Remove use of six
Signed-off-by: Velichka Atanasova <avelichka@vmware.com>
Replace the use of dict.items(mydict) with mydict.items(), dict.keys(mydict) with mydict.keys() and dict.values(mydict) with mydict.values()
Signed-off-by: Velichka Atanasova <avelichka@vmware.com>
Replace 'import urllib' and 'import urllib.x' with 'from urllib import x' for vendor compatibility
Signed-off-by: Velichka Atanasova <avelichka@vmware.com>
The linter now understands our imports (yay), and complains a lot (boo):
* Remove really unused imports
* disable lints for tuf.log and securesystemslib imports: these imports
have logging side-effects (they set default loggers for tuf and
securesystemslib respectively) and I'm cautious about just removing
them
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
Use "from tuf import <module>" instead of "import tuf.<module>": this
makes it possible for vendoring tool to vendor tuf. Fix all references
to <module> in the code.
Also fix import orders so tuf internal imports are last.
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
Make them compatible with vendoring, use
from securesystemslib import storage as sslib_storage
to have the same style as other securesystemslib imports.
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
Make the import compatible with vendoring tool and alias the import so
it does not clash with the local module. Fix all references
to the module in the code.
In one instance import a specific function to avoid a more complex
redirection in the code.
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
Make them compatible with vendoring, use
from securesystemslib import keys as sslib_keys
to have the same style as other securesystemslib imports.
Note that developer_tool already used a
from securesystemslib.keys import ...
for some functions so that style was used consistently there.
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
Make the import compatible with vendoring tool and alias the import so
it does not clash with the local module. Fix all references
to the module in the code.
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
Make the import compatible with vendoring tool and alias the import so
it does not clash with the local module. Fix all references
to the module in the code.
Remove a related repo.py comment that was badly duplicated from module
docstring.
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
Use "from tuf import <module>" instead of "import tuf.<module>": this
makes it possible for vendoring tool to vendor tuf. Fix all references
to <module> in the code.
Remove one unused import.
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
Use "from tuf import <module>" instead of "import tuf.<module>": this
makes it possible for vendoring tool to vendor tuf. Fix all references
to <module> in the code.
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
Use "from tuf import <module>" instead of "import tuf.<module>": this
makes it possible for vendoring tool to vendor tuf. Fix all references
to <module> in the code.
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
Use "from tuf import <module>" instead of "import tuf.<module>": this
makes it possible for vendoring tool to vendor tuf. Fix all references
to <module> in the code.
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
Use "from tuf import <module>" instead of "import tuf.<module>": this
makes it possible for vendoring tool to vendor tuf. Fix all references
to <module> in the code.
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
secure-systems-lab/securesystemslib#288 changes the key generation
interface functions in such a way that it is clear if a call opens
a blocking prompt, or writes the key unencrypted. To do this two
functions are added per key type:
- `generate_and_write_*_keypair_with_prompt`
- `generate_and_write_unencrypted_*_keypair`
The default `generate_and_write_*_keypair` function now only allows
encrypted keys and only using a passed password. This respects the
principle of secure defaults and least surprise.
sslib#288 furthermore adds a protected
`_generate_and_write_*_keypair`, which is not exposed publicly
because it does not encrypt by default, but is more flexible and
thus convenient e.g. to consume all arguments from a key generation
command line tool such as 'repo.py'.
This commit adds the new public functions to the tuf namespace and
adopts their usage accordingly.
NOTE regarding repo.py:
This commit does not fix any problematic password behavior of
'repo.py' like default passwords, etc. (see #881). It only adopts
the sslib#288 changes to maintain the current behvior, plus
removing one glaringly obsolete password prompt.
NOTE regarding key import:
The securesystemslib private key import functions were also changed
to no longer auto-prompt for decryption passwords , TUF, however,
only exposes custom wrappers (see repository_lib) that do
auto-prompt. sslib#288 changes to the prompt texts are nevertheless
propagated to tuf and reflected in this commit.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Except the UnsignedMetadataError generated by
check_signable_object_format() and log a warning.
