ED25519_CRYPTO_LIBRARY) +
' crypto library specified in "tuf.conf.ED25519_CRYPTO_LIBRARY" is not '
' crypto library specified in "settings.ED25519_CRYPTO_LIBRARY" is not '
' supported.\nSupported crypto libraries: ' +
repr(_SUPPORTED_ED25519_CRYPTO_LIBRARIES) + '.')
if 'general' in required_libraries and _GENERAL_CRYPTO_LIBRARY not in \
_SUPPORTED_GENERAL_CRYPTO_LIBRARIES:
raise tuf.ssl_commons.exceptions.UnsupportedLibraryError('The ' + repr(_GENERAL_CRYPTO_LIBRARY) +
' crypto library specified in "tuf.conf.GENERAL_CRYPTO_LIBRARY" is not'
' crypto library specified in "settings.GENERAL_CRYPTO_LIBRARY" is not'
' supported.\nSupported crypto libraries: ' +
repr(_SUPPORTED_GENERAL_CRYPTO_LIBRARIES) + '.')
if 'rsa' in required_libraries and _RSA_CRYPTO_LIBRARY not in \
_available_crypto_libraries:
raise tuf.ssl_commons.exceptions.UnsupportedLibraryError('The ' + repr(_RSA_CRYPTO_LIBRARY) +
' crypto library specified in "tuf.conf.RSA_CRYPTO_LIBRARY" could not'
' crypto library specified in "settings.RSA_CRYPTO_LIBRARY" could not'
' be imported. Available libraries: ' + repr(_available_crypto_libraries))
if 'ed25519' in required_libraries and _ED25519_CRYPTO_LIBRARY not in \
_available_crypto_libraries:
raise tuf.ssl_commons.exceptions.UnsupportedLibraryError('The ' + repr(_ED25519_CRYPTO_LIBRARY) +
' crypto library specified in "tuf.conf.ED25519_CRYPTO_LIBRARY" could'
' crypto library specified in "settings.ED25519_CRYPTO_LIBRARY" could'
' not be imported.')
if 'general' in required_libraries and _GENERAL_CRYPTO_LIBRARY not in \
_available_crypto_libraries:
raise tuf.ssl_commons.exceptions.UnsupportedLibraryError('The ' + repr(_GENERAL_CRYPTO_LIBRARY) +
' crypto library specified in "tuf.conf.GENERAL_CRYPTO_LIBRARY" could'
' crypto library specified in "settings.GENERAL_CRYPTO_LIBRARY" could'
' not be imported.')
@ -662,7 +662,7 @@ def create_signature(key_dict, data):
http://ed25519.cr.yp.to/
Which signature to generate is determined by the key type of 'key_dict'
and the available cryptography library specified in 'tuf.conf'.
and the available cryptography library specified in 'settings'.
>>> ed25519_key = generate_ed25519_key()
>>> data = 'The quick brown fox jumps over the lazy dog'
@ -701,7 +701,7 @@ def create_signature(key_dict, data):
TypeError, if 'key_dict' contains an invalid keytype.
<Side Effects>
The cryptography library specified in 'tuf.conf' called to perform the
The cryptography library specified in 'settings' called to perform the
actual signing routine.
<Returns>
@ -716,8 +716,8 @@ def create_signature(key_dict, data):
tuf.ssl_crypto.formats.ANYKEY_SCHEMA.check_match(key_dict)
# Raise 'tuf.ssl_commons.exceptions.UnsupportedLibraryError' if the following libraries, specified
# in 'tuf.conf', are unsupported or unavailable:
# 'tuf.conf.RSA_CRYPTO_LIBRARY' or 'tuf.conf.ED25519_CRYPTO_LIBRARY'.
# in 'settings', are unsupported or unavailable:
# 'settings.RSA_CRYPTO_LIBRARY' or 'settings.ED25519_CRYPTO_LIBRARY'.
check_crypto_libraries([key_dict['keytype']])
# Signing the 'data' object requires a private key.
@ -750,7 +750,7 @@ def create_signature(key_dict, data):
else: # pragma: no cover
raise tuf.ssl_commons.exceptions.UnsupportedLibraryError('Unsupported'
' "tuf.conf.RSA_CRYPTO_LIBRARY": ' + repr(_RSA_CRYPTO_LIBRARY) + '.')
' "settings.RSA_CRYPTO_LIBRARY": ' + repr(_RSA_CRYPTO_LIBRARY) + '.')
elif keytype == 'ed25519':
public = binascii.unhexlify(public.encode('utf-8'))
@ -837,7 +837,7 @@ def verify_signature(key_dict, signature, data):
'signature' is not one supported.
<Side Effects>
The cryptography library specified in 'tuf.conf' called to do the actual
