Commit graph

2453 commits

Author SHA1 Message Date
Lukas Pühringer
a871f648e5
Merge pull request #2378 from jku/move-verify-delegate-v2
Move verify_delegate() to Root/Targets
2023-08-21 13:27:01 +02:00
Satvik Vemuganti
ad117d9579 enhancement: Adds from_data() method to MetaFile
Signed-off-by: Satvik Vemuganti <vemugantisesha@iitbhilai.ac.in>
2023-08-16 06:08:34 +05:30
Lukas Puehringer
15dd931609 Metadata API: make new verify_delegate unaware of Metadata
Change new _Delegator.verify_delegate to take payload bytes and
signatures instead of a Metadata object and a payload serializer.

This allows using verify_delegate for payloads that do not come in
a Metadata container, but e.g. in a DSSE envelope (see #2385).

Usage becomes a bit more cumbersome, but still feels reasonable with the
recently added shortcut for default canonical bytes representation of
Metadata.signed.

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2023-08-01 15:31:59 +02:00
Lukas Puehringer
fc6c91a711 Metadata API: add Metadata.signed_bytes property
- Add shortcut to canonical json representation of self.signed
- Use in tests and Metadata.sign
- Do not use in _Delegator.verify_delegate (will be updated in subsequent
  commit).

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2023-08-01 15:28:12 +02:00
Jussi Kukkonen
635a2870bd Metadata API: Bump deprecation version to next likely candidate
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-08-01 13:08:13 +02:00
Jussi Kukkonen
ca6434b081 Metadata API: Improve docstrings
Remove duplicate docstrings: these are already documented in
_DelegatorMixin and sphinx will find them there.

Tweak a few other strings to remove duplication in the sentence.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>

Metadata API: Improve dosctrings

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-08-01 13:08:13 +02:00
Jussi Kukkonen
0184edcab1 Metadata API: Annotation syntax tweak
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-08-01 13:08:13 +02:00
Jussi Kukkonen
2ace345afe metadata: Rename _Delegator to _DelegatorMixin
Make it clearer that this is not part of the main inheritance path.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-08-01 13:08:13 +02:00
Jussi Kukkonen
a69ddf1f04 ngclient,tests,examples: Use new verify_delegate()
Avoid Metadata.verify_delegate() now that it's deprecated.

Note that this commit does not try to make any code cleanups
that are now possible: this is the minimal change to use the new
API.

Future improvements can make code in TrustedMetadataSet and
Updater slightly easier to read: as an example there's no need for
TrustedMetadataSet to actually store or expose actual Metadata in its
cache -- Signed is all that's needed.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-08-01 13:08:13 +02:00
Jussi Kukkonen
55f6824c24 Move verify_delegate() to Root/Targets
This makes logical sense and makes a lot of code using
verify_delegate() a little easier since there is no need to keep a
reference to the containing metadata anymore.

The implementation is in practice in a new class but that's an
implementation detail that allows sharing between Targets and Root.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-08-01 13:08:13 +02:00
ryanchen99
98d0460cbd
change Root.roles to Dict [Issue #2410]
Signed-off-by: ryanchen99 <60233822+ryanchen99@users.noreply.github.com>
2023-06-16 16:50:01 -07:00
Jussi Kukkonen
0c107c6a8b Release python-tuf 3.0.0
* Update changelog
* Bump version

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-05-09 11:42:49 +03:00
Jussi Kukkonen
cddae3b892 Updates to TargetFile.get_prefixed_paths()
* Use the same solution for producing the paths as we already do in ngclient
* Fix linting issues
* Modify the test results according to new code (I believe these are
  correct, although some cases are so edge cases that disagreement may
  exist. Most importantly I think the method should always return as
  many paths as there are hashes listed

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-03-20 16:12:00 +02:00
Kamui
0eef15ad28 fix: parse manually and handle url edge cases
Signed-off-by: Kamui <fin-kamui@pm.me>
2023-03-20 15:48:51 +02:00
Kamui
1e47e390fb docs: add docstring for method
Signed-off-by: Kamui <fin-kamui@pm.me>
2023-03-20 15:48:51 +02:00
Kamui
24b1db6781 feat: generate hash-prefixed path names for target
Signed-off-by: Kamui <fin-kamui@pm.me>
2023-03-20 15:48:51 +02:00
Jussi Kukkonen
122c522137 repository: Use new annotated properties in do_*()
This gives us working annotations in do_timestamp() and do_snapshot().

