Test that client does not rotate beyond a configured upper bound,
i.e. `current_version + MAX_NUMBER_ROOT_ROTATIONS`
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Test that a client whose root is outdated by multiple versions and
who has none of the latest nor next-to-latest root keys can still
update and does so by incrementally verifying all roots until the
most recent one.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
This commit also updates the key loader helper in
test_updater_root_rotation_integration.py to load
the new keys too.
The keys were created (at the root of the repository) like
so:
```
from tuf import repository_tool
repository_tool.generate_and_write_ed25519_keypair(
"tests/repository_data/keystore/root_key2", "password")
repository_tool.generate_and_write_ed25519_keypair(
"tests/repository_data/keystore/root_key3", "password")
```
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
- remove duplicate ROLENAME_SCHEMA and ROLEDICT_SCHEMA
- remove outdated and duplicate ROLE_SCHEMA
Note that this is a quick fix that may be overridden with
refactoring work in #660/#846.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Update astroid from 2.2.5 to 2
Update gitdb2 from 2.0.5 to 2.0.6
Update pylint from 2.3.1 to 2.4.2
Update urllib3 from 1.25.5 to 1.25.6
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
The interposition sub-package was removed in #537.
This commits removes obsolete mentions of 'interposition' from code
comments and documentation.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Pylint now has a "redeclared-assigned-name" check that
gets triggered if we re-use our custom "junk" unused var
name. It does not if we use the "_" default unused var name.
So let's use "_" then.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Remove only wrappers and corresponding tests that don't add any
new functionality, but blindly forward the caller to sslib, where
the same function exists and is tested.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Import some API functions from repository_lib and securesystemslib
directly into repository_tool and developer_tool, instead of
providing them via wrapper.
Also short-circuit some functions that used to point to
securesystemslib through repository_lib.
This reverts parts of 6f7ba76b9b,
which introduced some of the wrappers to appease the linter.
Here we just disable that specific linter check (unused-import).
The advantage of importing over wrapping is:
- no duplication of hardcoded defaults for keyword arguments
- no duplication of docstrings
- less code --> easier maintenance
This should also pave the way for more serious refactoring
of the repository- and developer-tools:
https://github.com/theupdateframework/tuf/issues/840
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Add hint to install `coverage` before using it.
This should be installed via dev-requirements.txt, however it
does not seem to fit in there, because dev-requirements.txt pins
all its dependencies which does not seem to make sense for a
development tool.
Maybe a hierarchy of requirements.txt similar to
06a28987dc
could be established.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Locally merging #880 to fix code style issue (missing whitespace).
Note: the PR had an unwanted documentation patch that is excluded
from this merge.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Before we used pip analysis strategy, which also includes
test/build dependencies in the scan (pylint, bandit, tox, etc...).
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Note that we can't keep the FOSSA_API_TOKEN secret (e.g. via
Travis encrypted or repository setting environment variables),
because those are not available for PRs from forked repository.
Therefor we use a non-confidential push only API token.
For details see https://docs.fossa.com/docs/travisci and
https://docs.fossa.com/docs/api-reference#section-push-only-api-token
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Update cffi from 1.12.2 to 1.12.3
Update cffi from 1.12.2 to 1.12.3
Update configparser from 3.7.4 to 4.0.2
Update cryptography from 2.6.1 to 2.7
Update cryptography from 2.6.1 to 2.7
Update gitpython from 2.1.11 to 3.0.2
Update isort from 4.3.17 to 4.3.21
Update lazy-object-proxy from 1.3.1 to 1.4.2
Update pbr from 5.1.3 to 5.4.3
Update pluggy from 0.9.0 to 0.13.0
Update pyyaml from 5.1 to 5.1.2
Update requests from 2.21.0 to 2.22.0
Update requests from 2.21.0 to 2.22.0
Update stevedore from 1.30.1 to 1.31.0
Update tox from 3.8.6 to 3.14.0
Update virtualenv from 16.4.3 to 16.7.5
Update wrapt from 1.11.1 to 1.11.2
Update certifi from 2019.3.9 to 2019.9.11
Update urllib3 from 1.24.2 to 1.25.3
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
TUF specific schemas have moved to tuf.formats, ensure they are used
throughout and remove stray references to no longer supported schemas
in securesystemslib.format
Signed-off-by: Joshua Lock <jlock@vmware.com>
Removal of securesystemslib exceptions that are TUF-specific
occurs in securesystemslib PR #165https://github.com/secure-systems-lab/securesystemslib/pull/165
This commit adapts to those changes. Exceptions that are specific
to TUF should be in TUF and not in securesystemslib. This commit
uses those already-existing TUF exceptions instead of pointing to
securesystemslib exceptions that will be removed.
For example, securesystemslib has no notion of repositories, so
it's ridiculous to have a RepositoryError in securesystemslib and
ridiculous for TUF to use
securesystemslib.exceptions.RepositoryError.
Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
Add a tox build that runs tests against securesystemslib's tip of
development, i.e. master branch, to ease preparation of tuf for a
new securesystmeslib release.
The tox build is run on travis but is allowed to fail.
This commit also fleshes out the testing section of the
contribution documentation.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Re-generate metadata to adopt spec version format change, using
`generate_project_data.py`:
```
cd tests/repository_data && rm -rf project
python generate_project_data.py
```
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Updates SPEC_VERSION definition in tuf/__init__.py, test files and
docstring in formats.build_dict_conforming_to_schema.
Test metadata will be updated in separate commits.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
