Elgato_dark/python-tuf
1
0
Fork 0
mirror of https://github.com/theupdateframework/python-tuf synced 2026-05-24 10:08:28 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
5187 commits 28 branches 35 tags 23 MiB
Commit graph

5187 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jussi Kukkonen
1aed4bd80e
Merge pull request #2033 from theupdateframework/dependabot/pip/charset-normalizer-2.1.0 
build(deps): bump charset-normalizer from 2.0.12 to 2.1.0
 2022-07-01 09:39:04 +03:00
dependabot[bot]
533bbbd5cd
build(deps): bump charset-normalizer from 2.0.12 to 2.1.0 
Bumps [charset-normalizer](https://github.com/ousret/charset_normalizer) from 2.0.12 to 2.1.0.
- [Release notes](https://github.com/ousret/charset_normalizer/releases)
- [Changelog](https://github.com/Ousret/charset_normalizer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ousret/charset_normalizer/compare/2.0.12...2.1.0)

---
updated-dependencies:
- dependency-name: charset-normalizer
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-07-01 06:32:47 +00:00
Jussi Kukkonen
a40c47ef27
Merge pull request #2044 from theupdateframework/dependabot/pip/requests-2.28.1 
build(deps): bump requests from 2.28.0 to 2.28.1
 2022-07-01 09:31:40 +03:00
Jussi Kukkonen
155a2d5a30
Merge pull request #2045 from theupdateframework/dependabot/pip/pylint-2.14.4 
build(deps): bump pylint from 2.14.3 to 2.14.4
 2022-07-01 09:29:23 +03:00
dependabot[bot]
d673b5bb61
build(deps): bump pylint from 2.14.3 to 2.14.4 
Bumps [pylint](https://github.com/PyCQA/pylint) from 2.14.3 to 2.14.4.
- [Release notes](https://github.com/PyCQA/pylint/releases)
- [Commits](https://github.com/PyCQA/pylint/compare/v2.14.3...v2.14.4)

---
updated-dependencies:
- dependency-name: pylint
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-30 11:01:13 +00:00
dependabot[bot]
89ef9d386e
build(deps): bump requests from 2.28.0 to 2.28.1 
Bumps [requests](https://github.com/psf/requests) from 2.28.0 to 2.28.1.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](https://github.com/psf/requests/compare/v2.28.0...v2.28.1)

---
updated-dependencies:
- dependency-name: requests
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-30 11:01:05 +00:00
Jussi Kukkonen
80d6e737a3
Merge pull request #2043 from theupdateframework/dependabot/github_actions/github/codeql-action-2.1.15 
build(deps): bump github/codeql-action from 2.1.14 to 2.1.15
 2022-06-29 14:53:36 +03:00
dependabot[bot]
b869320624
build(deps): bump github/codeql-action from 2.1.14 to 2.1.15 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.14 to 2.1.15.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](41a4ada31b...3f62b754e2)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-29 10:37:50 +00:00
Jussi Kukkonen
1796947059
Merge pull request #2042 from theupdateframework/dependabot/pip/black-22.6.0 
build(deps): bump black from 22.3.0 to 22.6.0
 2022-06-29 11:25:58 +03:00
Jussi Kukkonen
ff4879e7a8
Merge pull request #2036 from theupdateframework/dependabot/pip/cryptography-37.0.3 
build(deps): bump cryptography from 37.0.2 to 37.0.3
 2022-06-29 11:21:52 +03:00
dependabot[bot]
dfe51f921c
build(deps): bump black from 22.3.0 to 22.6.0 
Bumps [black](https://github.com/psf/black) from 22.3.0 to 22.6.0.
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](https://github.com/psf/black/compare/22.3.0...22.6.0)