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-03-08 10:27:43 +02:00
Jussi Kukkonen
75ca67ef44 repository: Add default arg for targets() and edit_targets()
The default value "targets" makes sense because now the top-level
metadata can be accessed in a standard way:
  root(), timestamp(), snapshot() and targets()
and likewise for the edit_X() functions

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-03-08 10:27:43 +02:00
Jussi Kukkonen
79eb91d278 Add getter functions for Signed objects
These are equivalent to the edit_X() context managers but for cases
where user is not interested in creating a new version of the metadata.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-03-08 10:27:43 +02:00
Jussi Kukkonen
c3411dc59e repository: Rename snapshot()/timestamp()
New names:
  do_snapshot()
  do_timestamp()
This is in preparation of using the old names for another purpose.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-03-08 10:27:43 +02:00
Jussi Kukkonen
0262a8ac49 repository: Add typed edit_*() contextmanagers
The advantage here is that code within the context can take advantage
of the correct typing. This is already visible in the example code but
is even more useful in real applications.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-03-08 10:27:43 +02:00
Jussi Kukkonen
c9c36934f2 repository: Make snapshot/timetamp helpers non-abstract
targets_infos() and snapshot_info() are helpers used by snapshot and
timestamp. Some Repository implementations do not need
snapshot/timestamp (think e.g. a signing tool that never modifies online
roles), so the helpers should not be required.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-02-26 11:35:02 +02:00
Lukas Pühringer
dd855b1fca
Merge pull request #2241 from jku/repository-lib-uploader
Examples: Add repository uploader
2023-02-08 10:30:52 +01:00
Jussi Kukkonen
b67b8c8ad3 Whitespace changes to make new black linter happy
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-02-06 15:29:28 +02:00
Fridolin Pokorny
074778e08f
Fix pydocstyle D209
D209: Multi-line docstring closing quotes should be on a separate line

Signed-off-by: Fridolin Pokorny <fridolin.pokorny@datadoghq.com>
2023-02-06 13:23:33 +01:00
Jussi Kukkonen
d36c0cfa02 examples: Rename client example directory
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-02-02 16:25:47 +02:00
Jussi Kukkonen
d61dbabc78
Merge pull request #2281 from fridex/pydocstyle-d209
Fix pydocstyle D209
2023-02-02 14:33:41 +02:00
Lukas Pühringer
d2c12f2d14
Merge pull request #2165 from jku/no-key
Move (most of) Key to Securesystemslib
2023-01-31 09:20:44 +01:00
Lukas Pühringer
93b8fb6377
Merge pull request #2279 from fridex/export-targetfile-ngclient
Export TUF TargetFile in ngclient
2023-01-31 09:19:41 +01:00
Fridolin Pokorny
744f75c1e7
Fix pydocstyle D209
Fix multi-line docstring closing quotes should be on a separate line

Signed-off-by: Fridolin Pokorny <fridolin.pokorny@datadoghq.com>
2023-01-26 16:36:13 +01:00
Lukas Puehringer
9811ac3568 python-tuf 2.1.0
* update changelog
* bump version

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2023-01-26 16:26:38 +01:00
Fridolin Pokorny
524a6b848f
Export TUF TargetFile in ngclient
Signed-off-by: Fridolin Pokorny <fridolin.pokorny@datadoghq.com>
2023-01-26 15:54:44 +01:00
Fridolin Pokorny
5d347b8707
Fix pydocstyle D400: first line should end with a period
Signed-off-by: Fridolin Pokorny <fridolin.pokorny@datadoghq.com>
2023-01-26 15:33:09 +01:00
Jussi Kukkonen
889b218e7a Add comment explaining public status to the module itself
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-01-26 09:33:44 +02:00
Jussi Kukkonen
f8a7881c87 Make RequestsFetcher public
This is useful for those who want to use the default fetcher
but modify some attributes

The file itself could be moved to tuf/ngclient/ but this is not done yet
as sigstore-python is using this internal module. Move can be done once
sigstore-python 1.0 is no longer relevant.

