python-tuf

mirror of https://github.com/theupdateframework/python-tuf synced 2026-05-24 10:08:28 +00:00

Author	SHA1	Message	Date
dependabot[bot]	3fd56facb0	build(deps): bump github/codeql-action from 2.2.4 to 2.2.5 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.4 to 2.2.5. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`17573ee1cc...32dc499307`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2023-02-27 11:02:26 +00:00
Jussi Kukkonen	8969c3d234	Merge pull request #2310 from jku/tweak-repository repository: Make snapshot/timetamp helpers non-abstract	2023-02-27 10:56:47 +02:00
Jussi Kukkonen	c9c36934f2	repository: Make snapshot/timetamp helpers non-abstract targets_infos() and snapshot_info() are helpers used by snapshot and timestamp. Some Repository implementations do not need snapshot/timestamp (think e.g. a signing tool that never modifies online roles), so the helpers should not be required. Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2023-02-26 11:35:02 +02:00
Jussi Kukkonen	84b1d49c9d	Merge pull request #2306 from theupdateframework/dependabot/pip/coverage-7.2.0 build(deps): bump coverage from 7.1.0 to 7.2.0	2023-02-24 14:42:30 +02:00
dependabot[bot]	371db15f3d	build(deps): bump coverage from 7.1.0 to 7.2.0 Bumps [coverage](https://github.com/nedbat/coveragepy) from 7.1.0 to 7.2.0. - [Release notes](https://github.com/nedbat/coveragepy/releases) - [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst) - [Commits](https://github.com/nedbat/coveragepy/compare/7.1.0...7.2.0) --- updated-dependencies: - dependency-name: coverage dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2023-02-23 10:16:55 +00:00
Jussi Kukkonen	0f7772aa54	Merge pull request #2305 from theupdateframework/dependabot/pip/mypy-1.0.1 build(deps): bump mypy from 1.0.0 to 1.0.1	2023-02-21 11:12:32 +02:00
dependabot[bot]	5c1928ba2f	build(deps): bump mypy from 1.0.0 to 1.0.1 Bumps [mypy](https://github.com/python/mypy) from 1.0.0 to 1.0.1. - [Release notes](https://github.com/python/mypy/releases) - [Commits](https://github.com/python/mypy/compare/v1.0.0...v1.0.1) --- updated-dependencies: - dependency-name: mypy dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2023-02-20 10:57:49 +00:00
Jussi Kukkonen	e7cc34a6a5	Merge pull request #2302 from theupdateframework/dependabot/pip/pylint-2.16.2 build(deps): bump pylint from 2.16.1 to 2.16.2	2023-02-15 10:25:43 +02:00
dependabot[bot]	b8149ade30	build(deps): bump pylint from 2.16.1 to 2.16.2 Bumps [pylint](https://github.com/PyCQA/pylint) from 2.16.1 to 2.16.2. - [Release notes](https://github.com/PyCQA/pylint/releases) - [Commits](https://github.com/PyCQA/pylint/compare/v2.16.1...v2.16.2) --- updated-dependencies: - dependency-name: pylint dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2023-02-14 10:57:51 +00:00
Jussi Kukkonen	7bee53b9f0	Merge pull request #2301 from theupdateframework/dependabot/github_actions/github/codeql-action-2.2.4 build(deps): bump github/codeql-action from 2.2.3 to 2.2.4	2023-02-14 10:47:16 +02:00
dependabot[bot]	ed05a2c66c	build(deps): bump github/codeql-action from 2.2.3 to 2.2.4 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.3 to 2.2.4. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`8775e86802...17573ee1cc`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2023-02-13 11:05:51 +00:00
Jussi Kukkonen	bf7692072b	Merge pull request #2184 from theupdateframework/dependabot/pip/charset-normalizer-3.0.1 build(deps): bump charset-normalizer from 2.1.1 to 3.0.1	2023-02-10 15:11:58 +02:00
dependabot[bot]	a2c64acb7e	build(deps): bump charset-normalizer from 2.1.1 to 3.0.1 Bumps [charset-normalizer](https://github.com/Ousret/charset_normalizer) from 2.1.1 to 3.0.1. - [Release notes](https://github.com/Ousret/charset_normalizer/releases) - [Changelog](https://github.com/Ousret/charset_normalizer/blob/master/CHANGELOG.md) - [Upgrade guide](https://github.com/Ousret/charset_normalizer/blob/master/UPGRADE.md) - [Commits](https://github.com/Ousret/charset_normalizer/compare/2.1.1...3.0.1) --- updated-dependencies: - dependency-name: charset-normalizer dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2023-02-10 13:07:59 +00:00
Jussi Kukkonen	26c131db79	Merge pull request #2300 from theupdateframework/dependabot/pip/requests-2.28.2 build(deps): bump requests from 2.28.1 to 2.28.2	2023-02-10 15:06:17 +02:00
