Jussi Kukkonen
9cef165dcf
Merge pull request #2289 from jku/requirements-refactor
...
Requirements refactor
2023-02-06 15:00:36 +02:00
Jussi Kukkonen
70555f6e1b
build: shorten requirements file names
...
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-02-06 14:52:07 +02:00
Jussi Kukkonen
c6dfe0ccab
build: Bump isort from 5.11.4 to 5.12.0
...
New version requires python >=3.8 but that should be ok now with the
refactored requirements files.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-02-06 14:52:07 +02:00
Jussi Kukkonen
690fc2a1ca
build: Split lint and test requirements
...
This way lint tool limitations don't prevent testing on older Python
versions.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-02-06 14:52:03 +02:00
Jussi Kukkonen
33829fdbab
build: Move requirements file to a directory
...
We already have 6 files and I'm planning to add another one: maybe it's
time to move these out of the top level directory.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-02-06 14:50:47 +02:00
Jussi Kukkonen
ed74563456
Merge pull request #2283 from fridex/pydocstyle
...
Install pydocstyle for checking docstrings
2023-02-06 14:50:15 +02:00
Fridolin Pokorny
074778e08f
Fix pydocstyle D209
...
D209: Multi-line docstring closing quotes should be on a separate line
Signed-off-by: Fridolin Pokorny <fridolin.pokorny@datadoghq.com>
2023-02-06 13:23:33 +01:00
Fridolin Pokorny
0cca1d6a96
Install pydocstyle for checking docstrings
...
Signed-off-by: Fridolin Pokorny <fridolin.pokorny@datadoghq.com>
2023-02-06 13:19:51 +01:00
Jussi Kukkonen
3600532d08
Merge pull request #2291 from theupdateframework/dependabot/pip/pylint-2.16.1
...
build(deps): bump pylint from 2.16.0 to 2.16.1
2023-02-04 17:37:01 +02:00
Jussi Kukkonen
707dc49999
build: Handle GH release manually
...
Remove dependency on softprops/action-gh-release: instead do the GitHub
release steps using the GitHub API and github-script.
The only difference should be that release name is not "<tag>-rc" first:
instead the initial release is marked as draft in the API (and shows as
draft in the UI).
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-02-04 17:32:56 +02:00
dependabot[bot]
91c1b72075
build(deps): bump pylint from 2.16.0 to 2.16.1
...
Bumps [pylint](https://github.com/PyCQA/pylint ) from 2.16.0 to 2.16.1.
- [Release notes](https://github.com/PyCQA/pylint/releases )
- [Commits](https://github.com/PyCQA/pylint/compare/v2.16.0...v2.16.1 )
---
updated-dependencies:
- dependency-name: pylint
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-02-03 10:01:17 +00:00
Jussi Kukkonen
d36c0cfa02
examples: Rename client example directory
...
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-02-02 16:25:47 +02:00
Jussi Kukkonen
0998c20731
examples: Explain uploader tool in READMEs
...
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-02-02 16:25:47 +02:00
Jussi Kukkonen
92e03d2d20
examples: Implement the upload API
...
uploader API has two POST endpoints
/api/delegation/<ROLE>
Accepts new delegation keys for targetpath "<ROLE>/*" to role <ROLE>.
This data is not signed in any way: In a real service this action would
require some external authentication.
POST content:
{ <KEYID>: <TUF KEY> }
/api/role/<ROLE>
accepts uploads of new versions of <ROLE> metadata. The metadata
must be correctly signed by the keys assigned to this delegation.
POST content:
TUF targets metadata as json
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-02-02 16:25:43 +02:00
Jussi Kukkonen
69b30ecadc
examples: Add uploader tool example
...
This tool works with the example repository: it can be used to
* Add a delegation (this is an unsafe API corresponding to e.g.
project creation in PyPI)
* Submit new delegated role version (this requires using signing keys
already submitted with the delegation)
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-02-02 16:21:52 +02:00
Jussi Kukkonen
efcb3cfb80
examples: Add further scaffolding for upload API
...
The API doesn't modify the repository yet but the data flow is there now.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-02-02 16:21:52 +02:00
Jussi Kukkonen
9ec8459379
examples: Add skeleton API endpoints
...
