Commit graph

6224 commits

Author SHA1 Message Date
Lukas Pühringer
2ee1cc2540
Merge pull request #2061 from theupdateframework/dependabot/pip/urllib3-1.26.11
build(deps): bump urllib3 from 1.26.10 to 1.26.11
2022-08-01 11:46:37 +02:00
dependabot[bot]
3e1fa8b47e
build(deps): bump github/codeql-action from 2.1.16 to 2.1.17
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.16 to 2.1.17.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](3e7e3b32d0...0c670bbf04)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-29 10:19:57 +00:00
dependabot[bot]
6edf9191de
build(deps): bump pypa/gh-action-pypi-publish from 1.5.0 to 1.5.1
Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) from 1.5.0 to 1.5.1.
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases)
- [Commits](717ba43cfb...37f50c210e)

---
updated-dependencies:
- dependency-name: pypa/gh-action-pypi-publish
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-27 16:36:56 +00:00
Joshua Lock
3516cc36b6
Merge pull request #2063 from joshuagl/joshuagl/gitattr
Update gitattributes for test data
2022-07-26 19:25:08 +01:00
Joshua Lock
9b16160d16
Merge pull request #2064 from joshuagl/joshuagl/promo
Make the developer docs and blog more discoverable
2022-07-26 19:24:50 +01:00
dependabot[bot]
139749779c
build(deps): bump urllib3 from 1.26.10 to 1.26.11
Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.10 to 1.26.11.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/1.26.11/CHANGES.rst)
- [Commits](https://github.com/urllib3/urllib3/compare/1.26.10...1.26.11)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-26 17:16:37 +00:00
Joshua Lock
f8df202323 Link to python-tuf blog from README
Signed-off-by: Joshua Lock <jlock@vmware.com>
2022-07-26 17:38:14 +01:00
Joshua Lock
689c37b90e Link to developer docs from python-tuf blog
Signed-off-by: Joshua Lock <jlock@vmware.com>
2022-07-26 17:38:14 +01:00
Joshua Lock
588ba82a5e Update gitattributes for test data
The test data should not be modified, regardless of host and settings

Signed-off-by: Joshua Lock <jlock@vmware.com>
2022-07-26 17:37:55 +01:00
Joshua Lock
ff6ec11b3b
Fix pyproject.toml license field (#2065)
Per PEP 621 this should be a table, not a string. This resolves failures
installing on systems with newer setuptools (v61.3.0 or newer:
https://setuptools.pypa.io/en/latest/history.html#v61-3-0).

Signed-off-by: Joshua Lock <jlock@vmware.com>
2022-07-26 12:00:18 -04:00
Martin Vrachev
addb199100 Fix comment about SuccinctRoles zero-padding
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2022-07-21 22:39:31 +03:00
Martin Vrachev
a872eb5b6d Hash bin delegation example: save versioned files
If we have a goal of making metadata that can just be served to clients,
then these (and the parent metadata) should have versioned filenames.
Change the file names of the delegated files in the
hashed_bin_delegation.py to versioned.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2022-07-21 22:39:31 +03:00
Martin Vrachev
b8ea2fb9b9 Add an example script about succinct roles usage
Add a basic example script showing all features of the succinct hash bin
delegations and the available API calls of SuccinctRoles.

The explanations are used to promote the usage of succinct hash bin
delegations by explaining it well enough so our users can understand
the API limitations and how to use them and at the same time I tried not
going into too many details of the SuccinctRoles math as its
implementation is inside tuf/api/metadata.py and there there are
explanations about that.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2022-07-21 22:39:31 +03:00
Martin Vrachev
bfcd3a54a2 Simplifications on hashed_bin_delegatio example
We no longer need or use SPEC_VERSION variable defined in the
begging of the script.

Additionally, I decided to add a small addition to the "roles"
type annotation as that gives better context to the syntax highlighter
of VS code.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2022-07-21 22:33:46 +03:00
Martin Vrachev
7d389f3fcd Downloading from a repository with many targets
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2022-07-20 19:09:51 +03:00
Martin Vrachev
e94dca6d1a Tests: download a target with succonct_roles
Add test downloading a target file when succonct_roles is used and as
such test the whole updater downloading workflow.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2022-07-20 17:42:47 +03:00
dependabot[bot]
5d3c436620
build(deps): bump mypy from 0.961 to 0.971
Bumps [mypy](https://github.com/python/mypy) from 0.961 to 0.971.
- [Release notes](https://github.com/python/mypy/releases)
- [Commits](https://github.com/python/mypy/compare/v0.961...v0.971)