---
updated-dependencies:
- dependency-name: black
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-28 10:07:12 +00:00
Jussi Kukkonen
8a03abfdeb
Merge pull request #2039 from MVrachev/add-test-case 
SuccinctRoles.is_delegated_role() add a test case
 2022-06-27 22:14:19 +03:00
Jussi Kukkonen
c5f74c6a9b
Merge pull request #2041 from abs007/develop 
Grammar fix
 2022-06-27 15:47:33 +03:00
Abhisman Sarkar
9f1c86f4a9 Grammar Fix 
Fixed a grammatical error in a comment in utils.py

Signed-off-by: Abhisman Sarkar <abhisman.sarkar@gmail.com>
 2022-06-27 18:09:43 +05:30
Jussi Kukkonen
db946f3ebb
Merge pull request #2037 from theupdateframework/dependabot/github_actions/github/codeql-action-2.1.14 
build(deps): bump github/codeql-action from 2.1.13 to 2.1.14
 2022-06-27 14:37:53 +03:00
Martin Vrachev
ddbbcce432 SuccinctRoles.is_delegated_role() add test case 
Add a test case when there is a bin name with the desired prefix, but
which cannot be cast to a hexadecimal number.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
 2022-06-24 16:48:56 +03:00
dependabot[bot]
fbe30683dd
build(deps): bump github/codeql-action from 2.1.13 to 2.1.14 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.13 to 2.1.14.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](d00e8c09a3...41a4ada31b)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-23 12:59:20 +00:00
dependabot[bot]
ad26b7771c
build(deps): bump cryptography from 37.0.2 to 37.0.3 
Bumps [cryptography](https://github.com/pyca/cryptography) from 37.0.2 to 37.0.3.
- [Release notes](https://github.com/pyca/cryptography/releases)
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/37.0.2...37.0.3)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-22 10:06:39 +00:00
Lukas Pühringer
01acaa4c7b
Merge pull request #2024 from MVrachev/timestamp-eq-version 
ngclient: pick old timestamp if new.version is equal
 2022-06-22 10:51:14 +02:00
Jussi Kukkonen
46eb5a0169
Merge pull request #2028 from theupdateframework/dependabot/pip/certifi-2022.6.15 
build(deps): bump certifi from 2022.5.18.1 to 2022.6.15
 2022-06-22 11:33:36 +03:00
Jussi Kukkonen
7151ef514b
Merge pull request #2032 from theupdateframework/dependabot/pip/pylint-2.14.3 
build(deps): bump pylint from 2.14.2 to 2.14.3
 2022-06-22 11:18:39 +03:00
Jussi Kukkonen
b52ef0bcbb
Merge pull request #2034 from theupdateframework/dependabot/github_actions/github/codeql-action-2.1.13 
build(deps): bump github/codeql-action from 2.1.12 to 2.1.13
 2022-06-22 11:11:22 +03:00
Martin Vrachev
5fd3ddccbc ngclient: pick old timestamp if new.ver is equal 
In the spec version 1.0.30, a new change has been added considering what
should happen if there is a new timestamp with the same version.
It says the following:
"In case they [versions] are equal, discard the new
timestamp metadata and abort the update cycle.
This is normal and it shouldn't raise any error."

In other words, if there is a new timestamp with the same version, then
stop the update process and use the old timestamp.

Those changes reflect these latest specification modifications.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
 2022-06-21 14:52:31 +03:00
dependabot[bot]
efc530a932
build(deps): bump github/codeql-action from 2.1.12 to 2.1.13 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.12 to 2.1.13.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](27ea8f8fe5...d00e8c09a3)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-21 10:21:08 +00:00
dependabot[bot]
6f07897be2
build(deps): bump pylint from 2.14.2 to 2.14.3 
Bumps [pylint](https://github.com/PyCQA/pylint) from 2.14.2 to 2.14.3.
- [Release notes](https://github.com/PyCQA/pylint/releases)
- [Commits](https://github.com/PyCQA/pylint/compare/v2.14.2...v2.14.3)

