Update and refactor status() following the changes to how metadata is written.
Minor comment change to conf.py.
Example output:
'root' role contains 1 / 1 signatures.
'targets' role contains 1 / 1 signatures.
'release' role contains 1 / 1 signatures.
'timestamp' role contains 1 / 1 signatures.
# Verify invalid number of public and private keys.
'timestamp' role contains 0 / 1 signing keys.
# Determine the delegated roles with invalid metadata.
Delegated roles with insufficient keys:
['targets/unclaimed/1', 'targets/unclaimed/0', 'targets/unclaimed/2', 'targets/unclaimed/5', 'targets/unclaimed/4', 'targets/unclaimed/7', 'targets/unclaimed/6', 'targets/unclaimed/9', 'targets/unclaimed/f', 'targets/unclaimed/3', 'targets/unclaimed/a', 'targets/unclaimed/c', 'targets/unclaimed/b', 'targets/unclaimed/e', 'targets/unclaimed/d', 'targets/unclaimed/8']
Add the add_restricted_paths() method.
Rename libtuf.py
Update README.
Update delegate_hashed_bins() docstring.
More testing of hashed bins and consistent snapshots.
Remove old scripts from setup.py.
Support multiple hash algorithms, where the generated digests of metadata and
target files is included in metadata (and filenames if 'consistent_snapshots'
is True). Previously, only a single hash algorithm was supported, and it was
set by default to 'sha256' in code. Repository maintainers may now choose any,
and/or multiple, hash algorithms from those supported by TUF. By default,
'sha256' is used when generating digests.
Support the recent change to the TUF specification, where writing consistent
snapshots may include N versions of identical metadata and targets, if N hash
algorithms is used by the repository when generating metadata.
Update code affected by the recent changes to the specification, such as
targets that may include digests in their filename.
Support consistent snapshots of compressed metadata, including repositories
that provide multiple versions of metadata with different digests included
in their filenames.
The repository tools can now load repositories that include consistent snapshots
of metadata and targets, including those with multiple (i.e., multiple digests
prepended to filenames) consistent snapshots of files.
The client code may now read repositories with 'consistent_snapshots': true in
Root metadata, and properly request and update files with digests included.
Issue 147: Finalize conversion of all written metadata behavior. This commit ensures that compressed and uncompressed metadata is also written as outlined in the issue.
Issue 158: As requested, updater.refresh() may now unsafely fetch (i.e., unknown file size and hash) Root metadata if valid top-level metadata cannot be downloaded successfully (e.g., top-level keys may have been revoked). The repository must also sign the new Root file (at least until all clients have updated) with any revoked keys so that clients may successfully update. After unsafely updating Root, the top-level metadata is updated again as normal (and only once to avoid an infinite loop). By default, refresh() unsafely updates Root if only invalid top-level metadata can be downloaded, although this behavior may be overriden by the caller if they wish. Changed default behavior: refresh(self, unsafely_update_root_if_necessary=True)
Issue 165: Delegated roles are no longer added as attributes of a Targets object by libtuf.py (e.g., repository.targets.delegated_role). The previous bahavior restricted rolenames to Python identifiers (i.e., can only include letters, numbers, the underscore character, and must start with a nonnumeric character). Now, delegated roles may be referenced as strings (e.g., repository.targets('recently-claimed')) and include characters other than '_'. In addition, methods have been added to return all the delegated rolesnames of a target (e.g., repository.targets.get_delegated_rolenames()) and the immediate delegated Target objects of a role. Previous behavior: repository.targets.unclaimed.django.version = 8
Current behavior: repository.targets('unclaimed')('django').version = 8.
Add support for encrypted (and public ed25519 keys) TUF key files.
Add support for ed25519 keys, signatures, and key files in libtuf.py.
Update libtuf.py diagram.
Move canonical encoding operations to the create and verify key functions.
download.py:Add a timeout and rewrite the _fileobject.read()
test_slow_retrieval_attack.py:Add a new kind of slow retrieval attack
slow_retrieval_server.py:Modification for new kind of slow retrieval attack
modification of updater.py for download.py
modification of conf.py for fix
modification of test_download.py for download.py
modification of test_updater.py for download.py
add a new test of endless data attack to metadata timestamp.txt
more readable and fix the endless data attack issue.