---
updated-dependencies:
- dependency-name: mypy
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-20 10:10:22 +00:00
Lukas Pühringer
e07fa27762
Merge pull request #2050 from theupdateframework/dependabot/pip/cryptography-37.0.4
build(deps): bump cryptography from 37.0.3 to 37.0.4
2022-07-19 12:00:02 +02:00
Lukas Pühringer
e3ed9e156b
Merge pull request #2053 from theupdateframework/dependabot/pip/urllib3-1.26.10
build(deps): bump urllib3 from 1.26.9 to 1.26.10
2022-07-19 11:40:42 +02:00
Lukas Pühringer
507b6725fb
Merge pull request #2055 from theupdateframework/dependabot/pip/coverage-6.4.2
build(deps): bump coverage from 6.4.1 to 6.4.2
2022-07-19 11:29:04 +02:00
Lukas Pühringer
e00e854841
Merge pull request #2054 from theupdateframework/dependabot/github_actions/actions/setup-python-4.1.0
build(deps): bump actions/setup-python from 4.0.0 to 4.1.0
2022-07-19 11:26:37 +02:00
Lukas Pühringer
43f5db694d
Merge pull request #2057 from theupdateframework/dependabot/github_actions/actions/dependency-review-action-2.0.4
build(deps): bump actions/dependency-review-action from 2.0.2 to 2.0.4
2022-07-19 11:23:47 +02:00
Lukas Pühringer
2e11651151
Merge pull request #2058 from theupdateframework/dependabot/github_actions/github/codeql-action-2.1.16
build(deps): bump github/codeql-action from 2.1.15 to 2.1.16
2022-07-19 11:22:08 +02:00
dependabot[bot]
559136132e
build(deps): bump coverage from 6.4.1 to 6.4.2
Bumps [coverage](https://github.com/nedbat/coveragepy) from 6.4.1 to 6.4.2.
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](https://github.com/nedbat/coveragepy/compare/6.4.1...6.4.2)

---
updated-dependencies:
- dependency-name: coverage
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-19 09:21:00 +00:00
Lukas Pühringer
764414aa87
Merge pull request #2059 from theupdateframework/dependabot/pip/pylint-2.14.5
build(deps): bump pylint from 2.14.4 to 2.14.5
2022-07-19 11:20:10 +02:00
dependabot[bot]
5f047e0bac
build(deps): bump pylint from 2.14.4 to 2.14.5
Bumps [pylint](https://github.com/PyCQA/pylint) from 2.14.4 to 2.14.5.
- [Release notes](https://github.com/PyCQA/pylint/releases)
- [Commits](https://github.com/PyCQA/pylint/compare/v2.14.4...v2.14.5)

---
updated-dependencies:
- dependency-name: pylint
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-18 10:08:05 +00:00
dependabot[bot]
a49d8cbc8d
build(deps): bump github/codeql-action from 2.1.15 to 2.1.16
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.15 to 2.1.16.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](3f62b754e2...3e7e3b32d0)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-14 10:21:41 +00:00
dependabot[bot]
f617ae5d77
build(deps): bump actions/dependency-review-action from 2.0.2 to 2.0.4
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 2.0.2 to 2.0.4.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](1c59cdf2a9...94145f3150)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-14 10:21:36 +00:00
dependabot[bot]
deb9633879
build(deps): bump actions/setup-python from 4.0.0 to 4.1.0
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](d09bd5e600...c4e89fac7e)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-12 10:20:32 +00:00
Lukas Pühringer
c12be4857d
Merge pull request #2051 from abs007/patch-3
Updated updater.py
2022-07-12 09:34:38 +02:00
dependabot[bot]
24d14a40d6
build(deps): bump urllib3 from 1.26.9 to 1.26.10
Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.9 to 1.26.10.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/1.26.10/CHANGES.rst)
- [Commits](https://github.com/urllib3/urllib3/compare/1.26.9...1.26.10)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-08 10:15:11 +00:00
Abhisman Sarkar
c9505ae3cc Updated updater.py
Changed None to ``None`` in the docstring

Signed-off-by: Abhisman Sarkar <abhisman.sarkar@gmail.com>
2022-07-07 08:17:39 +05:30
dependabot[bot]
bd1292f5b1
build(deps): bump cryptography from 37.0.3 to 37.0.4
Bumps [cryptography](https://github.com/pyca/cryptography) from 37.0.3 to 37.0.4.
- [Release notes](https://github.com/pyca/cryptography/releases)
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/37.0.3...37.0.4)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-06 10:08:57 +00:00
Jussi Kukkonen
b5e952cee3
Merge pull request #2046 from theupdateframework/dependabot/pip/cffi-1.15.1
build(deps): bump cffi from 1.15.0 to 1.15.1
2022-07-04 12:18:10 +03:00
Jussi Kukkonen
b68df2ba65
Merge pull request #2035 from MVrachev/bump-spec-version
Bump supported spec version to 1.0.30
2022-07-04 12:07:11 +03:00
dependabot[bot]
0eafff56f0
build(deps): bump cffi from 1.15.0 to 1.15.1
Bumps [cffi](http://cffi.readthedocs.org) from 1.15.0 to 1.15.1.

