Commit graph

87 commits

Author SHA1 Message Date
Joshua Lock
ac0ea24ca9 Remove references to setup.py
We now use a static setup.cfg instead, update __init__.py and
docs/RELEASE.md to point there.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2021-10-21 13:30:46 +01:00
Jussi Kukkonen
f2f7f9df53 Release 0.19.0
For users of legacy client (tuf/client/) this is purely a security fix
release with no API or functionality changes. For ngclient and Metadata
API, some API changes are included.

All users are advised to upgrade.

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2021-10-19 17:17:49 +03:00
Joshua Lock
3a87b2bcd1 Prepare v0.18.1
The v0.18.0 release was made with the changes from #1566, resulting in
a release with sources which don't match the git tag. Rectify this with
a brown bag point release.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2021-09-06 13:55:54 +01:00
Jussi Kukkonen
0ec8d3ce86 Release preparations for 0.18
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2021-09-06 14:37:25 +03:00
Joshua Lock
76c0a54e75 Prepare v0.17.0 release
Signed-off-by: Joshua Lock <jlock@vmware.com>
2021-02-25 10:49:12 +00:00
Joshua Lock
7ff26717a1 Prepare 0.16.0 release
Update docs/CHANGELOG.md and bump version number for a 0.16.0 release

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-11-26 13:15:14 +00:00
Joshua Lock
8169b00745 Prepare 0.15.0 release
Update docs/CHANGELOG.md and bump version number for a 0.15.0 release

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-10-21 11:42:21 +01:00
Joshua Lock
3e68b3a07e Prepare 0.14.0 release
Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-09-09 11:11:48 +01:00
Joshua Lock
ea958bc568 Prepare 0.13.0 release
Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-08-04 09:31:16 +01:00
Santiago Torres
bea6496dc2
release: 0.12.2
Signed-off-by: Santiago Torres <santiago@archlinux.org>
2020-01-10 15:43:44 -05:00
Lukas Puehringer
054a32ce1a setup.py/__init__.py: bump version to v0.12.1
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2019-11-14 15:49:15 +01:00
Lukas Puehringer
9a8e3c9ef9 setup.py/__init__.py: bump version to v0.12.0
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2019-10-14 16:47:16 +02:00
Lukas Puehringer
9d201d1657 Update SPEC_VERSION to semver-compliant 1.0.0
Updates SPEC_VERSION definition in tuf/__init__.py, test files and
docstring in formats.build_dict_conforming_to_schema.

Test metadata will be updated in separate commits.

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2019-09-16 15:43:39 +02:00
Sebastien Awwad
d58bcf9c62
spec version support code cleanup
Specification version now only lives in tuf/__init__.py, and will only be
derived from there.

Specification version info is no longer in tuf.formats, where it was
previously moved from tuf.updater, since this was redundant.

Also finally corrects spec version testing in test_updater.py.

Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
2019-03-29 11:08:43 -04:00
Sebastien Awwad
847f20df9e
Update version to 0.11.2.dev3
Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
2019-01-10 11:52:42 -05:00
Sebastien Awwad
23cfcbe783
Bump version to 0.11.2.dev2 from 0.11.2.dev1
Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
2018-11-05 15:57:05 -05:00
Sebastien Awwad
73f3289942
Bump version to 0.11.2.dev1 for PyPI dev release
Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
2018-10-03 11:59:56 -04:00
Sebastien Awwad
24a10b5527
Update dependencies and bump version to 0.11.2-alpha
for an alpha release.

Update dependencies:
bandit, py, pycparser, pynacl, securesystemslib, tox

Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
2018-10-02 22:24:14 -04:00
Sebastien Awwad
314f6e71b9
Remove partial single-source version; add comments explaining
Previous commit isn't going to work: read wasn't defined. Code
provided was from here:
https://packaging.python.org/guides/single-sourcing-package-version/

and is a little more complicated than is ideal. It'll also match
comment lines if they exist. Single-sourcing version number isn't
necessary for this pull request, but if I was going to do it, I'd
probably add a VERSION file and have tuf/__init__.py and setup.py
each read that in. There could be problems with that, too. I'm
going to punt on this and keep the version in two places and we
can fix that less urgently. (Also, the user agent reporting a
version seems less critical in any case than the rest of the PR.)

Version info will now be in two locations and require update in
tandem.

Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
2018-09-10 16:29:59 -04:00
Trishank K Kuppusamy
34e0ec7c62
Add TUF version number, and user agent
Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
2018-09-10 16:29:48 -04:00
Vladimir Diaz
47c531f5f0
Remove obsolete settings code from __init__.py
Signed-off-by: Vladimir Diaz <vladimir.v.diaz@gmail.com>
2017-11-30 11:13:28 -05:00
Artiom Baloian
b793c81739 Added simple_settings, now it is a requirement of TuF.
Rename conf.py into the settings.py an changed import call.
2016-11-01 15:38:40 -04:00
Artiom Baloian
8247a02737 Moved TuF exceptions and schem into the ssl_commons 2016-10-31 11:58:05 -04:00
Artiom Baloian
7098cdbc3a Move _vendor dir and split formats into the formats and tufformats 2016-10-28 18:37:28 -04:00
Vladimir Diaz
07b4b24343 Finish edits to repository tool doc and update code to fix issues with slow retrieval errors 2016-10-21 11:36:48 -04:00
Vladimir Diaz
70fc8dce36 Resolve merge conflicts with upstream and ecordell-root-versioning 2016-10-18 10:28:04 -04:00
Vladimir Diaz
8882dc5b7b Merge branch 'root-versioning' of https://github.com/ecordell/tuf into ecordell-root-versioning
Conflicts:
	tests/test_key_revocation.py
	tests/test_replay_attack.py
	tests/test_repository_tool.py
	tests/test_updater.py
	tuf/formats.py
	tuf/repository_lib.py
2016-10-17 15:57:48 -04:00
Vladimir Diaz
b03deee874 Modify the way slow retrieval errors are raised and detected.
Potential slow retrieval errors are raised for safe downloads (strict check on file size) and not for unsafe (a file size less than an upper limit).  Slow retrieval errors should always be prevented
2016-10-10 17:34:00 -04:00
Sebastien Awwad
7cd20fe035
Fixing another bug in tuf/__init__() and making the intended logging there happen. 2016-03-16 16:45:58 -04:00
Sebastien Awwad
c4ef697ec8
Fix for newly discovered python 3 issue causing unprintable exceptions 2016-03-16 16:39:47 -04:00
Vladimir Diaz
2f77fbccb6 Merge branch 'develop' of github.com:theupdateframework/tuf into tuf1.0_version_numbers 2016-01-27 17:07:06 -05:00
David Halls
1c51b8d732 Don't import tuf.log in __init__.py so importing tuf.conf doesn't start logging 2016-01-19 07:12:07 +00:00
Vladimir Diaz
af6f5c9d83 Review __init__.py 2015-10-27 17:00:56 -04:00
Vladimir Diaz
ed1f217022 Implement changes for _update_metadata() 2015-10-15 09:49:32 -04:00
Vladimir Diaz
1c8f41b0c0 Update import statements of unvendored dependencies 2015-06-02 08:29:22 -04:00
Vladimir Diaz
6be5ce8c08 Edit the docstrings of the interposition Exceptions
Modified the docstrings of interposition's Exception classes to be less specific.
2015-01-28 15:28:00 -05:00
Pankhuri Goyal
56b942a341 Changes in the error name in tuf.__init__ 2014-08-01 13:46:26 -04:00
Pankhuri Goyal
03164345e6 Add an InvalidConfiguration exception class in tuf.__init__ 2014-07-31 18:14:48 -04:00
Pankhuri Goyal
572e0c6079 Add interposition exception error classes in tuf.__init__ 2014-07-30 15:31:35 -04:00
Vladimir Diaz
091cfe9aeb Increase sleep time after starting simple server in affected tests. 2014-06-06 07:32:03 -04:00
vladdd
6b8b2399a2 Finish unit tests for Python2 + 3 support.
All unit tests updated / running for Python 2 + 3.
TODO: Fix non-Python 3 issue with util.py.
2014-05-27 13:55:48 -04:00
vladdd
e4bd9a7ba2 [WIP] Refactor download.py 2014-05-11 22:59:42 -04:00
Vladimir Diaz
8684253675 [WIP] Python 2+3.
Mostly unicode-related changes for crypto modules.
2014-05-06 15:24:39 -04:00
Vladimir Diaz
ab95a4b3aa [WIP] Python 2+3 support.
Python 2+3 unicode.
libraries.
The following modules (and their tests) work in PY2.7+3.3:
keydb, hash, formats, mirrors
2014-04-29 14:27:34 -04:00
Vladimir Diaz
e23b4e5eae Merge branch 'develop' of https://github.com/theupdateframework/tuf into develop
Conflicts:
	tuf/__init__.py
	tuf/client/updater.py
2014-04-29 08:31:29 -04:00
vladdd
1e360846bf Reject expired metadata without loading.
Reject downloaded metadata as early as possible.  The top-level roles were all downloaded as a group and then their
expiration inspected.  All metadata provided by a mirror that has already expired is discarded immediately and the next mirror tried.  The update process stops if a requested role cannot be successfully validated, or one of its parents.

