Elgato_dark/python-tuf
1
0
Fork 0
mirror of https://github.com/theupdateframework/python-tuf synced 2026-05-24 10:08:28 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
5834 commits 28 branches 35 tags 23 MiB
Commit graph

5834 commits

This branch
This branch
All branches
Author SHA1 Message Date
dependabot[bot]
2e82328f69
build(deps): bump github/codeql-action from 2.21.4 to 2.21.5 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.4 to 2.21.5.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](a09933a12a...00e563ead9)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-29 10:32:24 +00:00
Lukas Pühringer
a871f648e5
Merge pull request #2378 from jku/move-verify-delegate-v2 
Move verify_delegate() to Root/Targets
 2023-08-21 13:27:01 +02:00
Jussi Kukkonen
e6f397d2ae
Merge pull request #2448 from theupdateframework/dependabot/pip/mypy-1.5.1 
build(deps): bump mypy from 1.5.0 to 1.5.1
 2023-08-17 15:52:19 +03:00
Jussi Kukkonen
7924f8851d
Merge pull request #2447 from lukpueh/fix-sslibsigner-test 
tests: adopt sslib changes in test_sign_failures
 2023-08-17 15:51:36 +03:00
dependabot[bot]
108a8c1a34
build(deps): bump mypy from 1.5.0 to 1.5.1 
Bumps [mypy](https://github.com/python/mypy) from 1.5.0 to 1.5.1.
- [Commits](https://github.com/python/mypy/compare/v1.5.0...v1.5.1)

---
updated-dependencies:
- dependency-name: mypy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-17 10:44:21 +00:00
Lukas Pühringer
00a6ac7f0a
Merge pull request #2273 from VickyMerzOwn/develop 
enhancement: Add from_data() method to MetaFile
 2023-08-16 17:21:41 +02:00
Lukas Puehringer
d45d65521b tests: adopt sslib changes in test_sign_failures 
fixes #2444

SSlibSigner was changed recently (secure-stystems-lab/securesystemslib#604)
to fail on bad input data (keydict) at init instead of when signing.

The patched test used to trigger expects a Signer.sign error from an
SSlibSigner, which is no longer possible.

To still get the desired error, the test uses a custom signer, which
does raise on sign.

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
 2023-08-16 16:36:27 +02:00
Satvik Vemuganti
d3c0e614c1 Merge branch 'develop' of github.com:VickyMerzOwn/python-tuf into develop 2023-08-16 08:56:57 +05:30
Satvik Vemuganti
7a3a76321e Merge branch 'develop' of github.com:VickyMerzOwn/python-tuf into develop 
Signed-off-by: Satvik Vemuganti <vemugantisesha@iitbhilai.ac.in>
 2023-08-16 08:56:37 +05:30
Satvik Vemuganti
ea62543e88
Merge branch 'theupdateframework:develop' into develop 2023-08-16 06:18:12 +05:30
Satvik Vemuganti
363a320932 Merge branch 'develop' of github.com:VickyMerzOwn/python-tuf into develop 2023-08-16 06:15:10 +05:30
Satvik Vemuganti
ad117d9579 enhancement: Adds from_data() method to MetaFile 
Signed-off-by: Satvik Vemuganti <vemugantisesha@iitbhilai.ac.in>
 2023-08-16 06:08:34 +05:30
Jussi Kukkonen
016e16c1a9
Merge pull request #2446 from theupdateframework/dependabot/github_actions/actions/dependency-review-action-3.0.8 
build(deps): bump actions/dependency-review-action from 3.0.7 to 3.0.8
 2023-08-15 16:17:49 +03:00
Jussi Kukkonen
5afc4c825f
Merge pull request #2445 from theupdateframework/dependabot/github_actions/github/codeql-action-2.21.4 
build(deps): bump github/codeql-action from 2.21.3 to 2.21.4
 2023-08-15 16:17:05 +03:00
dependabot[bot]
69568c52fa
build(deps): bump actions/dependency-review-action from 3.0.7 to 3.0.8 
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 3.0.7 to 3.0.8.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](7d90b4f05f...f6fff72a32)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-15 10:08:36 +00:00
dependabot[bot]
11c67cc04d
build(deps): bump github/codeql-action from 2.21.3 to 2.21.4 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.3 to 2.21.4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](5b6282e01c...a09933a12a)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-15 10:08:34 +00:00
Satvik Vemuganti
8df79be84c enhancement: Adds from_data() method to MetaFile 
Signed-off-by: Satvik Vemuganti <vemugantisesha@iitbhilai.ac.in>
 2023-08-14 17:58:09 +05:30
Jussi Kukkonen
44632b4866
Merge pull request #2441 from theupdateframework/dependabot/github_actions/pypa/gh-action-pypi-publish-1.8.10 
build(deps): bump pypa/gh-action-pypi-publish from 1.8.8 to 1.8.10
 2023-08-11 14:20:59 +03:00
Jussi Kukkonen
bb8663aced
Merge pull request #2437 from theupdateframework/dependabot/github_actions/actions/dependency-review-action-3.0.7 
build(deps): bump actions/dependency-review-action from 3.0.6 to 3.0.7
 2023-08-11 13:50:07 +03:00
dependabot[bot]
7f1b4f372b
build(deps): bump pypa/gh-action-pypi-publish from 1.8.8 to 1.8.10 
Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) from 1.8.8 to 1.8.10.
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases)
- [Commits](f8c70e705f...b7f401de30)

