Jussi Kukkonen
09971aea16
tests, examples: Stop using Key constructors
...
New Securesystemslib Keys can now be instantiated in two ways:
* deserialize via Key.from_dict() as before
* generate new keys via implementation specific methods
Fix all cases where we call Key() or Key.from_securesystemslib_key()
and use SSlibKey methods instead. Fix related tests.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-01-17 14:31:22 +02:00
Jussi Kukkonen
6dbadaa7b1
Metadata API: Remove Key, import it from Seuresystemslib
...
Key has been moved to Securesystemslib: use it from there.
This still fails tests as Key API has changed a bit: issues are fixed
in followup commits.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-01-17 14:31:22 +02:00
Jussi Kukkonen
7f85da53b7
metadata API: Refactor exception imports
...
tuf.exceptions should IMO be seen as the "default exception source".
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-01-17 14:31:22 +02:00
Jussi Kukkonen
a7f3316de6
tox: Use --force-reinstall with sslib master
...
If the sslib release version matches, pip does not install the version from git
because the same version is already installed. Force the install.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-01-17 14:31:22 +02:00
Jussi Kukkonen
10f930997e
Merge pull request #2271 from theupdateframework/dependabot/pip/securesystemslib-cryptopynacl--0.26.0
...
build(deps): bump securesystemslib[crypto,pynacl] from 0.25.0 to 0.26.0
2023-01-13 13:56:42 +02:00
dependabot[bot]
492b21b82d
build(deps): bump securesystemslib[crypto,pynacl] from 0.25.0 to 0.26.0
...
Bumps [securesystemslib[crypto,pynacl]](https://github.com/secure-systems-lab/securesystemslib ) from 0.25.0 to 0.26.0.
- [Release notes](https://github.com/secure-systems-lab/securesystemslib/releases )
- [Changelog](https://github.com/secure-systems-lab/securesystemslib/blob/master/CHANGELOG.md )
- [Commits](https://github.com/secure-systems-lab/securesystemslib/compare/v0.25.0...v0.26.0 )
---
updated-dependencies:
- dependency-name: securesystemslib[crypto,pynacl]
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-01-13 11:50:32 +00:00
Lukas Pühringer
e59538d3ce
Merge pull request #2265 from theupdateframework/dependabot/pip/coverage-7.0.5
...
build(deps): bump coverage from 7.0.1 to 7.0.5
2023-01-13 11:59:55 +01:00
Lukas Pühringer
6ab7a3af9b
Merge pull request #2267 from theupdateframework/dependabot/pip/build-0.10.0
...
build(deps): bump build from 0.9.0 to 0.10.0
2023-01-13 11:57:05 +01:00
dependabot[bot]
ba1422682a
build(deps): bump coverage from 7.0.1 to 7.0.5
...
Bumps [coverage](https://github.com/nedbat/coveragepy ) from 7.0.1 to 7.0.5.
- [Release notes](https://github.com/nedbat/coveragepy/releases )
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst )
- [Commits](https://github.com/nedbat/coveragepy/compare/7.0.1...7.0.5 )
---
updated-dependencies:
- dependency-name: coverage
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-01-13 10:51:30 +00:00
Lukas Pühringer
5ea2600ee2
Merge pull request #2263 from theupdateframework/dependabot/pip/pylint-2.15.10
...
build(deps): bump pylint from 2.15.9 to 2.15.10
2023-01-13 11:50:49 +01:00
dependabot[bot]
4c3df14a50
build(deps): bump actions/setup-python from 4.4.0 to 4.5.0
...
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 4.4.0 to 4.5.0.
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](5ccb29d877...d27e3f3d7c )
---
updated-dependencies:
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-01-13 10:50:28 +00:00
Lukas Pühringer
fa9761bb8f
Merge pull request #2259 from theupdateframework/dependabot/github_actions/actions/checkout-3.3.0
...
build(deps): bump actions/checkout from 3.2.0 to 3.3.0
2023-01-13 11:49:36 +01:00
Lukas Pühringer
29b1035362
Merge pull request #2266 from theupdateframework/dependabot/pip/urllib3-1.26.14
...
build(deps): bump urllib3 from 1.26.13 to 1.26.14
2023-01-13 11:45:33 +01:00
Lukas Pühringer
cc6171b1d7
Merge pull request #2258 from theupdateframework/dependabot/github_actions/actions/download-artifact-3.0.2
...
build(deps): bump actions/download-artifact from 3.0.1 to 3.0.2
2023-01-13 11:33:33 +01:00
dependabot[bot]
bfbfb55444
build(deps): bump actions/checkout from 3.2.0 to 3.3.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.2.0 to 3.3.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](755da8c3cf...ac59398561 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-01-13 10:32:56 +00:00
Lukas Pühringer
a4a4e1a3f9
Merge pull request #2262 from theupdateframework/dependabot/github_actions/actions/upload-artifact-3.1.2
...
build(deps): bump actions/upload-artifact from 3.1.1 to 3.1.2
2023-01-13 11:32:37 +01:00
Lukas Pühringer
7eb2cd0e16
Merge pull request #2261 from theupdateframework/dependabot/github_actions/actions/dependency-review-action-3.0.3
...