---
updated-dependencies:
- dependency-name: cffi
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-01 10:10:46 +00:00
Jussi Kukkonen
1aed4bd80e
Merge pull request #2033 from theupdateframework/dependabot/pip/charset-normalizer-2.1.0
build(deps): bump charset-normalizer from 2.0.12 to 2.1.0
2022-07-01 09:39:04 +03:00
dependabot[bot]
533bbbd5cd
build(deps): bump charset-normalizer from 2.0.12 to 2.1.0
Bumps [charset-normalizer](https://github.com/ousret/charset_normalizer) from 2.0.12 to 2.1.0.
- [Release notes](https://github.com/ousret/charset_normalizer/releases)
- [Changelog](https://github.com/Ousret/charset_normalizer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ousret/charset_normalizer/compare/2.0.12...2.1.0)

---
updated-dependencies:
- dependency-name: charset-normalizer
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-01 06:32:47 +00:00
Jussi Kukkonen
a40c47ef27
Merge pull request #2044 from theupdateframework/dependabot/pip/requests-2.28.1
build(deps): bump requests from 2.28.0 to 2.28.1
2022-07-01 09:31:40 +03:00
Jussi Kukkonen
155a2d5a30
Merge pull request #2045 from theupdateframework/dependabot/pip/pylint-2.14.4
build(deps): bump pylint from 2.14.3 to 2.14.4
2022-07-01 09:29:23 +03:00
dependabot[bot]
d673b5bb61
build(deps): bump pylint from 2.14.3 to 2.14.4
Bumps [pylint](https://github.com/PyCQA/pylint) from 2.14.3 to 2.14.4.
- [Release notes](https://github.com/PyCQA/pylint/releases)
- [Commits](https://github.com/PyCQA/pylint/compare/v2.14.3...v2.14.4)

---
updated-dependencies:
- dependency-name: pylint
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-30 11:01:13 +00:00
dependabot[bot]
89ef9d386e
build(deps): bump requests from 2.28.0 to 2.28.1
Bumps [requests](https://github.com/psf/requests) from 2.28.0 to 2.28.1.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](https://github.com/psf/requests/compare/v2.28.0...v2.28.1)

---
updated-dependencies:
- dependency-name: requests
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-30 11:01:05 +00:00
Jussi Kukkonen
80d6e737a3
Merge pull request #2043 from theupdateframework/dependabot/github_actions/github/codeql-action-2.1.15
build(deps): bump github/codeql-action from 2.1.14 to 2.1.15
2022-06-29 14:53:36 +03:00
dependabot[bot]
b869320624
build(deps): bump github/codeql-action from 2.1.14 to 2.1.15
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.14 to 2.1.15.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](41a4ada31b...3f62b754e2)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-29 10:37:50 +00:00
Jussi Kukkonen
1796947059
Merge pull request #2042 from theupdateframework/dependabot/pip/black-22.6.0
build(deps): bump black from 22.3.0 to 22.6.0
2022-06-29 11:25:58 +03:00
Jussi Kukkonen
ff4879e7a8
Merge pull request #2036 from theupdateframework/dependabot/pip/cryptography-37.0.3
build(deps): bump cryptography from 37.0.2 to 37.0.3
2022-06-29 11:21:52 +03:00
dependabot[bot]
dfe51f921c
build(deps): bump black from 22.3.0 to 22.6.0
Bumps [black](https://github.com/psf/black) from 22.3.0 to 22.6.0.
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](https://github.com/psf/black/compare/22.3.0...22.6.0)

---
updated-dependencies:
- dependency-name: black
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-28 10:07:12 +00:00
Jussi Kukkonen
8a03abfdeb
Merge pull request #2039 from MVrachev/add-test-case
SuccinctRoles.is_delegated_role() add a test case
2022-06-27 22:14:19 +03:00
Jussi Kukkonen
c5f74c6a9b
Merge pull request #2041 from abs007/develop
Grammar fix
2022-06-27 15:47:33 +03:00
Abhisman Sarkar
9f1c86f4a9 Grammar Fix
Fixed a grammatical error in a comment in utils.py

Signed-off-by: Abhisman Sarkar <abhisman.sarkar@gmail.com>
2022-06-27 18:09:43 +05:30