Commit graph

4908 commits

Author SHA1 Message Date
dependabot[bot]
2f59322cef
build(deps): bump charset-normalizer from 2.0.11 to 2.0.12
Bumps [charset-normalizer](https://github.com/ousret/charset_normalizer) from 2.0.11 to 2.0.12.
- [Release notes](https://github.com/ousret/charset_normalizer/releases)
- [Changelog](https://github.com/Ousret/charset_normalizer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ousret/charset_normalizer/compare/2.0.11...2.0.12)

---
updated-dependencies:
- dependency-name: charset-normalizer
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-02-14 10:08:35 +00:00
Lukas Pühringer
a347d034a2
Merge pull request #1809 from MVrachev/signatures-tests
Add Metadata.signatures serialization tests
2022-02-11 11:47:59 +01:00
Lukas Pühringer
3b135d71f1
Merge pull request #1855 from lukpueh/update-maintainers-txt
doc: Remove inactive maintainers from MAINTAINERS
2022-02-11 10:58:47 +01:00
Lukas Puehringer
16e6f739a5 doc: add emeritus section to maintainers file
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2022-02-11 09:49:33 +01:00
Martin Vrachev
17503ebba3 Remove unnecessary copy operations
There is no need to copy "case_dict" inside serialization test
functions in test_metadata_serialization.py when we are testing
invalid arguments.
These dictionaries are not be used after calling "from_dict" and
it doesn't matter if they are empty afterward.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2022-02-10 17:30:35 +02:00
Martin Vrachev
cd34793b0a Move nonunique sigs test to serialization tests
Move the duplicating signatures tests from test_metadata_base function
in test_api.py into test_metadata_serialization.py.
This is a more logical place to store this test case as
test_metadata_base is actually focused on testing
Metadata.signed.is_expired.
That also is the reason why I renamed test_metadata_base to
test_metadata_signed_is_expired.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2022-02-10 17:30:35 +02:00
Martin Vrachev
d2a840f8e1 Add signatures serialization tests
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2022-02-10 17:30:35 +02:00
Martin Vrachev
bf5c6ee533 Update securesystemslib version to 0.22.0
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2022-02-10 17:30:35 +02:00
Lukas Puehringer
b94ef08b30 doc: Remove inactive maintainers from MAINTAINERS
As discussed in detail in #1793, maintainer-level (GitHub)
permissions should be granted to those who need them, i.e. who
actively maintain the project at the moment.
The MAINTAINERS.txt file should reflect that state.

It will be reviewed regularly (#1803), and can be changed (e.g.
reverted to a prior state) at any time as need arises.

To express our appreciation for past efforts, we might use the
Acknowledgement section of the README, and also update it
regularly.

In the case of this update: Big kudos to @awwad, @SantiagoTorres
and @sechkova for all their valuable contributions to python-tuf!

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2022-02-10 13:11:21 +01:00
Jussi Kukkonen
99059a5661
Merge pull request #1848 from lukpueh/rm-docs-images
doc: remove obsolete docs/images dir
2022-02-10 10:20:15 +02:00
Lukas Pühringer
e879773264
Merge pull request #1850 from lukpueh/mv-contributors
doc: rename contribution instructions
2022-02-09 15:26:55 +01:00
Lukas Puehringer
4d1fad233a doc: rename contribution instructions
Rename CONTRIBUTORS.rst -> CONTRIBUTING.rst. The new name is what
GitHub expects and will make the document more discoverable, e.g.
on https://github.com/theupdateframework/python-tuf/contribute.

More details under:
https://docs.github.com/en/communities/setting-up-your-project-for-healthy-contributions/setting-guidelines-for-repository-contributors

Note: I searched all repositories in theupdateframework GitHub
organization for references (there were none) and will update the
links in the CII Best Practice badge app for tuf.

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2022-02-09 15:08:45 +01:00
Lukas Puehringer
365f17bc28 doc: remove obsolete docs/images dir
Remove obsolete docs/images directory which contains unused
variants of the logo. The canonical location of TUF logos is
theupdateframework/artwork, which has high-resolution formats (png
and svg) for all variants of the logo.

Also see https://github.com/theupdateframework/artwork/pull/3.