The cryptography library specified in 'settings' called to do the actual
verification.
<Returns>
@ -877,10 +877,10 @@ def verify_signature(key_dict, signature, data):
if 'pycrypto' not in _available_crypto_libraries: # pragma: no cover
raise tuf.ssl_commons.exceptions.UnsupportedLibraryError('Metadata downloaded from the remote'
' repository listed an RSA signature. "pycrypto" was set'
' (in conf.py) to generate RSA signatures, but the PyCrypto library'
' (in settings.py) to generate RSA signatures, but the PyCrypto library'
' is not installed. \n$ pip install PyCrypto, or pip install'
' tuf[tools], or you can try switching your configuration'
' (tuf.conf.py) to use pyca-cryptography if that is available instead.')
' (tuf.settings.py) to use pyca-cryptography if that is available instead.')
else:
valid_signature = tuf.pycrypto_keys.verify_rsa_signature(sig, method,
@ -889,10 +889,10 @@ def verify_signature(key_dict, signature, data):
if 'pyca-cryptography' not in _available_crypto_libraries: # pragma: no cover
raise tuf.ssl_commons.exceptions.UnsupportedLibraryError('Metadata downloaded from the remote'
' repository listed an RSA signature. "pyca-cryptography" was set'
' (in conf.py) to generate RSA signatures, but the "cryptography"'
' (in settings.py) to generate RSA signatures, but the "cryptography"'
' library is not installed. \n$ pip install cryptography, or pip'
' install tuf[tools], or you can try switching your configuration'
' (tuf/conf.py) to use PyCrypto if that is available instead.')
' (tuf/settings.py) to use PyCrypto if that is available instead.')
else:
valid_signature = tuf.pyca_crypto_keys.verify_rsa_signature(sig, method,
@ -900,7 +900,7 @@ def verify_signature(key_dict, signature, data):
else: # pragma: no cover
raise tuf.ssl_commons.exceptions.UnsupportedLibraryError('Unsupported'
' "tuf.conf.RSA_CRYPTO_LIBRARY": ' + repr(_RSA_CRYPTO_LIBRARY) + '.')
' "settings.RSA_CRYPTO_LIBRARY": ' + repr(_RSA_CRYPTO_LIBRARY) + '.')
elif keytype == 'ed25519':
public = binascii.unhexlify(public.encode('utf-8'))
@ -964,7 +964,7 @@ def import_rsakey_from_encrypted_pem(encrypted_pem, password):
tuf.ssl_commons.exceptions.FormatError, if the arguments are improperly formatted.
tuf.ssl_commons.exceptions.UnsupportedLibraryError, if any of the cryptography libraries specified
in 'tuf.conf.py' are unsupported or unavailable.
in 'tuf.settings.py' are unsupported or unavailable.
<Side Effects>
None.
@ -983,8 +983,8 @@ def import_rsakey_from_encrypted_pem(encrypted_pem, password):
tuf.ssl_crypto.formats.PASSWORD_SCHEMA.check_match(password)
# Raise 'tuf.ssl_commons.exceptions.UnsupportedLibraryError' if the following libraries, specified in
# 'tuf.conf', are unsupported or unavailable:
# 'tuf.conf.RSA_CRYPTO_LIBRARY' and 'tuf.conf.GENERAL_CRYPTO_LIBRARY'.
# 'settings', are unsupported or unavailable:
# 'settings.RSA_CRYPTO_LIBRARY' and 'settings.GENERAL_CRYPTO_LIBRARY'.
check_crypto_libraries(['rsa', 'general'])
# Begin building the RSA key dictionary.
@ -1212,7 +1212,7 @@ def encrypt_key(key_object, password):
Derivation Function 1 (PBKDF1) + MD5 to strengthen 'password', encrypted
TUF keys use AES-256-CTR-Mode and passwords strengthened with
PBKDF2-HMAC-SHA256 (100K iterations by default, but may be overriden in
'tuf.conf.PBKDF2_ITERATIONS' by the user).
'settings.PBKDF2_ITERATIONS' by the user).
http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
http://en.wikipedia.org/wiki/CTR_mode#Counter_.28CTR.29
@ -1240,7 +1240,7 @@ def encrypt_key(key_object, password):
tuf.ssl_commons.exceptions.CryptoError, if 'key_object' cannot be encrypted.
