Commit graph

6224 commits

Author SHA1 Message Date
Jussi Kukkonen
657aa3dfd5
docs: Improve ngclient docs
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2021-08-25 17:05:07 +03:00
Jussi Kukkonen
1a714f7dc8
docs: Improve tuf.api docs
Write a bit more about the two modules, hide the actual TOC to not
repeat (and not have sphinx complain about missing items in TOC)

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2021-08-25 17:05:06 +03:00
Jussi Kukkonen
4f71f98008
docs: Move the sphinx root to docs/
This allows using existing documentation in the published documentation
without
* moving the existing docs (which would break external links)
* tricks like symlinks that create issues with relative links

Put the api reference files into a subdirectory to avoid polluting the
main docs/ directory.

Include "Installation" and "Instructions for Contributors" in the
published documentation.

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2021-08-25 17:05:06 +03:00
Jussi Kukkonen
3ee6a3e786
docs: Tweak INSTALLATION.rst
* Remove link to outdated roadmap
* Link to maintainers file in the same way as two lines earlier
* Fix formatting issues with code blocks

These fixes allow the installation rst to be used from sphinx sources
and from docs root.

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2021-08-25 17:05:05 +03:00
Jussi Kukkonen
b3869186f0
docs: API Reference tweaks
* Improve content
* Make ngclient Updater __init__() visible in docs
* Remove "legacy implementation" (except for the note on API stability)

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2021-08-25 17:05:05 +03:00
Teodora Sechkova
69c2270cdd
Add .readthedocs.yaml
Add a configuration file for Read The Docs.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-08-25 17:05:03 +03:00
Martin Vrachev
45743444b1 Remove duplicate serialization tests from test_api
I was looking at how can we simplify or split test_api.py when I noticed
that the test cases covered by those two test functions are already
covered in the test_metadata_serialization.py module in the
"invalid_keys" and "invalid_roles" datasets.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2021-08-25 16:03:03 +03:00
dependabot[bot]
be3c66378c
build(deps): bump cryptography from 3.4.7 to 3.4.8
Bumps [cryptography](https://github.com/pyca/cryptography) from 3.4.7 to 3.4.8.
- [Release notes](https://github.com/pyca/cryptography/releases)
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/3.4.7...3.4.8)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-08-25 10:06:12 +00:00
Jussi Kukkonen
e242a750d4
Merge pull request #1524 from jku/ngclient-rollback-improvements
ngclient rollback improvements
2021-08-24 20:05:40 +03:00
Teodora Sechkova
d1329762b6
Fix sphinx-build warnings
Fix docstrings which triggered warnings from sphinx-build.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-08-23 18:25:08 +03:00
Teodora Sechkova
ae0e8bab12
Add docs/sphinx/build to .gitignore
Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-08-23 18:25:07 +03:00
Teodora Sechkova
180fd63927
Add tox:docs environment
- New 'docs' environment in tox enables
   building the sphinx documentation in isolation.
 - New requirements-docs.txt.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-08-23 18:25:07 +03:00
Teodora Sechkova
e32beb5845
Add sphinx docs source files
Add .rst source files for building documentation with
'sphinx'. The two mandatory files are conf.py containing
the build configuration and the master doc file index.rst.

Sphinx uses 'autodoc' to automatically include docstrings.
'autodoc' imports the modules and needs TUF installed in
the environment.

The following command will generate the documentation from the
source files in an html format:

`sphinx-build -b html docs/sphinx/source docs/sphinx/build/html`

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-08-23 18:25:03 +03:00
Jussi Kukkonen
f4ffb9dbaa
Merge pull request #1532 from MVrachev/pylint-warning
Address Pylint new unspecified-encoding warning
2021-08-23 18:01:20 +03:00
Martin Vrachev
80fec6b2b5 Address Pylint new unspecified-encoding warning
A new warning appeared from pylint when calling "tox -e lint" on the
"develop" branch with id "unspecified-encoding",
I read about the warning and it make sense.

