These documents describe TUF server (mostly key management) and
client (mostly targets delegation) operations referring to a long
outdated TUF specification and suggesting the use of long gone
python-tuf tooling.
A deprecation disclaimer was added to the document headers already
in 2014 (see b84225f3e7).
I think it is safe to remove them.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
fossa.com integration for automated license compliance scans was
discontinued with #1242. There has been no initiative to
re-enable it in over a year.
This patch removes a since then obsolete config file. Let's re-add
when needed.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Just came across two instances where line-continued strings missed
a separating whitespace and fixed them.
Note: I also checked the entire repo for more such cases using the
regex `[^ ]["']\n *f?["'][^ ]` but didn't find any.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
When calling updater._persist_metadata() there is a possibility that
writing the temporary file to storage can succeed, but moving it with
os.replace could fail with OSError.
Make sure we are removing the newly created temporary file in that case.
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
Remove `bump_version()` method, which is just an alias for "+= 1"
on the version attribute. For a slim low-level API it seems okay to
just directly access/modify the attribute.
The extra level of abstraction of "bumping a version" is more
appropriate for a repository library (see #1136).
This patch also removes a related unit test and updates another one
to directly do `(...).version +=`.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
This commit adds to the CI an automatic check for the TUF
specification version and compares it with the python-tuf metadata
API version.
If the version does not match and there is not a issue already open,
a new issue is opened.
Closes#1598
Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
New pylint warnings appeared related to changes
in urlib3:
- tests/test_fetcher_ng.py:128: error: Argument 1 to "ReadTimeoutError"
has incompatible type "None"; expected "ConnectionPool" [arg-type]
- tests/test_fetcher_ng.py:128: error: Argument 2 to "ReadTimeoutError"
has incompatible type "None"; expected "str" [arg-type]
I noticed these error in this CI run:
https://github.com/theupdateframework/python-tuf/runs/4764931441?check_suite_focus=true
I fixed them by creating a urllib3.HTTPConnectionPool() instance as
the first argument and replaced the second argument with an empty
string.
This seems to do the job.
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
After making a successful update of valid metadata which stores it
in cache and performing a second update with a new updater while
the metadata is already stored in cache, this test verifies that
timestamp, snaphot and targets are loaded from cache and not
downloaded
Fixes#1681
Signed-off-by: Ivana Atanasova <iyovcheva@vmware.com>
Dictionary.get() by default will return "None" if the key is not
found as documented in:
https://docs.python.org/3/library/stdtypes.html#dict.get
This means we don't get anything by passing the default type.
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
keyids are ordered in the data we deserialize: Not preserving that order
breaks canonicalization. Set does not preserve order.
Change Role.keyids type from Set to List. This is strictly speaking
an API change but a minor one: keyids are supposed to be changed
via add_key()/remove_key().
Add tests for this for both Role and DelegatedRole. Shorten a related
exception message.
Fix#1752
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
This test simulates the targets fast-forward attack recovery.
It simulates that the targets keys were compromised, the attacker
generated a new high version of the targets.
The repository generates new key for snapshot to rollback the
targets version to the initial version.
Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
TUF uses file name hashes elsewhere so make it clear when hashes are for
file _contents_.
Fixes#1737.
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
Move the remaining
test_snapshot_rollback_with_local_snapshot_hash_mismatch
to test_updater_top_level_update.py and remove the file.
Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
Remove TestUpdater.test_refresh from test_updater_with_simulator.
Testing refresh() is now extensively covered in the newly added
test_updater_top_level_update.py.
Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
Update sphinx/rtd conf to display inherited members. This is
enabled specifically for the newly added `expires` property,
which has a useful code snippet in the docstring.
We don't display
- them on the tuf.api automodule overview page (avoid duplicates)
- members inherited from the built-in Exception class
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Remove `bump_expiration()` method, which is unlikely to be used as
is, i.e. bump to "current expiration date plus delta". A more
realistic use case is to bump to "now plus delta" (see #1727 for
details).
Moreover, bump_expiration can either way easily be replaced by a
one-liner expression using the 'datetime' module. A corresponding
code snippet is added to the `expires` property's docstring. Note:
`expires` became a property with a millisec-removing setter (for
spec conformance) in #1712, which further reduces the need for a
convenience bump_expiration method.
This patch also removes a related unit test and updates another
one.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Add test cases covering downloading and loading from cache
targets with non-matching hash and length.
Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
Remove parts of the test case which are covered in other
tests, this way making its purpose clearer.
Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>