This commit performs restructuring on the recently added metadata
class model architecture, which shall be part of a new simple TUF
API.
The key change is that the Metadata class is now used as container
for inner TUF metadata (Root, Timestamp, Snapshot, Targets) instead
of serving as base class for these, that means we use 'composition'
instead of 'inheritance'. Still, in order to aggregate common
attributes of the inner Metadata (expires, version, spec_version),
we use a new baseclass 'Signed', which also corresponds to the
signed field of the outer metadata container.
Based on prior observations in TUF's sister project in-toto, this
architecture seems to more closely represent the metadata model as
it is defined in the specification (see in-toto/in-toto#98 and
in-toto/in-toto#142 for related discussions).
Note that the proposed changes require us to now access some
attributes/methods via the signed attribute of a Metadata object
and not directly on the Metadata object, but it would be possible
to add short-cuts. (see todo notes in doc header).
Further changes include:
- Add minimal doc header with TODO notes
- Make attributes that correspond to fields in TUF JSON metadata
public again. There doesn't seem to be a good reason to protect
them with leading underscores and use setters/getters instead, it
just adds more code.
- Generally try to reduce code.
- Remove keyring and consistent_snapshot attributes from metadata
class. As discussed in #1060 they are a better fit for extra
management code (also see #660)
- Remove sslib schema checks (see TODO notes about validation in
doc header)
- Drop usage of build_dict_conforming_to_schema, it seems a lot
simpler and more explicit to just code this here.
- ... same goes for make_metadata_fileinfo
- Adapt tests accordingly
TODO: Document!!!
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
- Finalize min/max -> least/most refactor
- Comment out unclear input validation
- Use string literal for foward referencing type hint
(see https://www.python.org/dev/peps/pep-0484/#forward-references)
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
* classmethod for init RAMKey from file
* private class variables
* more typing for methods
* better names for arguments
Signed-off-by: Trishank Karthik Kuppusamy <trishank.kuppusamy@datadoghq.com>
dateutil provides an interface which is much easier to reason about for
users, i.e. it provides an interface for year deltas which automatically
handles leap years. Add some tests to try and ensure that, even though it
uses standard library functionality, the metadata API can accept
dateutil.relativedelta and do the right thing.
Signed-off-by: Joshua Lock <jlock@vmware.com>
All of the functionality we need is available from the standard library
which reduces our dependency footprint. Having minimal dependencies is
especially important for update clients which often have to vendor their
dependencies.
However, dateutil.relativedelta is richer than timedelta and helps to
provide a clearer API. For example, with relativedelta it's possible
to specify a delta in years *and* dateutil will do the right thing for
leap years.
Signed-off-by: Joshua Lock <jlock@vmware.com>
We don't capture timezone information in the metadata, therefore we should
not capture it in the interfaces. Ensure we remove timezone information
from any datetime objects when they are assigned to the expiration
property of a Metadata object.
Signed-off-by: Joshua Lock <jlock@vmware.com>
* Add signed_bytes property to return a canonicalised version of signed
* Make the signed property responsible for converting the object into the
dict format expected of the metadata, requiring a per-class
implementation
* Make signable a generic base-class property which returns a dict of
signatures and signed
With these changes we can load and verify metadata with the low-level API!
Signed-off-by: Joshua Lock <jlock@vmware.com>
Enum isn't available in Python 2.7 and accessing the enum members
as items, i.e. Algorithm['RSA'] throws KeyError when the member
is a method.
Work around both of these issues by converting to a dict.
Signed-off-by: Joshua Lock <jlock@vmware.com>
* Remove reference to deprecated settings
* Mention that the tutorial expects the dependencies and link to
instructions
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
Lot of changes in 7 lines:
* PyCrypto is no longer an option: remove mention of it
* RSA-PSS wiki page now redirects to a fairly useless stub: replace it
with the RFC (it's not light reading but better than nothing)
* Mention ECDSA
* Remove mention of json for RSA keys: that does not seem to be true
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
Fix load_repository to actually load the full targets file info from
file system for delegated targets.
Update _load_top_level_metadata to load targets and delegated targets
metadata in a consistent way.
Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