[2014-04-29 02:00:32,308 UTC] [tuf.download] [INFO] [_download_file:745@download.py]
Downloading: http://localhost:8001/metadata/timestamp.json

[2014-04-29 02:00:32,324 UTC] [tuf.download] [INFO] [_check_downloaded_length:676@download.py]
Downloaded 544 bytes out of an upper limit of 16384 bytes.

[2014-04-29 02:00:32,324 UTC] [tuf.client.updater] [INFO] [_get_file:1189@updater.py]
Not decompressing http://localhost:8001/metadata/timestamp.json

[2014-04-29 02:00:32,331 UTC] [tuf.download] [INFO] [_download_file:745@download.py]
Downloading: http://localhost:8001/metadata/snapshot.json

[2014-04-29 02:00:32,333 UTC] [tuf.download] [INFO] [_check_downloaded_length:654@download.py]
Downloaded 1003 bytes out of the expected 1003 bytes.

[2014-04-29 02:00:32,334 UTC] [tuf.client.updater] [INFO] [_get_file:1189@updater.py]
Not decompressing http://localhost:8001/metadata/snapshot.json

[2014-04-29 02:00:32,334 UTC] [tuf.client.updater] [INFO] [_check_hashes:696@updater.py]
The file's sha256 hash is correct: 5b3aec7cf295a25e4b39d875c7474511da9645bc6d27f9e86fb7e439c82e0ec7

[2014-04-29 02:00:32,335 UTC] [tuf.client.updater] [ERROR] [_ensure_not_expired:1789@updater.py]
Metadata 'snapshot' expired on Tue Apr 29 01:59:01 2014 (UTC).

Do not request, download, and install top-level roles if the root of trust has already expired after the inital load. If requested, update an expired root role:

[2014-04-29 01:18:02,457 UTC] [tuf.client.updater] [ERROR] [_ensure_not_expired:1789@updater.py]
Metadata 'root' expired on Mon Apr 28 23:23:57 2014 (UTC).

[2014-04-29 01:18:02,458 UTC] [tuf.client.updater] [INFO] [refresh:628@updater.py]
Expired Root metadata was loaded from disk.  Try to update it now.

[2014-04-29 01:18:02,458 UTC] [tuf.download] [INFO] [_download_file:745@download.py]
Downloading: http://localhost:8001/metadata/root.json

[2014-04-29 01:18:02,461 UTC] [tuf.download] [INFO] [_check_downloaded_length:676@download.py]
Downloaded 1198 bytes out of an upper limit of 512000 bytes.

[2014-04-29 01:18:02,461 UTC] [tuf.client.updater] [INFO] [_get_file:1189@updater.py]
Not decompressing http://localhost:8001/metadata/root.json

[2014-04-29 01:18:02,462 UTC] [tuf.client.updater] [ERROR] [_ensure_not_expired:1789@updater.py]
Metadata 'root' expired on Mon Apr 28 23:23:57 2014 (UTC).

Note: An expired 'root' was provided by the server.  The requested root must also be signed by keys trusted by the client.
2014-04-28 22:31:42 -04:00
Vladimir Diaz
a7f28b9af4 [WIP] Python 2+3 support.
Add six, convert PY <=2.5 exception handling, dictionary iteration, libraries, 1/2 the tests.
2014-04-22 15:03:42 -04:00
vladdd
08a2bad2c0 Add Travis CI, coveralls, and coverage-related updates. 2014-04-20 16:15:19 -04:00
Vladimir Diaz
919fb0ff8f Log warning if top-level metadata expires soon. 2014-04-17 12:27:28 -04:00
Vladimir Diaz
1935b1de2b Update TUF modules affected by the change to the 'expires' format. 2014-04-15 12:52:35 -04:00