There is no need to copy "case_dict" inside serialization test
functions in test_metadata_serialization.py when we are testing
invalid arguments.
These dictionaries are not be used after calling "from_dict" and
it doesn't matter if they are empty afterward.
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
Move the duplicating signatures tests from test_metadata_base function
in test_api.py into test_metadata_serialization.py.
This is a more logical place to store this test case as
test_metadata_base is actually focused on testing
Metadata.signed.is_expired.
That also is the reason why I renamed test_metadata_base to
test_metadata_signed_is_expired.
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
As discussed in detail in #1793, maintainer-level (GitHub)
permissions should be granted to those who need them, i.e. who
actively maintain the project at the moment.
The MAINTAINERS.txt file should reflect that state.
It will be reviewed regularly (#1803), and can be changed (e.g.
reverted to a prior state) at any time as need arises.
To express our appreciation for past efforts, we might use the
Acknowledgement section of the README, and also update it
regularly.
In the case of this update: Big kudos to @awwad, @SantiagoTorres
and @sechkova for all their valuable contributions to python-tuf!
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Remove obsolete docs/images directory which contains unused
variants of the logo. The canonical location of TUF logos is
theupdateframework/artwork, which has high-resolution formats (png
and svg) for all variants of the logo.
Also see https://github.com/theupdateframework/artwork/pull/3.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
If a securesystemslib.FormatError is raised inside
Key.from_securesystemslib_key() then reraise ValueError.
This is done so that our users don't have to import securesystemslib
in order to handle the error and because the securesystemslib error
itself is securesystemslib implementation-specific.
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
docutils is a sphinx-rtd-theme requirement: pinning was done
to workaround a bug that seems to now be fixed.
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
This change updates some obvious and unnecessary fields docs in the
Metadata API with more despriptive details
Signed-off-by: Ivana Atanasova <iyovcheva@vmware.com>
This change unifies as mush as the context allows and improves the
use of definite vs. indefinite vs. no article across docs in the
Metadata API. It sticks to no article in most cases for simplisity
and readability, but leaves definite article where it's strictly
necessary
Signed-off-by: Ivana Atanasova <iyovcheva@vmware.com>
This change unifies wording across docs in the Metadata API, like
Args vs. Arguments and same repetitive descriptions written
differently in different classes/methods
Signed-off-by: Ivana Atanasova <iyovcheva@vmware.com>
This change unifies quotes to double backtick across docs in the
Metadata API in order to provide better visualisation
Signed-off-by: Ivana Atanasova <iyovcheva@vmware.com>
List our licenses in the license field of setup.cfg
While the PyPA packaging documentation states that the license field is
optional[1] and that classifiers should be the main way to indicate
license, this field is used to populate the License printed by pip show.
1. https://packaging.python.org/en/latest/guides/distributing-packages-using-setuptools/#licenseFixes#1833
Signed-off-by: Joshua Lock <jlock@vmware.com>
We should handle the possible SerializationError inside
Key.verify_signature(), because the user of this API is not interested
in SerializationError when he is trying to verify his signature.
Note that the SerializationError can be thrown when calling
signed_serializer.serialize() on the metadata signed part.
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
This allows us to control when our workflows change.
Dependabot should now open PRs when the actions update.
This still leaves the actual OS image as a variable but Github does not
support pinning that: we'd have to start using our own containers (and
installing our own pythons, etc) to do that -- not worth the trouble.
Fixes#1826
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
Document ValueError, KeyError and TypeError exceptions for __init__ and
from_dict() methods in Metadata API.
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
It's not obvious to casual reader that reading metadata and then
writing it might not always produce the same file. It's also not
immediately obvious why this matters.
Document both concepts.
Fixes#1392
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>