Commit graph

6224 commits

Author SHA1 Message Date
Lukas Puehringer
e36d181241 Work around pypa/pip#9215 with old resolver
Configure tox to use legacy resolver as a temporary workaround
for pypa/pip#9215, which results in huge unnecessary downloads.

Co-authored-by: Jussi Kukkonen <jkukkonen@vmware.com>
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2020-12-16 17:39:36 +01:00
Lukas Puehringer
ad8bb8a7a0 Fix failing tests on GitHub windows runners
The GitHub action windows runners (added in a subsequent commit)
choke on a test that runs os.makedirs with a too long directory
name, and expects an OSError with error numbers ENAMETOOLONG or
ENOENT. However, this particular runner returns EINVAL in Python 3,
which according to bugs.python.org/msg295851 is not unlikely.

This commit simply adds EINVAL to the expected error numbers.

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2020-12-16 17:37:57 +01:00
lukpueh
c4d4362a3e
Merge pull request #1238 from lukpueh/drop-py35
Drop support for Python 3.5
2020-12-11 15:47:22 +01:00
lukpueh
b2e3c83988
Merge pull request #1235 from joshuagl/joshuagl/expiration-check
client: update expiration check to match spec
2020-12-11 15:04:11 +01:00
Lukas Puehringer
1339210917 Remove breaking python3.9 appveyor build
We recently enabled support for Python 3.9 and also added
3.9 builds on appveyor, but they don't work out of the box.

Instead of troubleshooting this I suggest we soon switch to
GitHub actions:
https://github.com/theupdateframework/tuf/issues/1195.

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2020-12-11 11:40:54 +01:00
Lukas Puehringer
bc77ed1c7e Update pinned dependencies for testing
requirements-pinned.txt lists all immediate and transitive
dependencies combined for all supported Python versions.

This commit semi-automatically updates the pinned dependencies
using the instructions in requirements.txt:

Updated dependencies are:
- cryptography (supersedes dependabot's #1237)
- certifi (supersedes dependabot's #1233)
- enum34 (oddly not detected by dependabot)

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2020-12-10 18:21:01 +01:00
Lukas Puehringer
4f40764de4 Adopt removal of Python 3.5 support in test config
Also enables windows builds for the recently added Python 3.9.

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2020-12-10 18:20:29 +01:00
Lukas Puehringer
a78da1558a Update setup.py to drop support for Python 3.5
Python 3.5 has now reached its end-of-life and has been retired.
https://www.python.org/dev/peps/pep-0478/

The optional (but highly recommended) 'cryptography' dependency
has also just dropped support for 3.5. Continuing support for 3.5
in TUF does not seem worth the effort.

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2020-12-10 18:14:55 +01:00
Joshua Lock
fccd078634 Update tests for client expiration check
Add a test to ensure that metadata expires at the expiration time, not
after it.
This tests the change to the updater introduced in 4bcd703

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-12-09 22:08:58 +00:00
Joshua Lock
4bcd703462 client: update expiration check to match spec
The specification, as of 1.0.16, describes an update expiration check as:

> The expiration timestamp in the trusted $ROLE metadata file MUST be
  higher than the fixed update expiration time.

Having done some research into how other security providers are comparing
expiration equivalents (i.e. OpenSSL x509 certificate checking code, and
GnuPG expiration checks), and how other TUF implementations are performing
the same check (rust-tuf, go-tuf), we came to a consensus that the correct
way to implement expiration comparisons is:

    expiration <= now

Where:
  expiration: is the metadata's expiration datetime
  now: is the current system time, or the fixed notion of time in the
       detailed client workflow (introduced in 1.0.16 of the spec)

Fixes #1231

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-12-08 14:05:44 +00:00
Joshua Lock
cdf069a8a9
Merge pull request #1234 from lukpueh/drop-bandit-py2
Add >=Py3.5 constraint for bandit test dependency
2020-12-07 14:29:36 +00:00
Lukas Puehringer
855a8d0b54 Add >=Py3.5 constraint for bandit test dependency
Bandit just dropped support for Python <3.5. This commit adds
a corresponding constraint to requirements-test.txt.

Note, we run bandit in a dedicated 'lint' tox environment, which
uses Python3.8 on Travis.

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2020-12-07 14:16:07 +01:00
lukpueh
771592a342
Merge pull request #1232 from lukpueh/adr0005
ADR0005: Decide on python code style guide
2020-12-04 11:24:09 +01:00
Lukas Puehringer
2385ebe7b0 Add style guide usage instructions to ADR0005
Similar instructions are in the style guide preamble, but we repeat
it here for emphasis.

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2020-12-04 10:50:36 +01:00
Lukas Puehringer
b5252fed65 ADR0005: Decide on python code style guide
Use Google style guide with refinements, because the Google style
guide is a comprehensive, well-established style guide that is
mostly based on PEP-8 and was accepted by everyone on the TUF team.