Also use ThreadingHTTPServer: Using Chrome utterly breaks the non-threading
server.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-02-02 16:21:52 +02:00
Jussi Kukkonen
d61dbabc78
Merge pull request #2281 from fridex/pydocstyle-d209
...
Fix pydocstyle D209
2023-02-02 14:33:41 +02:00
Jussi Kukkonen
4eea38da42
Merge pull request #2285 from theupdateframework/dependabot/github_actions/actions/github-script-6.4.0
...
build(deps): bump actions/github-script from 6.3.3 to 6.4.0
2023-02-02 12:56:21 +02:00
Jussi Kukkonen
21b0f2393b
Merge pull request #2284 from theupdateframework/dependabot/github_actions/github/codeql-action-2.2.1
...
build(deps): bump github/codeql-action from 2.1.39 to 2.2.1
2023-02-02 12:56:03 +02:00
Jussi Kukkonen
24118dacee
Merge pull request #2288 from theupdateframework/dependabot/pip/pylint-2.16.0
...
build(deps): bump pylint from 2.15.10 to 2.16.0
2023-02-02 12:51:52 +02:00
dependabot[bot]
6144357c21
build(deps): bump pylint from 2.15.10 to 2.16.0
...
Bumps [pylint](https://github.com/PyCQA/pylint ) from 2.15.10 to 2.16.0.
- [Release notes](https://github.com/PyCQA/pylint/releases )
- [Commits](https://github.com/PyCQA/pylint/compare/v2.15.10...v2.16.0 )
---
updated-dependencies:
- dependency-name: pylint
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-02-02 10:01:35 +00:00
Lukas Pühringer
d2c12f2d14
Merge pull request #2165 from jku/no-key
...
Move (most of) Key to Securesystemslib
2023-01-31 09:20:44 +01:00
Lukas Pühringer
93b8fb6377
Merge pull request #2279 from fridex/export-targetfile-ngclient
...
Export TUF TargetFile in ngclient
2023-01-31 09:19:41 +01:00
Lukas Pühringer
daa41a9bc9
Merge pull request #2280 from lukpueh/release-2.1.0
...
python-tuf 2.1.0
2023-01-30 10:37:39 +01:00
Jussi Kukkonen
8278f3f805
packaging: Depend on securesystemslib 0.26
...
We need signer.Key which was added in 0.26.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-01-27 20:45:29 +02:00
dependabot[bot]
f2fff33566
build(deps): bump actions/github-script from 6.3.3 to 6.4.0
...
Bumps [actions/github-script](https://github.com/actions/github-script ) from 6.3.3 to 6.4.0.
- [Release notes](https://github.com/actions/github-script/releases )
- [Commits](d556feaca3...98814c53be )
---
updated-dependencies:
- dependency-name: actions/github-script
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-01-27 10:05:30 +00:00
dependabot[bot]
49b0385c40
build(deps): bump github/codeql-action from 2.1.39 to 2.2.1
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.39 to 2.2.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](a34ca99b46...3ebbd71c74 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-01-27 10:05:26 +00:00
Fridolin Pokorny
744f75c1e7
Fix pydocstyle D209
...
Fix multi-line docstring closing quotes should be on a separate line
Signed-off-by: Fridolin Pokorny <fridolin.pokorny@datadoghq.com>
2023-01-26 16:36:13 +01:00
Lukas Puehringer
9811ac3568
python-tuf 2.1.0
...
* update changelog
* bump version
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2023-01-26 16:26:38 +01:00
Fridolin Pokorny
524a6b848f
Export TUF TargetFile in ngclient
...
Signed-off-by: Fridolin Pokorny <fridolin.pokorny@datadoghq.com>
2023-01-26 15:54:44 +01:00
Lukas Pühringer
a6460c60ba
Merge pull request #2278 from fridex/pydocstyle-first-line-period-rebase
...
Fix pydocstyle D400: first line should end with a period
2023-01-26 15:38:03 +01:00
Fridolin Pokorny
5d347b8707
Fix pydocstyle D400: first line should end with a period
...
Signed-off-by: Fridolin Pokorny <fridolin.pokorny@datadoghq.com>
2023-01-26 15:33:09 +01:00
Jussi Kukkonen
7f04a6e888
Merge pull request #2276 from jku/securesystemslib-blog
...