build(deps): bump actions/dependency-review-action from 3.0.2 to 3.0.3
2023-01-13 11:31:42 +01:00
Lukas Pühringer
7de18fbe37
Merge pull request #2270 from theupdateframework/dependabot/github_actions/github/codeql-action-2.1.38
...
build(deps): bump github/codeql-action from 2.1.37 to 2.1.38
2023-01-13 11:27:11 +01:00
dependabot[bot]
373f527de3
build(deps): bump github/codeql-action from 2.1.37 to 2.1.38
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.37 to 2.1.38.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](959cbb7472...515828d974 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-01-13 10:04:32 +00:00
dependabot[bot]
cca00a36d4
build(deps): bump build from 0.9.0 to 0.10.0
...
Bumps [build](https://github.com/pypa/build ) from 0.9.0 to 0.10.0.
- [Release notes](https://github.com/pypa/build/releases )
- [Changelog](https://github.com/pypa/build/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pypa/build/compare/0.9.0...0.10.0 )
---
updated-dependencies:
- dependency-name: build
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-01-12 10:02:00 +00:00
dependabot[bot]
5e4717b847
build(deps): bump urllib3 from 1.26.13 to 1.26.14
...
Bumps [urllib3](https://github.com/urllib3/urllib3 ) from 1.26.13 to 1.26.14.
- [Release notes](https://github.com/urllib3/urllib3/releases )
- [Changelog](https://github.com/urllib3/urllib3/blob/1.26.14/CHANGES.rst )
- [Commits](https://github.com/urllib3/urllib3/compare/1.26.13...1.26.14 )
---
updated-dependencies:
- dependency-name: urllib3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-01-12 10:01:55 +00:00
Lukas Pühringer
6d7cac4ea3
Merge pull request #2250 from jku/not-so-optional
...
ngclient: Remove "Optional" from helper props
2023-01-10 12:23:17 +01:00
dependabot[bot]
fc21b3aa56
build(deps): bump pylint from 2.15.9 to 2.15.10
...
Bumps [pylint](https://github.com/PyCQA/pylint ) from 2.15.9 to 2.15.10.
- [Release notes](https://github.com/PyCQA/pylint/releases )
- [Commits](https://github.com/PyCQA/pylint/compare/v2.15.9...v2.15.10 )
---
updated-dependencies:
- dependency-name: pylint
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-01-10 10:04:18 +00:00
Lukas Pühringer
d8e7b8c81e
Merge pull request #2252 from jku/tox4
...
tox: Add python3 to allow list, bump tox to 4.x
2023-01-09 13:35:00 +01:00
dependabot[bot]
d156bdf82f
build(deps): bump actions/upload-artifact from 3.1.1 to 3.1.2
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 3.1.1 to 3.1.2.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](83fd05a356...0b7f8abb15 )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-01-09 10:10:05 +00:00
dependabot[bot]
f9f9566ad2
build(deps): bump actions/dependency-review-action from 3.0.2 to 3.0.3
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 3.0.2 to 3.0.3.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](0ff3da6f81...c090f4e553 )
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-01-09 10:10:00 +00:00
dependabot[bot]
671df68a6d
build(deps): bump actions/download-artifact from 3.0.1 to 3.0.2
...
Bumps [actions/download-artifact](https://github.com/actions/download-artifact ) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](9782bd6a98...9bc31d5ccc )
---
updated-dependencies:
- dependency-name: actions/download-artifact
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-01-06 10:04:00 +00:00
Jussi Kukkonen
27bf9c61d6
tox: Add python3 to allow list, bump tox to 4.x
...
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-01-02 12:58:43 +02:00
Jussi Kukkonen
6e90bc99bb
Merge pull request #2253 from theupdateframework/dependabot/pip/cryptography-39.0.0
...
build(deps): bump cryptography from 38.0.4 to 39.0.0
2023-01-02 12:19:00 +02:00
dependabot[bot]
5e1947b662
build(deps): bump cryptography from 38.0.4 to 39.0.0
...
Bumps [cryptography](https://github.com/pyca/cryptography ) from 38.0.4 to 39.0.0.
- [Release notes](https://github.com/pyca/cryptography/releases )
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/38.0.4...39.0.0 )
---
updated-dependencies:
- dependency-name: cryptography
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-01-02 10:02:46 +00:00
Jussi Kukkonen
e1d15887a8
ngclient: Remove "Optional" from helper props
...
The properties in TrustedMetadataSet are a bit difficult to use
with static typing since they return Optional but in many cases
we know the "None"-case is impossible.
Remove None from annotation: the idea is that calling the property
getter too early is a programming error: it will result in KeyError
which is consistent:
* trusted_set["timestamp"] raises KeyError if timestamp is not set
* trusted_set.timestamp raises KeyError if timestamp is not set
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2022-12-27 16:56:32 +02:00
Jussi Kukkonen
26e872ad4c
Merge pull request #2215 from aditya-shrivastavv/metaclass-fix
...
changed depreciated __metaclass__ to metaclass
2022-12-27 13:48:36 +02:00
Aditya Shrivastav
42cb50b15b
Merge branch 'theupdateframework:develop' into metaclass-fix
2022-12-27 16:28:43 +05:30
adityashrivastav1
086216f7cc
unused variable removed, inheritance fixed
...