Read more about the warning here:
https://github.com/PyCQA/pylint/issues/3826

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2021-08-23 16:48:40 +03:00
Martin Vrachev
4c3fd95cb1 Additional tests for containers with 0 or >1 items
Those tests are needed to cover use cases when syntatcticly as
standalone objects the metadata classes and their helper classes defined
in tuf/api/metadata.py are valid even if they cannot be verified.

An example where an object is valid, but cannot be verified is
if we have a Role instance with an empty list of "keyids".
This instance is valid and can be created, but cannot be verified
because there is a requirement that the threshold should be above
1, meaning that there should be at least 1 element inside the "keyids"
list to complete successful threshold verification.

The situation is the same for the rest of the tests I am adding to this
commit:
- Root object without keys
- Root object without roles
- DelegationRole object with empty "keyids"
- DelegationRole object with an empty list of "paths"
- DelegationRole object with an empty list of "path_hash_prefixes"
all of these objects can be instantiated, but cannot complete
successfully threshold verification.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2021-08-20 17:12:44 +03:00
Martin Vrachev
df6a399b08 new API: test containers for zero or more elements
Test metadata (de)serialization with input data containing containers
with zero or more elements.

Here is the status for the different use cases:
Root keys:
- many keys: added
Root roles:
- many roles: added
Root role keyids:
- many keids: already added in https://github.com/theupdateframework/tuf/pull/1481
MetaFile hashes:
- many hashes: already tested
- zero hashes: added. Testing as invalid test case.
Timestamp meta:
- zero elements: already tested
- many elements: added
Snapshot meta:
- zero items: added
- many items: added
Delegation keys:
- many keys: added
Delegation role keyids:
- many keyids: added
Delegation role paths:
- many paths: already tested
Delegation role path_hash_prefixes:
- many path_hash_path_prefixes: already tested
Delegation roles:
- zero roles: added
- multiple roles: added
Targets targets:
- zero items: already tested
- multiple items: added

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2021-08-20 17:12:43 +03:00
Jussi Kukkonen
c8696d905e tests: Remove unhelpful helper
Doing the work inline is less code and easier to understand.

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2021-08-19 11:22:01 +03:00
Jussi Kukkonen
e3b789c306 ngclient: allow limited use of wrong snapshot version
Spec does not explicitly say so but the intent is that a snapshot
metadata can be trusted for rollback protection checks of newer
snapshots even if current snapshot version does not match the version
in current timestamp meta.

Only do the snapshot version check for the "final" snapshot by doing it
when targets is updated.

Improve test names and comments.

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2021-08-19 11:22:01 +03:00
Jussi Kukkonen
b515997701 ngclient: Allow limited use of expired timestamp/snapshot
While this is not explicitly said in the spec, the intention is that
expired timestamp and snapshot should be used for rollback protection
checks on newer timestamp/snapshot (but not for anything else).

Move the expiry checks to the "next" metadata update: timestamp expiry
is checked when snapshot is loaded, and snapshot expiry is checked
when targets is loaded.

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2021-08-19 11:22:01 +03:00
Jussi Kukkonen
091197288f ngclient: Remove root_update_finished()
The usefulness was debatable to begin with, and now that it has become
clear that rollback protection requires a second "final verification"
step for all three root, timestamp and snapshot it is clear that
root_update_finished() is not good design.

update_root() still accepts expired root metadata but now the final
root expiry is checked when the "next" metadata (timestamp) is loaded.

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2021-08-19 11:09:12 +03:00
Joshua Lock
e9106b59cd
Merge pull request #1522 from jku/more-trusted-set-tests
More trusted set tests
2021-08-19 08:31:52 +01:00
Jussi Kukkonen
d3441f056a
Merge pull request #1457 from jku/use-generics-to-improve-signed-typing
Improve signed typing
2021-08-18 12:01:33 +03:00
Jussi Kukkonen
7901687017
Merge pull request #1501 from MVrachev/ngclient-support-consistent-snapshot
ng client: support for prefix_targets_with_hash when downloading targets
2021-08-18 09:20:11 +03:00
Jussi Kukkonen
f02fed2502 tests: Test TrustedMetadataSet iteration
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2021-08-17 15:50:01 +03:00
Jussi Kukkonen
caf61369ab ngclient: Fix trusted set iterator
We're unlikely to use the iterator but it's required to implement Mapping.

