E3E
1a4d870aad
add back in: # type: ignore
...
Signed-off-by: E3E <ntanzill@purdue.edu>
2024-02-20 00:44:58 -05:00
E3E
206c9424f1
Add to linting Configuration:
...
- adpot changes in dependabot.yml and remove --diff from ruff check.
- select pydocstyle, isort, pyflakes, pep8-naming, pycodestyle for ruff and ignore some small issues / add inline comments.
- adjust docstring length to 80 in various files
Signed-off-by: E3E <ntanzill@purdue.edu>
2024-02-20 00:34:47 -05:00
dependabot[bot]
63eaf0386f
build(deps): bump the dependencies group with 2 updates
...
Bumps the dependencies group with 2 updates: [cryptography](https://github.com/pyca/cryptography ) and [urllib3](https://github.com/urllib3/urllib3 ).
Updates `cryptography` from 42.0.2 to 42.0.3
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/42.0.2...42.0.3 )
Updates `urllib3` from 2.2.0 to 2.2.1
- [Release notes](https://github.com/urllib3/urllib3/releases )
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst )
- [Commits](https://github.com/urllib3/urllib3/compare/2.2.0...2.2.1 )
---
updated-dependencies:
- dependency-name: cryptography
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: dependencies
- dependency-name: urllib3
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-02-19 21:42:31 +00:00
E3E
cd543c9947
add ruff format and format 2 files
...
Signed-off-by: E3E <ntanzill@purdue.edu>
2024-02-18 00:38:05 -05:00
E3E
4a53013548
use correct ruff command and add ignore unused imports
...
Signed-off-by: E3E <ntanzill@purdue.edu>
2024-02-18 00:17:33 -05:00
E3E
e379507e63
replace black and isort for ruff. I still haven't replaced ruff with pylint
...
Signed-off-by: E3E <ntanzill@purdue.edu>
2024-02-16 23:56:08 -05:00
Jussi Kukkonen
8f95162b27
Merge pull request from GHSA-77hh-43cm-v8j6
...
Metadata API: Fix role lookup for succinct delegation
2024-02-16 10:43:15 +02:00
Jussi Kukkonen
6902c9d61c
Merge pull request #2555 from theupdateframework/dependabot/pip/test-and-lint-dependencies-1f78fe719d
...
build(deps): bump the test-and-lint-dependencies group with 1 update
2024-02-13 09:08:01 +02:00
Jussi Kukkonen
c2351ea290
Merge pull request #2556 from theupdateframework/dependabot/github_actions/action-dependencies-5ec46a7f91
...
build(deps): bump the action-dependencies group with 2 updates
2024-02-13 09:03:58 +02:00
dependabot[bot]
21061fc239
build(deps): bump the action-dependencies group with 2 updates
...
Bumps the action-dependencies group with 2 updates: [actions/upload-artifact](https://github.com/actions/upload-artifact ) and [actions/download-artifact](https://github.com/actions/download-artifact ).
Updates `actions/upload-artifact` from 4.3.0 to 4.3.1
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](26f96dfa69...5d5d22a312 )
Updates `actions/download-artifact` from 4.1.1 to 4.1.2
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](6b208ae046...eaceaf801f )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: action-dependencies
- dependency-name: actions/download-artifact
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: action-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-02-12 21:39:13 +00:00
dependabot[bot]
6ec61e58b9
build(deps): bump the test-and-lint-dependencies group with 1 update
...
Bumps the test-and-lint-dependencies group with 1 update: [black](https://github.com/psf/black ).
Updates `black` from 24.1.1 to 24.2.0
- [Release notes](https://github.com/psf/black/releases )
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md )
- [Commits](https://github.com/psf/black/compare/24.1.1...24.2.0 )
---
updated-dependencies:
- dependency-name: black
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: test-and-lint-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-02-12 21:23:12 +00:00
Jussi Kukkonen
eb4834d920
Metadata API: Fix role lookup for succinct delegation
...
get_delegated_role() should not return a Role if the rolename is not
a delegated role. This is already true for "normal" DelegatedRole but
was not actually verified for SuccinctRoles.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-02-11 14:30:24 +02:00
Jussi Kukkonen
2aec25e729
tests: Add test for Delegations.get_delegated_role()
...
This test currently fails for SuccinctRoles.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-02-11 14:30:24 +02:00
Jussi Kukkonen
14a93d1875
Merge pull request #2553 from theupdateframework/dependabot/pip/dependencies-6a84798097
...
build(deps): bump the dependencies group with 3 updates
2024-02-08 11:07:32 +02:00
dependabot[bot]
74ec860c3b
build(deps): bump the dependencies group with 3 updates
...