When creating metadata objects on the repository side of TUF,
a use case may exist where metadata is generated unsigned on
one machine and signed on another.
Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
If we run the tuf unit tests with latest, not yet released,
securesyslib changes we will see that one unit test is failing
because the file_prefix argument should confront the PATH_SCHEMA
(which requires a non-empty string) but an empty string value
is passed to it.
That happens, because in tuf/developer_tool.py create_new_project
function the "location_in_repository" arg has a default value of ''
and if not changed when creating a new object of type Project
on line 650 will cause an exception in the __init__ function
because of the file_prefix argument.
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
Corresponding to the securesyslib changes made in this pr:
https://github.com/secure-systems-lab/securesystemslib/pull/244
which changed the securesyslib.formats.PATH schema to be of type
AnyNonemptystring.
This made the tuf unit tests to fail because there are to places
where functional arguments should comply with the
securesyslib.formats.PATH schema, but have a default value of
an empty string.
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
Switch to using the new abstract files and directories support in
securesystemslib by taking an object which implements
securesystemslib.storage.StorageBackendInterface in the Repository
constructor, passed in by tuf.repository_tool.create_new_repository() and
tuf.repository_tool.load_repository()
The Updater class in tuf.client.updater does not specify a storage backend
and instead allows the functions in securesystemslib to perform the
default action of instantiating a LocalFilesystemBackend, that is the
updater does not currently support abstract filesystem backends and always
defaults to using local storage.
Finally we drop support for tuf.settings.CONSISTENT_METHOD as it's not as
clear how different copying modes should work when the details of the
underlying storage are abstracted away.
Signed-off-by: Joshua Lock <jlock@vmware.com>
Replace hard-coded logger names with __name__. For the most part this just uses
the standard conventions to create the same logger hierarchy as existed before.
The only real difference is that loggers created for printing during tests are
no longer part of the 'tuf' hierarchy.
Signed-off-by: Joshua Lock <jlock@vmware.com>
Import some API functions from repository_lib and securesystemslib
directly into repository_tool and developer_tool, instead of
providing them via wrapper.
Also short-circuit some functions that used to point to
securesystemslib through repository_lib.
This reverts parts of 6f7ba76b9b,
which introduced some of the wrappers to appease the linter.
Here we just disable that specific linter check (unused-import).
The advantage of importing over wrapping is:
- no duplication of hardcoded defaults for keyword arguments
- no duplication of docstrings
- less code --> easier maintenance
This should also pave the way for more serious refactoring
of the repository- and developer-tools:
https://github.com/theupdateframework/tuf/issues/840
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
TUF specific schemas have moved to tuf.formats, ensure they are used
throughout and remove stray references to no longer supported schemas
in securesystemslib.format
Signed-off-by: Joshua Lock <jlock@vmware.com>
Removal of securesystemslib exceptions that are TUF-specific
occurs in securesystemslib PR #165https://github.com/secure-systems-lab/securesystemslib/pull/165
This commit adapts to those changes. Exceptions that are specific
to TUF should be in TUF and not in securesystemslib. This commit
uses those already-existing TUF exceptions instead of pointing to
securesystemslib exceptions that will be removed.
For example, securesystemslib has no notion of repositories, so
it's ridiculous to have a RepositoryError in securesystemslib and
ridiculous for TUF to use
securesystemslib.exceptions.RepositoryError.
Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
Python3 does not support exception subscripting:
e.g. except ... as e:
e[1] # does not work in Python3
This line of code was presumably not covered by testing,
allowing it to persist.
Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
These changes simplify logic, removing some try/except structures
that were unnecessary and potentially confusing, and get us back
to passing pylint's test.
pylint 2.0.0 adds try-except-raise tests, to catch immediate
re-raising after catching an exception, outside of some special
cases. See this GitHub comment for more info:
https://github.com/theupdateframework/tuf/pull/770#issuecomment-412993992
Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