There is no need to replicate these recommendations. However, we do
provide a very slim document with additional refinements, in order
to emphasize on items the we consider especially important, want to
be handled differently, or in one specific way, where the Google
guide would allow multiple.

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Co-authored-by: Joshua Lock <jlock@vmware.com>
2020-12-04 10:39:24 +01:00
lukpueh
d3cd0cd0cd
Merge pull request #1229 from lukpueh/adr0004
ADR0004: Justify extent of OOP in metadata model
2020-12-01 08:56:01 +01:00
Lukas Puehringer
229e9df630 ADR0004: Justify extent of OOP in metadata model
Add MADR that justifies why we want to add custom classes for
complex tuf metadata attributes.

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2020-11-30 14:59:56 +01:00
lukpueh
2a376ae7a7
Merge pull request #1228 from MVrachev/fix-ci
TOX: Install securesystemslib in non-editable mode
2020-11-27 16:20:29 +01:00
Martin Vrachev
0b0e5c3aab TOX: Install securesystemslib in non-editable mode
Installing securesystemslib in editable mode leads to a problem
in sys.path where we have two "tests" packages.
By not installing securesystemslib in an editable mode we are not
adding the securesystemslib tests to sys.path.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2020-11-27 16:39:30 +02:00
lukpueh
fc4b77f92c
Merge pull request #1226 from jku/updater-close-file-object
Updater: close file object
2020-11-27 12:29:08 +01:00
lukpueh
901496dd46
Merge pull request #1220 from sechkova/adr0003
ADR0003: where to develop TUF 1.0.0
2020-11-27 12:05:58 +01:00
Teodora Sechkova
3370005e7d
ADR003: Add pros and cons of the options
Describe pros of developing TUF 1.0.0 in a subdirectory
of the current implementation against the rest of the options.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2020-11-27 12:26:52 +02:00
Teodora Sechkova
1e24977677
ADR003: describe transition to stand-alone TUF
Describe the steps for transitioning from TUF 1.0.0
in a subdirectory to stand-alone TUF 1.0.0

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2020-11-27 12:26:52 +02:00
Teodora Sechkova
3a1ec87d52
ADR0003: where to develop TUF 1.0.0
Document the outcome of #1126 to develop TUF 1.0.0
in a subdirectory of the current TUF implementation.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2020-11-27 12:26:48 +02:00
Jussi Kukkonen
6101817b4c Updater: Close temp file in exception cases
If during updater.download_target() the download succeeds but a later
check fails (e.g. BadHashError), remember to close the tempfile.

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2020-11-27 12:19:01 +02:00
Jussi Kukkonen
e54869c98c Tests: Fix first line of test server output
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2020-11-27 12:18:44 +02:00
Joshua Lock
2302f0dc57
Merge pull request #1225 from joshuagl/joshuagl/release-0.16
Prepare 0.16.0 release
2020-11-26 13:42:57 +00:00
Joshua Lock
7ff26717a1 Prepare 0.16.0 release
Update docs/CHANGELOG.md and bump version number for a 0.16.0 release

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-11-26 13:15:14 +00:00
lukpueh
e061bc6ebb
Merge pull request #1202 from joshuagl/joshuagl/updater-simplify
Simplify updater logic for downloading and verifying target files
2020-11-26 13:48:35 +01:00
Joshua Lock
372e2184e0 client: simplify loop exit logic
Simplify the loop exit logic in _get_target_file() to simply return a
verified file_object, once we have it, rather than breaking from the loop
and then returning the file_object.

