make bootstrap required and explicit: callers must pass bootstrap=<root_bytes> or bootstrap=None.
also tighten docs, examples, and tests to reflect the explicit trust anchor choice.
Signed-off-by: 1seal <security@1seal.org>
We could just stop testing with 3.9... but I think this will lead to
unintentionally breaking 3.9 anyway sooner or later.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
* Start linting securesystemslib calls
(this requires new securesystemslib)
* Fix various issues that suddenly popup
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
securesystemslib.hash is a small wrapper around hashlib, which serves
two main purposes:
* provide helper function to hash a file
* translate custom hash algorithm name "blake2b-256" to "blake2b" with
(digest_size=32).
In preparation for the removal of securesystemslib.hash, this patch ports
above behavior to tuf and uses the builtin hashlib directly where
possible.
related secure-systems-lab/securesystemslib#943
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Update test_updater_toplevel_update to use bootstrap argument by
default.
This still does not include tests for bootstrap feature specifically
but it should prove nothing has broken when the feature was added.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
Expect (failing) call to open for "root_history/2.root.json" now that
the client stores versioned roots.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
Application may have a "more secure" data store than the metadata cache
is: Allow application to bootstrap the Updater with this more secure
root. This means the Updater must also cache the subsequent root versions
(and not just the last one).
* Store versioned root metadata in local cache
* maintain a non versioned symlink to last known good root
* When loading root metadata, look in local cache too
* Add a 'bootstrap' argument to Updater: this allows
initializing the Updater with known good root metadata
instead of trusting the root.json in cache
Additional changes to current functionality:
* when using bootstrap argument, the initial root is written to cache.
This write happens every time Updater is initialized with bootstrap
* The "root.json" symlink is recreated at the end of every refresh()
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
This does not actually test using tuf through proxies: it only tests
that ProxyEnvironment creates the ProxyManagers that we expect to be
created based on the proxy environment variables.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
urllib3 does not handle this but we do want to support proxy users.
The environment variable handling is slightly simplified from the
requests implementation.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
This is still copy-paste in three different files but now at least
the function is the same in every location and not directly copied.
We really should have generic TestCase class...
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
test_updater_ng.py is a little archaic (as it uses the static test
repository content from ye olden days). This commit does not change that
but removes an extra file in client cache dir: it is now quite confusing
as it looks a bit like intermediate root caching but is just an unused
file.
This has the nice side effect that tests now longer need to workaround
this extra file.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
We always want to either verify or generate new results:
don't have multiple arguments.
Also fix annotated types.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
Tests now run from root dir so various coverage complications
can be removed.
Also remove the duplicate .coveragerc and rely on pyproject.toml
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
This allows using some more nice annotations from 3.10
while still being compatible with even Python 3.8.
These are all annotation changes, should not modify any functionality.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
Use freezegun for time mocking instead of manually patching the datetime
module, as it provides a more streamlined solution that works both
on CPython and on PyPy. Unfortunately, due to differences between
the C datetime extension used by CPython, and the pure Python version
of datetime (used by PyPy, and as a fallback on CPython), there does not
seem to be a trivial way to mock time that would work with both
versions.
Fixes#2708
Signed-off-by: Michał Górny <mgorny@gentoo.org>
* repository: Handle online key change situations in do_snapshot() and do_timestamp():
always create a new version if current version is not correctly signed
* remove expectedFailure marks from the related tests
Signed-off-by: h4l0gen <ks3913688@gmail.com>
Signed-off-by: Kapil Sharma <ks3913688@gmail.com>
These are pretty basic and do not test much about the content of the
repository... but it does check version numbers (and how many versions
have been published) in a couple of situations.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
The goal here is to have ruff enable new rulesets when new releases are
made without us having to o anything: we can then decide if we disable
or not.
* Enable a couple more rulesets (ERA, INP, T )
* Add a few individual ignores to tests and examples
* Default to enable all, disable the rulesets we don't want
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
* Remove exectuable flag from a couple of files
* Half of the test files have a shebang (but are
still not executable): remove the shebang
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