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2022-02-09 14:25:55 +01:00
Lukas Pühringer
d4dd652582
Merge pull request #1836 from MVrachev/verify-sig-serialization-error
verify_signature(): handle SerializationError
2022-02-08 14:52:35 +01:00
Lukas Pühringer
177976a890
Merge pull request #1840 from MVrachev/from-securesystemslib-key-sslib-error
Key.from_securesystemslib_key() raise ValueError
2022-02-08 12:49:47 +01:00
Lukas Pühringer
39ef75115e
Merge pull request #1839 from jku/requirements-remove-docutils-pinning
build: Remove docs build requirement version pin
2022-02-08 12:48:33 +01:00
Martin Vrachev
8b6566ab3b from_securesystemslib_key() raise ValueError
If a securesystemslib.FormatError is raised inside
Key.from_securesystemslib_key() then reraise ValueError.
This is done so that our users don't have to import securesystemslib
in order to handle the error and because the securesystemslib error
itself is securesystemslib implementation-specific.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2022-02-08 13:44:12 +02:00
Jussi Kukkonen
0537f12c6f build: Remove docs build requirement version pin
docutils is a sphinx-rtd-theme requirement: pinning was done
to workaround a bug that seems to now be fixed.

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2022-02-08 13:18:27 +02:00
Lukas Pühringer
1e36ec68af
Merge pull request #1838 from MVrachev/verify-delegate-document-exceptions
verify_delegate() document ValueError and TypeError
2022-02-08 12:18:10 +01:00
Jussi Kukkonen
2cc3df57a8
Merge pull request #1834 from theupdateframework/dependabot/pip/pycparser-2.21
build(deps): bump pycparser from 2.20 to 2.21
2022-02-08 13:11:45 +02:00
Martin Vrachev
5f515791df verify_delegate() doc ValueError and TypeError
Add missing documentation for ValueError and TypeError inside
Metadata.verify_delegate().

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2022-02-08 13:10:46 +02:00
Jussi Kukkonen
b497180e6c
Merge pull request #1815 from ivanayov/metadata_docstrings_imprv
Improve docstrings language in Metadata API
2022-02-08 12:59:35 +02:00
Lukas Pühringer
f379e94817
Merge pull request #1837 from joshuagl/joshuagl/license
build: add license field to setup.cfg
2022-02-08 11:43:52 +01:00
Ivana Atanasova
9169fcb575 Update repetitive docstrings language in Metadata API
This change updates some obvious and unnecessary fields docs in the
Metadata API with more despriptive details

Signed-off-by: Ivana Atanasova <iyovcheva@vmware.com>
2022-02-08 12:43:11 +02:00
Ivana Atanasova
acf3df67ff Improve docstrings language in Metadata API - article
This change unifies as mush as the context allows and improves the
use of definite vs. indefinite vs. no article across docs in the
Metadata API. It sticks to no article in most cases for simplisity
and readability, but leaves definite article where it's strictly
necessary

Signed-off-by: Ivana Atanasova <iyovcheva@vmware.com>
2022-02-08 12:39:33 +02:00
Ivana Atanasova
40aef7ee23 Improve docstrings language in Metadata API - wording
This change unifies wording across docs in the Metadata API, like
Args vs. Arguments and same repetitive descriptions written
differently in different classes/methods

Signed-off-by: Ivana Atanasova <iyovcheva@vmware.com>
2022-02-08 12:37:23 +02:00
Ivana Atanasova
0feec0c5f5 Improve docstrings language in Metadata API - quotes
This change unifies quotes to double backtick across docs in the
Metadata API in order to provide better visualisation

Signed-off-by: Ivana Atanasova <iyovcheva@vmware.com>
2022-02-08 12:37:19 +02:00
Joshua Lock
d0846a9967 build: add license field to setup.cfg
List our licenses in the license field of setup.cfg

While the PyPA packaging documentation states that the license field is
optional[1] and that classifiers should be the main way to indicate
license, this field is used to populate the License printed by pip show.

1. https://packaging.python.org/en/latest/guides/distributing-packages-using-setuptools/#license

Fixes #1833

Signed-off-by: Joshua Lock <jlock@vmware.com>
2022-02-08 10:33:54 +00:00
Lukas Pühringer
9cda6e591f
Merge pull request #1796 from jku/accept-two-part-spec-version
Metadata API: Accept X.Y spec_version
2022-02-08 11:29:57 +01:00
Martin Vrachev
2f381aee9a verify_signature(): handle SerializationError
We should handle the possible SerializationError inside
Key.verify_signature(), because the user of this API is not interested
in SerializationError when he is trying to verify his signature.

