Elgato_dark/python-tuf
1
0
Fork 0
mirror of https://github.com/theupdateframework/python-tuf synced 2026-05-24 10:08:28 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
6336 commits 28 branches 35 tags 23 MiB
Commit graph

507 commits

Author SHA1 Message Date
Jussi Kukkonen
28a031f039 tests: Remove aggregate_tests.py 
This was essentially unused now (originally it was used to
randomize the test order).

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
 2024-12-11 10:11:49 +02:00
Joshua Lock
a52d8f4902 docs: Joshua retiring as a maintainer 
Stepping down as I have insufficient bandwidth to meaningfully contribute.

Signed-off-by: Joshua Lock <joshuagloe@gmail.com>
 2024-11-12 18:40:47 +00:00
Jussi Kukkonen
72d0cea91b Prepare v5.1.0 release 
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
 2024-10-07 10:12:15 +03:00
Kairo de Araujo
107cd2a258 docs: include kairoaraujo info in MAINTAINERS.txt 
Add Kairo de Araujo information to the docs/MAINTAINERS.txt

Including my PGP fingerprint for future signatures.

Signed-off-by: Kairo de Araujo <kairo@dearaujo.nl>
 2024-09-24 08:15:39 +02:00
Jussi Kukkonen
34744cd753
docs: Add CODEOWNERS file (#2701) 2024-09-16 16:00:16 +03:00
Trishank Karthik Kuppusamy
bcfefce5c3
Update MAINTAINERS.txt 
Removing myself because, just like with go-tuf, I unfortunately do not have the bandwidth for active maintenance, and do not wish to be in the way. I thank you all very much for the opportunity, and your continued service.

Signed-off-by: Trishank Karthik Kuppusamy <trishank.kuppusamy@datadoghq.com>
 2024-07-24 13:23:43 -04:00
Kapil Sharma
292fb0f774
Updating Contributing guidelines and copy-pastable code (#2642) 
* Make commands easier to copy

Signed-off-by: h4l0gen <ks3913688@gmail.com>
Signed-off-by: Kapil Sharma <ks3913688@gmail.com>
 2024-06-04 09:33:49 +03:00
h4l0gen
35a29bbf1d
fix url link 
Signed-off-by: h4l0gen <ks3913688@gmail.com>
 2024-05-21 17:09:14 +05:30
Lukas Pühringer
d3d2ac187a
Update docs/CHANGELOG.md 
Co-authored-by: Jussi Kukkonen <jku@goto.fi>
Signed-off-by: Lukas Pühringer <luk.puehringer@gmail.com>
 2024-05-14 10:38:38 +02:00
Lukas Puehringer
bce5039196 Rlease v5.0.0 
* Bump version
* Add changelog

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
 2024-05-14 10:16:41 +02:00
Jussi Kukkonen
928702a8ac Release v4.0.0 
This is a major bump only because of Metadata API, ngclient is
compatible with 3.x.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
 2024-04-04 10:25:18 +03:00
Jussi Kukkonen
10841c6a23 tox: Add auto-format and and auto-fix 
"tox -e fix" will fix whatever ruff knows how to fix automatically.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
 2024-03-07 12:01:03 +02:00
Jussi Kukkonen
f82e0bb88d docs: Incorporate review suggestions 
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
 2024-02-29 15:54:18 +02:00
Jussi Kukkonen
1b03ac240e docs: Improve CONTRIBUTING 
* Remove outdated info on linters
* Move DCO info to the top: no-one will find it in the bottom

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
 2024-02-27 16:38:29 +02:00
Lukas Puehringer
c0c21ca52f Release python-tuf 3.1.0 
* Update changelog
* Bump version

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
 2023-10-13 10:23:07 +02:00
Lukas Pühringer
9316a45662
Merge pull request #2392 from joshuagl/joshuagl/affiliation 
Update Joshua's affiliation
 2023-05-15 09:24:43 +02:00
Joshua Lock
cca3ce1026 Update Joshua's affiliation 
Recently changed employer

Signed-off-by: Joshua Lock <joshua.lock@uk.verizon.com>
 2023-05-12 12:01:38 +01:00
Jussi Kukkonen
85cbb1c7b2 docs: Document PyPI Trusted Publishing 
Fixes #2386

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
 2023-05-10 10:31:35 +03:00
Jussi Kukkonen
0c107c6a8b Release python-tuf 3.0.0 
* Update changelog
* Bump version

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
 2023-05-09 11:42:49 +03:00
Jussi Kukkonen
70555f6e1b build: shorten requirements file names 
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
 2023-02-06 14:52:07 +02:00
Jussi Kukkonen
33829fdbab build: Move requirements file to a directory 
We already have 6 files and I'm planning to add another one: maybe it's
time to move these out of the top level directory.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
 2023-02-06 14:50:47 +02:00
Lukas Pühringer
d2c12f2d14
Merge pull request #2165 from jku/no-key 
Move (most of) Key to Securesystemslib
 2023-01-31 09:20:44 +01:00
Lukas Puehringer
9811ac3568 python-tuf 2.1.0 
* update changelog
* bump version

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
 2023-01-26 16:26:38 +01:00
Jussi Kukkonen
7f04a6e888
Merge pull request #2276 from jku/securesystemslib-blog 
Add new blog post about the signer API
 2023-01-26 14:35:43 +02:00
Jussi Kukkonen
388768db3d Add new blog post about the signer API 
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
 2023-01-26 11:37:47 +02:00
Jussi Kukkonen
236bc9f070 docs: Tweak API docs to include RequestsFetcher 
This only documents the configurable attributes
and not the inherited methods.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
 2023-01-25 16:07:12 +02:00
Jussi Kukkonen
2202a83d82 docs: Remove securesystemslib mock import 
We want to document some securesystemslib classes (Key gets documented
with this change already as it's part of the metadata API).

