This is related to #2762 (that replaces RequestsFetcher with
Urllib3Fetcher) and takes care of the remaining requests use cases in
the code base.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
* Remove exectuable flag from a couple of files
* Half of the test files have a shebang (but are
still not executable): remove the shebang
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
The version is no longer duplicated in setup.cfg (since 5155ba74), so remove
redundant TODO suggesting folks update in two places.
Co-authored-by: Ofek Lev <ofekmeister@gmail.com>
Signed-off-by: Joshua Lock <jlock@vmware.com>
Metadata API defines a specification version it supports already,
and that one is updated to the actual specification version we
produce.
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
- Update linter config to no longer distinguish between legacy
and new implementation. This requires addressing a linter warning
in an until now not linted module (tuf/__init__.py).
- Remove obsolete rules in MANIFEST.in (source distribution) and
tests/.coveragerc (test coverage).
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
This will be the final release of python-tuf that includes the
legacy implementation code. Please see the [*1.0.0
announcement*](1.0.0-ANNOUNCEMENT.md) page for more details about
the next release and the deprecation of the legacy implementation,
including migration instructions.
Co-authored-by: Jussi Kukkonen <jkukkonen@vmware.com>
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
For users of legacy client (tuf/client/) this is purely a security fix
release with no API or functionality changes. For ngclient and Metadata
API, some API changes are included.
All users are advised to upgrade.
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
The v0.18.0 release was made with the changes from #1566, resulting in
a release with sources which don't match the git tag. Rectify this with
a brown bag point release.
Signed-off-by: Joshua Lock <jlock@vmware.com>
Updates SPEC_VERSION definition in tuf/__init__.py, test files and
docstring in formats.build_dict_conforming_to_schema.
Test metadata will be updated in separate commits.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Specification version now only lives in tuf/__init__.py, and will only be
derived from there.
Specification version info is no longer in tuf.formats, where it was
previously moved from tuf.updater, since this was redundant.
Also finally corrects spec version testing in test_updater.py.
Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
Previous commit isn't going to work: read wasn't defined. Code
provided was from here:
https://packaging.python.org/guides/single-sourcing-package-version/
and is a little more complicated than is ideal. It'll also match
comment lines if they exist. Single-sourcing version number isn't
necessary for this pull request, but if I was going to do it, I'd
probably add a VERSION file and have tuf/__init__.py and setup.py
each read that in. There could be problems with that, too. I'm
going to punt on this and keep the version in two places and we
can fix that less urgently. (Also, the user agent reporting a
version seems less critical in any case than the rest of the PR.)
Version info will now be in two locations and require update in
tandem.
Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
Potential slow retrieval errors are raised for safe downloads (strict check on file size) and not for unsafe (a file size less than an upper limit). Slow retrieval errors should always be prevented
