Remove use of six
Signed-off-by: Velichka Atanasova <avelichka@vmware.com>
Replace the use of dict.items(mydict) with mydict.items(), dict.keys(mydict) with mydict.keys() and dict.values(mydict) with mydict.values()
Signed-off-by: Velichka Atanasova <avelichka@vmware.com>
Replace 'import urllib' and 'import urllib.x' with 'from urllib import x' for vendor compatibility
Signed-off-by: Velichka Atanasova <avelichka@vmware.com>
Currently, we are importing the "utils" module in tests/utils
with "import utils".
This could become a problem when there is another module with
the same general name "utils" and could lead to import mistakes.
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
secure-systems-lab/securesystemslib#288 changes the key generation
interface functions in such a way that it is clear if a call opens
a blocking prompt, or writes the key unencrypted. To do this two
functions are added per key type:
- `generate_and_write_*_keypair_with_prompt`
- `generate_and_write_unencrypted_*_keypair`
The default `generate_and_write_*_keypair` function now only allows
encrypted keys and only using a passed password. This respects the
principle of secure defaults and least surprise.
sslib#288 furthermore adds a protected
`_generate_and_write_*_keypair`, which is not exposed publicly
because it does not encrypt by default, but is more flexible and
thus convenient e.g. to consume all arguments from a key generation
command line tool such as 'repo.py'.
This commit adds the new public functions to the tuf namespace and
adopts their usage accordingly.
NOTE regarding repo.py:
This commit does not fix any problematic password behavior of
'repo.py' like default passwords, etc. (see #881). It only adopts
the sslib#288 changes to maintain the current behvior, plus
removing one glaringly obsolete password prompt.
NOTE regarding key import:
The securesystemslib private key import functions were also changed
to no longer auto-prompt for decryption passwords , TUF, however,
only exposes custom wrappers (see repository_lib) that do
auto-prompt. sslib#288 changes to the prompt texts are nevertheless
propagated to tuf and reflected in this commit.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Modify test cases which use unsigned metadata.
Update test_sign_metadata to check for empty key list.
Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
I don't see a need to leave a comment about what setupClass,
tearDownClass, setup and tearDown functions do.
There is documentation that describes that.
Additionally, the links referenced in the comments are from
Python 2 is deprecated.
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
all test_*.py files now accept zero or more '-v' to increase tuf
logging level. The default is now ERROR.
default: ERROR
"-v": ERROR, but unittest prints test names
"-vv": WARNING
"-vvv": INFO
"-vvvv": DEBUG
Example to run a single test with DEBUG level:
python3 test_updater.py -vvvv TestUpdater.test_4_refresh
Also make test_log.py restore the log level it modifies during test.
Fixes#1093
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
Add a new test case in test_generate_targets_metadata
to check if targets metadata is up-to-date with its delegated
roles.
Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
Tests logic is modified to accommodate for the update of the
delegations during generate_targets_metadata().
Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
First in the generate_timestamp_metadata both "snapshot_filename"
and the constant SNAPSHOT_FILENAME are used which is redundant
and possibly confusing. There should be only one input
for the snapshot file name.
Second, when calling the generate_timestamp_metadata there are
cases when "snapshot_filename" is in reality "snapshot_file_path".
That's what led to the need for the addition of SNAPSHOT_FILENAME
when populating the "meta" field from the TIMESTAMP_SCHEMA.
For the same reason, it seems logical to me to rename snapshot_filename
to snapshot_file_path and explicitly take the snapshot file name
from it.
Third, in the _generate_and_write_metadata function the argument
"filenames" is by default None, but at the same time without check
it's considered that filenames is a dictionary which has a key
"snapshot". This is could be okay if the default "filenames" value
was not None, but in the current situation it's easy to call
"_generate_and_write_metadata" with rolename = timestamp
and forget to populate the filenames dictionary.
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
This separation and refactoring is part of the change to
make length and hashes optional for timestamp and snapshot roles.
It separates FILEINFO_SCHEMA into two separate schemas:
TARGETS_FILEINFO_SCHEMA and METADATA_FILEINFO_SCHEMA.
The distinction is needed because as of version 1.0.1 of the tuf
spec targets role has mandatory length and hashes, and
snapshot and timestamp roles have a mandatory version, and optional
length and hashes.
