Commit graph

3735 commits

Author SHA1 Message Date
lukpueh
a088b68fa7
Merge pull request #1088 from theupdateframework/dependabot/pip/cryptography-3.0
build(deps): bump cryptography from 2.9.2 to 3.0
2020-08-07 11:31:41 +02:00
Trishank Karthik Kuppusamy
3c946e2f98
Merge pull request #1098 from joshuagl/joshuagl/release-fixes
Fix release related documentation
2020-08-04 16:27:28 -04:00
Joshua Lock
96c00f319a Add tag pushing to RELEASE.md
Ensure someone following the release process pushes the tag they create
and include a tag message matching the common form, rather than requiring
somebody following the steps to figure out what to enter into their editor

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-08-04 15:11:21 +01:00
Joshua Lock
32ba3bbcad Fix CHANGELOG formatting
For some reason the first level 3 heading 'Added' was not rendering
correctly. The level 2 heading for 'Fixed' should be level 3.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-08-04 15:10:03 +01:00
lukpueh
7a418a219c
Merge pull request #1094 from joshuagl/joshuagl/v0.13.0
Prepare for a 0.13.0 release
2020-08-04 15:39:52 +02:00
Joshua Lock
eb1c8d0845 setup.py: add project_urls links
These additional URLs will be displayed on PyPI:
https://packaging.python.org/guides/distributing-packages-using-setuptools/#project-urls

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-08-04 11:47:47 +01:00
Joshua Lock
2dc4651136 docs/CHANGELOG.md: update for v0.13.0
Categorise changes by type, per the recommendations at keepachangelog.com

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-08-04 11:47:47 +01:00
Joshua Lock
0714632edc docs/RELEASE.md: link to guidance on changelogs
https://keepachangelog.com provides good advice on curating a changelog

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-08-04 09:49:12 +01:00
Joshua Lock
f4eb00114f
Merge pull request #1091 from mnm678/check-key-uniqueness
Each key applies to signature threshold once
2020-08-04 09:39:27 +01:00
Joshua Lock
ea958bc568 Prepare 0.13.0 release
Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-08-04 09:31:16 +01:00
Joshua Lock
506ae5552d Document release process steps
Write down the expected steps for a maintainer to follow when making a
release of tuf

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-08-04 09:31:16 +01:00
Joshua Lock
0c07311958
Merge pull request #1092 from sechkova/updater_logging
Improve updater and tests logging
2020-07-30 11:40:22 +01:00
Joshua Lock
b9f7cb3aad
Merge pull request #1031 from MVrachev/length-hashes-optional
Make length and hashes optional for timestamp and snapshot roles
2020-07-30 10:58:47 +01:00
Teodora Sechkova
963ed79817
Replace logging.exception calls in Updater()
Using logging.exception logs messages to the root logger and
calls  basicConfig() to add a console handler with a pre-defined
format which breaks the current logging configuration.

Replacing logging.exception with logger.exception which is the
logger for the updater module.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2020-07-29 18:07:03 +03:00
Teodora Sechkova
1a9b7a6fc8
Add NullHandler() to the top-level logger
Adding a do-nothing handler to the top-level 'tuf' logger
in case no other handlers exist (in tests for example).

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2020-07-29 18:01:20 +03:00
marinamoore
ae54c85b22 Each key applies to signature threshold once
This commit ensures that each key will only count toward the signature
threshold once, even if the keys have different keyids.

Signed-off-by: marinamoore <mmoore32@calpoly.edu>
2020-07-28 12:44:21 -07:00
dependabot-preview[bot]
8941656c97
build(deps): bump cryptography from 2.9.2 to 3.0
Bumps [cryptography](https://github.com/pyca/cryptography) from 2.9.2 to 3.0.
- [Release notes](https://github.com/pyca/cryptography/releases)
- [Changelog](https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/2.9.2...3.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-07-27 12:30:02 +00:00
Joshua Lock
b265fb9446
Merge pull request #1090 from theupdateframework/dependabot/pip/cffi-1.14.1
build(deps): bump cffi from 1.14.0 to 1.14.1
2020-07-27 13:28:42 +01:00
Joshua Lock
d4ccc27239
Merge pull request #1089 from theupdateframework/dependabot/pip/urllib3-1.25.10
build(deps): bump urllib3 from 1.25.9 to 1.25.10
2020-07-27 13:18:40 +01:00
dependabot-preview[bot]
44fa067e33
build(deps): bump cffi from 1.14.0 to 1.14.1
Bumps [cffi](https://bitbucket.org/cffi/release-doc) from 1.14.0 to 1.14.1.
- [Commits](https://bitbucket.org/cffi/release-doc/commits)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-07-27 10:29:27 +00:00
Martin Vrachev
80818e9ee1 Clarify docstring commets about Mercury paper
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2020-07-24 21:53:25 +03:00
Martin Vrachev
2297c4b501 Test length and hashes in create and load repo
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2020-07-24 19:43:51 +03:00
Martin Vrachev
e970dfaa83 Optional length and hashes in create and load repo
Add optional parameters in repository_tool.create_new_repository()
and repository_tool.load_repository() so that our users
could control if they want to calculate length and hashes
for snapshot and timestamp roles or not.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2020-07-24 19:43:51 +03:00
Martin Vrachev
6e37b4f576 Calculate length and hashes only when needed
We want to make sure we are calculating length and hashes only when
at least one of them is needed.
Otherwise, for adoptors of tuf with lots of delegations,
this will cause unnecessary overhead.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2020-07-24 19:43:51 +03:00
Martin Vrachev
5f6d1ae9c9 Fix snapshot_filename inconsistency usage
First in the generate_timestamp_metadata both "snapshot_filename"
and the constant SNAPSHOT_FILENAME are used which is redundant
and possibly confusing. There should be only one input
for the snapshot file name.