tuf.ssl_commons.exceptions.UnsupportedLibraryError, if the general-purpose cryptography library
specified in 'tuf.conf.GENERAL_CRYPTO_LIBRARY' is unsupported.
specified in 'settings.GENERAL_CRYPTO_LIBRARY' is unsupported.
<Side Effects>
Perform crytographic operations using the library specified in
@ -1260,8 +1260,8 @@ def encrypt_key(key_object, password):
tuf.ssl_crypto.formats.PASSWORD_SCHEMA.check_match(password)
# Raise 'tuf.ssl_commons.exceptions.UnsupportedLibraryError' if the following libraries, specified in
# 'tuf.conf', are unsupported or unavailable:
# 'tuf.conf.GENERAL_CRYPTO_LIBRARY'.
# 'settings', are unsupported or unavailable:
# 'settings.GENERAL_CRYPTO_LIBRARY'.
check_crypto_libraries(['general'])
# Encrypted string of 'key_object'. The encrypted string may be safely saved
@ -1270,7 +1270,7 @@ def encrypt_key(key_object, password):
# Generate an encrypted string of 'key_object' using AES-256-CTR-Mode, where
# 'password' is strengthened with PBKDF2-HMAC-SHA256. Ensure the general-
# purpose library specified in 'tuf.conf.GENERAL_CRYPTO_LIBRARY' is supported.
# purpose library specified in 'settings.GENERAL_CRYPTO_LIBRARY' is supported.
if _GENERAL_CRYPTO_LIBRARY == 'pycrypto':
encrypted_key = \
tuf.pycrypto_keys.encrypt_key(key_object, password)
@ -1306,7 +1306,7 @@ def decrypt_key(encrypted_key, passphrase):
Derivation Function 1 (PBKDF1) + MD5 to strengthen 'password', encrypted
TUF keys use AES-256-CTR-Mode and passwords strengthened with
PBKDF2-HMAC-SHA256 (100K iterations be default, but may be overriden in
'tuf.conf.py' by the user).
'tuf.settings.py' by the user).
http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
http://en.wikipedia.org/wiki/CTR_mode#Counter_.28CTR.29
@ -1340,7 +1340,7 @@ def decrypt_key(encrypted_key, passphrase):
tuf.ssl_commons.exceptions.CryptoError, if 'encrypted_key' cannot be decrypted.
tuf.ssl_commons.exceptions.UnsupportedLibraryError, if the general-purpose cryptography library
specified in 'tuf.conf.GENERAL_CRYPTO_LIBRARY' is unsupported.
specified in 'settings.GENERAL_CRYPTO_LIBRARY' is unsupported.
<Side Effects>
Perform crytographic operations using the library specified in
@ -1361,8 +1361,8 @@ def decrypt_key(encrypted_key, passphrase):
tuf.ssl_crypto.formats.PASSWORD_SCHEMA.check_match(passphrase)
# Raise 'tuf.ssl_commons.exceptions.UnsupportedLibraryError' if the following libraries, specified in
# 'tuf.conf', are unsupported or unavailable:
# 'tuf.conf.GENERAL_CRYPTO_LIBRARY'.
# 'settings', are unsupported or unavailable:
# 'settings.GENERAL_CRYPTO_LIBRARY'.
check_crypto_libraries(['general'])
# Store and return the decrypted key object.
@ -1372,7 +1372,7 @@ def decrypt_key(encrypted_key, passphrase):
# encrypt_key() generates an encrypted string of the TUF key object using
# AES-256-CTR-Mode, where 'password' is strengthened with PBKDF2-HMAC-SHA256.
# Ensure the general-purpose library specified in
# 'tuf.conf.GENERAL_CRYPTO_LIBRARY' is supported.
# 'settings.GENERAL_CRYPTO_LIBRARY' is supported.
if _GENERAL_CRYPTO_LIBRARY == 'pycrypto':
key_object = \
tuf.pycrypto_keys.decrypt_key(encrypted_key, passphrase)
@ -1450,8 +1450,8 @@ def create_rsa_encrypted_pem(private_key, passphrase):
tuf.ssl_crypto.formats.PASSWORD_SCHEMA.check_match(passphrase)
# Raise 'tuf.ssl_commons.exceptions.UnsupportedLibraryError' if the following libraries, specified
# in 'tuf.conf', are unsupported or unavailable:
# 'tuf.conf.GENERAL_CRYPTO_LIBRARY' and 'tuf.conf.RSA_CRYPTO_LIBRARY'.
# in 'settings', are unsupported or unavailable:
# 'settings.GENERAL_CRYPTO_LIBRARY' and 'settings.RSA_CRYPTO_LIBRARY'.
check_crypto_libraries(['rsa', 'general'])
encrypted_pem = None