That's why targets can't share the same schemas
as timestamp and snapshot.
Because of that schema distinction, make_fileinfo had to be too
separated into make_targets_fileinfo and make_metadata_fileinfo.
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
The argument targets_filename in the generate_snapshot_metadata
is redundant because the places where we are calling
generate_snapshot_metadata is by using the constant
TARGETS_FILENAME or by creating a variable with the same value
of "targets.json".
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
Add more granular testing of positive and negative cases when generating
targets metadata with existing fileinfo dictionaries
Signed-off-by: Joshua Lock <jlock@vmware.com>
Rename repository_lib.get_metadata_filenames() and
get_delegations_filenames() to better match their
functionality and tuf terminology.
Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
This was erroneously absent in PR 1024, which added support for abstract
files and directories. Resolve by adding a storage_backend argument to
generate_timestamp_metadata() and using it so that the fileinfo (hashes
and length) for the snapshot file can be generated for a snapshot
metadata file on any supported storage.
Signed-off-by: Joshua Lock <jlock@vmware.com>
Utilise the abstract files and directories support to enable generating
targets metadata for files which aren't necessarily locally accessible,
rather than requiring that metadata for non-local files be provided via
existing fileinfo structures.
Signed-off-by: Joshua Lock <jlock@vmware.com>
The specification lists four fundamental roles: root, targets, snapshot
and timestamp. Loading a repository where those roles are not present
should not be supported, therefore convert debug messages on the absence
of metadata files for these fundamental roles into a RepositoryError
exception.
Signed-off-by: Joshua Lock <jlock@vmware.com>
Switch to using the new abstract files and directories support in
securesystemslib by taking an object which implements
securesystemslib.storage.StorageBackendInterface in the Repository
constructor, passed in by tuf.repository_tool.create_new_repository() and
tuf.repository_tool.load_repository()
The Updater class in tuf.client.updater does not specify a storage backend
and instead allows the functions in securesystemslib to perform the
default action of instantiating a LocalFilesystemBackend, that is the
updater does not currently support abstract filesystem backends and always
defaults to using local storage.
Finally we drop support for tuf.settings.CONSISTENT_METHOD as it's not as
clear how different copying modes should work when the details of the
underlying storage are abstracted away.
Signed-off-by: Joshua Lock <jlock@vmware.com>
Support for compressed files was removed in tuf v0.10.x leaving behind
some vestiges like the test logic in test_repository_lib, which is
duplicated below and carries a redundant comment, and setting compression
on in generate_project_data.py
Signed-off-by: Joshua Lock <jlock@vmware.com>
Add an additional optional parameter to add_target() and
add_target_to_bin() which is a fileinfo object matching
tuf.formats.FILEINFO_OBJECT
This parameter and the custom parameter are mutually exclusive and
thus cannot be passed at the same time.
Signed-off-by: Joshua Lock <jlock@vmware.com>
Replace hard-coded logger names with __name__. For the most part this just uses
the standard conventions to create the same logger hierarchy as existed before.
The only real difference is that loggers created for printing during tests are
no longer part of the 'tuf' hierarchy.
Signed-off-by: Joshua Lock <jlock@vmware.com>
securesystemslib PR #162 removed implicit encoding of data to bytes
in securesystemslib.keys.[create_signature|verify_signature]
Update to encode data where required.
Signed-off-by: Joshua Lock <jlock@vmware.com>
Remove only wrappers and corresponding tests that don't add any
new functionality, but blindly forward the caller to sslib, where
the same function exists and is tested.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
TUF specific schemas have moved to tuf.formats, ensure they are used
throughout and remove stray references to no longer supported schemas
in securesystemslib.format
Signed-off-by: Joshua Lock <jlock@vmware.com>
Removal of securesystemslib exceptions that are TUF-specific
occurs in securesystemslib PR #165https://github.com/secure-systems-lab/securesystemslib/pull/165
This commit adapts to those changes. Exceptions that are specific
to TUF should be in TUF and not in securesystemslib. This commit
uses those already-existing TUF exceptions instead of pointing to
securesystemslib exceptions that will be removed.
For example, securesystemslib has no notion of repositories, so
it's ridiculous to have a RepositoryError in securesystemslib and
ridiculous for TUF to use
securesystemslib.exceptions.RepositoryError.
Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