Second, when calling the generate_timestamp_metadata there are
cases when "snapshot_filename" is in reality "snapshot_file_path".
That's what led to the need for the addition of SNAPSHOT_FILENAME
when populating the "meta" field from the TIMESTAMP_SCHEMA.
For the same reason, it seems logical to me to rename snapshot_filename
to snapshot_file_path and explicitly take the snapshot file name
from it.

Third, in the _generate_and_write_metadata function the argument
"filenames" is by default None, but at the same time without check
it's considered that filenames is a dictionary which has a key
"snapshot". This is could be okay if the default "filenames" value
was not None, but in the current situation it's easy to call
"_generate_and_write_metadata" with rolename = timestamp
and forget to populate the filenames dictionary.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2020-07-24 19:43:51 +03:00
Martin Vrachev
5060706925 Separate targets and snapshot/timestamp schemas
This separation and refactoring is part of the change to
make length and hashes optional for timestamp and snapshot roles.

It separates FILEINFO_SCHEMA into two separate schemas:
TARGETS_FILEINFO_SCHEMA and METADATA_FILEINFO_SCHEMA.
The distinction is needed because as of version 1.0.1 of the tuf
spec targets role has mandatory length and hashes, and
snapshot and timestamp roles have a mandatory version, and optional
length and hashes.
That's why targets can't share the same schemas
as timestamp and snapshot.

Because of that schema distinction, make_fileinfo had to be too
separated into make_targets_fileinfo and make_metadata_fileinfo.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2020-07-24 19:43:51 +03:00
Martin Vrachev
66a1f3f9e6 Remove redundant targets_filename argument
The argument targets_filename in the generate_snapshot_metadata
is redundant because the places where we are calling
generate_snapshot_metadata is by using the constant
TARGETS_FILENAME or by creating a variable with the same value
of "targets.json".

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2020-07-24 19:43:51 +03:00
Martin Vrachev
8b9dcb70ad Use targets_filename with its suffix
Right now the targets_filename variable in the
_generate_and_write_metadata and in
generate_snapshot_metadata functions
was used without the.json suffix which is a little misleading.

This wasn't a big issue before because this variable wasn't
actually used as a file name until now.
Now, we need to use it with it's 'json' suffix so we can
calculate the hashes and length for the targets metadata.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2020-07-24 19:43:51 +03:00
Martin Vrachev
14620b7c3c Add tests for snapshot with hashes or length
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2020-07-24 19:43:51 +03:00
Martin Vrachev
98a31b6d3c Make length and hashes optional for snapshot
As per the specification (v1.0.1) length and hashes fields
in snapshot metadata are optional.
The reference implementation should reflect this.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2020-07-24 19:43:15 +03:00
Martin Vrachev
4742a8e335 Add tests for timestamp without hashes or length
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2020-07-24 14:13:34 +03:00
Martin Vrachev
51db8316de Make length and hashes optional for timestamp
As per the specification (v1.0.1) length and hashes fields
in timestamp metadata are optional.
The reference implementation should reflect this.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2020-07-23 20:55:56 +03:00
dependabot-preview[bot]
718dfce50e
build(deps): bump urllib3 from 1.25.9 to 1.25.10
Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.25.9 to 1.25.10.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/1.25.10/CHANGES.rst)
- [Commits](https://github.com/urllib3/urllib3/compare/1.25.9...1.25.10)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-07-23 10:28:12 +00:00
Justin Cappos
bba23757fd
Merge pull request #1086 from theupdateframework/trishankkarthik-patch-1
Remove specific adoptions from README
2020-07-21 15:37:32 -04:00
Trishank Karthik Kuppusamy
0f0bce5f21
Update README.md
Point to .io website for adoptions instead of duplicating information