dependabot[bot]	55374fdf8c	build(deps): bump requests from 2.28.1 to 2.28.2 Bumps [requests](https://github.com/psf/requests) from 2.28.1 to 2.28.2. - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](https://github.com/psf/requests/compare/v2.28.1...v2.28.2) --- updated-dependencies: - dependency-name: requests dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2023-02-10 10:57:08 +00:00
Jussi Kukkonen	c27af9a04d	Merge pull request #2298 from theupdateframework/dependabot/github_actions/github/codeql-action-2.2.3 build(deps): bump github/codeql-action from 2.2.2 to 2.2.3	2023-02-10 10:28:46 +02:00
Lukas Pühringer	2840f629b0	Merge pull request #2297 from jku/client-example-tweak examples: Tweak download dir creation	2023-02-09 11:34:18 +01:00
dependabot[bot]	15c0b40dce	build(deps): bump github/codeql-action from 2.2.2 to 2.2.3 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.2 to 2.2.3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`39d8d7e78f...8775e86802`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2023-02-09 10:03:50 +00:00
Jussi Kukkonen	b05129b244	Merge pull request #2294 from theupdateframework/dependabot/pip/mypy-1.0.0 build(deps): bump mypy from 0.991 to 1.0.0	2023-02-09 11:03:32 +02:00
Jussi Kukkonen	c4851b9a22	Merge pull request #2295 from theupdateframework/dependabot/github_actions/github/codeql-action-2.2.2 build(deps): bump github/codeql-action from 2.2.1 to 2.2.2	2023-02-09 11:03:16 +02:00
Jussi Kukkonen	1e1a504bb6	examples: Tweak download dir creation Create target download dir when it's needed, not during "tofu". Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2023-02-09 10:34:03 +02:00
Lukas Pühringer	dd855b1fca	Merge pull request #2241 from jku/repository-lib-uploader Examples: Add repository uploader	2023-02-08 10:30:52 +01:00
Jussi Kukkonen	5a944f9ba2	examples: More tweaks to uploader README Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2023-02-08 11:01:07 +02:00
Jussi Kukkonen	b6465ddedf	examples: Add missing link in repository README Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2023-02-08 10:53:59 +02:00
Jussi Kukkonen	26495a5d0a	examples: Improve uploader docs/messages Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2023-02-08 10:47:34 +02:00
Jussi Kukkonen	46930e56c4	examples: Improve repository README Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2023-02-08 10:27:33 +02:00
Jussi Kukkonen	f3b0ac603e	Merge pull request #2296 from theupdateframework/dependabot/pip/requirements/cryptography-39.0.1 build(deps): bump cryptography from 39.0.0 to 39.0.1 in /requirements	2023-02-08 10:12:22 +02:00
dependabot[bot]	28a651f509	build(deps): bump cryptography from 39.0.0 to 39.0.1 in /requirements Bumps [cryptography](https://github.com/pyca/cryptography) from 39.0.0 to 39.0.1. - [Release notes](https://github.com/pyca/cryptography/releases) - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/39.0.0...39.0.1) --- updated-dependencies: - dependency-name: cryptography dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>	2023-02-08 05:25:06 +00:00
dependabot[bot]	932d72db3a	build(deps): bump github/codeql-action from 2.2.1 to 2.2.2 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.1 to 2.2.2. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`3ebbd71c74...39d8d7e78f`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2023-02-07 10:03:56 +00:00
dependabot[bot]	e4ab25be69	build(deps): bump mypy from 0.991 to 1.0.0 Bumps [mypy](https://github.com/python/mypy) from 0.991 to 1.0.0. - [Release notes](https://github.com/python/mypy/releases) - [Commits](https://github.com/python/mypy/compare/v0.991...v1.0.0) --- updated-dependencies: - dependency-name: mypy dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2023-02-07 10:02:00 +00:00
Lukas Pühringer	fd95d987e7	Merge pull request #2287 from theupdateframework/dependabot/pip/black-23.1.0 build(deps): bump black from 22.12.0 to 23.1.0	2023-02-07 09:21:54 +01:00
Jussi Kukkonen	b67b8c8ad3	Whitespace changes to make new black linter happy Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2023-02-06 15:29:28 +02:00
dependabot[bot]	c86134134d	build(deps): bump black from 21.12.0 to 23.1.0 Bumps [black](https://github.com/psf/black) from 22.12.0 to 23.1.0. - [Release notes](https://github.com/psf/black/releases) - [Changelog](https://github.com/psf/black/blob/main/CHANGES.md) - [Commits](https://github.com/psf/black/compare/22.12.0...23.1.0) --- updated-dependencies: - dependency-name: black dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2023-02-06 15:29:18 +02:00