This converts a use of a try/except/else to a try/except and is a little
easier to read.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-11-26 10:01:14 +00:00
Joshua Lock
e005801891
Merge pull request #1216 from MVrachev/fix-imports-and-default
Fix imports and default value for function arg
2020-11-25 16:19:09 +00:00
Joshua Lock
481496ca6d
Merge pull request #1201 from theupdateframework/dependabot/pip/certifi-2020.11.8
build(deps): bump certifi from 2020.6.20 to 2020.11.8
2020-11-25 14:37:11 +00:00
Joshua Lock
60dcb95656
Merge pull request #1219 from jku/avoid-reading-target-in-memory
Avoid reading target in memory
2020-11-25 12:07:19 +00:00
dependabot-preview[bot]
0f6a275b11
build(deps): bump certifi from 2020.6.20 to 2020.11.8
Bumps [certifi](https://github.com/certifi/python-certifi) from 2020.6.20 to 2020.11.8.
- [Release notes](https://github.com/certifi/python-certifi/releases)
- [Commits](https://github.com/certifi/python-certifi/compare/2020.06.20...2020.11.08)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-11-25 12:03:09 +00:00
Joshua Lock
fdb74bb0a1
Merge pull request #1222 from theupdateframework/dependabot/pip/cffi-1.14.4
build(deps): bump cffi from 1.14.3 to 1.14.4
2020-11-25 12:01:57 +00:00
dependabot-preview[bot]
8e4383d140
build(deps): bump cffi from 1.14.3 to 1.14.4
Bumps [cffi](https://github.com/python-cffi/release-doc) from 1.14.3 to 1.14.4.
- [Release notes](https://github.com/python-cffi/release-doc/releases)
- [Commits](https://github.com/python-cffi/release-doc/commits)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-11-25 10:41:29 +00:00
lukpueh
3050252554
Merge pull request #1203 from joshuagl/joshuagl/adr2
ADR0002: document deprecation strategy for current release series post 1.0
2020-11-24 16:49:50 +01:00
Joshua Lock
35177fbe9c ADR0002: document deprecation strategy post 1.0
Per the discussion in #1127 opt to support the old release on a best-effort
basis.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-11-24 15:26:51 +00:00
lukpueh
9f8979b7c1
Merge pull request #1218 from joshuagl/joshuagl/root-self-verify-two
Fix root self verification to only count a keyid once towards the threshold
2020-11-24 15:16:36 +01:00
Joshua Lock
83ac7be525 client: new root sigs only counted once per keyid
When verifying newly downloaded root metadata with the keys listed in the
root metadata being verified, multiple signatures with the same keyid
should not be counted towards the threshold. A keyid should only count
once towards the threshold.

This fixes the _verify_root_self_signed() method introduced in PR #1101 to
ensure that keyids are only counted once when verifying a threshold of new
root signatures.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-11-24 13:22:47 +00:00
Joshua Lock
71cb00478e tests: test that new root sigs only count once
When the updater is verifying that the new root metadata is signed by a
threshold of keys defined by the new root metadata itself, multiple
signatures with the same keyid should not be counted more than once
towards the threshold.

Implement a test for this, which currently fails.

Reported-by: Trishank Karthik Kuppusamy <trishank.kuppusamy@datadoghq.com>
Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-11-24 13:22:47 +00:00
Martin Vrachev
028d1bc9f7 Make "utils" import more definite
Currently, we are importing the "utils" module in tests/utils
with "import utils".
This could become a problem when there is another module with
the same general name "utils" and could lead to import mistakes.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2020-11-23 22:17:31 +02:00
Martin Vrachev
cf4902131e Fix empty list as a default value for function arg
This quote from the Google Python style guide made me realize
why empty list as a default value for an argument could be
dangerous:

"Default arguments are evaluated once at module load time.
This may cause problems if the argument is a mutable object
such as a list or a dictionary. If the function modifies the object
(e.g., by appending an item to a list), the default value is modified."

Read more here:
https://google.github.io/styleguide/pyguide.html#2123-cons

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2020-11-23 21:55:51 +02:00
Jussi Kukkonen
fcdae97b8a Updater: clean up _check_hashes() comments
Remove duplicate/obvious comments, tighten other comments and a logline

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2020-11-23 20:37:11 +02:00
Jussi Kukkonen
e86520a667 Updater: Avoid reading whole target file in memory
We don't want to read the whole file in memory as it can be huge. Use
digest_fileobject() instead: This way Securesystemslib will read the
file in chunks.

Securesystemslib already takes care of seeking to beginning of file.

Fixes #1215

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2020-11-23 20:37:11 +02:00
Joshua Lock
9d3ef85192
Merge pull request #1193 from sechkova/metadata-root
Add root metadata class to new TUF metadata model
2020-11-23 16:58:17 +00:00
Joshua Lock
2aae0bad69
Merge pull request #1198 from MVrachev/threads-port-generation
Tests: Use Queue for process communication which replaces tmp files and use OS for port creation
2020-11-23 15:40:19 +00:00
lukpueh
6333a4ec7a
Merge pull request #1217 from lukpueh/sort-metadata-sigs
Make metadata signatures ordered by keyid
2020-11-23 10:40:58 +01:00
Lukas Puehringer
846604a259 Make metadata signatures ordered by keyid
In 'repository_lib._generate_and_write_metadata' sort the set of
signing key keyids alphabetically before passing them on to signing
functions, to make the order in which signatures are added
deterministic.

This is above all beneficial for testing.

This commit also adds an exemplary test for signatures on root
metadata using the repository_tool interface to setup all the state
that required to test _generate_and_write_metadata.

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2020-11-19 17:42:27 +01:00
Martin Vrachev
ad9c82409d Tests: Remove "temp file" from comments
Update the comments to not mention the usage of temp file
for logging regarding the instances of the TestServerProcess class.

Also, remove one unused import.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2020-11-13 14:01:57 +02:00