10
tuf/log.py
View file

@ -69,7 +69,7 @@
import tuf
import tuf.tufformats
import tuf.conf
from simple_settings import settings
# Setting a handler's log level filters only logging messages of that level
# (and above). For example, setting the built-in StreamHandler's log level to
@ -108,12 +108,12 @@
logger.setLevel(_DEFAULT_LOG_LEVEL)
# Set the built-in file handler. Messages will be logged to
# 'tuf.conf.LOG_FILENAME', and only those messages with a log level of
# 'settings.LOG_FILENAME', and only those messages with a log level of
# '_DEFAULT_LOG_LEVEL'. The log level of messages handled by 'file_handler'
# may be modified with 'set_filehandler_log_level()'. 'tuf.conf.LOG_FILENAME'
# may be modified with 'set_filehandler_log_level()'. 'settings.LOG_FILENAME'
# will be opened in append mode.
if tuf.conf.ENABLE_FILE_LOGGING:
file_handler = logging.FileHandler(tuf.conf.LOG_FILENAME)
if settings.ENABLE_FILE_LOGGING:
file_handler = logging.FileHandler(settings.LOG_FILENAME)
file_handler.setLevel(_DEFAULT_FILE_LOG_LEVEL)
file_handler.setFormatter(formatter)
logger.addHandler(file_handler)

14
tuf/pyca_crypto_keys.py
View file

@ -132,8 +132,8 @@
import tuf.tufformats
# Extract/reference the cryptography library settings. For example:
# 'tuf.conf.RSA_CRYPTO_LIBRARY'
import tuf.conf
# 'settings.RSA_CRYPTO_LIBRARY'
from simple_settings import settings
# Import routine to process key files containing JSON data.
import tuf.util
@ -160,7 +160,7 @@
# Default PBKDF2 passphrase iterations. The current "good enough" number
# of passphrase iterations. We recommend that important keys, such as root,
# be kept offline. 'tuf.conf.PBKDF2_ITERATIONS' should increase as CPU
# be kept offline. 'settings.PBKDF2_ITERATIONS' should increase as CPU
# speeds increase, set here at 100,000 iterations by default (in 2013).
# Repository maintainers may opt to modify the default setting according to
# their security needs and computational restrictions. A strong user password
@ -168,7 +168,7 @@
# derived key+PBDKF2 combination if the key is loaded and re-saved, overriding
# any previous iteration setting used by the old '<keyid>.key'.
# https://en.wikipedia.org/wiki/PBKDF2
_PBKDF2_ITERATIONS = tuf.conf.PBKDF2_ITERATIONS
_PBKDF2_ITERATIONS = settings.PBKDF2_ITERATIONS
@ -675,7 +675,7 @@ def encrypt_key(key_object, password):
Based Key Derivation Function 1 (PBKDF1) + MD5 to strengthen 'password',
encrypted TUF keys use AES-256-CTR-Mode and passwords strengthened with
PBKDF2-HMAC-SHA256 (100K iterations by default, but may be overriden in
'tuf.conf.PBKDF2_ITERATIONS' by the user).
'settings.PBKDF2_ITERATIONS' by the user).
http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
http://en.wikipedia.org/wiki/CTR_mode#Counter_.28CTR.29
@ -735,7 +735,7 @@ def encrypt_key(key_object, password):
# Derive a key (i.e., an appropriate encryption key and not the
# user's password) from the given 'password'. Strengthen 'password' with
# PBKDF2-HMAC-SHA256 (100K iterations by default, but may be overriden in
# 'tuf.conf.PBKDF2_ITERATIONS' by the user).
# 'settings.PBKDF2_ITERATIONS' by the user).
salt, iterations, derived_key = _generate_derived_key(password)
# Store the derived key info in a dictionary, the object expected
@ -764,7 +764,7 @@ def decrypt_key(encrypted_key, password):
Encrypted TUF keys use AES-256-CTR-Mode and passwords strengthened with
PBKDF2-HMAC-SHA256 (100K iterations be default, but may be overriden in
'tuf.conf.py' by the user).
'tuf.settings.py' by the user).
http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
http://en.wikipedia.org/wiki/CTR_mode#Counter_.28CTR.29