---
updated-dependencies:
- dependency-name: pylint
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-20 10:07:54 +00:00
Jussi Kukkonen
39f03ac8b1
Merge pull request #2029 from theupdateframework/dependabot/github_actions/actions/dependency-review-action-2.0.2 
build(deps): bump actions/dependency-review-action from 2.0.0 to 2.0.2
 2022-06-20 12:27:50 +03:00
Lukas Pühringer
f2609aba7d
Merge pull request #2010 from MVrachev/tap15-final-design 2022-06-17 13:24:18 +02:00
Martin Vrachev
c6488f0588 SuccinctRoles: add readme information 
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
 2022-06-17 13:33:01 +03:00
Martin Vrachev
26abdfbbce Test delegation tree with succinct_roles 
Test traversing the delegation tree when there is a Targets using a
delegation with succinct roles.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
 2022-06-17 13:33:01 +03:00
Martin Vrachev
4abb826eb5 RepositorySimulator: support succinct_roles 
Add support for Targets using delegation with succinct_roles.
For that purpose, we needed a method that can add succinct_roles
information with its all corresponding bins to the target metadata
and self.md_delegates attribute in RepositorySimulator.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
 2022-06-17 13:33:01 +03:00
Martin Vrachev
28b6917739 Root and Targets key API changes 
Here is the list of all breaking API changes:
1) The "role" and "key" arguments in "Root.add_key()" are in reverse
order - "key" becomes first and "role" second.
2) "Root.remove_key()" has been renamed to "Root.revoke_key()".
3) The "role" and "keyid" arguments in "Root.revoke_key()" are in
reverse order - "keyid" becomes first and "role" second.
4) The "role" and "key" arguments in "Targets.add_key()" are in reverse
order - "key" becomes first and "role" second.
5) "Targets.remove_key()" has been renamed to "Targets.revoke_key()".
6) The "role" and "keyid" arguments in "Targets.revoke_key()" are in
reverse order - "keyid" becomes first and "role" second.
7) In both methods "Targets.add_key()" and "Targets.revoke_key()" the
"role" argument becomes an optional with a default value of None.

Those changes are made in an effort to make those methods logical
for both cases when standard roles and succinct_roles are used.
The "Root" API change was done in order to preserve naming and argument
order consistency with "Targets" API.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
 2022-06-17 13:33:01 +03:00
Martin Vrachev
15cd42c0d6 Delegations: add support for succinct_roles 
This commit contains 2 API changes in "Delegations" class from
tuf/api/metadata.py:
1. roles argment is made optional
2. unrecognized_fields argument becomes the 4-th rather than the 3-rd
as it used to be

In this commit, I add support for succinct_roles roles inside
Delegations class. This change is related to TAP 15 proposal.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
 2022-06-17 13:33:01 +03:00
Martin Vrachev
f80b4ca1d2 Clarifications and simplifications 
Clarify explicitly that exactly one of "paths" and "path_hash_prefixes"
must be set inside DelegatedRole.
Also simplify the check for "paths" and "path_hash_prefixes".
Finally, add a test case inside the "test_metadata_serialization.py"
test file about wrong keyids type for "Role" serialization.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
 2022-06-17 13:33:01 +03:00
Martin Vrachev
0a92cb91e3 Add helper methods in SuccinctRoles 
Add two helper methods in SuccinctRoles.
Those methods proved useful in the testing code, but I believe they have
a potential value for production code as well.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
 2022-06-17 13:33:00 +03:00
dependabot[bot]
190e9e1f69
build(deps): bump actions/dependency-review-action from 2.0.0 to 2.0.2 
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 2.0.0 to 2.0.2.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](97790d29c7...1c59cdf2a9)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-16 10:24:53 +00:00
dependabot[bot]
c22e1f7930
build(deps): bump certifi from 2022.5.18.1 to 2022.6.15 
Bumps [certifi](https://github.com/certifi/python-certifi) from 2022.5.18.1 to 2022.6.15.
- [Release notes](https://github.com/certifi/python-certifi/releases)
- [Commits](https://github.com/certifi/python-certifi/compare/2022.05.18.1...2022.06.15)