---
updated-dependencies:
- dependency-name: pypa/gh-action-pypi-publish
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-11 10:38:06 +00:00
Jussi Kukkonen
ab2ca04139
Merge pull request #2440 from theupdateframework/dependabot/pip/mypy-1.5.0 
build(deps): bump mypy from 1.3.0 to 1.5.0
 2023-08-11 13:32:15 +03:00
dependabot[bot]
3a03633510
build(deps): bump mypy from 1.3.0 to 1.5.0 
Bumps [mypy](https://github.com/python/mypy) from 1.3.0 to 1.5.0.
- [Commits](https://github.com/python/mypy/compare/v1.3.0...v1.5.0)

---
updated-dependencies:
- dependency-name: mypy
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-11 10:19:02 +00:00
Jussi Kukkonen
d83a391ec3
Merge pull request #2435 from theupdateframework/dependabot/github_actions/github/codeql-action-2.21.3 
build(deps): bump github/codeql-action from 2.21.2 to 2.21.3
 2023-08-11 12:34:11 +03:00
dependabot[bot]
52b8c685e0
build(deps): bump actions/dependency-review-action from 3.0.6 to 3.0.7 
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 3.0.6 to 3.0.7.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](1360a344cc...7d90b4f05f)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-10 10:47:08 +00:00
dependabot[bot]
e11fe641ac
build(deps): bump github/codeql-action from 2.21.2 to 2.21.3 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.2 to 2.21.3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](0ba4244466...5b6282e01c)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-09 10:10:30 +00:00
Lukas Pühringer
a6fb0d7ddd
Merge pull request #2434 from theupdateframework/dependabot/pip/cryptography-41.0.3 
build(deps): bump cryptography from 41.0.2 to 41.0.3
 2023-08-03 14:02:58 +02:00
dependabot[bot]
280feaa75c
build(deps): bump cryptography from 41.0.2 to 41.0.3 
Bumps [cryptography](https://github.com/pyca/cryptography) from 41.0.2 to 41.0.3.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/41.0.2...41.0.3)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-02 10:01:59 +00:00
Lukas Puehringer
15dd931609 Metadata API: make new verify_delegate unaware of Metadata 
Change new _Delegator.verify_delegate to take payload bytes and
signatures instead of a Metadata object and a payload serializer.

This allows using verify_delegate for payloads that do not come in
a Metadata container, but e.g. in a DSSE envelope (see #2385).

Usage becomes a bit more cumbersome, but still feels reasonable with the
recently added shortcut for default canonical bytes representation of
Metadata.signed.

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
 2023-08-01 15:31:59 +02:00
Lukas Puehringer
fc6c91a711 Metadata API: add Metadata.signed_bytes property 
- Add shortcut to canonical json representation of self.signed
- Use in tests and Metadata.sign
- Do not use in _Delegator.verify_delegate (will be updated in subsequent
  commit).

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
 2023-08-01 15:28:12 +02:00
Jussi Kukkonen
635a2870bd Metadata API: Bump deprecation version to next likely candidate 
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
 2023-08-01 13:08:13 +02:00
Jussi Kukkonen
e51c0beee3 tests: Move lint disable to inside block as intended 
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
 2023-08-01 13:08:13 +02:00
Jussi Kukkonen
ca6434b081 Metadata API: Improve docstrings 
Remove duplicate docstrings: these are already documented in
_DelegatorMixin and sphinx will find them there.

Tweak a few other strings to remove duplication in the sentence.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>

Metadata API: Improve dosctrings

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
 2023-08-01 13:08:13 +02:00
Jussi Kukkonen
0184edcab1 Metadata API: Annotation syntax tweak 
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
 2023-08-01 13:08:13 +02:00
Jussi Kukkonen
2ace345afe metadata: Rename _Delegator to _DelegatorMixin 
Make it clearer that this is not part of the main inheritance path.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
 2023-08-01 13:08:13 +02:00
Jussi Kukkonen
a69ddf1f04 ngclient,tests,examples: Use new verify_delegate() 
Avoid Metadata.verify_delegate() now that it's deprecated.

Note that this commit does not try to make any code cleanups
that are now possible: this is the minimal change to use the new
API.

