Previously, the repository tool allowed partial metadata to be written with zero good signatues and later successfully loaded. However, the partial metadata was not properly marked by load_repository(). The 'partial_loaded' flag is now set (if partial metadata is written with zero good signatures) and matches the behavior of partial_write().
Allow validation of specific libraries rather than checking all of them in check_crypto_libraries().
Log warning if the repository tool is imported but has not been properly installed: $ pip install tuf[tools].
Modify format string of console log messages.
In the case we want a different expiration date on any role, we are
adviced to do this:
repo.role.expiration = datetime.datetime(some value).
In the case we want to use a date somewhere in the future, a normal
approach would be to use time deltas:
repo.role.expiration = datetime.today() + timedelta(weeks=x)
If we use this method we won't be able to set the value since we are
most probably producing a datetime object that contains *microseconds*.
According to the python specification, the timestamp produced will
contain the microseconds value unless it is 0.
The simple fix for this issue is to force the microseconds value to be 0
before working with the datetime object.
Add test cases for the crypto funtions (e.g., generate_and_write_ed25519_keypair()).
Add test case for get_metadata_filenames().
Add test case for get_metadata_fileinfo().
Add setUpClass() and tearDownClass().
Update affected functions that failed testing, and any that needed modifying (such as util.py).
Add 'test_repository_tool.py' (initial incomplete commit)
Add test cases for the top-level metadata objects (Root(), Targets(), etc.)
Add test case for Repository()
Add test case for get_target_hash()
Minor update to 'repository_tool.py': add default rolename for Targets() and call tuf.util.get_target_hash() in the
repository tool's get_target_hash()
repository_tool.targets.delegate_hashed_bins():
Edit comments, add logging information, and rename 'max_number_of_bins' (now 'total_hash_prefixes') for clarity.
Fix expected value of 'number_of_bins' (power of 2 instead of multiple of 16.)
Remove the 'self' argument in get_filepaths_in_directory() (now a staticmethod.)
formats.py:
NUMBINS_SCHEMA may now start from 1 (allow the creation of 1 delegated hashed bin.)
Reported Issues:
1. Fix 'files_directory' variable name typo in comment. Convert get_filepaths_in_directory() to a static method.
2. add_targets() declares 'absolute_list_of_targets' but only appends files to it. Get rid of this variable.
3. The roleinfo dict of delegated roles was not fully set by load_repository(). Writing new metadata after it had been tried to access a non-existent 'partial_loaded' dict key. Non-public function that decided whether a metadata file was partially loaded renamed to _metadata_is_partially_loaded(), and now returns a Boolean.
Minor edits to comments related to the fixes above.
Continue refactoring the test cases of test_updater.py.
Fix issue where repository_tool.py was not writing new compressed metadata.
Minor edits to TUF modules.
Add generate.py script and pre-generated repository files used by Unit tests (replacing repository_setup.py).
Refactor test_updater.py (10 test cases remaining).
Support the following installation setup:
# Minimal install intended for clients (pure Python, only ed25519 signatures).
pip install tuf
# Optional installation required by the TUF repository tools (RSA keys and rsassa-pss
# signatures, faster ed25519 cryptographic computations, general-purpose cryptography, etc.)
pip install tuf[tools]
Re-implement the fix for issue #167.
Update comments and docstrings related to the fixes above.
Minor updates to comments of the previous repository_tool.py commit.
Update repository_tool-diagram.png to list disable_console_log_messages().
Rename disable_console_messages().
repository_tool.py methods that add keys to roles should also log a warning if it detects a shared key.
Add a console handler, and a function to disable it, to repository_tool.py.
Update _delete_obsolete_metatadata() docstring and comments in repository_tool.py.
Rename the unused 'json_object' variable in util.py.
Roles are allowed to share verification keys. Update repository_tool.py so that the targets role can successfully load an already recognized key when loading a repository. Reported by Santiago.
Properly strip (again) the digest prepended to 'digest.filename' files.
The required '+1' appears to have been accidentally deleted in a recent commit:
298f52ddb8 (diff-59d384d80d746c800b16c8387756c0ccL2750)
Thanks to Santiago for locating the bug.
The previous exception raised when a non-signing key is loaded may be misinterpreted:
tuf.Error: The private key is unavailable.
Changed to: This is not a private key.