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2021-08-17 15:48:43 +03:00
Jussi Kukkonen
85656a56eb tests: Add missing test to TrustedMetadataSet
Test failing length/hash test for snapshot

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2021-08-17 15:40:13 +03:00
Jussi Kukkonen
efb5653016 tests: Improve TrustedSet coverage
* test for succesful root update
* fix test for snapshot version rollback in timestamp update

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2021-08-17 13:54:18 +03:00
Jussi Kukkonen
25993d6a2d
Merge pull request #1477 from MVrachev/ng-client-improve-metadata-set-testing
ng client improve TrustedMetadataSet testing
2021-08-17 11:00:43 +03:00
Martin Vrachev
617e87eb26 Annotations and use extensively modify_metadata
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2021-08-16 18:13:01 +03:00
Martin Vrachev
1b392bdb3e ngclient UpdaterConfig: Add docstring
Docstrings for each class are required by linting tool.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2021-08-16 16:54:42 +03:00
Martin Vrachev
7d926720d1 ng client: support for prefix_targets_with_hash
Add support for prefixing targets with their hashes when downloading or
using HASH.FILENAME.EXT as target names.
The introduction of prefix_targets_with_hash was necessary, because
there are use cases like Warehouse where you could use
consistent_snapshot, but without adding a hash prefix to your targets.

When prefix_targets_with_hash is set to True, target files conforming
the format HASH.FILENAME.EXT will be downloaded from the server, but
they will be saved on the client side without their hash prefixes or
FILENAME.EXT.
This makes sure the client won't understand the usage of
prefix_targets_with_hash.

Still, if you want to use HASH.FILENAME.EXT as target names when
downloading, then additionally you need to provide consistent_snapshot
set to True in your root.json. The reason is that the specification uses
consistent_snapshot for the same purpose:
"If consistent snapshots are not used (see § 6.2 Consistent snapshots),
then the filename used to download the target file is of the fixed form
FILENAME.EXT (e.g., foobar.tar.gz). Otherwise, the filename is of the
form HASH.FILENAME.EXT
(e.g., c14aeb4ac9f4a8fc0d83d12482b9197452f6adf3eb710e3b1e2b79e8d14cb681.foobar.tar.gz),
where HASH is one of the hashes of the targets file listed in the
targets metadata file found earlier in step § 5.6 Update the targets role.
In either case, the client MUST write the file to non-volatile
storage as FILENAME.EXT."

The same behavior of using two flags is used in the legacy code when
calling tuf.client.updater.download_target() in a repository using
prefix_targets_with_hash and consistent_snapshot.

See chapter 5.7.3:
https://theupdateframework.github.io/specification/latest/index.html#fetch-target
By default, prefix_targets_with_hash is set to true to make it easier
to the user to provide uniquely identifiable targets file names by
using consistent_snapshot set to True.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2021-08-16 16:54:42 +03:00
Jussi Kukkonen
13e20e9954 Metadata API: Make Metadata Generic
When we use Metadata, it is helpful if the specific signed type (and all of
the signed types attribute types are correctly annotated. Currently this is
not possible.

Making Metadata Generic with constraint T, where

    T = TypeVar("T", "Root", "Timestamp", "Snapshot", "Targets")

allows these annotations. Using Generic annotations is completely
optional so all existing code still works -- the changes in test code
are done to make IDE annotations more useful in the test code, not
because they are required.

Examples:

    md = Metadata[Root].from_bytes(data)
    md:Metadata[Root] = Metadata.from_bytes(data)

In both examples md.signed is now statically typed as "Root" allowing IDE
annotations and static type checking by mypy.

Note that it's not possible to validate that "data" actually contains a
root metadata at runtime in these examples as the annotations are _not_
visible at runtime at all: new constructors would have to be added for that.

from_file() is now a class method like from_bytes() to make sure both
have the same definition of "T" when from_file() calls from_bytes():
This makes mypy happy.