Bumps the dependencies group with 3 updates: [certifi](https://github.com/certifi/python-certifi ), [cryptography](https://github.com/pyca/cryptography ) and [urllib3](https://github.com/urllib3/urllib3 ).
Updates `certifi` from 2023.11.17 to 2024.2.2
- [Commits](https://github.com/certifi/python-certifi/compare/2023.11.17...2024.02.02 )
Updates `cryptography` from 42.0.1 to 42.0.2
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/42.0.1...42.0.2 )
Updates `urllib3` from 2.1.0 to 2.2.0
- [Release notes](https://github.com/urllib3/urllib3/releases )
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst )
- [Commits](https://github.com/urllib3/urllib3/compare/2.1.0...2.2.0 )
---
updated-dependencies:
- dependency-name: certifi
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: dependencies
- dependency-name: cryptography
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: dependencies
- dependency-name: urllib3
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-02-05 21:12:53 +00:00
Jussi Kukkonen
be55b871da
Merge pull request #2551 from jku/improve-verification-result
...
Improve verification results
2024-02-05 20:08:39 +02:00
Jussi Kukkonen
14edf3d044
tests: Add VerificationResult tests
...
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-02-05 15:26:31 +02:00
Jussi Kukkonen
bfea673893
tests: Update the root verification tests
...
Change tests so the previous root version is what the code expects.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-02-05 15:12:44 +02:00
Jussi Kukkonen
161c3e35ad
Metadata API: Add VerificationResult.missing
...
This is helper to tell how many signatures are still required.
Also change the order of Roots given to RootVerificationResult
(this way first is version N, second is version N+1).
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-02-05 15:01:46 +02:00
Jussi Kukkonen
b158c0852d
Metadata API: Make sanity checks in root verification
...
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-02-05 14:36:05 +02:00
Jussi Kukkonen
42d3a75787
Metadata API: Improve docs for RootVerificationResult
...
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-02-05 13:56:57 +02:00
Jussi Kukkonen
f60fb4abc8
Metadata API: Tweak get_root_verification_result args
...
Change the "other" argument to optional "previous" and
handle the None case in code.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-02-05 13:51:28 +02:00
Jussi Kukkonen
b8dbe307db
examples: Use verification results in repo example
...
This is an example of using the verification resutls in a repository.
The only remaining tricky part is in _get_verification_result():
* has to figure out the delegating metadata (something we currently
cannot provide in repository.Repository for the general case)
* Needs a special case for first root
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-02-03 17:10:12 +02:00
Jussi Kukkonen
26bdbbe20c
Metadata API: Simplify verify_delegate()
...
Now that VerificationResult has threshold, this can be simpler.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-02-02 11:04:01 +02:00
Jussi Kukkonen
dc11afc62e
Metadata API: Workaround for Python <3.9
...
dict unions are only supported in 3.9.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-02-02 11:02:27 +02:00
Jussi Kukkonen
3ab89c56da
Merge pull request #2547 from theupdateframework/dependabot/pip/test-and-lint-dependencies-de1c361fbc
2024-02-01 22:16:12 +02:00
Jussi Kukkonen
f72edc54bc
Linter fixes from new black
...
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-02-01 22:10:31 +02:00
Nicholas Tanzillo
af4beb1cb3
increase default network timeout ( #2542 )
...
* Increase default network timeout
* trying to defend against slow retrieval attacks in a generic library is impossible
but too low timeouts mean failures in high latency systems (like tests running
on CI).
Signed-off-by: E3E <ntanzill@purdue.edu>
2024-02-01 22:06:26 +02:00
Jussi Kukkonen
3f896c0cfb
Merge pull request #2549 from theupdateframework/dependabot/github_actions/action-dependencies-0f5d477bc4
...
build(deps): bump the action-dependencies group with 1 update
2024-02-01 22:00:09 +02:00
Jussi Kukkonen
cd0fd5c2ff
tests: Add tests for root verification
...
This does much the same tests as test_signed_get_verification_result()
above it does, just using two root roles.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-02-01 21:13:29 +02:00
Jussi Kukkonen
506b40d93d
tests: Update to new VerificationResult
...
