Commit graph

6224 commits

Author SHA1 Message Date
Joshua Lock
24a11427a2 Don't build universal wheels
Signed-off-by: Joshua Lock <jlock@vmware.com>
2021-09-06 13:29:07 +01:00
Joshua Lock
62195fd0b6
Merge pull request #1551 from jku/release-0.18
Release preparations for 0.18
2021-09-06 13:13:10 +01:00
Jussi Kukkonen
0ec8d3ce86 Release preparations for 0.18
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2021-09-06 14:37:25 +03:00
Teodora Sechkova
f02401f27a
Merge pull request #1561 from jku/badges
README: Badge updates
2021-09-03 08:29:02 +03:00
Jussi Kukkonen
a85688b167 README: Add a badge for ReadTheDocs build
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2021-09-02 14:25:54 +03:00
Jussi Kukkonen
2644264171 README: Update Coveralls project url
coveralls automatically created a new project when the Github project
name changed.

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2021-09-02 14:25:52 +03:00
Teodora Sechkova
e6b41d582a
Merge pull request #1553 from jku/metadata-missing-tests
tests: Add some missing coverage
2021-09-02 14:24:55 +03:00
Joshua Lock
84004604c1
Merge pull request #1557 from joshuagl/joshuagl/python-tuf
Update links to account for repository rename
2021-09-02 10:04:29 +01:00
Jussi Kukkonen
d4ea0f0f58
Merge pull request #1559 from sechkova/remove-disable-broad-except
Remove disable=broad-except
2021-09-02 09:36:58 +03:00
Teodora Sechkova
40082094df
Test SlowretreivalError in RequestsFetcher
Add test_read_timeout to test for
urllib3.ReadTimeoutError -> tuf.SlowRetrievalError.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-09-01 18:09:45 +03:00
Teodora Sechkova
5d71aab9ec
Remove disable=broad-except
The pylint warning W0703:broad-except was raised only
when six was used and python 2 was still supported.

The warning is no longer raised, the exceptions are
handled/raised correctly and the disabling can be removed.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-09-01 17:41:32 +03:00
Jussi Kukkonen
deec2eaaa0
Merge pull request #1519 from sechkova/fetcher-max-length
Remove max_length parameter from fetch
2021-09-01 17:27:12 +03:00
Jussi Kukkonen
017425e497 tests: Improve DelegatedRole coverage
Test basic cases of DelegatedRole.is_delegated_path()

This is not trying to be an extensive test of possible methods of delegation:
this gives us basic coverage for all code paths.

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2021-09-01 13:34:50 +03:00
Jussi Kukkonen
c127b6b5a3 tests: Improve add_key/remove_key API tests
Make sure key is not removed from root.signed.keys on remove_key()
if another role is still using the key.

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2021-09-01 13:34:50 +03:00
Joshua Lock
3dc5594242 Update links to account for repository rename
We have renamed the repository from tuf->python-tuf

Signed-off-by: Joshua Lock <jlock@vmware.com>
2021-09-01 11:15:33 +01:00
Marina Moore
53ad9aaa3f
Merge pull request #1554 from joshuagl/joshuagl/new-maint
Nominate Teodora to maintainers
2021-08-31 10:29:27 -04:00
Joshua Lock
4f8da50424 Add Teodora to maintainers
Signed-off-by: Joshua Lock <jlock@vmware.com>
2021-08-31 09:57:52 +01:00
Jussi Kukkonen
e1ec782f19
Merge pull request #1520 from avelichka/sslib-key
Add Key.from_securesystemslib_key
2021-08-31 09:42:39 +03:00
Jussi Kukkonen
7d77eeec31
Merge pull request #1512 from MVrachev/glob-pattern-matching
Implement glob-like pattern matching
2021-08-31 09:42:27 +03:00
Joshua Lock
3877e24346
ADR-0009: document purpose of ref implementation (#1547)
Capture discussion around the purpose of the reference implementation.
That we prioritise being an exemplary implementation over being a
pedagogical implementation.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2021-08-30 13:27:45 -04:00
Martin Vrachev
34e7546255 Remove lstrip & os.sep on targetpath & pathpattern
For targetpath: we don't want to support corner cases such as
file paths starting with separator.
Why this case should be threated specially than any other case where
you have multiple "/" for example "foo//bar/tar.gz"?

For pathpattern: it's recommended that the separator in the pathpattern
should be "/":
see https://theupdateframework.github.io/specification/latest/#targetpath
I believe it could lead to issues for a client implementation if it
supports arbitrary separators - every implementation needs to choose one
and stick with it.
Then, if we decide that "/" is our separator using lstrip on "os.sep" is
wrong, because the os separator from the server could be different that
the one used in the client.

