Elgato_dark/python-tuf
1
0
Fork 0
mirror of https://github.com/theupdateframework/python-tuf synced 2026-05-24 10:08:28 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
5047 commits 28 branches 35 tags 23 MiB
Commit graph

5047 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jussi Kukkonen
9da9050dd0
Merge pull request #1957 from theupdateframework/dependabot/github_actions/actions/checkout-3.0.1 
build(deps): bump actions/checkout from 3.0.0 to 3.0.1
 2022-04-20 09:58:03 +03:00
Jussi Kukkonen
5811f55ab1
Merge pull request #1958 from theupdateframework/dependabot/pip/types-requests-2.27.19 
build(deps): bump types-requests from 2.27.16 to 2.27.19
 2022-04-20 09:57:44 +03:00
Jussi Kukkonen
3a7fad7854
Merge pull request #1960 from mnm678/spec-version 
Update supported spec version
 2022-04-20 09:57:24 +03:00
Jussi Kukkonen
b8acf5512d
Merge pull request #1953 from MVrachev/fix-eq-tests 
Tests: restore objects to initial state after test
 2022-04-20 09:57:12 +03:00
Marina Moore
70b27b0ef8 Regenerate tests with new spec version 
Signed-off-by: Marina Moore <mnm678@gmail.com>
 2022-04-19 10:31:07 -04:00
Marina Moore
9c5c5f7a73 Update supported spec version 
Signed-off-by: Marina Moore <mnm678@gmail.com>
 2022-04-19 10:22:43 -04:00
Lukas Pühringer
c2087b39e1
Merge pull request #1955 from jku/test-client-metadata-length-limits 
tests: Test client max metadata length config
 2022-04-19 15:47:47 +02:00
Lukas Pühringer
8e526d7547
Merge pull request #1954 from aribasch/fix-path-construction 
Replaced manual path construction with os.path.join
 2022-04-19 15:17:22 +02:00
Ari
0708fb4a3b Reverted URL construction back to f-strings 
Signed-off-by: Ari <aribasch@umich.edu>
 2022-04-18 12:21:44 -04:00
Ari
d867debb77 Replaced manual path construction with os.path.join 
Signed-off-by: Ari <aribasch@umich.edu>
 2022-04-18 12:21:44 -04:00
dependabot[bot]
39ccb9910c
build(deps): bump types-requests from 2.27.16 to 2.27.19 
Bumps [types-requests](https://github.com/python/typeshed) from 2.27.16 to 2.27.19.
- [Release notes](https://github.com/python/typeshed/releases)
- [Commits](https://github.com/python/typeshed/commits)

---
updated-dependencies:
- dependency-name: types-requests
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-04-18 10:09:04 +00:00
dependabot[bot]
65d1b87a2f
build(deps): bump actions/checkout from 3.0.0 to 3.0.1 
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](a12a3943b4...dcd71f6466)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-04-15 10:16:40 +00:00
Jussi Kukkonen
17ec875cd8 tests: Test client max metadata length config 
Fixes #1730

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
 2022-04-14 10:22:17 +03:00
Martin Vrachev
ce11102dee Tests: restore objects to initial state after test 
Inside test_metadata_eq_.py we test the __eq__ implementations of all
classes. In order to do this, we change the attribute of the object and
then compare them to the unchanged version of those objects.
Usually, we do it in the following steps:
1. create an initial version "a"
2. create a copy of "a" called "b"
3. iterate all attributes inside "b" and change them to a given value
4. check that "a" and "b" are different

We do however forget to restore the object `b` to its initial state
which means we don't check the `__eq__` correctly as we stop on the
first, the found difference which could be of an older attribute changed
in one of the past iterations.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
 2022-04-13 16:28:31 +03:00
Jussi Kukkonen
c47121b1cb
Merge pull request #1950 from abs007/patch-1938 
Fixed annotation for unrecognized_fields
 2022-04-13 10:11:42 +03:00
Abhisman Sarkar
944a540f97 Metadata API: Annotate 'unrecognized_fields' as Dict 
Fixes #1938

Description of the changes being introduced by the pull request:

Annotating as Mapping seems wrong as further changes to the content might
be added in the code base. Hence, annotation changed to Dict.

Signed-off-by: Abhisman Sarkar <abhisman.sarkar@gmail.com>
 2022-04-12 22:25:33 +05:30
Jussi Kukkonen
8a7243ff23
Merge pull request #1947 from jku/verify-release-build-isolation 
verify_release: Build from git sources only
 2022-04-11 12:01:36 +03:00
Jussi Kukkonen
62580abf9c verify_release: Build from git sources only 
Make a new (local) git clone to build from. This ensures uncommitted
files do not affect the build.

