The repository tool now provides a method called
"_metadata_is_partially_loaded" to provide the same functionality, the
return type changed so the flow of this module had to adapt to the new
function:
_check_if_partial_loaded() -> updated the roleinfo data as an effect
_metadata_is_partially_loaded -> returns a boolean and forces us to
update the roleinfo data.
Reported Issues:
1. Fix 'files_directory' variable name typo in comment. Convert get_filepaths_in_directory() to a static method.
2. add_targets() declares 'absolute_list_of_targets' but only appends files to it. Get rid of this variable.
3. The roleinfo dict of delegated roles was not fully set by load_repository(). Writing new metadata after it had been tried to access a non-existent 'partial_loaded' dict key. Non-public function that decided whether a metadata file was partially loaded renamed to _metadata_is_partially_loaded(), and now returns a Boolean.
Minor edits to comments related to the fixes above.
The load_project contained statements that called the previously
included "targets" instance, since we now inherit Targets, we don't
require them, the statements were updated the following way:
self._targets
to a plain:
self
The add verification key method now prohibits the ability to have more
than one key in the Project role, however, delegations do support
having more.
This is the suggested behavior as of this version, removing these two
wapper functions would prevent to have this limitation but would require
the extension of the write_project_configuration function
The motivation behind this change is code reutilization and quick
updating. Most of the methods called in the old version of the developer
tool immediate to the targets counterpart. The calling convention now
resembles more objective intended without losing any functionality and
with automatic updates from any changes in the repository_tool.
The project object used to have a Targets object contained. This did
make more sense in a conceptual way (a project could have had more roles
than only targets). However, after reviewing the functionality of the
tool, it seems clear that the best way to adopt the changes
automatically is to inherit the targets object.
Soft wrappers are still to be made, we need to override the
add_verification_key method to in order to avoid having more than one
key on the project.
Refactored to use the 'unittest' module (test conditions in code, rather
than verifying text output), use pre-generated repository files, and
discontinue use of the old repository tools. Fix for issue #111.
Add missing test cases for the following functions:
get_target_hash()
find_delegated_role()
paths_are_consistent_with_hash_prefixes()
ensure_all_targets_allowed()
Add test condition to test_B6_load_json_string().
Continue refactoring the test cases of test_updater.py.
Fix issue where repository_tool.py was not writing new compressed metadata.
Minor edits to TUF modules.
Add generate.py script and pre-generated repository files used by Unit tests (replacing repository_setup.py).
Refactor test_updater.py (10 test cases remaining).
Support the following installation setup:
# Minimal install intended for clients (pure Python, only ed25519 signatures).
pip install tuf
# Optional installation required by the TUF repository tools (RSA keys and rsassa-pss
# signatures, faster ed25519 cryptographic computations, general-purpose cryptography, etc.)
pip install tuf[tools]
Re-implement the fix for issue #167.
Update comments and docstrings related to the fixes above.
Add setuptools' find_packages() to avoid repeated updates to the list of packages.
Add setup() arguments, such as classifiers (Trove classifiers used for project classification and searching), keywords, and extra requirements.
Add pip requirements installation file.
Update supported tuf installation options:
Installing from pip and installing an extras requirement (pip install tuf[fast_ed25519]).
Update modules affected by the changes made to the latest versions of pyca-ed25519 and pyca-pynacl:
Do not use the unsafe key and signature generation functions of pure python ed25519, but do support the signature verification routine. Developers must use the faster and secure pynacl+libsodium to generate ed25519 keys and signatures.
Temporarily suppress pynacl's import warning error.
Minor edits to comments and code.
Remove find-code.sh
Note: We are replacing find-code.sh because git-grep does the same, and more. Also, a development script unrelated to TUF should probably not be included in the source. Developers who may modify the source are likely to have their preferred way of doing things.
Thanks given to Trishank, Santiago, Justin, Zane, Monzur, Lai, Dennis, and the appsec students for reviewing & testing the changes made in this pull request.
Minor updates to comments of the previous repository_tool.py commit.
Update repository_tool-diagram.png to list disable_console_log_messages().
Rename disable_console_messages().
repository_tool.py methods that add keys to roles should also log a warning if it detects a shared key.
Add a console handler, and a function to disable it, to repository_tool.py.
Update _delete_obsolete_metatadata() docstring and comments in repository_tool.py.
Rename the unused 'json_object' variable in util.py.
Roles are allowed to share verification keys. Update repository_tool.py so that the targets role can successfully load an already recognized key when loading a repository. Reported by Santiago.