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
 2023-01-17 17:45:28 +02:00
gkum99
791879d6a6 fixes #1568 Include python-tuf version in documentation 
Signed-off-by: gkum99 <h20220014@goa.bits-pilani.ac.in>
 2022-11-30 19:17:28 +05:30
Lukas Puehringer
9a54677ee9 Update security policy to use new reporting 
- Enabled new GitHub feature (beta) to privately report security
  issues to all maintainers in repo settings.
  https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability

- Updated security policy document to instruct reporters to use the
  new reporting mechanism instead of email+pgp.

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
 2022-11-15 17:01:16 +01:00
Lukas Puehringer
e4d0c6d6df Fix wrong count in security audit blog post 
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
 2022-10-26 16:59:57 +02:00
Joshua Lock
8bb117a739 Add post on python-tuf security audit by x41 
Signed-off-by: Joshua Lock <jlock@vmware.com>
 2022-10-26 09:02:37 -04:00
Lukas Pühringer
f0e08bac6d
Merge pull request #2098 from mnm678/securitymd 
Add SECURITY.md
 2022-09-09 10:06:04 +02:00
Marina Moore
9c099972ed move security.md to docs folder 
Signed-off-by: Marina Moore <mnm678@gmail.com>
 2022-09-08 15:12:13 -04:00
Jussi Kukkonen
f4c70cc2d3 Update my maintainer email 
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
 2022-09-05 13:39:22 +03:00
Lukas Puehringer
6874747268 python-tuf 2.0.0 
* Update Changelog
* bump version

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Co-authored-by: Joshua Lock <jlock@vmware.com>
 2022-08-16 09:36:40 +02:00
Joshua Lock
689c37b90e Link to developer docs from python-tuf blog 
Signed-off-by: Joshua Lock <jlock@vmware.com>
 2022-07-26 17:38:14 +01:00
Lukas Pühringer
f2609aba7d
Merge pull request #2010 from MVrachev/tap15-final-design 2022-06-17 13:24:18 +02:00
Martin Vrachev
c6488f0588 SuccinctRoles: add readme information 
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
 2022-06-17 13:33:01 +03:00
Martin Vrachev
28b6917739 Root and Targets key API changes 
Here is the list of all breaking API changes:
1) The "role" and "key" arguments in "Root.add_key()" are in reverse
order - "key" becomes first and "role" second.
2) "Root.remove_key()" has been renamed to "Root.revoke_key()".
3) The "role" and "keyid" arguments in "Root.revoke_key()" are in
reverse order - "keyid" becomes first and "role" second.
4) The "role" and "key" arguments in "Targets.add_key()" are in reverse
order - "key" becomes first and "role" second.
5) "Targets.remove_key()" has been renamed to "Targets.revoke_key()".
6) The "role" and "keyid" arguments in "Targets.revoke_key()" are in
reverse order - "keyid" becomes first and "role" second.
7) In both methods "Targets.add_key()" and "Targets.revoke_key()" the
"role" argument becomes an optional with a default value of None.

Those changes are made in an effort to make those methods logical
for both cases when standard roles and succinct_roles are used.
The "Root" API change was done in order to preserve naming and argument
order consistency with "Targets" API.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
 2022-06-17 13:33:01 +03:00
Jussi Kukkonen
95bbc2506d docs: Rename blog post 
Jekyll apparently considers posts without a date as drafts: rename the
latest post.

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
 2022-06-15 13:43:09 +03:00
Jussi Kukkonen
251a22aaa0
Merge pull request #1941 from ivanayov/tricky_test_case_blog_post 
Add tricky test case blog post
 2022-06-15 11:43:22 +03:00
Ivana Atanasova
bd6dedfd94 Add tricky test case blog post 
This blog post explains details around the use of respository
simulator, `--dump` option and test cases with expired metadata

Fixes #1885

Signed-off-by: Ivana Atanasova <iyovcheva@vmware.com>
 2022-06-01 12:42:49 +03:00
Abhisman Sarkar
4a2fdabc2d Fixes #1916 
The class docstring for FetcherInterface needed to clearly state that
only _fetch() had to be implemented in it's implementation. This is
because the public API of the interface is implemented already.

Signed-off-by: Abhisman Sarkar <abhisman.sarkar@gmail.com>
 2022-05-17 09:40:16 +05:30
Jussi Kukkonen
ac96114309 blog: Update post date, update sloccount 
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
 2022-05-04 09:53:46 +03:00
Jussi Kukkonen
7b593f3fdb docs: Add doc links to ngclient blog post 
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
 2022-05-04 09:50:56 +03:00
Jussi Kukkonen
2d52473dd3 docs: Add a blog post about ngclient design 
Try to explain some decisions made in ngclient.

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
 2022-05-04 09:50:56 +03:00
Jussi Kukkonen
8941748edb python-tuf 1.1.0 
* Update Changelog
* bump version

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
 2022-04-27 16:03:07 +03:00
Jussi Kukkonen
7e5b9b5580
Merge pull request #1979 from lukpueh/verify_release-sign 
Add option to sign release artifacts with verify_release
 2022-04-27 14:32:07 +03:00
Lukas Pühringer
a3d5a37e43 build: minor style/wording fixes in verify_release 
Co-authored-by: Joshua Lock <jlock@vmware.com>
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
 2022-04-27 13:09:48 +02:00
Lukas Puehringer
8167889944 doc: describe signatures creation in RELEASE.md 
Mention how to use verify_release with the recently added --sign
option to create signatures for a verified release.

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
 2022-04-27 12:47:21 +02:00