Future improvements can make code in TrustedMetadataSet and
Updater slightly easier to read: as an example there's no need for
TrustedMetadataSet to actually store or expose actual Metadata in its
cache -- Signed is all that's needed.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
 2023-08-01 13:08:13 +02:00
Jussi Kukkonen
55f6824c24 Move verify_delegate() to Root/Targets 
This makes logical sense and makes a lot of code using
verify_delegate() a little easier since there is no need to keep a
reference to the containing metadata anymore.

The implementation is in practice in a new class but that's an
implementation detail that allows sharing between Targets and Root.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
 2023-08-01 13:08:13 +02:00
Jussi Kukkonen
12d0c3cd1e
Merge pull request #2432 from theupdateframework/dependabot/github_actions/github/codeql-action-2.21.2 
build(deps): bump github/codeql-action from 2.21.1 to 2.21.2
 2023-07-31 20:48:20 +03:00
dependabot[bot]
34507c46ae
build(deps): bump github/codeql-action from 2.21.1 to 2.21.2 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.1 to 2.21.2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](6ca1aa8c19...0ba4244466)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-07-31 10:57:23 +00:00
Jussi Kukkonen
9a2c2c59d2
Merge pull request #2430 from theupdateframework/dependabot/pip/pylint-2.17.5 
build(deps): bump pylint from 2.17.4 to 2.17.5
 2023-07-27 13:37:42 +03:00
Jussi Kukkonen
671142087f
Merge pull request #2431 from theupdateframework/dependabot/github_actions/github/codeql-action-2.21.1 
build(deps): bump github/codeql-action from 2.21.0 to 2.21.1
 2023-07-27 13:36:44 +03:00
dependabot[bot]
f17c3b13ac
build(deps): bump github/codeql-action from 2.21.0 to 2.21.1 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.0 to 2.21.1.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](1813ca74c3...6ca1aa8c19)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-07-27 10:09:15 +00:00
dependabot[bot]
7e3307cf7e
build(deps): bump pylint from 2.17.4 to 2.17.5 
Bumps [pylint](https://github.com/pylint-dev/pylint) from 2.17.4 to 2.17.5.
- [Release notes](https://github.com/pylint-dev/pylint/releases)
- [Commits](https://github.com/pylint-dev/pylint/compare/v2.17.4...v2.17.5)

---
updated-dependencies:
- dependency-name: pylint
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-07-26 10:10:44 +00:00
Jussi Kukkonen
11801fff88
Merge pull request #2429 from theupdateframework/dependabot/pip/requirements/certifi-2023.7.22 
build(deps): bump certifi from 2023.5.7 to 2023.7.22 in /requirements
 2023-07-26 09:53:03 +03:00
dependabot[bot]
3d8d8e97d5
build(deps): bump certifi from 2023.5.7 to 2023.7.22 in /requirements 
Bumps [certifi](https://github.com/certifi/python-certifi) from 2023.5.7 to 2023.7.22.
- [Commits](https://github.com/certifi/python-certifi/compare/2023.05.07...2023.07.22)

---
updated-dependencies:
- dependency-name: certifi
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-07-25 23:04:21 +00:00
Jussi Kukkonen
ea253de53b
Merge pull request #2426 from theupdateframework/dependabot/pip/urllib3-2.0.4 
build(deps): bump urllib3 from 2.0.3 to 2.0.4
 2023-07-24 09:45:02 +03:00
Jussi Kukkonen
2077ee269f
Merge pull request #2427 from theupdateframework/dependabot/github_actions/github/codeql-action-2.21.0 
build(deps): bump github/codeql-action from 2.20.4 to 2.21.0
 2023-07-24 09:44:22 +03:00
dependabot[bot]
9ae7c20760
build(deps): bump github/codeql-action from 2.20.4 to 2.21.0 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.20.4 to 2.21.0.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](489225d82a...1813ca74c3)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-07-20 10:30:25 +00:00
dependabot[bot]
ce43204729
build(deps): bump urllib3 from 2.0.3 to 2.0.4 
Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.0.3 to 2.0.4.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](https://github.com/urllib3/urllib3/compare/2.0.3...2.0.4)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-07-20 10:21:42 +00:00
Lukas Pühringer
3262767aec
Merge pull request #2423 from theupdateframework/dependabot/github_actions/actions/setup-python-4.7.0 
build(deps): bump actions/setup-python from 4.6.1 to 4.7.0
 2023-07-17 14:02:29 +02:00
Lukas Pühringer
9e18fd733d
Merge pull request #2422 from theupdateframework/dependabot/github_actions/pypa/gh-action-pypi-publish-1.8.8 
build(deps): bump pypa/gh-action-pypi-publish from 1.8.7 to 1.8.8
 2023-07-17 13:52:45 +02:00