Partially fixes #1433

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2021-08-16 16:38:21 +03:00
Jussi Kukkonen
62d305a203
Merge pull request #1513 from theupdateframework/dependabot/pip/charset-normalizer-2.0.4
build(deps): bump charset-normalizer from 2.0.3 to 2.0.4
2021-08-10 14:59:00 +03:00
Jussi Kukkonen
55c8a7836e
Merge pull request #1463 from sechkova/review-preorder-dfs
ngclient: review preorder dfs code
2021-08-10 11:01:37 +03:00
Teodora Sechkova
bc073b8698
Improve naming and comments
Give 'role_names' the more verbose description
'delegations_to_visit'.

Add some comments and docstrings.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-08-10 09:02:37 +03:00
Teodora Sechkova
76d4633600
Raise if none of paths and path_hash_prefixes is set
The specification does not state clearly what is the
behaviour when none of delegation's "paths" and
"path_hash_prefixes" is set. See #1497.

Until this issue is clarified, copy current
Updater which raises an error in such case.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-08-10 09:02:37 +03:00
Teodora Sechkova
917bc8dd46
Type annotate _preorder_depth_first_walk
Improve type annotations.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-08-10 09:02:36 +03:00
Teodora Sechkova
91cfb9ec5d
Simplify _preorder_depth_first_walk
Reduce redundant logging and simplify code further.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-08-10 09:02:32 +03:00
Teodora Sechkova
fd96225625
Simplify child roles loop
Simplify the code in _preorder_depth_first_walk.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-08-10 09:01:36 +03:00
Teodora Sechkova
790aceb129
Remove _get_filepath_hash
Remove _get_filepath_hash and call sslib_hash.digest
directly instead.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-08-10 09:00:35 +03:00
Teodora Sechkova
f5b81be405
Rename and simplify visit_child_role
Rename to DelegatedRole.is_delegated_path and
return a boolean flag instead of the role's name.

Minor comments and code style improvements.

Some code simplification.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-08-10 09:00:06 +03:00
dependabot[bot]
921d373cb2
build(deps): bump charset-normalizer from 2.0.3 to 2.0.4
Bumps [charset-normalizer](https://github.com/ousret/charset_normalizer) from 2.0.3 to 2.0.4.
- [Release notes](https://github.com/ousret/charset_normalizer/releases)
- [Commits](https://github.com/ousret/charset_normalizer/compare/2.0.3...2.0.4)

---
updated-dependencies:
- dependency-name: charset-normalizer
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-08-02 10:06:09 +00:00
Joshua Lock
98cc149489
Merge pull request #1509 from sechkova/use_verify_with_threshold
ngclient: use Metadata.verify_delegate
2021-07-28 23:03:49 +01:00
Teodora Sechkova
d70f69771d
Use Metadata.verify_delegate
Replace the helper verify_with_threshold() with
the newly implemented method Metadata.verify_delegate.

Add an aditional type annotation helping the IDE.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-07-28 18:30:38 +03:00
Teodora Sechkova
167441c789
Move _visit_child_role to DelegatedRole
Make _visit_child_role a public method of
DelegatedRole class. Reduce debug logging.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-07-28 17:57:43 +03:00
hosseinsia
01e2308428
Update CLI.md (#1508)
* Update CLI.md

Update the suggested command template for "trust keys", to make it consistent with other examples.

Signed-off-by: hosseinsia <hossein.siadati@datadoghq.com>

* Update docs/CLI.md

Remove the + to avoid confusion.

Co-authored-by: Martin Vrachev <martin.vrachev@gmail.com>
Signed-off-by: hosseinsia <hossein.siadati@datadoghq.com>

Co-authored-by: Martin Vrachev <martin.vrachev@gmail.com>
2021-07-27 20:32:36 -04:00
Joshua Lock
ab416756fc
Merge pull request #1474 from jku/document-ngclient
Document ngclient
2021-07-27 13:22:47 +01:00
Martin Vrachev
11531caf42 Embed modification function helpers
Instead of using general abstract modification functions embed smaller
modification functions inside each test where it's needed and
create modify_metadata function that does all of the common stuff like:
- instantiating a metadata object
- calling the modification function
- signing the modified object
- serializing back to bytes.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2021-07-21 17:34:23 +03:00
Martin Vrachev
71838562dc ngcl. tests: remove modification on internal state
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2021-07-21 16:40:39 +03:00