12
tuf/pycrypto_keys.py
View file

@ -114,7 +114,7 @@
import tuf.tufformats
# Extract the cryptography library settings.
import tuf.conf
from simple_settings import settings
# Import key files containing json data.
import tuf.util
@ -141,7 +141,7 @@
# Default PBKDF2 passphrase iterations. The current "good enough" number
# of passphrase iterations. We recommend that important keys, such as root,
# be kept offline. 'tuf.conf.PBKDF2_ITERATIONS' should increase as CPU
# be kept offline. 'settings.PBKDF2_ITERATIONS' should increase as CPU
# speeds increase, set here at 100,000 iterations by default (in 2013).
# Repository maintainers may opt to modify the default setting according to
# their security needs and computational restrictions. A strong user password
@ -149,7 +149,7 @@
# derived key+PBDKF2 combination if the key is loaded and re-saved, overriding
# any previous iteration setting used by the old '<keyid>.key'.
# https://en.wikipedia.org/wiki/PBKDF2
_PBKDF2_ITERATIONS = tuf.conf.PBKDF2_ITERATIONS
_PBKDF2_ITERATIONS = settings.PBKDF2_ITERATIONS
def generate_rsa_public_and_private(bits=_DEFAULT_RSA_KEY_BITS):
@ -614,7 +614,7 @@ def encrypt_key(key_object, password):
Based Key Derivation Function 1 (PBKDF1) + MD5 to strengthen 'password',
encrypted TUF keys use AES-256-CTR-Mode and passwords strengthened with
PBKDF2-HMAC-SHA256 (100K iterations by default, but may be overriden in
'tuf.conf.PBKDF2_ITERATIONS' by the user).
'settings.PBKDF2_ITERATIONS' by the user).
http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
http://en.wikipedia.org/wiki/CTR_mode#Counter_.28CTR.29
@ -673,7 +673,7 @@ def encrypt_key(key_object, password):
# Derive a key (i.e., an appropriate encryption key and not the
# user's password) from the given 'password'. Strengthen 'password' with
# PBKDF2-HMAC-SHA256 (100K iterations by default, but may be overriden in
# 'tuf.conf.PBKDF2_ITERATIONS' by the user).
# 'settings.PBKDF2_ITERATIONS' by the user).
salt, iterations, derived_key = _generate_derived_key(password)
# Store the derived key info in a dictionary, the object expected
@ -702,7 +702,7 @@ def decrypt_key(encrypted_key, password):
Encrypted TUF keys use AES-256-CTR-Mode and passwords strengthened with
PBKDF2-HMAC-SHA256 (100K iterations be default, but may be overriden in
'tuf.conf.py' by the user).
'tuf.settings.py' by the user).
http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
http://en.wikipedia.org/wiki/CTR_mode#Counter_.28CTR.29