Jussi Kukkonen	b15af9573a	Merge pull request #2290 from jku/release-refactor build: Handle GH release manually	2023-02-06 15:09:25 +02:00
Jussi Kukkonen	9cef165dcf	Merge pull request #2289 from jku/requirements-refactor Requirements refactor	2023-02-06 15:00:36 +02:00
Jussi Kukkonen	70555f6e1b	build: shorten requirements file names Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2023-02-06 14:52:07 +02:00
Jussi Kukkonen	c6dfe0ccab	build: Bump isort from 5.11.4 to 5.12.0 New version requires python >=3.8 but that should be ok now with the refactored requirements files. Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2023-02-06 14:52:07 +02:00
Jussi Kukkonen	690fc2a1ca	build: Split lint and test requirements This way lint tool limitations don't prevent testing on older Python versions. Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2023-02-06 14:52:03 +02:00
Jussi Kukkonen	33829fdbab	build: Move requirements file to a directory We already have 6 files and I'm planning to add another one: maybe it's time to move these out of the top level directory. Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2023-02-06 14:50:47 +02:00
Jussi Kukkonen	ed74563456	Merge pull request #2283 from fridex/pydocstyle Install pydocstyle for checking docstrings	2023-02-06 14:50:15 +02:00
Fridolin Pokorny	074778e08f	Fix pydocstyle D209 D209: Multi-line docstring closing quotes should be on a separate line Signed-off-by: Fridolin Pokorny <fridolin.pokorny@datadoghq.com>	2023-02-06 13:23:33 +01:00
Fridolin Pokorny	0cca1d6a96	Install pydocstyle for checking docstrings Signed-off-by: Fridolin Pokorny <fridolin.pokorny@datadoghq.com>	2023-02-06 13:19:51 +01:00
Jussi Kukkonen	3600532d08	Merge pull request #2291 from theupdateframework/dependabot/pip/pylint-2.16.1 build(deps): bump pylint from 2.16.0 to 2.16.1	2023-02-04 17:37:01 +02:00
Jussi Kukkonen	707dc49999	build: Handle GH release manually Remove dependency on softprops/action-gh-release: instead do the GitHub release steps using the GitHub API and github-script. The only difference should be that release name is not "<tag>-rc" first: instead the initial release is marked as draft in the API (and shows as draft in the UI). Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2023-02-04 17:32:56 +02:00
dependabot[bot]	91c1b72075	build(deps): bump pylint from 2.16.0 to 2.16.1 Bumps [pylint](https://github.com/PyCQA/pylint) from 2.16.0 to 2.16.1. - [Release notes](https://github.com/PyCQA/pylint/releases) - [Commits](https://github.com/PyCQA/pylint/compare/v2.16.0...v2.16.1) --- updated-dependencies: - dependency-name: pylint dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2023-02-03 10:01:17 +00:00
Jussi Kukkonen	d36c0cfa02	examples: Rename client example directory Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2023-02-02 16:25:47 +02:00
Jussi Kukkonen	0998c20731	examples: Explain uploader tool in READMEs Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2023-02-02 16:25:47 +02:00
Jussi Kukkonen	92e03d2d20	examples: Implement the upload API uploader API has two POST endpoints /api/delegation/<ROLE> Accepts new delegation keys for targetpath "<ROLE>/*" to role <ROLE>. This data is not signed in any way: In a real service this action would require some external authentication. POST content: { <KEYID>: <TUF KEY> } /api/role/<ROLE> accepts uploads of new versions of <ROLE> metadata. The metadata must be correctly signed by the keys assigned to this delegation. POST content: TUF targets metadata as json Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2023-02-02 16:25:43 +02:00
Jussi Kukkonen	69b30ecadc	examples: Add uploader tool example This tool works with the example repository: it can be used to * Add a delegation (this is an unsafe API corresponding to e.g. project creation in PyPI) * Submit new delegated role version (this requires using signing keys already submitted with the delegation) Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2023-02-02 16:21:52 +02:00
Jussi Kukkonen	efcb3cfb80	examples: Add further scaffolding for upload API The API doesn't modify the repository yet but the data flow is there now. Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2023-02-02 16:21:52 +02:00

1 2 3 4 5 ...

5608 commits