Add new blog post about the signer API
2023-01-26 14:35:43 +02:00
Jussi Kukkonen
388768db3d
Add new blog post about the signer API
...
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-01-26 11:37:47 +02:00
Lukas Pühringer
e6a3e9ee0b
Merge pull request #2277 from jku/expose-default-fetcher
...
Expose default fetcher
2023-01-26 09:30:07 +01:00
Jussi Kukkonen
bfd7f2058d
Merge pull request #2275 from theupdateframework/dependabot/pip/coverage-7.1.0
...
build(deps): bump coverage from 7.0.5 to 7.1.0
2023-01-26 10:01:18 +02:00
Jussi Kukkonen
889b218e7a
Add comment explaining public status to the module itself
...
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-01-26 09:33:44 +02:00
Jussi Kukkonen
236bc9f070
docs: Tweak API docs to include RequestsFetcher
...
This only documents the configurable attributes
and not the inherited methods.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-01-25 16:07:12 +02:00
Jussi Kukkonen
f8a7881c87
Make RequestsFetcher public
...
This is useful for those who want to use the default fetcher
but modify some attributes
The file itself could be moved to tuf/ngclient/ but this is not done yet
as sigstore-python is using this internal module. Move can be done once
sigstore-python 1.0 is no longer relevant.
Fixes #2268
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-01-25 15:55:11 +02:00
dependabot[bot]
b0fbc3cfc8
build(deps): bump coverage from 7.0.5 to 7.1.0
...
Bumps [coverage](https://github.com/nedbat/coveragepy ) from 7.0.5 to 7.1.0.
- [Release notes](https://github.com/nedbat/coveragepy/releases )
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst )
- [Commits](https://github.com/nedbat/coveragepy/compare/7.0.5...7.1.0 )
---
updated-dependencies:
- dependency-name: coverage
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-01-25 10:02:03 +00:00
Jussi Kukkonen
d2908c0041
Merge pull request #2269 from theupdateframework/dependabot/github_actions/actions/setup-python-4.5.0
...
build(deps): bump actions/setup-python from 4.4.0 to 4.5.0
2023-01-24 15:06:10 +02:00
Jussi Kukkonen
cc48e9d5f1
Merge pull request #2274 from theupdateframework/dependabot/github_actions/github/codeql-action-2.1.39
...
build(deps): bump github/codeql-action from 2.1.38 to 2.1.39
2023-01-19 18:58:02 +02:00
dependabot[bot]
2a250df063
build(deps): bump github/codeql-action from 2.1.38 to 2.1.39
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.38 to 2.1.39.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](515828d974...a34ca99b46 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-01-19 10:04:05 +00:00
Jussi Kukkonen
2202a83d82
docs: Remove securesystemslib mock import
...
We want to document some securesystemslib classes (Key gets documented
with this change already as it's part of the metadata API).
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-01-17 17:45:28 +02:00
Jussi Kukkonen
22642ed267
examples: Update one more from_securesystemslib_key() usage
...
This method is now in SSlibKey
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-01-17 15:27:06 +02:00
Jussi Kukkonen
361bbe40f3
metadata: Refactor delegators key and role lookup
...
Simplify the lookup of delegated keys and roles by moving it to
Targets and Root: this follows the examples set by add_key() and
remove_key().
Most of the methods are trivial but they make sense because this way
the calling code does not have to care if the object is a Targets or a
Root: the same methods work on both.
The new methods are public since they are useful to applications as
well.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-01-17 15:26:51 +02:00
Jussi Kukkonen
41b9b5c60b
tests: Remove unnecessary ignores
...
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-01-17 14:31:22 +02:00
Jussi Kukkonen
ed0ec03399
Metadata API: Fix verify_delegate for new Key API
...
verify_delegate() unfortunately needs an almost complete rewrite
as the Key.verify_signature() API change affects it quite a bit.
Refactoring the role and key lookup into a separate method makes the
code readable again.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-01-17 14:31:22 +02:00
Jussi Kukkonen
b55ac25cf5
tests: Fix tests for Key.verify_signature()
...
Key.verify_signature() API has changed:
* argument is bytes, not metadata
* raised error now comes from securesystemslib
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-01-17 14:31:22 +02:00