Rather than read to the end of the file in order to determin its size, use
the whence value of seek() to move the file object's position to the end
of the file, then the tell() method of the file object to read the current
position in bytes.
Co-authored-by: Jussi Kukkonen <jkukkonen@vmware.com>
Signed-off-by: Joshua Lock <jlock@vmware.com>
The call stack and code for download_target() is more complex than
required:
* download_target() : builds target destination filepath, gets length
and hashes
* _get_target_file() : fixes filenames if consistent snapshots enabled,
defines verification callback
* _get_file() : iterates mirrors, tries to download files, verifies them
Remove the verification callback and collapse the call stack by a single
level to make the code easier to follow.
Signed-off-by: Joshua Lock <jlock@vmware.com>
Python 3.9 is released on October 5-th 2020 and it seems
logical to add support for it.
For reference read:
https://docs.python.org/3/whatsnew/3.9.html
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
There is a simpler way to skip modules or particular tests
built-in into the unittest module.
That's why it doesn't make sense for us to manually filter
modules based on the python version we are running.
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
Added ExpiredMetadataError to function documentation where it seems to
be missing.
Corrected the refresh() documentation: ExpiredMetadataError can only
happen when top level metadata does not need to be updated but is
expired. If the metadata gets updated and is expired, the result will
be a NoWorkingMirror with ExpiredMetadata inside it.
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
Provide additional context to clarify where we expect Python 3.6+ to be used
exclusively (new modules) and link to other discussions around the future of
Python 2.7 supporting code.
Signed-off-by: Joshua Lock <jlock@vmware.com>
In order to make decisions about the code and the design explicit and easier
to reference in future we want to record significant architectural decisions.
This commit introduces docs/adr with a template Architectural Decision Record
and index using the [MADR](https://adr.github.io/madr/) format.
It also adds ADR 0000 to document the decisions to use MADR.
Fixes#1141
Signed-off-by: Joshua Lock <jlock@vmware.com>
Commit eb00d14 modified requirements-pinned.txt so that sslib specifiers
are now "[crypto,pynacl]". This happens to match the exact specifiers
used for the sslib git master dependency in tox.ini. This triggers pip
to say:
ERROR: Double requirement given: securesystemslib[crypto,pynacl]==0.16.0
(from -r /home/jku/src/tuf/requirements-pinned.txt (line 12)) (already
in securesystemslib[crypto,pynacl] from
git+http://github.com/secure-systems-lab/securesystemslib.git@master#egg=securesystemslib[crypto,pynacl],
name='securesystemslib')
Avoid this by not setting any specifiers for the sslib git master
dependency in tox.ini: This makes pip happy and we get the git master
version installed. pynacl and crypto are still installed because they
are in requirements-pinned.txt.
Fixes#1184.
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
The repo script was the only user and can now do the right thing when
colorama isn't available in the environment.
Signed-off-by: Joshua Lock <jlock@vmware.com>
Instead of using colorama directly for terminal colours, use the
constants in securesystemslib.interface which map to colorama colours
IFF colorama is installed.
This change results in a red password prompt when colorama is installed
and a standard terminal output coloured prompt when colorama is not
installed.
Signed-off-by: Joshua Lock <jlock@vmware.com>
Even though we don't want to promote the usage of [''] as a value
for confined_target_dirs, it's good to test against because we
don't want to introduce a breaking change for our users.
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
The field confined_target_dirs from the MIRROR_SCHEMA is
a list of strings. Those strings define the accessible target
paths for that mirror. For one target to be available for that mirror,
its path should have as a prefix at least one of the strings defined
in confined_target_dirs.
That's why when confined_target_dirs is a list with one element empty
string (e.g. ['']) this means all targets files on that mirror are
available and if confined_target_dirs is empty list (e.g. []) this
would be interpreted as none of the target files is available.
This is a confusing API that could easily lead to mistakes.
That's why it's better we promote to not set confined_target_dirs
at all if a user wants targets to be available.
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
We don't need to lint the code with every version of Python, instead add
an extra tox env which lints once with the latest supported Python version
Signed-off-by: Joshua Lock <jlock@vmware.com>
The Targets constructor takes seven arguments, which violates pylints
default value of five for max-arguments:
R0913: Too many arguments (7/5) (too-many-arguments)
As this feels like a coding style decision that should be made and
documented disable that test for only the Targets constructor until
a coding style decision has been made and documented as a decision
record.
Signed-off-by: Joshua Lock <jlock@vmware.com>
Using an else after a raise results in a refactor message from pylint:
R1720: Unnecessary "elif" after "raise" (no-else-raise)
This is because the raise will exit the block, and pylint suggests that
explicit if's, rather than an if-elif-else, are clearer style. Update the
style of Metadata.verify() to match pylint expectations.
Signed-off-by: Joshua Lock <jlock@vmware.com>
A single letter variable name of 'f' causes pylint to throw a coding style
convention warning:
C0103: Variable name "f" doesn't conform to snake_case naming style
(invalid-name)
Signed-off-by: Joshua Lock <jlock@vmware.com>
Add a minimal pylintrc to lint for new code being developed in tuf/api and
update the tox configuration to ignore tuf/api with the default pylintrc
and run an extra invocation of pylint for just the modules in tuf/api.
Signed-off-by: Joshua Lock <jlock@vmware.com>