28
tuf/repository_lib.py
View file

@ -50,7 +50,7 @@
import tuf.keys
import tuf.sig
import tuf.log
import tuf.conf
from simple_settings import settings
import iso8601
import six
@ -829,7 +829,7 @@ def generate_and_write_rsa_keypair(filepath, bits=DEFAULT_RSA_KEY_BITS,
as the pass phrase), and store it in 'filepath'. The public key portion of
the generated RSA key is stored in <'filepath'>.pub. Which cryptography
library performs the cryptographic decryption is determined by the string
set in 'tuf.conf.RSA_CRYPTO_LIBRARY'. PyCrypto currently supported. The
set in 'settings.RSA_CRYPTO_LIBRARY'. PyCrypto currently supported. The
PEM private key is encrypted with 3DES and CBC the mode of operation. The
password is strengthened with PBKDF1-MD5.
@ -909,7 +909,7 @@ def import_rsa_privatekey_from_file(filepath, password=None):
object in 'tuf.ssl_crypto.formats.RSAKEY_SCHEMA' format.
Which cryptography library performs the cryptographic decryption is
determined by the string set in 'tuf.conf.RSA_CRYPTO_LIBRARY'. PyCrypto
determined by the string set in 'settings.RSA_CRYPTO_LIBRARY'. PyCrypto
currently supported.
The PEM private key is encrypted with 3DES and CBC the mode of operation.
@ -975,7 +975,7 @@ def import_rsa_publickey_from_file(filepath):
contains a private key, it is discarded.
Which cryptography library performs the cryptographic decryption is
determined by the string set in 'tuf.conf.RSA_CRYPTO_LIBRARY'. PyCrypto
determined by the string set in 'settings.RSA_CRYPTO_LIBRARY'. PyCrypto
currently supported. If the RSA PEM in 'filepath' contains a private key,
it is discarded.
@ -1027,7 +1027,7 @@ def generate_and_write_ed25519_keypair(filepath, password=None):
as the pass phrase), and store it in 'filepath'. The public key portion of
the generated ED25519 key is stored in <'filepath'>.pub. Which cryptography
library performs the cryptographic decryption is determined by the string
set in 'tuf.conf.ED25519_CRYPTO_LIBRARY'.
set in 'settings.ED25519_CRYPTO_LIBRARY'.
PyCrypto currently supported. The Ed25519 private key is encrypted with
AES-256 and CTR the mode of operation. The password is strengthened with
@ -1049,7 +1049,7 @@ def generate_and_write_ed25519_keypair(filepath, password=None):
tuf.ssl_commons.exceptions.CryptoError, if 'filepath' cannot be encrypted.
tuf.ssl_commons.exceptions.UnsupportedLibraryError, if 'filepath' cannot be encrypted due to an
invalid configuration setting (i.e., invalid 'tuf.conf.py' setting).
invalid configuration setting (i.e., invalid 'tuf.settings.py' setting).
<Side Effects>
Writes key files to '<filepath>' and '<filepath>.pub'.
@ -1074,7 +1074,7 @@ def generate_and_write_ed25519_keypair(filepath, password=None):
# Generate a new ED25519 key object and encrypt it. The cryptography library
# used is determined by the user, or by default (set in
# 'tuf.conf.ED25519_CRYPTO_LIBRARY'). Raise 'tuf.ssl_commons.exceptions.CryptoError' or
# 'settings.ED25519_CRYPTO_LIBRARY'). Raise 'tuf.ssl_commons.exceptions.CryptoError' or
# 'tuf.ssl_commons.exceptions.UnsupportedLibraryError', if 'ed25519_key' cannot be encrypted.
ed25519_key = tuf.keys.generate_ed25519_key()
encrypted_key = tuf.keys.encrypt_key(ed25519_key, password)
@ -1164,7 +1164,7 @@ def import_ed25519_privatekey_from_file(filepath, password=None):
return the key object in 'tuf.ssl_crypto.formats.ED25519KEY_SCHEMA' format.
Which cryptography library performs the cryptographic decryption is
determined by the string set in 'tuf.conf.ED25519_CRYPTO_LIBRARY'. PyCrypto
determined by the string set in 'settings.ED25519_CRYPTO_LIBRARY'. PyCrypto
currently supported.
The TUF private key (may also contain the public part) is encrypted with AES
@ -1187,7 +1187,7 @@ def import_ed25519_privatekey_from_file(filepath, password=None):
tuf.ssl_commons.exceptions.CryptoError, if 'filepath' cannot be decrypted.
tuf.ssl_commons.exceptions.UnsupportedLibraryError, if 'filepath' cannot be decrypted due to an
invalid configuration setting (i.e., invalid 'tuf.conf.py' setting).
invalid configuration setting (i.e., invalid 'tuf.settings.py' setting).
<Side Effects>
'password' is used to decrypt the 'filepath' key file.
@ -1349,7 +1349,7 @@ def get_metadata_fileinfo(filename, custom=None):
# file information, such as the file's author, version/revision
# numbers, etc.
filesize, filehashes = \
tuf.util.get_file_details(filename, tuf.conf.REPOSITORY_HASH_ALGORITHMS)
tuf.util.get_file_details(filename, settings.REPOSITORY_HASH_ALGORITHMS)
return tuf.tufformats.make_fileinfo(filesize, filehashes, custom=custom)
@ -2038,12 +2038,12 @@ def write_metadata_file(metadata, filename, version_number,
# We provide the option of either (1) creating a link via os.link() to the
# consistent file or (2) creating a copy of the consistent file and saving
# to its expected filename (e.g., root.json). The option of either
# creating a copy or link should be configurable in tuf.conf.py.
if (tuf.conf.CONSISTENT_METHOD == 'copy'):
# creating a copy or link should be configurable in tuf.settings.py.
if (settings.CONSISTENT_METHOD == 'copy'):
logger.debug('Pointing ' + repr(filename) + ' to the consistent snapshot.')
shutil.copyfile(written_consistent_filename, written_filename)
elif (tuf.conf.CONSISTENT_METHOD == 'hard_link'):
elif (settings.CONSISTENT_METHOD == 'hard_link'):
logger.info('Hard linking ' + repr(written_consistent_filename))
# 'written_filename' must not exist, otherwise os.link() complains.
@ -2057,7 +2057,7 @@ def write_metadata_file(metadata, filename, version_number,
else:
raise tuf.ssl_commons.exceptions.InvalidConfigurationError('The consistent method specified'
' in tuf.conf.py is not supported, try either "copy" or "hard_link"')
' in tuf.settings.py is not supported, try either "copy" or "hard_link"')
else:
logger.debug('Not creating a consistent snapshot for ' + repr(written_filename))