Changes are
* expected result changes (like the handling of keyids without keys)
* test refactoring to have access to the Key
* Removal of union test
* use the fact that VerificationResult is Truthy in asserts
(to get 1 more line of coverage)
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-02-01 21:13:29 +02:00
Jussi Kukkonen
368bee8228
Metadata API: Implement RootVerificationResult
...
This is a thin wrapper over two VerificationResults:
useful when verifying root signatures.
Now the API for getting verification results for root and
the API for getting the results for other metadata is different.
Client use cases can continue using verify_delegate() so should not
be affected.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-02-01 21:13:29 +02:00
Jussi Kukkonen
03a1caa1a8
Metadata API: Refactor VerificationResult
...
This is an API break as VerificationResult changes:
* Now contains threshold
* Now contains Keys and not just keyids
Note that there is a small edge case functionality change:
* if the role does not have a key for the keyid, then we no longer
include that key in "unsigned"
I think that is an acceptable change.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-02-01 18:26:03 +02:00
Jussi Kukkonen
dfd2906302
Merge pull request #2546 from theupdateframework/dependabot/pip/build-and-release-dependencies-cdf6c30bf5
...
build(deps): bump the build-and-release-dependencies group with 1 update
2024-01-30 10:15:28 +02:00
Jussi Kukkonen
0de814bf2b
Merge pull request #2548 from theupdateframework/dependabot/pip/dependencies-5a0ba54c73
...
build(deps): bump the dependencies group with 1 update
2024-01-30 10:15:03 +02:00
dependabot[bot]
60bb1d6f69
build(deps): bump the action-dependencies group with 1 update
...
Bumps the action-dependencies group with 1 update: [actions/upload-artifact](https://github.com/actions/upload-artifact ).
Updates `actions/upload-artifact` from 4.2.0 to 4.3.0
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](694cdabd8b...26f96dfa69 )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: action-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-01-29 21:47:11 +00:00
dependabot[bot]
2016f24643
build(deps): bump the dependencies group with 1 update
...
Bumps the dependencies group with 1 update: [cryptography](https://github.com/pyca/cryptography ).
Updates `cryptography` from 41.0.7 to 42.0.1
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/41.0.7...42.0.1 )
---
updated-dependencies:
- dependency-name: cryptography
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-01-29 21:16:26 +00:00
dependabot[bot]
bf01350836
build(deps): bump the test-and-lint-dependencies group with 3 updates
...
Bumps the test-and-lint-dependencies group with 3 updates: [coverage](https://github.com/nedbat/coveragepy ), [black](https://github.com/psf/black ) and [bandit](https://github.com/PyCQA/bandit ).
Updates `coverage` from 7.4.0 to 7.4.1
- [Release notes](https://github.com/nedbat/coveragepy/releases )
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst )
- [Commits](https://github.com/nedbat/coveragepy/compare/7.4.0...7.4.1 )
Updates `black` from 23.12.1 to 24.1.1
- [Release notes](https://github.com/psf/black/releases )
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md )
- [Commits](https://github.com/psf/black/compare/23.12.1...24.1.1 )
Updates `bandit` from 1.7.6 to 1.7.7
- [Release notes](https://github.com/PyCQA/bandit/releases )
- [Commits](https://github.com/PyCQA/bandit/compare/1.7.6...1.7.7 )
---
updated-dependencies:
- dependency-name: coverage
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: test-and-lint-dependencies
- dependency-name: black
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: test-and-lint-dependencies
- dependency-name: bandit
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: test-and-lint-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-01-29 21:14:19 +00:00
dependabot[bot]
959e5f7ce3
build(deps): bump the build-and-release-dependencies group with 1 update
...
Bumps the build-and-release-dependencies group with 1 update: [hatchling](https://github.com/pypa/hatch ).
Updates `hatchling` from 1.21.0 to 1.21.1
- [Release notes](https://github.com/pypa/hatch/releases )
- [Commits](https://github.com/pypa/hatch/compare/hatchling-v1.21.0...hatchling-v1.21.1 )
---
updated-dependencies:
- dependency-name: hatchling
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: build-and-release-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-01-29 21:12:47 +00:00
Jussi Kukkonen
aec57af4f8
Merge pull request #2545 from theupdateframework/dependabot/github_actions/action-dependencies-61aaf34304
...
build(deps): bump the action-dependencies group with 2 updates
2024-01-23 10:48:52 +02:00
dependabot[bot]
ef913dc364
build(deps): bump the action-dependencies group with 2 updates
...
