Consistently enclose filenames referred to througout the release process in
backticks to ensure they are rendered in the code style.
Signed-off-by: Joshua Lock <jlock@vmware.com>
PR #1014 removed uses of keyid_hash_algorithms in favour of using the calculated
keyid values from the metadata. A few instances of this removal were
unintentionally reintroduced in PR #1016, when changing to explicitly passing
a list of hash algorithms rather than changing securesystemslib settings
values.
This change removes uneccessary uses of keyid_hash_algorithms.
Signed-off-by: Joshua Lock <jlock@vmware.com>
Add a new test case in test_generate_targets_metadata
to check if targets metadata is up-to-date with its delegated
roles.
Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
Tests logic is modified to accommodate for the update of the
delegations during generate_targets_metadata().
Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
Use the delegation graph traversal during load_repository()
to load delegated roles' 'keyids' and 'threshold' by reading it
from the delegating role metadata.
If more than one delegation to the same role exists, only the first
one is loaded in roledb for this role.
Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
Collect keys and threshold of delegated roles and update
delegations in generate_targets_metadata in a similar manner
as generate_root_metadata() does for top-level roles.
Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
Use _keys_to_keydict() for the key dictionary generation in
generate_root_metadata().
Rename it as a public function keys_to_keydict().
Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
Versions 2.6.0 and later of pylint adhere to PEP 3134
and trigger a 'raise-missing-from' warning (W0707) when
chained exceptions are raised implicitly.
The 'from' keyword is a Python3.x feature, that is why
six.raise_from is used for Python2.x compatibility.
Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
Per the detailed client workflow in the specification step 1.2
"Version N+1 of the root metadata file MUST have been signed by:
(1) a threshold of keys specified in the trusted root metadata file
(version N), and
(2) a threshold of keys specified in the new root metadata file being
validated (version N+1)."
Number 2 is implemented here as this step was not being performed by the
Updater. Unfortunately we can't use existing signature verification
methods in tuf.sig, because tuf.sig.signature_status() does not verify
signatures for keys which are not listed in keydb (and tuf.sig.verify
uses tuf.sig.signature_status)
Therefore this patch introduces a method for verifying signatures with
root keys listed in the signable being verified.
Signed-off-by: Joshua Lock <jlock@vmware.com>
This method is duplicating verification steps which have already been
completed before the file was written to disk.
Signed-off-by: Joshua Lock <jlock@vmware.com>
We no longer handle compressed metadata files, so rename this method to be
shorter and less confusing:
_verify_uncompressed_metadata_file -> _verify_metadata_file
Signed-off-by: Joshua Lock <jlock@vmware.com>
In commit b7a15fdee7dee899c098b01fe64d604635b2b132
or pr https://github.com/secure-systems-lab/securesystemslib/pull/227
in securesystemslib I change the function arguments of the
format_metadata_to_key function in securesystemslib/keys.py
to add the opportunity to use custom keyid hash algorithms without
chainging the securesystemslib.settings.HASH_ALGORITHMS variable.
With this commit, I make use of the above changes in tuf.
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
Currently, if the repository is consistent_snapshot,
Updater will prefix the target filename with the hash
when constructing the download URL.
For some adopters of TUF (like Warehouse) this is not wanted
(warehouse target file paths are "consistent",
even if the filenames are not).
For example, Warehouse doesn't follow what tuf
(the reference implementation and specification) advice for naming
consistent filenames, which is to prefix the filename with the hash
of the files contents.
However, the target filenames it does use are consistent,
only the hash is part of the target's file path
not the target's file name.
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
After we had given the option to use or not hashes and length
for timestamp and snapshot roles, it's good to make sure we are
calculating them only when they are needed.
This optimization could be important for the bigger tuf adopters.
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
proxy_server.py is python2 only, don't try to setup the class as it
leads to a confusing TimeoutError.
This may prevent me from debugging this apparent test failure a third
time.
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
Our tests already expect localhost lookup to work to find test servers:
use it consistently instead of sometimes using 127.0.0.1
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
Travis managed to still timeout with 5 seconds: increasing the timeout
(now that it's not a sleep) doesn't really hurt normal non-VM use cases
so let's bump it to 10 seconds.
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
* Add utility function to wait on a socket until it responds
* Use the function instead of sleeping in tests that need to wait for
the server to start
* Increase the max timeout to 5 seconds by default (as appveyor builds
still seem to hit the 3 second mark sometimes)
wait_for_server() functions quite differently depending on OS: Windows
can take 2 seconds to respond with ECONNREFUSED whereas Linux is almost
instant. There might be tricks to be faster on Windows (like setting
a shorter socket timeout) but this was not done here.
This makes a full Linux test run almost 40% faster and should be more
reproducible on every platform.
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
Ensure someone following the release process pushes the tag they create
and include a tag message matching the common form, rather than requiring
somebody following the steps to figure out what to enter into their editor
Signed-off-by: Joshua Lock <jlock@vmware.com>
For some reason the first level 3 heading 'Added' was not rendering
correctly. The level 2 heading for 'Fixed' should be level 3.
Signed-off-by: Joshua Lock <jlock@vmware.com>
This avoids the need to sleep() before removing the temporary
directories used, and makes sure we don't get
ResourceWarning: subprocess N is still running
messages. Use subprocess.communicate() instead of wait() if the process
has a pipe (currently the return values are just dropped though).
Practical results should be more reliability and a slightly reduced
test runtime.
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>