2
tuf/repository_tool.py
View file

@ -46,8 +46,8 @@
import tuf.keys
import tuf.sig
import tuf.log
import tuf.conf
import tuf.repository_lib as repo_lib
from simple_settings import settings
from tuf.repository_lib import generate_and_write_rsa_keypair
from tuf.repository_lib import generate_and_write_ed25519_keypair
from tuf.repository_lib import import_rsa_publickey_from_file

2
tuf/scripts/basic_client.py
View file

@ -105,7 +105,7 @@ def update_client(repository_mirror):
raise tuf.ssl_commons.exceptions.RepositoryError(message)
# Set the local repository directory containing all of the metadata files.
tuf.conf.repository_directory = '.'
settings.repository_directory = '.'
# Set the repository mirrors. This dictionary is needed by the Updater
# class of updater.py.

2
tuf/scripts/tufcli.py
View file

@ -107,7 +107,7 @@ def update_repository(repository_path, command, command_arguments):
tuf.tufformats.COMMAND_SCHEMA.check_match(command_arguments)
# Set the local repository directory containing all of the metadata files.
tuf.conf.repository_directory = repository_path
settings.repository_directory = repository_path
if command == 'init':
repository = create_new_repository(repository_path)

4
tuf/conf.py → tuf/settings.py
View file

@ -1,6 +1,6 @@
"""
<Program Name>
conf.py
settings.py
<Author>
Vladimir Diaz <vladimir.v.diaz@gmail.com>
@ -88,7 +88,7 @@
# The current "good enough" number of PBKDF2 passphrase iterations.
# We recommend that important keys, such as root, be kept offline.
# 'tuf.conf.PBKDF2_ITERATIONS' should increase as CPU speeds increase, set here
# 'settings.PBKDF2_ITERATIONS' should increase as CPU speeds increase, set here
# at 100,000 iterations by default (in 2013). The repository maintainer may opt
# to modify the default setting according to their security needs and
# computational restrictions. A strong user password is still important.

4
tuf/util.py
View file

@ -36,7 +36,7 @@
import tuf
import tuf.ssl_crypto.hash
import tuf.conf
from simple_settings import settings
import tuf.tufformats
import six
@ -91,7 +91,7 @@ def __init__(self, prefix='tuf_temp_'):
# If compression is set then the original file is saved in 'self._orig_file'.
self._orig_file = None
temp_dir = tuf.conf.temporary_directory
temp_dir = settings.temporary_directory
if temp_dir is not None and tuf.ssl_crypto.formats.PATH_SCHEMA.matches(temp_dir):
try:
self.temporary_file = tempfile.NamedTemporaryFile(prefix=prefix,