Bumps the action-dependencies group with 2 updates: [actions/upload-artifact](https://github.com/actions/upload-artifact ) and [actions/dependency-review-action](https://github.com/actions/dependency-review-action ).
Updates `actions/upload-artifact` from 4.1.0 to 4.2.0
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](1eb3cb2b3e...694cdabd8b )
Updates `actions/dependency-review-action` from 3 to 4
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](https://github.com/actions/dependency-review-action/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: action-dependencies
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: action-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-01-22 21:43:32 +00:00
Jussi Kukkonen
bbe2ca84a9
Merge pull request #2543 from theupdateframework/dependabot/github_actions/action-dependencies-515e419fdb
...
build(deps): bump the action-dependencies group with 2 updates
2024-01-16 10:11:14 +02:00
dependabot[bot]
8c70971dea
build(deps): bump the action-dependencies group with 2 updates
...
Bumps the action-dependencies group with 2 updates: [actions/upload-artifact](https://github.com/actions/upload-artifact ) and [actions/download-artifact](https://github.com/actions/download-artifact ).
Updates `actions/upload-artifact` from 4.0.0 to 4.1.0
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](c7d193f32e...1eb3cb2b3e )
Updates `actions/download-artifact` from 4.1.0 to 4.1.1
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](f44cd7b40b...6b208ae046 )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: action-dependencies
- dependency-name: actions/download-artifact
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: action-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-01-15 21:46:10 +00:00
Lukas Pühringer
69a07373ab
Merge pull request #2541 from lukpueh/fix-verify_release-build
...
build: constrain version in verify_release script
2024-01-12 10:59:32 +01:00
Lukas Puehringer
73cf25efe8
build: constrain version in verify_release script
...
In #2528 we added a workaround in cd.yml, which allows pinning the
build backend version AND having Dependabot autodupates for it.
This workaround also needs to be applied verify_release for reproducible
builds verification.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2024-01-11 16:26:29 +01:00
Jussi Kukkonen
e3dc0953ee
Merge pull request #2540 from theupdateframework/dependabot/pip/test-and-lint-dependencies-263ca8bcb0
...
build(deps): bump the test-and-lint-dependencies group with 1 update
2024-01-02 10:38:47 +02:00
dependabot[bot]
a924f2b886
build(deps): bump the test-and-lint-dependencies group with 1 update
...
Bumps the test-and-lint-dependencies group with 1 update: [coverage](https://github.com/nedbat/coveragepy ).
Updates `coverage` from 7.3.4 to 7.4.0
- [Release notes](https://github.com/nedbat/coveragepy/releases )
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst )
- [Commits](https://github.com/nedbat/coveragepy/compare/7.3.4...7.4.0 )
---
updated-dependencies:
- dependency-name: coverage
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: test-and-lint-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-01-01 21:05:46 +00:00
Jussi Kukkonen
3f822a80e5
Merge pull request #2538 from theupdateframework/dependabot/pip/test-and-lint-dependencies-ea336aa95c
...
build(deps): bump the test-and-lint-dependencies group with 3 updates
2023-12-26 11:39:55 +02:00
dependabot[bot]
07f94f2154
build(deps): bump the test-and-lint-dependencies group with 3 updates
...
Bumps the test-and-lint-dependencies group with 3 updates: [coverage](https://github.com/nedbat/coveragepy ), [black](https://github.com/psf/black ) and [mypy](https://github.com/python/mypy ).
Updates `coverage` from 7.3.3 to 7.3.4
- [Release notes](https://github.com/nedbat/coveragepy/releases )
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst )
- [Commits](https://github.com/nedbat/coveragepy/compare/7.3.3...7.3.4 )
Updates `black` from 23.12.0 to 23.12.1
- [Release notes](https://github.com/psf/black/releases )
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md )
- [Commits](https://github.com/psf/black/compare/23.12.0...23.12.1 )
Updates `mypy` from 1.7.1 to 1.8.0
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md )
- [Commits](https://github.com/python/mypy/compare/v1.7.1...v1.8.0 )
---
updated-dependencies:
- dependency-name: coverage
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: test-and-lint-dependencies
- dependency-name: black
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: test-and-lint-dependencies
- dependency-name: mypy
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: test-and-lint-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-12-25 21:03:19 +00:00
Jussi Kukkonen
a2a5d71818
Merge pull request #2537 from theupdateframework/dependabot/github_actions/action-dependencies-03d6f0ee26
...
build(deps): bump the action-dependencies group with 1 update
2023-12-20 16:35:53 +02:00