Signed-off-by: adityashrivastav1 <aditya.shri9981@gmail.com>
2022-12-27 16:27:17 +05:30
adityashrivastav1
2c15c75e50
class FetcherInterface() changed to FetchterInterface(abc.ABC)
...
Signed-off-by: adityashrivastav1 <aditya.shri9981@gmail.com>
signed off
Signed-off-by: adityashrivastav1 <aditya.shri9981@gmail.com>
2022-12-27 15:44:54 +05:30
Jussi Kukkonen
ba9ea5b88c
Merge pull request #2230 from fridex/pydocstyle-imperative-mood
...
Fix pydocstyle D401: first line should be in imperative mood
2022-12-27 11:47:46 +02:00
Jussi Kukkonen
e5856f7c91
Merge pull request #2233 from fridex/tuf-ngclient-api
...
Provide __all__ for tuf.ngclient module
2022-12-27 11:28:33 +02:00
Jussi Kukkonen
47add9758f
Merge pull request #2240 from theupdateframework/dependabot/github_actions/actions/dependency-review-action-3.0.2
...
build(deps): bump actions/dependency-review-action from 3.0.1 to 3.0.2
2022-12-27 11:03:58 +02:00
dependabot[bot]
6c07c7c414
build(deps): bump actions/dependency-review-action from 3.0.1 to 3.0.2
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](11310527b4...0ff3da6f81 )
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-12-27 08:47:28 +00:00
Jussi Kukkonen
41a20350d9
Merge pull request #2243 from trail-of-forks/ww/recategorize-logs
...
tuf: move INFO logs to DEBUG or WARNING
2022-12-27 10:43:26 +02:00
Jussi Kukkonen
0fb59246ff
Merge pull request #2249 from theupdateframework/dependabot/pip/coverage-7.0.1
...
build(deps): bump coverage from 6.5.0 to 7.0.1
2022-12-27 10:34:35 +02:00
dependabot[bot]
1d2408a6f6
build(deps): bump coverage from 6.5.0 to 7.0.1
...
Bumps [coverage](https://github.com/nedbat/coveragepy ) from 6.5.0 to 7.0.1.
- [Release notes](https://github.com/nedbat/coveragepy/releases )
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst )
- [Commits](https://github.com/nedbat/coveragepy/compare/6.5.0...7.0.1 )
---
updated-dependencies:
- dependency-name: coverage
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-12-26 10:02:34 +00:00
Jussi Kukkonen
2acea003fc
Merge pull request #2245 from theupdateframework/dependabot/github_actions/ossf/scorecard-action-2.1.2
...
build(deps): bump ossf/scorecard-action from 2.1.0 to 2.1.2
2022-12-23 12:37:01 +02:00
Jussi Kukkonen
8a0b7f85e4
Merge pull request #2244 from theupdateframework/dependabot/pip/isort-5.11.4
...
build(deps): bump isort from 5.11.3 to 5.11.4
2022-12-23 12:36:02 +02:00
Jussi Kukkonen
a814319e87
Merge pull request #2248 from theupdateframework/dependabot/github_actions/actions/setup-python-4.4.0
...
build(deps): bump actions/setup-python from 4.3.1 to 4.4.0
2022-12-23 12:34:47 +02:00
dependabot[bot]
681c134e09
build(deps): bump actions/setup-python from 4.3.1 to 4.4.0
...
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 4.3.1 to 4.4.0.
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](2c3dd9e7e2...5ccb29d877 )
---
updated-dependencies:
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-12-23 10:22:10 +00:00
William Woodruff
7b89dd9532
api/metadata: third time's the charm
...
Signed-off-by: William Woodruff <william@trailofbits.com>
2022-12-22 09:56:35 -05:00
dependabot[bot]
483d31c7a9
build(deps): bump ossf/scorecard-action from 2.1.0 to 2.1.2
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.1.0 to 2.1.2.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](937ffa90d7...e38b1902ae )
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-12-22 10:06:51 +00:00
dependabot[bot]
d2264118d2
build(deps): bump isort from 5.11.3 to 5.11.4
...
Bumps [isort](https://github.com/pycqa/isort ) from 5.11.3 to 5.11.4.
- [Release notes](https://github.com/pycqa/isort/releases )
- [Changelog](https://github.com/PyCQA/isort/blob/main/CHANGELOG.md )
- [Commits](https://github.com/pycqa/isort/compare/5.11.3...5.11.4 )
---
updated-dependencies:
- dependency-name: isort
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-12-22 10:02:19 +00:00
William Woodruff
d44fe52ce1
api/metadata: use debug logging
...
Signed-off-by: William Woodruff <william@trailofbits.com>
2022-12-21 10:34:32 -05:00