Ensure someone following the release process pushes the tag they create
and include a tag message matching the common form, rather than requiring
somebody following the steps to figure out what to enter into their editor
Signed-off-by: Joshua Lock <jlock@vmware.com>
For some reason the first level 3 heading 'Added' was not rendering
correctly. The level 2 heading for 'Fixed' should be level 3.
Signed-off-by: Joshua Lock <jlock@vmware.com>
Using logging.exception logs messages to the root logger and
calls basicConfig() to add a console handler with a pre-defined
format which breaks the current logging configuration.
Replacing logging.exception with logger.exception which is the
logger for the updater module.
Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
Adding a do-nothing handler to the top-level 'tuf' logger
in case no other handlers exist (in tests for example).
Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
This commit ensures that each key will only count toward the signature
threshold once, even if the keys have different keyids.
Signed-off-by: marinamoore <mmoore32@calpoly.edu>
Add optional parameters in repository_tool.create_new_repository()
and repository_tool.load_repository() so that our users
could control if they want to calculate length and hashes
for snapshot and timestamp roles or not.
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
We want to make sure we are calculating length and hashes only when
at least one of them is needed.
Otherwise, for adoptors of tuf with lots of delegations,
this will cause unnecessary overhead.
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
First in the generate_timestamp_metadata both "snapshot_filename"
and the constant SNAPSHOT_FILENAME are used which is redundant
and possibly confusing. There should be only one input
for the snapshot file name.
Second, when calling the generate_timestamp_metadata there are
cases when "snapshot_filename" is in reality "snapshot_file_path".
That's what led to the need for the addition of SNAPSHOT_FILENAME
when populating the "meta" field from the TIMESTAMP_SCHEMA.
For the same reason, it seems logical to me to rename snapshot_filename
to snapshot_file_path and explicitly take the snapshot file name
from it.
Third, in the _generate_and_write_metadata function the argument
"filenames" is by default None, but at the same time without check
it's considered that filenames is a dictionary which has a key
"snapshot". This is could be okay if the default "filenames" value
was not None, but in the current situation it's easy to call
"_generate_and_write_metadata" with rolename = timestamp
and forget to populate the filenames dictionary.
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
This separation and refactoring is part of the change to
make length and hashes optional for timestamp and snapshot roles.
It separates FILEINFO_SCHEMA into two separate schemas:
TARGETS_FILEINFO_SCHEMA and METADATA_FILEINFO_SCHEMA.
The distinction is needed because as of version 1.0.1 of the tuf
spec targets role has mandatory length and hashes, and
snapshot and timestamp roles have a mandatory version, and optional
length and hashes.
That's why targets can't share the same schemas
as timestamp and snapshot.
Because of that schema distinction, make_fileinfo had to be too
separated into make_targets_fileinfo and make_metadata_fileinfo.
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
The argument targets_filename in the generate_snapshot_metadata
is redundant because the places where we are calling
generate_snapshot_metadata is by using the constant
TARGETS_FILENAME or by creating a variable with the same value
of "targets.json".
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
Right now the targets_filename variable in the
_generate_and_write_metadata and in
generate_snapshot_metadata functions
was used without the.json suffix which is a little misleading.
This wasn't a big issue before because this variable wasn't
actually used as a file name until now.
Now, we need to use it with it's 'json' suffix so we can
calculate the hashes and length for the targets metadata.
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
As per the specification (v1.0.1) length and hashes fields
in snapshot metadata are optional.
The reference implementation should reflect this.
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
As per the specification (v1.0.1) length and hashes fields
in timestamp metadata are optional.
The reference implementation should reflect this.
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
Currently TestTimestamp creates custom databases but only clears the
default ones. This means next create_*db() call will fail meaning every
test after this one will fail (currently TestTimestamp happens to be
last but the effect can be seen by renaming it to TestATimestamp).
Also remove the clear_*db() calls from TestRepository::Setup(): they are
likely to be a workaround for a similar problem earlier (earlier test
failed to cleanup).
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
These functions currently only accomplish logging: there are no actual
effects from this code... except for failure to download if the header
happens to be missing:
TypeError: '<' not supported between instances of 'NoneType' and 'int'
Fixes#1068.
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
If we run the tuf unit tests with latest, not yet released,
securesyslib changes we will see that one unit test is failing
because the file_prefix argument should confront the PATH_SCHEMA
(which requires a non-empty string) but an empty string value
is passed to it.
That happens, because in tuf/developer_tool.py create_new_project
function the "location_in_repository" arg has a default value of ''
and if not changed when creating a new object of type Project
on line 650 will cause an exception in the __init__ function
because of the file_prefix argument.
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
Consistent snapshot handling was being turned for all files after the
root.json file had been processed because the internal state tracking
variable shared the same name as the method argument: consistent_snapshot.
Therefore once the root.json file was met in the file list and the
following condition evaluated to True:
metadata_role.endswith('root.json') or repo_consistent_snapshots == True
the consistent_snapshot variable, both the name of a method argument and
the internal to the loop state tracking variable, was assigned True and
all future condition checks evaluate to True.
Resolve by renaming the loop state tracking variable from
consistent_snapshot to consistent.
Signed-off-by: Joshua Lock <jlock@vmware.com>
Corresponding to the securesyslib changes made in this pr:
https://github.com/secure-systems-lab/securesystemslib/pull/244
which changed the securesyslib.formats.PATH schema to be of type
AnyNonemptystring.
This made the tuf unit tests to fail because there are to places
where functional arguments should comply with the
securesyslib.formats.PATH schema, but have a default value of
an empty string.
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>