* repository: Handle online key change situations in do_snapshot() and do_timestamp():
always create a new version if current version is not correctly signed
* remove expectedFailure marks from the related tests
Signed-off-by: h4l0gen <ks3913688@gmail.com>
Signed-off-by: Kapil Sharma <ks3913688@gmail.com>
These are pretty basic and do not test much about the content of the
repository... but it does check version numbers (and how many versions
have been published) in a couple of situations.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
The goal here is to have ruff enable new rulesets when new releases are
made without us having to o anything: we can then decide if we disable
or not.
* Enable a couple more rulesets (ERA, INP, T )
* Add a few individual ignores to tests and examples
* Default to enable all, disable the rulesets we don't want
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
* Remove exectuable flag from a couple of files
* Half of the test files have a shebang (but are
still not executable): remove the shebang
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
* API changes covered:
* keys and interface modules removed
* SSlibSigner removed
* CryptoSigner added: this replaces the removed functionality
* DSSE "signatures" container type changed
* Currently pins a securesystemslib main branch commit:
this shoudl be reverted before merging, when securesystemslib
has made a release
* tests/generated_data/generate_md.py was simplified
* Encrypted test keys in tests/repository_data/keystore were replaced
with the unencrypted PEM versions of the same keys
* The public test keys in tests/repository_data/keystore were removed
as they were not used anymore
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
Minor fixes were needed, the only possibly interesting one is
the one in RequestsFetcher (use "yield from").
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
* Most importantly use strftime() to serialize the datetime
* Force the timezone as UTC when deserializing
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
* Add API tests for SimpleEnvelope
This is not as comprehensive as Metadata API. The latter also includes
tests for all payload classes, which should cover the same scenarios as
if used with SimpleEnvelope.
* Add unit test for newly added simple envelope load helper function in
trusted metadata set.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
The flag allows adding other envelope types in the future (unlikely),
or parallel support (`METADATA & SIMPLE`) without breaking the API.
Internally, the flag is now just passed on to TrustedMetadataSet as
mandatory parameter. (Optional parameters make less sense when we
control all the invocations.)
This change requires updating all invocations of TrustedMetadataSet,
including the duplication of a test function.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
* Add `use_dsse` updater config parameter which indicates, if an updater
instance expects metadata to come in a DSSE envelope.
* Update TrustedMetadataSet to take an Unwrapper instance.
* Update Updater, to pass an EnvelopeUnwrapper to TrustedMetadataSet, if
configured with `use_dsse`.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Change TrustedMetadataSet to load and verify metadata using a
MetadataUnwrapper instance.
IMPORTANT NOTES:
* Requires changing the TrustedMetadataSet to store payloads only, which
is okay, because signatures are no longer needed, after being verified
at load time.
* Includes a minor re-ordering of validation steps. That is, the
version increment for root metadata is now checked after signature
verification. Preserving the order would require including the check in
the Unwrapper interface, which is feasible but does not seem correct wrt
separation of responsibility.
Changes are adopted in updater, tests and _localrepo.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
This does much the same tests as test_signed_get_verification_result()
above it does, just using two root roles.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
Changes are
* expected result changes (like the handling of keyids without keys)
* test refactoring to have access to the Key
* Removal of union test
* use the fact that VerificationResult is Truthy in asserts
(to get 1 more line of coverage)
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
- metadata.staged: related to a removed tutorial and outdated deployment
recommendation
- project: related to the removed developer_tool (#1790)
- map.json: related to TAP4, which is not supported by python-tuf
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
The method returns detailed information about signature verification of
a delegated role metadata.
Its implementation is taken from the verify_delegate method and slightly
updated. verify_delegate now is a thin wrapper on top of
get_verification_result.
fixes#2449
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Co-authored-by: Jussi Kukkonen <jkukkonen@google.com>
* Python 3.7 is EOL.
* Our runtime dependencies are still ok with 3.7
* Testing dependencies have started requiring 3.8
Stop supporting and testing Python 3.7.
We could just stop testing Python 3.7 (while claiming to still support
it) but that seems like it'll lead to trouble: we will inevitably use
some 3.8 feature and then won't notice because we don't test 3.7 any
more.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
fixes#2444
SSlibSigner was changed recently (secure-stystems-lab/securesystemslib#604)
to fail on bad input data (keydict) at init instead of when signing.
The patched test used to trigger expects a Signer.sign error from an
SSlibSigner, which is no longer possible.
To still get the desired error, the test uses a custom signer, which
does raise on sign.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Change new _Delegator.verify_delegate to take payload bytes and
signatures instead of a Metadata object and a payload serializer.
This allows using verify_delegate for payloads that do not come in
a Metadata container, but e.g. in a DSSE envelope (see #2385).
Usage becomes a bit more cumbersome, but still feels reasonable with the
recently added shortcut for default canonical bytes representation of
Metadata.signed.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
- Add shortcut to canonical json representation of self.signed
- Use in tests and Metadata.sign
- Do not use in _Delegator.verify_delegate (will be updated in subsequent
commit).
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Avoid Metadata.verify_delegate() now that it's deprecated.
Note that this commit does not try to make any code cleanups
that are now possible: this is the minimal change to use the new
API.
Future improvements can make code in TrustedMetadataSet and
Updater slightly easier to read: as an example there's no need for
TrustedMetadataSet to actually store or expose actual Metadata in its
cache -- Signed is all that's needed.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
* Use the same solution for producing the paths as we already do in ngclient
* Fix linting issues
* Modify the test results according to new code (I believe these are
correct, although some cases are so edge cases that disagreement may
exist. Most importantly I think the method should always return as
many paths as there are hashes listed
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
