fnmatch() will do case-normalization if the OS expects it:
we do not want this as
* the path is more a URL than a file path
* results need to not change based on OS
Fix the result on Windows by using fnmatchcase()
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
make bootstrap required and explicit: callers must pass bootstrap=<root_bytes> or bootstrap=None.
also tighten docs, examples, and tests to reflect the explicit trust anchor choice.
Signed-off-by: 1seal <security@1seal.org>
We could just stop testing with 3.9... but I think this will lead to
unintentionally breaking 3.9 anyway sooner or later.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
Latest ruff complains about Generic[T] not being the last base class in
the bases tuple of Simple Envelope (generic-not-last-base-class
(PYI059)).
This commit applies the default fix by changing the order of the bases.
While this can change the MRO, there shouldn't be a change of behavior
given the used bases.
See https://docs.astral.sh/ruff/rules/generic-not-last-base-class/ for
details.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Fixes for ruff 0.12
* Tweak some annotations
* Add __hash__() implementations to api classes: These really should be
hashable
* My use of "super().__hash__()" is not very optimized but avoids some
repetition
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
securesystemslib.hash is a small wrapper around hashlib, which serves
two main purposes:
* provide helper function to hash a file
* translate custom hash algorithm name "blake2b-256" to "blake2b" with
(digest_size=32).
In preparation for the removal of securesystemslib.hash, this patch ports
above behavior to tuf and uses the builtin hashlib directly where
possible.
related secure-systems-lab/securesystemslib#943
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
When application initializes an Updater with bootstrap, it should be
considered the trusted version from that point onwards: Update the
symlink "root.json" already here (even if refresh is never called).
n that Updater instance).
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
Even if last root version from remote is not accepted (leading to an
exception in load_root()) we should update the symlink "root.json" in
local cache to point to last good version.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
Application may have a "more secure" data store than the metadata cache
is: Allow application to bootstrap the Updater with this more secure
root. This means the Updater must also cache the subsequent root versions
(and not just the last one).
* Store versioned root metadata in local cache
* maintain a non versioned symlink to last known good root
* When loading root metadata, look in local cache too
* Add a 'bootstrap' argument to Updater: this allows
initializing the Updater with known good root metadata
instead of trusting the root.json in cache
Additional changes to current functionality:
* when using bootstrap argument, the initial root is written to cache.
This write happens every time Updater is initialized with bootstrap
* The "root.json" symlink is recreated at the end of every refresh()
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
urllib3 does not handle this but we do want to support proxy users.
The environment variable handling is slightly simplified from the
requests implementation.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
RequestsFetcher should still be public (even if deprecated).
* We don't want to import RequestsFetcher in __init__
(because that requires importing requests)
* but we do want RequestsFetcher to be importable publicly
Move both fetchers out of _internal: that was never the right place for
them anyway: they are public modules.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
This also removes RequestsFetcher from tuf.ngclient.__init__.py:
Otherwise we can't drop the requests dependency.
This means RequestsFetcher is not currently public.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
This is related to #2762 (that replaces RequestsFetcher with
Urllib3Fetcher) and takes care of the remaining requests use cases in
the code base.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
mypy rightly complains our types do not match (this only happen if you
enable type checks for securesystemslib):
* I think the annotation is actually wrong: Envelope does not know the
contained type at this point.
* Likely SimpleEnvelope should not be generic: it does not relly know
what it contains
I decided not to break the API here and just made the type cast
explicit (even though we don't really know that the cast is correct):
this silences mypy but has no other consequences.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
mypy warns about this but we know that encode_canonical() cannot return
None if we don't set output_function argument.
ruff does not like assert so I added a "noqa" and a comment
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
The noqa comment was added manually to avoid
A005 Module `json` shadows a Python standard-library module
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
These are assertions that should happen in production:
something is wrong in an unrecoverable way.
This is not an API change since no-one should be catching these.
Making these AssertionErrors makes them skippable in coverage.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
This reverts commit eb6d82f324.
The change itself was fine but since the code is otherwise compatible
with python 3.8, let's revert this to be compatible for one more
release.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
This allows using some more nice annotations from 3.10
while still being compatible with even Python 3.8.
These are all annotation changes, should not modify any functionality.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
