Commit graph

6224 commits

Author SHA1 Message Date
Lukas Puehringer
a2794c2f36 Drop legacy implementation
Remove legacy client, repository/developer tool, command line
tools, and underlying libraries and utilities.

See docs/1.0.0-ANNOUNCEMENT.md for details about their replacement,
deprecation strategy and migration instructions.

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2022-01-26 15:25:09 +01:00
Lukas Puehringer
eb67b09cf8 test: drop legacy tests and test tooling
Remove tests for legacy client, repository/developer tool and
command line tools, which will be removed in subsequent commits.

This commits also removes obsolete test tooling:
- Regarding simple_https_server + test certificates -- http/https
is no longer handled by tuf client directly but transparently by
the underlying requests module used by the default fetcher
implementation.
- For details about unittest_toolbox see #1792

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2022-01-26 15:13:17 +01:00
Lukas Puehringer
2bb977cd9c test: drop usage of custom log module in new test
Old tests are not touched as they will be removed in subsequent
commits, along with the custom log module.

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2022-01-26 14:54:43 +01:00
Lukas Puehringer
16192902ce test: drop legacy test metadata generation scripts
Remove metadata generation scripts based on legacy
repository/developer tools, which will be removed in subsequent
commits.

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2022-01-26 14:52:04 +01:00
Lukas Puehringer
d498bc01c1 doc: drop documentation for legacy tools
Remove documentation for legacy client, repository/developer tool
and command line tools, which will be removed in subsequent
commits.

See #1797 and #1798 for replacing ATTACKS.md and QUICKSTART.md.

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2022-01-26 14:44:44 +01:00
Lukas Puehringer
8c72588662 doc: don't mention legacy tools in main README
Legacy tools will be removed in subsequent commits.

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2022-01-26 14:43:36 +01:00
Jussi Kukkonen
1695622fac tests: Fix invalid signed serialization tests
Most of the test_invalid_signed_serialization subtests are currently
failing because "_type": "signed" and then the test tries to deserialize
them as Snapshot (which fails a type check).

Correct the type to "snapshot" so that we can fail in the correct places
during serialization instead.

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2022-01-26 15:35:01 +02:00
Jussi Kukkonen
572084e2db Metadata API: Accept X.Y spec_version
All TUF implementations used to use "1.0" as the spec version and most
of them have never modified that value since.

Accept two-part spec_version for legacy compatibility: it is strictly
speaking against the current spec (which requires semver) but there
should be no harm in doing this and it allows us to deserialize
metadata generated by e.g. go-tuf.

Fixes #1751

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2022-01-26 15:34:38 +02:00
lukpueh
e0736d6d75
Merge pull request #1781 from kairoaraujo/issue#1709/contributors_enhancements
docs: contributors enhancements
2022-01-25 14:25:58 +01:00
lukpueh
c6dab7e459
Merge pull request #1774 from jku/allow-compressed-metadata-in-flight
Allow compressed metadata in flight
2022-01-25 14:24:13 +01:00
Jussi Kukkonen
b8759a9937 ngclient: allow compression in HTTP responses
This commit tries to deal with two interests:
* metadata is highly repetitive and compressible: allowing compression
  would be good
* there may be broken web servers (see
  404838abcc/src/pip/_internal/download.py (L842))
  that have problems with compression on already compressed target files

We can make things better for that first interest while we have no real
data for the second interest -- our current workarounds to avoid
compression are based on hearsay, not testing.

Now that individual fetchers are possible I suggest we simplify
ngclient and allow compression. As an example the pip Fetcher
could still use the pip response chunking code with all their
workarounds -- pip certainly has better capability to maintain
a mountain of workarounds and also has endless amounts of real-world
testing compared to python-tuf.

Details:
* Stop modifying Accept-Encoding (Requests default includes gzip)
* Don't use response.raw in RequestsFetcher as there is no need:
  This was a workaround for false "Content-encoding: gzip" inserted by
  a broken server -- and the workaround was only possible because we
  knew we never asked for compression
* Fix issue in test_session_get_timeout(): it's not mocking the error
  that requests really raises in this case

Fixes #1251

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2022-01-25 15:03:35 +02:00
Kairo de Araujo
c87ff3e874 Fixed broken link on RTD
Fix the RTD link using the absolute link.

Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
2022-01-25 14:01:06 +01:00
Kairo de Araujo
cd61b149d5 fixed links, RST formatting and text
Fixed some links, RST formatting and made some texts more clear
understanding.

Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
2022-01-25 14:01:06 +01:00
Kairo de Araujo
00b773b8d0 docs: contributors enhancements
This commit simplifies the contributor's doc.
It adds the reference to the Secure Systems Lab Development Guidelines,
gives more evidence to the tox usage, shares information about the tests,
linting, and coverage, and creates a session about submitting
the contributions highlighted by the DCO.

Fixes #1709

Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
2022-01-25 14:01:06 +01:00
Jussi Kukkonen
08432961ea Remove TODOs about too-many-arguments
The lint warning about argument count is useful in general but in these
two cases we want to break the rule: remove TODOs.

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2022-01-25 14:17:03 +02:00
lukpueh
f28d45c32a
Merge pull request #1792 from lukpueh/rm-unittest-toolbox
test: stop using unittest_toolbox in new tests
2022-01-25 12:48:51 +01:00
Lukas Puehringer
3ed21abf2d test: stop using unittest_toolbox in new tests
Update new test modules to stop using unittest_toolbox, in
preparation for its removal in #1790.

The tools provided by unittest_toolbox can easily (in a more
obvious way) be replaced by using the standard library modules
`tempfile` and `random` (no more used) directly.

In the case of tempdir and -file creation/removal, skipping the use
of unittest_toolbox, which does this by default, also uncovers some
test cleanup failures, which would occur when temporary test
directories were removed while a test server hadn't released them.
(see `except OSError: pass` in unittest_toolbox's `tearDown`
method)

**Change details**

**test_fetcher_ng.py:**
- Stop implicitly creating (setUp) and removing (tearDown) tmp test
dirs.  -Move now manual creation of an exemplary targets file to
setUpClass, as the same file is used by all tests. And remove it
explicitly in tearDownClass after killing the server (see note
about failure above).  - Trigger URL parsing error with a hardcoded
invalid URL string instead of a random string.

**test_updater_ng.py**
- Stop implicitly creating (setUp) and removing (tearDown) tmp test
dirs.
- Explicitly create tmp test dirs in setUp, but don't remove
them in tearDown to avoid above mentioned failures. They will be
removed all at once when removing the tmp root test dir in
tearDownClass

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2022-01-24 13:54:13 +01:00
Lukas Puehringer
7da6a38335 test: define TESTS_DIR constant
Define TESTS_DIR constant in tests/util.py as full path to the
parent directory of the util module. This may be used to reliably
read other files in tests dir, such es "repository_data" or
"simple_server", regardless of cwd.

This commit also replaces a couple of `getcwd() + "filename"` with
`TESTS_DIR + filename`, so that in the future (post #1790) we
should be able to invoke the tests from anywhere, not only from
within the tests directory as is now the case.

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2022-01-24 13:54:07 +01:00
Jussi Kukkonen
c6b70cf8dc tests: Remove unused options from simple_server
We never call simple_server with arguments so this is dead code.

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2022-01-21 11:31:09 +02:00
Martin Vrachev
7732baff8b Remove LengthOrHashMismatchError catch and reraise
We no longer need to catch LengthOrHashMismatchError and reraise a
RepositoryError as LengthOrHashMismatchError is changed to inherit
RepositoryError.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2022-01-20 17:45:18 +02:00
lukpueh
b2704a56a8
Merge pull request #1783 from MVrachev/drop-python3.6
Drop python3.6 and remove the usage of OrderedDict
2022-01-20 14:46:52 +01:00
lukpueh
1e4590b89e
Merge pull request #1725 from MVrachev/new-exceptions.py
Add new exceptions file for exceptions in the new code
2022-01-20 10:22:11 +01:00
Martin Vrachev
7bb916f962 Document DownloadError for RequestsFetcher.fetch()
We should document that "DownloadError" is thrown inside
RequestsFetcher.fetch().

