Test that client does not rotate beyond a configured upper bound,
i.e. `current_version + MAX_NUMBER_ROOT_ROTATIONS`
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Test that a client whose root is outdated by multiple versions and
who has none of the latest nor next-to-latest root keys can still
update and does so by incrementally verifying all roots until the
most recent one.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
This commit also updates the key loader helper in
test_updater_root_rotation_integration.py to load
the new keys too.
The keys were created (at the root of the repository) like
so:
```
from tuf import repository_tool
repository_tool.generate_and_write_ed25519_keypair(
"tests/repository_data/keystore/root_key2", "password")
repository_tool.generate_and_write_ed25519_keypair(
"tests/repository_data/keystore/root_key3", "password")
```
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
The interposition sub-package was removed in #537.
This commits removes obsolete mentions of 'interposition' from code
comments and documentation.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Remove only wrappers and corresponding tests that don't add any
new functionality, but blindly forward the caller to sslib, where
the same function exists and is tested.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Locally merging #880 to fix code style issue (missing whitespace).
Note: the PR had an unwanted documentation patch that is excluded
from this merge.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
TUF specific schemas have moved to tuf.formats, ensure they are used
throughout and remove stray references to no longer supported schemas
in securesystemslib.format
Signed-off-by: Joshua Lock <jlock@vmware.com>
Removal of securesystemslib exceptions that are TUF-specific
occurs in securesystemslib PR #165https://github.com/secure-systems-lab/securesystemslib/pull/165
This commit adapts to those changes. Exceptions that are specific
to TUF should be in TUF and not in securesystemslib. This commit
uses those already-existing TUF exceptions instead of pointing to
securesystemslib exceptions that will be removed.
For example, securesystemslib has no notion of repositories, so
it's ridiculous to have a RepositoryError in securesystemslib and
ridiculous for TUF to use
securesystemslib.exceptions.RepositoryError.
Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
Re-generate metadata to adopt spec version format change, using
`generate_project_data.py`:
```
cd tests/repository_data && rm -rf project
python generate_project_data.py
```
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Updates SPEC_VERSION definition in tuf/__init__.py, test files and
docstring in formats.build_dict_conforming_to_schema.
Test metadata will be updated in separate commits.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Add schemas KEYDB_SCHEMA, SIGNATURESTATUS_SCHEMA and
VERSIONINFO_SCHEMA, removed in
secure-systems-lab/securesystemslib#165 as TUF specific, and adopt
usage accordingly.
NOTE: The usefulness of these schemas may be assessed in a
different PR.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Coverage used to be configured to omit certain directories while
reporting.
This commit slightly optimizes coverage to already omit those
directories while measuring coverage.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
This commit partially reverts the workaround introduced by
157167e0cc. Instead of patching the
path, we configure tox to install TUF in editable mode, which makes
the tests run against the same files as if the path were patched.
This makes it so that coverage records paths that it can then
normalize when sending them to coveralls.io (see .travis.yml).
See af22701140
for detailed background information.
As a consequence we can now skip building of sdist and installing it
into a virtual env directory in tox.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
This replicates behavior of unittest's `discover` method, and
allows `coverage` and the tool that posts coverage reports to
coveralls.io, i.e. `coveralls`, to record the correct paths and
left-strip the parts leading to the project directory.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Raise an error if it's not a schema.Object instance (not just
if it's not a schema.Schema instance).
Also adds a test for this.
Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
in tuf.formats.build_dict_conforming_to_schema
Populate _type with the expected value for the given schema, and
populate spec_version with tuf.SPECIFICATION_VERSION. Do this only
when the values are not provided, and support overriding them.
Also adds testing for the above and takes advantage of the above
in repository_lib's _generate metadata functions.
Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
tuf.formats.make_role_metadata concerned itself with exclusivity checks
for paths and path_hash_prefixes, but no code actually used it for
relevant data. It's yet another custom metadata writer replaced by
build_dict_conforming_to_schema.
Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
Specification version now only lives in tuf/__init__.py, and will only be
derived from there.
Specification version info is no longer in tuf.formats, where it was
previously moved from tuf.updater, since this was redundant.
Also finally corrects spec version testing in test_updater.py.
Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
and generate more friendly errors. Prior to this, a test in
test_updater.py was written in such a way to not actually be
testing whether or not specification version checking was
working correctly -- the error updater.py raised if a specification
version number was not supported was the same as would be raised
if a role version was not the expected version, and, amusingly,
the test could not distinguish between these two scenarios and
was providing the wrong role version......
Specification version mismatch now raises a particular error:
UnsupportedSpecificationError.
The specification version supported by this code is now also all
in one place, tuf.formats rather than tuf.updater.
Related error messages and testing were improved (with some
edge cases closed).
Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
Thanks go to @lukpueh for this helpful tip.
After merge, stdout should only appear if a test has failed. This
functionality is provided by `unittest.TextTestRunner` argument `buffer=True`.
This functions like the `--buffer` command line argument listed here:
https://docs.python.org/3/library/unittest.html#command-line-options
std out is discarded if a test succeeds.
Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
This adds to PR #799; please see that for details. In short,
tests sometimes fail on slow test systems (primarily on AppVeyor)
if we don't have long enough delays.
Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
on AppVeyor during automatic testing. Also explains a bit better
the reason for those delays, in the comments adjacent to them.
AppVeyor was occasionally laggy enough that spawning a separate
server process didn't happen fast enough for the included delays,
so connection attempts in the tests occasionally failed.
This lengthens a few 0.3s delays that I've seen pop up in test
failures to 2s delays, along with a few others for good measure.
Sadly, this slows testing a bit.... I'll keep an eye out for more
of these.
Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
After seeing some AppVeyor failures, I've increased the wait after
starting test HTTP, HTTPS, and proxy servers from 0.5s to 1s, to make
it less likely that tests will fail because the servers weren't done
starting up yet.
After some review comments by @aaaaalbert, I've tightened the logic
in aggregate_tests.py around which tests to skip unless a certain
Python version is running, and added some consistency checks.
This also involved a bit of clarification of comments and variable
names.
Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
to make sure that the test uses the intended certificate. (There's some
indirect indication that the updated environment variable might not always
have been used.)
Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
that draws from sys.executable (the currently running Python interpreter)
instead of assuming 'python' is correct. Use this function instead of having
many individual subprocess calls written out. Slightly simplifies code, too.
This should eventually be moved to a common test module instead of appearing
in two places in the test code.
Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
- two reversions to unnecessary changes
- some typo fixes
- capitalization of HTTP/S where reasonable
- commenting out code section with ''' rather than #
Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
in test_download.py. In the process, added another test cert
and generalized the server process killer in test_download.py.
Additionally, I added another expected-to-be-good certificate
that was generated in the same way as the new bad certificates
(but for their individual flaws of course). This is because
the new certs aren't exactly like the old good cert, so that
we have another cert to test against in case the way the
certs were generated turns out to matter at some point in the
future.
Also slightly increased a start-servers delay in the test
in response to one test system taking too long and seeing
connection issues. Probably not helped by the number of
processes. Clarified a related comment in the test code.
Also made a note that environment variable cleanup would be
good to add to test_download.py, either copied from or moved
somewhere accessible from test_proxy_use.py
Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
- if it is provided, don't require the certificate filename to be
provided as an absolute path
- raise an error if the provided certificate filename does not
point to an existing file, rather than just printing and
ignoring (to avoid possible future diagnostic headaches)
Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
Added Python version checking and changed behavior
in Python2.7.9+ to use custom certificate for target server
inherited from command line argument.
In Python versions < 2.7.9, proxy_server.py does not perform certificate
validation of the target server. As that is not part of what the current
tests using this script require, that is currently OK. In Python
versions > 2.7.9 (SSLContext was added in 2.7.9), the same code actually does
check the certificate, using the system's trusted CAs. As a result, since we
are using custom certificates, we need to either disable certificate
checking in 2.7.9 or load the specific CA for target test server, using the
SSLContext and create_default_context functionality also added in 2.7.9. It
is easier to do the latter, so the behavior in 2.7.9+ is to check the cert
and below 2.7.9 is not to. Note that we do not support Python < 2.7.
SSLContext is also available in all Python3 versions that we support.
Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