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
 2022-04-08 16:54:02 +03:00
Jussi Kukkonen
76a46090a3
Merge pull request #1945 from theupdateframework/dependabot/github_actions/actions/setup-python-3.1.1 
build(deps): bump actions/setup-python from 3.1.0 to 3.1.1
 2022-04-08 11:07:55 +03:00
Jussi Kukkonen
fe95c88ea3
Merge pull request #1944 from theupdateframework/dependabot/pip/pylint-2.13.5 
build(deps): bump pylint from 2.13.4 to 2.13.5
 2022-04-08 11:07:24 +03:00
dependabot[bot]
156e535dcf
build(deps): bump actions/setup-python from 3.1.0 to 3.1.1 
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 3.1.0 to 3.1.1.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](9c644ca2ab...21c0493ecf)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-04-07 10:19:18 +00:00
dependabot[bot]
1d9219a8bb
build(deps): bump pylint from 2.13.4 to 2.13.5 
Bumps [pylint](https://github.com/PyCQA/pylint) from 2.13.4 to 2.13.5.
- [Release notes](https://github.com/PyCQA/pylint/releases)
- [Changelog](https://github.com/PyCQA/pylint/blob/main/ChangeLog)
- [Commits](https://github.com/PyCQA/pylint/compare/v2.13.4...v2.13.5)

---
updated-dependencies:
- dependency-name: pylint
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-04-07 10:06:10 +00:00
Jussi Kukkonen
10f9feaead
Merge pull request #1939 from theupdateframework/dependabot/pip/types-requests-2.27.16 
build(deps): bump types-requests from 2.27.15 to 2.27.16
 2022-04-04 16:57:33 +03:00
Lukas Pühringer
b3508471dc
Merge pull request #1922 from jku/constructor-defaults 
Add default args to Signed constructors
 2022-04-04 13:18:21 +02:00
Jussi Kukkonen
8de43ab380
Merge pull request #1940 from theupdateframework/dependabot/github_actions/actions/setup-python-3.1.0 
build(deps): bump actions/setup-python from 3.0.0 to 3.1.0
 2022-04-04 13:52:41 +03:00
Jussi Kukkonen
0d3bb682dd Metadata API: Document constructor default arguments 
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
 2022-04-04 13:49:06 +03:00
dependabot[bot]
b0a73e41c6
build(deps): bump actions/setup-python from 3.0.0 to 3.1.0 
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](0ebf233433...9c644ca2ab)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-04-04 10:21:57 +00:00
dependabot[bot]
f76b6c7b12
build(deps): bump types-requests from 2.27.15 to 2.27.16 
Bumps [types-requests](https://github.com/python/typeshed) from 2.27.15 to 2.27.16.
- [Release notes](https://github.com/python/typeshed/releases)
- [Commits](https://github.com/python/typeshed/commits)

---
updated-dependencies:
- dependency-name: types-requests
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-04-04 10:07:34 +00:00
Jussi Kukkonen
b17ae3fd8f
Merge pull request #1808 from ivanayov/delegated_hash_bins_tests 
Add test coverage for delegated hash bins
 2022-04-04 12:22:54 +03:00
Jussi Kukkonen
dd3f4fa9bf
Merge pull request #1935 from theupdateframework/dependabot/pip/pylint-2.13.4 
build(deps): bump pylint from 2.13.2 to 2.13.4
 2022-04-04 11:58:55 +03:00
Jussi Kukkonen
958a2bd3b7
Merge pull request #1936 from jku/refactor-trusted-metadata-set-test 
tests: Small refactor of a test
 2022-04-01 15:49:59 +03:00
Jussi Kukkonen
0bd8feccf8 tests: Small refactor of a test 
Test was supposed to test a threshold that is higher than number of
signatures, but it actually was just using completely unsigned metadata.

This still doesn't test the case where _trusted_ metadata defines a
threshold that new metadata does not reach: only the case where new
metadata defines threshold that it does not meet (this case is covered
in updater tests though).

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
 2022-04-01 10:17:06 +03:00
Jussi Kukkonen
434730fc33
Merge pull request #1934 from kairoaraujo/unecessary_import_requests_exceptions 
import requests.exceptions is not necessary
 2022-03-31 15:48:03 +03:00
Ivana Atanasova
59245a2c2e Add test coverage for delegated hash bins 
This change adds tests coverage for `path_hash_prefixes` and
verifies that role names matching specific prefixed successfully
find and download the corresponding metadata files

Signed-off-by: Ivana Atanasova <iyovcheva@vmware.com>
 2022-03-31 15:28:47 +03:00
dependabot[bot]
8c223f5446
build(deps): bump pylint from 2.13.2 to 2.13.4 
Bumps [pylint](https://github.com/PyCQA/pylint) from 2.13.2 to 2.13.4.
- [Release notes](https://github.com/PyCQA/pylint/releases)
- [Changelog](https://github.com/PyCQA/pylint/blob/main/ChangeLog)
- [Commits](https://github.com/PyCQA/pylint/compare/v2.13.2...v2.13.4)

---
updated-dependencies:
- dependency-name: pylint
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-03-31 10:07:49 +00:00
Kairo de Araujo
b5e42c1c92 import requests.exceptions is not necessary 
All calls use requests.* and importing requests.exceptions is not
necessary.

Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
 2022-03-31 10:58:53 +02:00
Jussi Kukkonen
d36b701bca
Merge pull request #1930 from theupdateframework/dependabot/pip/black-22.3.0 
build(deps): bump black from 22.1.0 to 22.3.0
 2022-03-29 13:36:48 +03:00
dependabot[bot]
811000f272
build(deps): bump black from 22.1.0 to 22.3.0 
Bumps [black](https://github.com/psf/black) from 22.1.0 to 22.3.0.
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](https://github.com/psf/black/compare/22.1.0...22.3.0)

---
updated-dependencies:
- dependency-name: black
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-03-29 10:08:45 +00:00
Jussi Kukkonen
71259a3e75
Merge pull request #1925 from theupdateframework/dependabot/pip/mypy-0.942 
build(deps): bump mypy from 0.941 to 0.942
 2022-03-29 09:14:00 +03:00
dependabot[bot]
e1e8645bac
build(deps): bump mypy from 0.941 to 0.942 
Bumps [mypy](https://github.com/python/mypy) from 0.941 to 0.942.
- [Release notes](https://github.com/python/mypy/releases)
- [Commits](https://github.com/python/mypy/compare/v0.941...v0.942)

---
updated-dependencies:
- dependency-name: mypy
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-03-28 13:11:23 +00:00
Jussi Kukkonen
3ec455ca8a
Merge pull request #1928 from theupdateframework/dependabot/pip/types-requests-2.27.15 
build(deps): bump types-requests from 2.27.14 to 2.27.15
 2022-03-28 16:10:29 +03:00
dependabot[bot]
10f7375101
build(deps): bump types-requests from 2.27.14 to 2.27.15 
Bumps [types-requests](https://github.com/python/typeshed) from 2.27.14 to 2.27.15.
- [Release notes](https://github.com/python/typeshed/releases)
- [Commits](https://github.com/python/typeshed/commits)

---
updated-dependencies:
- dependency-name: types-requests
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-03-28 11:49:14 +00:00
Jussi Kukkonen
bde78bcb9f
Merge pull request #1927 from theupdateframework/dependabot/pip/pylint-2.13.2 
build(deps): bump pylint from 2.12.2 to 2.13.2
 2022-03-28 14:48:41 +03:00
dependabot[bot]
b482886b92
build(deps): bump pylint from 2.12.2 to 2.13.2 
Bumps [pylint](https://github.com/PyCQA/pylint) from 2.12.2 to 2.13.2.
- [Release notes](https://github.com/PyCQA/pylint/releases)
- [Changelog](https://github.com/PyCQA/pylint/blob/main/ChangeLog)
- [Commits](https://github.com/PyCQA/pylint/compare/v2.12.2...v2.13.2)

---
updated-dependencies:
- dependency-name: pylint
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-03-28 10:09:17 +00:00
Lukas Pühringer
57c610df15
Merge pull request #1926 from jku/verify-release-imports 
verify_release: Warn about missing requirements
 2022-03-28 09:52:19 +02:00
Jussi Kukkonen
bf878ceaa6 verify_release: Warn about missing requirements 
This is mostly useful for build module as it's not imported otherwise:
we explicitly call "python -m build" so everything works like in a
real release build.

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
 2022-03-25 11:50:15 +02:00
Jussi Kukkonen
81637596ec
Merge pull request #1923 from theupdateframework/dependabot/pip/urllib3-1.26.9 
build(deps): bump urllib3 from 1.26.8 to 1.26.9
 2022-03-25 09:03:28 +02:00
Jussi Kukkonen
d1c52b5bb5
Merge pull request #1919 from theupdateframework/dependabot/pip/cryptography-36.0.2 
build(deps): bump cryptography from 36.0.1 to 36.0.2
 2022-03-25 09:03:11 +02:00
Jussi Kukkonen
96b2cd46b5 Metadata API: Set default expires to utcnow() 
This means the metadata is by default expired: this seems like a fine
default since we only allow a default value for practical reasons (not
allowing it would mean backwards incompatible API change).

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
 2022-03-24 15:43:06 +02:00
Jussi Kukkonen
d8c0f3b3f3 Metadata API: Be more careful with container args 
If argument is an empty container, we want to use the given empty
container. Only create a new container if argument is None.

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
 2022-03-24 15:38:53 +02:00