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2022-01-19 20:24:02 +02:00
Martin Vrachev
e3b267e2e0 Remove OrderedDict in favor of python3.7+ dict
After we drop support for python3.6 we can relly that dictionaries
preserve the insertion order:
https://docs.python.org/3.7/whatsnew/3.7.html

This means we can replace the usage of OrderedDict with a standard
dictionaries.

Something we have to keep in mind is that even thought the insertion
order is preserved the equality comparison for normal dicts is
insensitive for normal dicts compared to OrderedDict

For example:
>>> OrderedDict([(1,1), (2,2)]) == OrderedDict([(2,2), (1,1)])
False
>>> dict([(1,1), (2,2)]) == dict([(2,2), (1,1)])
True

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2022-01-19 18:19:56 +02:00
Martin Vrachev
0f59f4b749 Drop support for python version 3.6
Python version 3.6 was supported until December 23-rd 2021 meaning its
end of life has expired before more than 20 days.
Dropping support for python version 3.6 will allow us to remove
OrderedDicts.

After a quick check I saw that Warehouse target python version 3.8.2:
- their docker file: https://github.com/pypa/warehouse/blob/main/Dockerfile#L47
- https://github.com/pypa/warehouse/blob/main/.python-version
- last pr updating pr version: https://github.com/pypa/warehouse/pull/7828
Pip supports python version 3.7+ as well. They dropped python 3.6 a
couple of months ago:
https://github.com/pypa/pip/pull/10641

This means it shouldn't cause headache to our users if we drop python
version 3.6 too.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2022-01-19 17:11:18 +02:00
Martin Vrachev
8327ea12d3 Make (De)SerializationError a RepositoryError
SerializationError and DeserializationError are both errors coming
from the repository side looking from the clients point of view.
That's why it makes sense to make them repository errors.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2022-01-19 16:52:19 +02:00
Martin Vrachev
8fbe24b487 Fix typo
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2022-01-19 16:52:19 +02:00
Martin Vrachev
199b91df3c Clarify what RepositoryError stands for
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2022-01-19 16:52:19 +02:00
Martin Vrachev
15ee1d8457 Make LengthOrHashMismatchError a RepositoryError
LengthOrHashMismatchError is a thrown when there are problems with
metadata verification or problems from the repository side when looking
it from the user's perspective.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2022-01-19 16:52:19 +02:00
Martin Vrachev
32a4545f0b Replace UnsupportedAlgorithmError with ValueError
UnsupportedAlgorithmError is a detailed securesystemslib exception
and there is no need for TUF to redefine it.
Moreover which hash "algorithms" are allowed is work for
securesystemslib not for TUF.

It's only used once inside "Targetfile.from_data()" and there it's used
to denote that there is a problem with the given argument.
That's why this error can be just replaced with "ValueError".

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2022-01-19 16:52:19 +02:00
Martin Vrachev
0cbe2a2034 Remove ReplayedMetadataError
ReplayedMetadataError is a subset of
BadVersionNumberError and in a discussion with
Jussi we realized that ReplayedMetadataError can
be replaced by BadVersionNumberError with a
good message.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2022-01-19 16:52:19 +02:00
Martin Vrachev
8415d38ad6 Remove URLParsingError
URLParsingError is a specific download error and
is not clear what benefit it provides.
It's used only once in the new code and the
message says everything you need to know about
the exception.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2022-01-19 16:52:19 +02:00
Martin Vrachev
4bf1e19e50 Make FetcherHTTPError a DownloadError
Make FetcherHTTPError a DownloadError as the
error itself denotes an error happening during
the download process.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2022-01-19 16:52:19 +02:00
Martin Vrachev
99a18659e7 Stop linting tuf/exceptions.py with mypy
Stop linting tuf/exceptions.py with mypy as we are going to use
tuf/api/exceptions.py for exceptions in the new code.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2022-01-19 16:52:19 +02:00
Martin Vrachev
4b61be9cf7 Add tuf/api/exceptions.py
Add tuf/api/exceptions.py for exceptions in the new code.
I copied the exceptions from tuf/exceptions.py with a few important
decisions:
1. I only added the exceptions that are used in the new code
2. I removed the general "Error" class as we can directly inherit
Exceptions
3. I tried grouping the exceptions by relevance
4. I removed the second argument "UnsignedMetadataError" as it's only
kept for backward compatibility and is not used
5. I tried following the new code style guidelines and linted the file
with our linters.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2022-01-19 16:52:19 +02:00
lukpueh
0e26364dfc
Merge pull request #1780 from kairoaraujo/update_examples_README
docs: simplify examples on repo README
2022-01-19 11:00:59 +01:00
Kairo de Araujo
18c2c8a288 docs: simplify examples on repo README
The code examples now have a simple README.md. This commit simplifies
the README.md examples to the example folder instead of listing each
example.

Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
2022-01-19 10:50:23 +01:00
lukpueh
a9a4f9c1f7
Merge pull request #1772 from kairoaraujo/add_examples_to_RTD
docs: add examples to the RTD
2022-01-19 10:03:55 +01:00
lukpueh
fa15eeae81
Merge pull request #1776 from kairoaraujo/issue#1739/relative_links_404
docs: fix relative to absolute links on README.md
2022-01-19 09:54:53 +01:00
Kairo de Araujo
23534790cd docs: add examples to the RTD
This commit adds to the RTD the links references to source code
examples.
The examples are added to TUF ngclient Updater, Metadata and API
reference.
includes a seed for examples/README.md

Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
2022-01-18 13:14:02 +01:00
Kairo de Araujo
0a4d88a8ab docs: fix relative to absolute links on README.md
This commit fixes the relatives links on README.md, adding absolute
links.
The PyPI renders the README.md as an HTML page on the landing page
of the python-tuf package. If the links are not absolute links to
the files in git repository, they will fail.

Fixes: #1739

Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
2022-01-18 12:06:42 +01:00
lukpueh
2b0776cfbe
Merge pull request #1777 from kairoaraujo/fix_typo_fast_forward_tests
Fix typo on fast forward test functions
2022-01-18 10:10:27 +01:00
Kairo de Araujo
480ab2d05d Fix typo on fast forward test functions
Fix typo on fast forward test functions name.

Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
2022-01-17 18:00:05 +01:00
Jussi Kukkonen
8ccbd63470
Merge pull request #1759 from kairoaraujo/issue#1634/encode_role_names
Explicit encode role names
2022-01-17 15:55:49 +02:00
Kairo de Araujo
aa6d28fbc3 explicit encode role names
This commit explicitly encodes role names. Mostly this encoding is already
happening in ``requests`` for what is not a URL.
The "/" in a role name will now be encoded.

Also, a slight change in the RepositorySimulator will align with the tests.

This commit partially covers issue #1634

Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
2022-01-17 12:12:43 +01:00
lukpueh
ecc1cb08b8
Merge pull request #1773 from lukpueh/rm-spec-fwd
doc: remove spec "forwarder" docs
2022-01-17 09:26:55 +01:00
Lukas Puehringer
798383f88f doc: remove spec "forwarder" docs
Remove old doc/tuf-spec* documents, which are merely pointers to
the theupdateframework/specification repo (created in late 2017).

They were likely kept in place to avoid 404s of old links, but the
up-to-date TUF specification location should be discoverable enough
to get rid of the pointers.

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2022-01-14 13:10:32 +01:00
lukpueh
059bfda391
Merge pull request #1771 from kairoaraujo/remove_white_trailing_spaces_docs
doc: Remove trailing whitespaces from docs files
2022-01-14 10:14:10 +01:00
lukpueh
4f6e617bc6
Merge pull request #1769 from lukpueh/rm-duplicate-docs
doc: remove duplicate outdated docs
2022-01-14 10:10:41 +01:00
lukpueh
8ae05b3e2b
Merge pull request #1768 from lukpueh/rm-deprecated-docs
doc: remove deprecated tuf/server client docs
2022-01-14 10:02:51 +01:00