Because of the above arguments, it makes sense to just remove
lstrip on os separators.

Additionally, document that the target_filepath and the DelegatedRole
paths are expected to be in their canonical forms and only "/" is
supported as target path separator.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>

in the public API that we only support "/" as a
separator and don't handle corner cases such as leading separators
in either pathpattern or target_filepath.
2021-08-30 19:04:02 +03:00
Teodora Sechkova
35ef056ce6
Add tests for ngclient/fetcher
Add tests for the file/data download.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-08-30 16:21:37 +03:00
Teodora Sechkova
86d647b16c
Remove max_length parameter from fetch
If a file has a bigger size than expected, RequestFetcher.fetch
downloads it up to max_length without any errors. Only the
consecutive hash check raises exception. A better behaviour
in such case would be to raise a DownloadLengthMismatchError.

For this reason this commit:
- removes max_length from the fetch() definition,
- modifies download_file to check the downloaded length after
  each chunk and raise an error accordingly.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-08-30 15:29:14 +03:00
Jussi Kukkonen
3028fb6053
Merge pull request #1489 from sechkova/enable-mypy-ngclient
Enable mypy for ngclient
2021-08-30 11:23:27 +03:00
Jussi Kukkonen
2dd88d987b
Adding my GPG fingerprint to MAINTAINERS.txt (#1548)
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2021-08-29 12:20:19 -04:00
Teodora Sechkova
6ada96cf90
Load trusted root in a separate private method
Add an additional private method for loading the initial
trusted root metadata. The public method update_root() is
now used only externally for updating the intiial root.
The 'root' property is used only after its initialization
in the constructor and is not longer optional which makes
mypy happy.

This split results in cleaner code and the ability to annotate
the 'root' property as non-optional at the cost of some code
duplication.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-08-27 11:54:45 +03:00
Teodora Sechkova
4f57ae43f8
Denote expected type of Metadata.signed
By explicitly denoting the expected type of Metadata.signed
we help mypy understand our intentions and correctly figure
out types. This is entirely a typing feature and has no
runtime effect.

Modify the return type of Metadata.from_dict to match the
other factory methods (from_*).

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-08-27 11:54:45 +03:00
Teodora Sechkova
cd096ba5c6
Make SlowRetrievalError parameter optional
SlowRetrievalError is raised from RequestsFetcher where
average_download_speed is not calculated.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-08-27 11:54:45 +03:00
Teodora Sechkova
8c9534b29c
Make TrustedMetadataSet.root non-optional
The 'root' property is guaranteed to be set after init.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-08-27 11:54:44 +03:00
Teodora Sechkova
018364d16a
Use assert to check for None values
This is done only for hinting 'mypy' that we have
ensured these values cannot be None.

'Bandit' raises warnings for assert usage in the code
but we are disabling them since we do not rely upon
'asserts' for any runtime checks but only for type checking.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-08-27 11:54:44 +03:00
Teodora Sechkova
ea76a30d90
Add missing type annotations to updater
Add missing annotations and partially resolve mypy
errors in updater.py and trusted_metadata_set.py

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-08-27 11:54:44 +03:00
Teodora Sechkova
b6e02bde47
Replace BinaryIO with IO[bytes] in metadata.py
Needed in order to be compatible with the return type of
download_file (TemporaryFile is typed as IO[bytes]).
BinaryIO is a subclass of IO[bytes].

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-08-27 11:49:50 +03:00
Teodora Sechkova
191a1e5e3d
Add type annotations to download.py and fetcher.py
Add the stub for the requests package (types-requests)
to requirements-tests.txt.

Add urllib3 to the ignored imports. The project seems
to have added type annotations already but has not
released a version including them yet.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-08-27 11:49:49 +03:00
Teodora Sechkova
38b85cb8db
Add ngclient to mypy
Extend mypy to include all files under ngclient.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-08-27 11:49:46 +03:00
Jussi Kukkonen
7731738590
Merge pull request #1514 from MVrachev/filename-in-targetfile
Metadata API: include target target name in TargetFile
2021-08-27 11:02:49 +03:00
Joshua Lock
5a3ac9cb81
Merge pull request #1542 from jku/fix-sslib-master-tox-env
tox: Fix with-sslib-master install
2021-08-26 19:02:15 +01:00
Martin Vrachev
b18176db9b Implement glob-like pattern matching
According to the recently updated version of the specification the shell
style wildcard matching is glob-like (see https://github.com/theupdateframework/specification/pull/174),
and therefore a path separator in a path should not be matched by a
wildcard in the PATHPATTERN.