---
updated-dependencies:
- dependency-name: certifi
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-16 10:08:18 +00:00
Jussi Kukkonen
c89cb50b83
Merge pull request #2026 from theupdateframework/dependabot/github_actions/actions/dependency-review-action-2 
build(deps): bump actions/dependency-review-action from 1.0.2 to 2
 2022-06-16 09:47:16 +03:00
Lukas Pühringer
3e79fa4eb2
Merge pull request #2027 from jku/fix-blog-filename 
docs: Rename blog post
 2022-06-15 14:25:26 +02:00
Jussi Kukkonen
6e20c31446
Merge pull request #1932 from joshuagl/joshuagl/codeql 
Add workflow for basic codeql analysis
 2022-06-15 13:53:58 +03:00
Jussi Kukkonen
4a174d0812
Merge pull request #2025 from theupdateframework/dependabot/pip/pylint-2.14.2 
build(deps): bump pylint from 2.14.1 to 2.14.2
 2022-06-15 13:48:01 +03:00
Jussi Kukkonen
95bbc2506d docs: Rename blog post 
Jekyll apparently considers posts without a date as drafts: rename the
latest post.

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
 2022-06-15 13:43:09 +03:00
dependabot[bot]
d05a2f8d2f
build(deps): bump actions/dependency-review-action from 1.0.2 to 2 
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 1.0.2 to 2.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](a9c83d3af6...97790d29c7)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-15 10:27:51 +00:00
dependabot[bot]
964783c641
build(deps): bump pylint from 2.14.1 to 2.14.2 
Bumps [pylint](https://github.com/PyCQA/pylint) from 2.14.1 to 2.14.2.
- [Release notes](https://github.com/PyCQA/pylint/releases)
- [Commits](https://github.com/PyCQA/pylint/compare/v2.14.1...v2.14.2)

---
updated-dependencies:
- dependency-name: pylint
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-15 10:07:52 +00:00
Joshua Lock
6678d2f76a Add workflow for codeql analysis 
Signed-off-by: Joshua Lock <jlock@vmware.com>
 2022-06-15 10:19:35 +01:00
Jussi Kukkonen
251a22aaa0
Merge pull request #1941 from ivanayov/tricky_test_case_blog_post 
Add tricky test case blog post
 2022-06-15 11:43:22 +03:00
Martin Vrachev
d8808fbdcc SuccinctRoles: add zero padding to bins 
Add zero padding to bin names inside SuccinctRoles.
Zero padding ensures that the bin names always have the same length.

This characteristic is implied in the example given by TAP 15 where
the third bin is named "alice.hbd-03". For context read TAP 15:
https://github.com/theupdateframework/taps/blob/master/tap15.md

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
 2022-06-14 18:26:08 +03:00
Lukas Pühringer
1e813fe759
Merge pull request #2022 from theupdateframework/dependabot/pip/requests-2.28.0 
build(deps): bump requests from 2.27.1 to 2.28.0
 2022-06-13 10:17:14 +02:00
Jussi Kukkonen
c05070286c
Merge pull request #2021 from theupdateframework/dependabot/github_actions/actions/setup-python-4 
build(deps): bump actions/setup-python from 3.1.2 to 4
 2022-06-13 10:16:08 +03:00
dependabot[bot]
548b5b87b0
build(deps): bump requests from 2.27.1 to 2.28.0 
Bumps [requests](https://github.com/psf/requests) from 2.27.1 to 2.28.0.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](https://github.com/psf/requests/compare/v2.27.1...v2.28.0)

---
updated-dependencies:
- dependency-name: requests
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-10 10:05:20 +00:00
Martin Vrachev
9259ced68a Add SuccinctRole class 
Add SuccinctRoles class containing the information from the
succint_roles dict described in TAP 15.
This allows for easy mypy checks on the types, easy enforcement on
TAP 15 restrictions (as for example that "bit_length" must be between 1
and 32) and support for unrecognized fields inside succinct_roles
without much of a hassle.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
 2022-06-09 20:30:30 +03:00