Note that the SerializationError can be thrown when calling
signed_serializer.serialize() on the metadata signed part.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2022-02-08 12:18:55 +02:00
Lukas Pühringer
0b2f98585c
Merge pull request #1820 from MVrachev/constructors-documentation
Add exceptions docs for __init__ and from_dict()
2022-02-08 10:21:18 +01:00
dependabot[bot]
95987254e8
build(deps): bump pycparser from 2.20 to 2.21
Bumps [pycparser](https://github.com/eliben/pycparser) from 2.20 to 2.21.
- [Release notes](https://github.com/eliben/pycparser/releases)
- [Changelog](https://github.com/eliben/pycparser/blob/master/CHANGES)
- [Commits](https://github.com/eliben/pycparser/compare/release_v2.20...release_v2.21)

---
updated-dependencies:
- dependency-name: pycparser
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-02-08 09:14:49 +00:00
Lukas Pühringer
0bc891fb2d
Merge pull request #1832 from jku/return-of-setup-py
Re-add setup.py to fix dependabot
2022-02-08 10:14:02 +01:00
Lukas Pühringer
c7da19911d
Merge pull request #1831 from MVrachev/small-tests
Add missing small tests
2022-02-08 09:42:32 +01:00
Lukas Pühringer
efc6877adf
Merge pull request #1829 from lukpueh/add-logo-rtd
doc: render tuf logo and favicon on rtd
2022-02-08 09:34:58 +01:00
Jussi Kukkonen
a622276fee build: Remove pylintrc from MANIFEST
pylint config lives in pyproject.toml nowadays.

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2022-02-08 09:34:28 +02:00
Jussi Kukkonen
891e1c76e8 build: Re-add setup.py
The Python build tools are fine without a setup.py but Dependabot
chokes: https://github.com/dependabot/dependabot-core/issues/4483

Add a setup.py to keep Dependabot happy.

Fixes #1828

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2022-02-08 09:12:28 +02:00
Jussi Kukkonen
a21036eaa1
Merge pull request #1830 from jku/pin-actions-hashes 2022-02-07 19:09:02 +02:00
Martin Vrachev
6db3f69b61 Add small missing tests
Add a test triggering the MetaFile version validation and a TargetFile
test accessing custom.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2022-02-07 17:07:48 +02:00
Jussi Kukkonen
ba911e07b2
Merge pull request #1825 from MVrachev/specification-version
Update supported specification version to 1.0.28
2022-02-07 16:44:26 +02:00
Jussi Kukkonen
92e49ad2a1 github: Pin actions hashes
This allows us to control when our workflows change.
Dependabot should now open PRs when the actions update.

This still leaves the actual OS image as a variable but Github does not
support pinning that: we'd have to start using our own containers (and
installing our own pythons, etc) to do that -- not worth the trouble.

Fixes #1826

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2022-02-07 15:32:23 +02:00
Martin Vrachev
5b2290cf42 Exceptions docs for __init__ and from_dict()
Document ValueError, KeyError and TypeError exceptions for __init__ and
from_dict() methods in Metadata API.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2022-02-07 15:19:03 +02:00
Lukas Puehringer
cf9af047a5 doc: render tuf logo and favicon on rtd
Configure docs to display
- tuf icon as favicon
- tuf horizontal logo (white) in navbar

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2022-02-07 12:47:44 +01:00
Lukas Pühringer
70c7358040
Merge pull request #1800 from jku/document-serialization-hash-issue
Metadata API: Document serialization "repro" issue
2022-02-07 11:28:02 +01:00
Lukas Pühringer
8a0bb880be
Merge pull request #1827 from jku/do-dependabots-job-for-dependabot
Do dependabots job
2022-02-07 09:56:30 +01:00
Lukas Pühringer
1c46eebfdc
Merge pull request #1824 from jku/revert-pip-cache-disable
Revert "github: disable pip caching temporarily"
2022-02-07 09:38:21 +01:00
Jussi Kukkonen
3f3b921337 Metadata API: Document serialization "repro" issue
It's not obvious to casual reader that reading metadata and then
writing it might not always produce the same file. It's also not
immediately obvious why this matters.

Document both concepts.

Fixes #1392

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2022-02-06 18:06:11 +02:00
dependabot[bot]
cd95ff06dc build(deps): bump cryptography from 35.0.0 to 36.0.1
Bumps [cryptography](https://github.com/pyca/cryptography) from 35.0.0 to 36.0.1.
- [Release notes](https://github.com/pyca/cryptography/releases)
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/35.0.0...36.0.1)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2022-02-05 18:34:29 +02:00
dependabot[bot]
e2ce7e884b build(deps): bump charset-normalizer from 2.0.7 to 2.0.11
Bumps [charset-normalizer](https://github.com/ousret/charset_normalizer) from 2.0.7 to 2.0.11.
- [Release notes](https://github.com/ousret/charset_normalizer/releases)
- [Changelog](https://github.com/Ousret/charset_normalizer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ousret/charset_normalizer/compare/2.0.7...2.0.11)

---
updated-dependencies:
- dependency-name: charset-normalizer
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2022-02-05 18:33:04 +02:00
dependabot[bot]
59064d5a72 build(deps): bump urllib3 from 1.26.7 to 1.26.8
Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.7 to 1.26.8.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](https://github.com/urllib3/urllib3/compare/1.26.7...1.26.8)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2022-02-05 18:32:08 +02:00