Signed-off-by: Trishank Karthik Kuppusamy <trishank.kuppusamy@datadoghq.com>
2020-07-21 12:14:15 -04:00
Trishank Karthik Kuppusamy
6a7c60485c
Delete ADOPTERS.md
Use a single source of truth on the .io website

Signed-off-by: Trishank Karthik Kuppusamy <trishank.kuppusamy@datadoghq.com>
2020-07-21 12:14:14 -04:00
Trishank Karthik Kuppusamy
a57df738de
Update README.md
Update list of adoptions

Signed-off-by: Trishank Karthik Kuppusamy <trishank.kuppusamy@datadoghq.com>
2020-07-21 12:14:11 -04:00
Joshua Lock
00e15c4714
Merge pull request #1067 from jku/test-repository-tool-add-missing-clear-all
test_repository_tool: Add missing clear_all flag
2020-07-13 16:10:43 +01:00
Jussi Kukkonen
9db013aee2 test_repository_tool: Add missing clear_all flag
Currently TestTimestamp creates custom databases but only clears the
default ones. This means next create_*db() call will fail meaning every
test after this one will fail (currently TestTimestamp happens to be
last but the effect can be seen by renaming it to TestATimestamp).

Also remove the clear_*db() calls from TestRepository::Setup(): they are
likely to be a workaround for a similar problem earlier (earlier test
failed to cleanup).

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2020-07-13 17:30:38 +03:00
Joshua Lock
115517fba1
Merge pull request #1062 from theupdateframework/dependabot/pip/idna-2.10
build(deps): bump idna from 2.9 to 2.10
2020-07-10 11:32:48 +01:00
Joshua Lock
284ff1cdbe
Merge pull request #1072 from MVrachev/fix-unit-test
Fix prefix file_prefix to support "" value
2020-07-10 11:25:28 +01:00
lukpueh
95827640b8
Merge pull request #1071 from joshuagl/joshuagl/issue1069
Fix consistent snapshot handling in `repository_lib.get_delegated_roles_metadata()`
2020-07-09 11:13:32 +02:00
lukpueh
1fe6f16c3d
Merge pull request #1073 from jku/remove-failing-content-length-code
Download: Remove Content-Length header handling
2020-07-09 08:54:03 +02:00
Jussi Kukkonen
338dc4aca7 Download: Remove Content-Length header handling
These functions currently only accomplish logging: there are no actual
effects from this code... except for failure to download if the header
happens to be missing:
 TypeError: '<' not supported between instances of 'NoneType' and 'int'

Fixes #1068.

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2020-07-08 18:21:51 +03:00
Martin Vrachev
e650670f77 Fix prefix file_prefix to support "" value
If we run the tuf unit tests with latest, not yet released,
securesyslib changes we will see that one unit test is failing
because the file_prefix argument should confront the PATH_SCHEMA
(which requires a non-empty string) but an empty string value
is passed to it.

That happens, because in tuf/developer_tool.py create_new_project
function the "location_in_repository" arg has a default value of ''
and if not changed when creating a new object of type Project
on line 650 will cause an exception in the __init__ function
because of the file_prefix argument.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2020-07-07 16:24:14 +03:00
Joshua Lock
b309e1befa
Merge pull request #1064 from MVrachev/fix-failing-tests
Fix failing unit tests
2020-07-06 15:55:14 +01:00
Joshua Lock
cdb35560fd
Merge pull request #1066 from jku/fix-repo-py-key-decode
repo.py: Decode key bytes for SHA key as well
2020-07-06 15:30:05 +01:00
Joshua Lock
aa49ed9307 Fix consistent sshot in get_delegated_roles_metadata
Consistent snapshot handling was being turned for all files after the
root.json file had been processed because the internal state tracking
variable shared the same name as the method argument: consistent_snapshot.

Therefore once the root.json file was met in the file list and the
following condition evaluated to True:

metadata_role.endswith('root.json') or repo_consistent_snapshots == True

the consistent_snapshot variable, both the name of a method argument and
the internal to the loop state tracking variable, was assigned True and
all future condition checks evaluate to True.

Resolve by renaming the loop state tracking variable from
consistent_snapshot to consistent.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-07-06 14:01:24 +01:00
Jussi Kukkonen
e662f4fda0 repo.py: Decode key bytes for SHA key as well
key bytes were decoded as utf-8 for the JSON keys. Do the same for SHA
key bytes.

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2020-07-03 11:45:12 +03:00
Martin Vrachev
853cdd30a4 Fix failing unit tests
Corresponding to the securesyslib changes made in this pr:
https://github.com/secure-systems-lab/securesystemslib/pull/244
which changed the securesyslib.formats.PATH schema to be of type
AnyNonemptystring.
This made the tuf unit tests to fail because there are to places
where functional arguments should comply with the
securesyslib.formats.PATH schema, but have a default value of
an empty string.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2020-06-30 21:32:50 +03:00