That's not what happens with `fnmatch.fnmatch()` which doesn't
see "/" separator as a special symbol.
For example: fnmatch.fnmatch("targets/foo.tgz", "*.tgz") will return
True which is not what glob-like implementation will do.

We should make sure that target_path and the pathpattern contain the
same number of directories and because each part of the pathpattern
could include a glob pattern we should check that fnmatch.fnmatch() is
true on each target and pathpattern directory fragment separated by "/".

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2021-08-26 19:57:52 +03:00
Martin Vrachev
9229a405e3 Remove filename argument from Targets.update()
After the addition of "path" argument in the TargetFile class the
filename argument in Targets.update() became redundant.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2021-08-26 19:48:46 +03:00
Martin Vrachev
91b0c59602 Metadata API: include target path in targetfile
Currently, TargetFile instances do not contain the path relative URL of
the file they represent. The API itself does not need it but it could be
useful for users of the API.

As an example, the current client returns a dict for
get_one_valid_targetinfo(): that dict contains a filepath field and
a targetinfo field (essentially TargetFile).
We would like to keep a similar API, but avoid hand-crafted dicts.
It would be much nicer to return a TargetFile that would contain the
full "metadata" of the targetfile.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2021-08-26 19:48:45 +03:00
Velichka Atanasova
c875b7ed04 Add Key.from_securesystemslib_key
The securesystemslib key dictionary representation includes
the private key in keyval. TUF key doesn't handle it in any way,
but considering that we allow unrecognized symbols in the format,
we should exclude the private key otherwise this could lead to
misuse.
A call to securesystemslib.keys.format_keyval_to_metadata
with the default private=False would do exactly that.

Signed-off-by: Velichka Atanasova <avelichka@vmware.com>
2021-08-26 15:37:25 +03:00
Jussi Kukkonen
8482f2c473
Merge pull request #1545 from theupdateframework/dependabot/pip/securesystemslib-cryptopynacl--0.21.0
build(deps): bump securesystemslib[crypto,pynacl] from 0.20.1 to 0.21.0
2021-08-26 13:20:48 +03:00
dependabot[bot]
e5c9e8edd2
build(deps): bump securesystemslib[crypto,pynacl] from 0.20.1 to 0.21.0
Bumps [securesystemslib[crypto,pynacl]](https://github.com/secure-systems-lab/securesystemslib) from 0.20.1 to 0.21.0.
- [Release notes](https://github.com/secure-systems-lab/securesystemslib/releases)
- [Changelog](https://github.com/secure-systems-lab/securesystemslib/blob/master/CHANGELOG.md)
- [Commits](https://github.com/secure-systems-lab/securesystemslib/compare/v0.20.1...v0.21.0)

---
updated-dependencies:
- dependency-name: securesystemslib[crypto,pynacl]
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-08-26 10:05:37 +00:00
Jussi Kukkonen
5f0445d506
Merge pull request #1517 from sechkova/configure-sphinx
Enable docs build with sphinx
2021-08-26 11:47:17 +03:00
Teodora Sechkova
bfb509aa53
docs: Fix DelegatedRole rendering
Improve class DelegatedRole docstring in order to be rendered
correctly in the documentation built with sphinx and autodoc.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-08-26 11:07:03 +03:00
Jussi Kukkonen
0870d53d84 tox: Fix with-sslib-master install
pip nowadays recognizes that we are asking for two different versions of
securesystemslib in the "with-sslib-master" env, and errors out.

Instead install normal dependencies first, then install the new
securesystemslib separately (this ends up upgrading securesystemslib).

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2021-08-26 10:08:31 +03:00
Jussi Kukkonen
66aac38a4a
Merge pull request #1511 from MVrachev/test-containers
new API: test containers for zero or more elements
2021-08-25 20:09:38 +03:00
Jussi Kukkonen
be206a9121
Merge pull request #1540 from theupdateframework/dependabot/pip/cryptography-3.4.8
build(deps): bump cryptography from 3.4.7 to 3.4.8
2021-08-25 19:56:53 +03:00
Jussi Kukkonen
e468d2cf8a
Merge pull request #1541 from MVrachev/move-serialization-tests
Remove duplicate serialization tests from test_api
2021-08-25 19:55:33 +03:00
Teodora Sechkova
21ff4920ab
docs: Improve formating
Remove/add new lines at the end of file.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-08-25 17:06:36 +03:00
Teodora Sechkova
e5de36f4e0
docs: Add links to the specification
Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-08-25 17:06:11 +03:00