Properly strip (again) the digest prepended to 'digest.filename' files.
The required '+1' appears to have been accidentally deleted in a recent commit:
298f52ddb8 (diff-59d384d80d746c800b16c8387756c0ccL2750)
Thanks to Santiago for locating the bug.
The previous exception raised when a non-signing key is loaded may be misinterpreted:
tuf.Error: The private key is unavailable.
Changed to: This is not a private key.
Santiago's request: The key-removal methods in repository_tool.py should raise an exception if the key argument has not been previously loaded. They previously returned silently if the key was not found.
Update repository_tool.py and keys.py functions that import rsa publickey files. Perform a simple check of the PEM string so that an improperly formatted PEMis detected sooner. Reported by Santiago.
The layout_type flag is used to decide whether a regular directory
structure is going to be used. This means, that if the targets folder is
under the metadata_directory tree or not. This flag lets the project
module decide in which places to locate metadata (i.e. if it needs a
metadata subdirectory or not).
Also fixed stability issues, in which the delegated target files didn't
lose their prefix.
Add missing comments for three of the arguments in generate_snapshot_metadata()'s docstring.
Expand docstring comment in non-public function and mention that temporary metadata is generated to a temporary location.
Minor cosmetic changes.
Update the expected use of the repository_tool.py module and list the modules that may be used in TUF integrations, which the repository tool does not handle.Rewrite the sentence that mentions the integration tools so that it does not appear to be out of context.
Load_project(path) now loads a projects metadata and builds the
corresponding object. Methods to save supporting metadata in the
project.cfg file were also refined
Update the remaining unit tests following the many design changes. The unit tests should next be factored to use repository_tool.py, avoid pseudo repositories and repository objects, monkey patching, etc.
add_key() -> add_verification_key()
remove_key() -> remove_verification_key()
release.json -> snapshot.json
Update repository_tool-diagram.png
Update README following the renamed functions and release role changes.
Minor edits, such as removing lint left over from a previous merge conflict.
repository_tool.py verified that valid metadata was written, properly signed, hashes all matched, and required roles created. The only check missing was verification of delegated target paths according the parent's delegations. Now, target paths are validated before write() is called for both 'path' and 'path_hash_prefixes'. updater.py has always properly verified paths, only repository_tool.py needed the support. If any of the delegated paths are not allowed, write()
raises the following exception:
tuf.ForbiddenTargetError: Role 'targets/unclaimed' specifies target '/simple/bad_file.txt', which is not an allowed path according to the delegations set by its parent role.
Allow leading os.sep for target and restricted paths listed in metadata. Previously, '{repository directory}/targets/file.txt' was listed as 'file.txt' and unsuccessfully compared against '/', or the root-most targets directory. Now, '/file.txt' & '/' and similar examples may be compared and verified.
Fix issue where a hashed bin with empty targets was flagged as invalid because its targets did not produce a path hash prefix that matched any of those listed in the parent role. Uncovered with _ensure_all_targets_allowed().
Minor edits to code that compared paths and and used path separators.
I need to review the whole code and refactor some sections to meet
the specifications, optimize performance and minimize filesize.
Thorough checking of this module is needed. Expect unused variables
and functions.
Update and refactor status() following the changes to how metadata is written.
Minor comment change to conf.py.
Example output:
'root' role contains 1 / 1 signatures.
'targets' role contains 1 / 1 signatures.
'release' role contains 1 / 1 signatures.
'timestamp' role contains 1 / 1 signatures.
# Verify invalid number of public and private keys.
'timestamp' role contains 0 / 1 signing keys.
# Determine the delegated roles with invalid metadata.
Delegated roles with insufficient keys:
['targets/unclaimed/1', 'targets/unclaimed/0', 'targets/unclaimed/2', 'targets/unclaimed/5', 'targets/unclaimed/4', 'targets/unclaimed/7', 'targets/unclaimed/6', 'targets/unclaimed/9', 'targets/unclaimed/f', 'targets/unclaimed/3', 'targets/unclaimed/a', 'targets/unclaimed/c', 'targets/unclaimed/b', 'targets/unclaimed/e', 'targets/unclaimed/d', 'targets/unclaimed/8']
