backports.functools-lru-cache from 1.5 to 1.6.1
cffi from 1.13.1 to 1.13.2
python-dateutil from 2.8.0 to 2.8.1
securesystemslib from 0.12.0 to 0.12.1
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
gitpython from 3.0.3 to 3.0.4
lazy-object-proxy from 1.4.2 to 1.4.3
virtualenv from 16.7.6 to 16.7.7
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
asn1crypto from 1.1.0 to 1.2.0
astroid from 2.3.1 to 2.3.2
cffi from 1.12.3 to 1.13.1
cffi from 1.13.0 to 1.13.1
cryptography from 2.7 to 2.8
ipaddress from 1.0.22 to 1.0.23
pylint from 2.4.2 to 2.4.3
virtualenv from 16.7.5 to 16.7.6
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
The class has been removed from securesystemslib as its desirable
features are no longer required and its behavioural inconsistencies
with a standard Python file object are confusing. Therefore remove
uses of the class from TUF.
Signed-off-by: Joshua Lock <jlock@vmware.com>
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
securesystemslib PR #162 removed implicit encoding of data to bytes
in securesystemslib.keys.[create_signature|verify_signature]
Update to encode data where required.
Signed-off-by: Joshua Lock <jlock@vmware.com>
Since https://github.com/theupdateframework/tuf/pull/781 we
only provide limited protection against slow retrieval attacks.
So far this has only been discussed in above issue and hinted at
by a disabled test and a code comment in that test.
This change adds a corresponding disclaimer to a more prominent
place, i.e. the list of attacks in SECURITY.md.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Co-Authored-By: Trishank K Kuppusamy <33133073+trishankatdatadog@users.noreply.github.com>
Test that client does not rotate beyond a configured upper bound,
i.e. `current_version + MAX_NUMBER_ROOT_ROTATIONS`
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Test that a client whose root is outdated by multiple versions and
who has none of the latest nor next-to-latest root keys can still
update and does so by incrementally verifying all roots until the
most recent one.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
This commit also updates the key loader helper in
test_updater_root_rotation_integration.py to load
the new keys too.
The keys were created (at the root of the repository) like
so:
```
from tuf import repository_tool
repository_tool.generate_and_write_ed25519_keypair(
"tests/repository_data/keystore/root_key2", "password")
repository_tool.generate_and_write_ed25519_keypair(
"tests/repository_data/keystore/root_key3", "password")
```
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
- remove duplicate ROLENAME_SCHEMA and ROLEDICT_SCHEMA
- remove outdated and duplicate ROLE_SCHEMA
Note that this is a quick fix that may be overridden with
refactoring work in #660/#846.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Update astroid from 2.2.5 to 2
Update gitdb2 from 2.0.5 to 2.0.6
Update pylint from 2.3.1 to 2.4.2
Update urllib3 from 1.25.5 to 1.25.6
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>