Fixes #2268

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-01-25 15:55:11 +02:00
Jussi Kukkonen
361bbe40f3 metadata: Refactor delegators key and role lookup
Simplify the lookup of delegated keys and roles by moving it to
Targets and Root: this follows the examples set by add_key() and
remove_key().

Most of the methods are trivial but they make sense because this way
the calling code does not have to care if the object is a Targets or a
Root: the same methods work on both.

The new methods are public since they are useful to applications as
well.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-01-17 15:26:51 +02:00
Jussi Kukkonen
ed0ec03399 Metadata API: Fix verify_delegate for new Key API
verify_delegate() unfortunately needs an almost complete rewrite
as the Key.verify_signature() API change affects it quite a bit.

Refactoring the role and key lookup into a separate method makes the
code readable again.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-01-17 14:31:22 +02:00
Jussi Kukkonen
6dbadaa7b1 Metadata API: Remove Key, import it from Seuresystemslib
Key has been moved to Securesystemslib: use it from there.

This still fails tests as Key API has changed a bit: issues are fixed
in followup commits.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-01-17 14:31:22 +02:00
Jussi Kukkonen
7f85da53b7 metadata API: Refactor exception imports
tuf.exceptions should IMO be seen as the "default exception source".

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-01-17 14:31:22 +02:00
Jussi Kukkonen
e1d15887a8 ngclient: Remove "Optional" from helper props
The properties in TrustedMetadataSet are a bit difficult to use
with static typing since they return Optional but in many cases
we know the "None"-case is impossible.

Remove None from annotation: the idea is that calling the property
getter too early is a programming error: it will result in KeyError
which is consistent:
 * trusted_set["timestamp"] raises KeyError if timestamp is not set
 * trusted_set.timestamp raises KeyError if timestamp is not set

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2022-12-27 16:56:32 +02:00
Aditya Shrivastav
42cb50b15b
Merge branch 'theupdateframework:develop' into metaclass-fix 2022-12-27 16:28:43 +05:30
adityashrivastav1
086216f7cc unused variable removed, inheritance fixed
Signed-off-by: adityashrivastav1 <aditya.shri9981@gmail.com>
2022-12-27 16:27:17 +05:30
adityashrivastav1
2c15c75e50 class FetcherInterface() changed to FetchterInterface(abc.ABC)
Signed-off-by: adityashrivastav1 <aditya.shri9981@gmail.com>
signed off
Signed-off-by: adityashrivastav1 <aditya.shri9981@gmail.com>
2022-12-27 15:44:54 +05:30
Jussi Kukkonen
ba9ea5b88c
Merge pull request #2230 from fridex/pydocstyle-imperative-mood
Fix pydocstyle D401: first line should be in imperative mood
2022-12-27 11:47:46 +02:00
Jussi Kukkonen
e5856f7c91
Merge pull request #2233 from fridex/tuf-ngclient-api
Provide __all__ for tuf.ngclient module
2022-12-27 11:28:33 +02:00
William Woodruff
7b89dd9532
api/metadata: third time's the charm
Signed-off-by: William Woodruff <william@trailofbits.com>
2022-12-22 09:56:35 -05:00
William Woodruff
d44fe52ce1
api/metadata: use debug logging
Signed-off-by: William Woodruff <william@trailofbits.com>
2022-12-21 10:34:32 -05:00
William Woodruff
408bf9ba20
api/metadata: blacken
Signed-off-by: William Woodruff <william@trailofbits.com>
2022-12-20 16:44:21 -05:00
William Woodruff
2876bfd764
tuf: move INFO logs to DEBUG or WARNING
Signed-off-by: William Woodruff <william@trailofbits.com>
2022-12-20 16:36:04 -05:00
Fridolin Pokorny
9ffb4a4474
Provide __all__ for tuf.ngclient module
Signed-off-by: Fridolin Pokorny <fridolin.pokorny@datadoghq.com>
2022-12-20 00:17:31 +01:00