Commit graph

6224 commits

Author SHA1 Message Date
Satvik Vemuganti
363a320932 Merge branch 'develop' of github.com:VickyMerzOwn/python-tuf into develop 2023-08-16 06:15:10 +05:30
Satvik Vemuganti
ad117d9579 enhancement: Adds from_data() method to MetaFile
Signed-off-by: Satvik Vemuganti <vemugantisesha@iitbhilai.ac.in>
2023-08-16 06:08:34 +05:30
Jussi Kukkonen
016e16c1a9
Merge pull request #2446 from theupdateframework/dependabot/github_actions/actions/dependency-review-action-3.0.8
build(deps): bump actions/dependency-review-action from 3.0.7 to 3.0.8
2023-08-15 16:17:49 +03:00
Jussi Kukkonen
5afc4c825f
Merge pull request #2445 from theupdateframework/dependabot/github_actions/github/codeql-action-2.21.4
build(deps): bump github/codeql-action from 2.21.3 to 2.21.4
2023-08-15 16:17:05 +03:00
dependabot[bot]
69568c52fa
build(deps): bump actions/dependency-review-action from 3.0.7 to 3.0.8
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 3.0.7 to 3.0.8.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](7d90b4f05f...f6fff72a32)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-08-15 10:08:36 +00:00
dependabot[bot]
11c67cc04d
build(deps): bump github/codeql-action from 2.21.3 to 2.21.4
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.3 to 2.21.4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](5b6282e01c...a09933a12a)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-08-15 10:08:34 +00:00
Satvik Vemuganti
8df79be84c enhancement: Adds from_data() method to MetaFile
Signed-off-by: Satvik Vemuganti <vemugantisesha@iitbhilai.ac.in>
2023-08-14 17:58:09 +05:30
Jussi Kukkonen
44632b4866
Merge pull request #2441 from theupdateframework/dependabot/github_actions/pypa/gh-action-pypi-publish-1.8.10
build(deps): bump pypa/gh-action-pypi-publish from 1.8.8 to 1.8.10
2023-08-11 14:20:59 +03:00
Jussi Kukkonen
bb8663aced
Merge pull request #2437 from theupdateframework/dependabot/github_actions/actions/dependency-review-action-3.0.7
build(deps): bump actions/dependency-review-action from 3.0.6 to 3.0.7
2023-08-11 13:50:07 +03:00
dependabot[bot]
7f1b4f372b
build(deps): bump pypa/gh-action-pypi-publish from 1.8.8 to 1.8.10
Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) from 1.8.8 to 1.8.10.
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases)
- [Commits](f8c70e705f...b7f401de30)

---
updated-dependencies:
- dependency-name: pypa/gh-action-pypi-publish
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-08-11 10:38:06 +00:00
Jussi Kukkonen
ab2ca04139
Merge pull request #2440 from theupdateframework/dependabot/pip/mypy-1.5.0
build(deps): bump mypy from 1.3.0 to 1.5.0
2023-08-11 13:32:15 +03:00
dependabot[bot]
3a03633510
build(deps): bump mypy from 1.3.0 to 1.5.0
Bumps [mypy](https://github.com/python/mypy) from 1.3.0 to 1.5.0.
- [Commits](https://github.com/python/mypy/compare/v1.3.0...v1.5.0)

---
updated-dependencies:
- dependency-name: mypy
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-08-11 10:19:02 +00:00
Jussi Kukkonen
d83a391ec3
Merge pull request #2435 from theupdateframework/dependabot/github_actions/github/codeql-action-2.21.3
build(deps): bump github/codeql-action from 2.21.2 to 2.21.3
2023-08-11 12:34:11 +03:00
dependabot[bot]
52b8c685e0
build(deps): bump actions/dependency-review-action from 3.0.6 to 3.0.7
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 3.0.6 to 3.0.7.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](1360a344cc...7d90b4f05f)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-08-10 10:47:08 +00:00
dependabot[bot]
e11fe641ac
build(deps): bump github/codeql-action from 2.21.2 to 2.21.3
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.2 to 2.21.3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](0ba4244466...5b6282e01c)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-08-09 10:10:30 +00:00
Lukas Pühringer
a6fb0d7ddd
Merge pull request #2434 from theupdateframework/dependabot/pip/cryptography-41.0.3
build(deps): bump cryptography from 41.0.2 to 41.0.3
2023-08-03 14:02:58 +02:00
dependabot[bot]
280feaa75c
build(deps): bump cryptography from 41.0.2 to 41.0.3
Bumps [cryptography](https://github.com/pyca/cryptography) from 41.0.2 to 41.0.3.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/41.0.2...41.0.3)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-08-02 10:01:59 +00:00
Lukas Puehringer
15dd931609 Metadata API: make new verify_delegate unaware of Metadata
Change new _Delegator.verify_delegate to take payload bytes and
signatures instead of a Metadata object and a payload serializer.

This allows using verify_delegate for payloads that do not come in
a Metadata container, but e.g. in a DSSE envelope (see #2385).

Usage becomes a bit more cumbersome, but still feels reasonable with the
recently added shortcut for default canonical bytes representation of
Metadata.signed.

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2023-08-01 15:31:59 +02:00
Lukas Puehringer
fc6c91a711 Metadata API: add Metadata.signed_bytes property
- Add shortcut to canonical json representation of self.signed
- Use in tests and Metadata.sign
- Do not use in _Delegator.verify_delegate (will be updated in subsequent
  commit).

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2023-08-01 15:28:12 +02:00
Jussi Kukkonen
635a2870bd Metadata API: Bump deprecation version to next likely candidate
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-08-01 13:08:13 +02:00
Jussi Kukkonen
e51c0beee3 tests: Move lint disable to inside block as intended
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-08-01 13:08:13 +02:00
Jussi Kukkonen
ca6434b081 Metadata API: Improve docstrings
Remove duplicate docstrings: these are already documented in
_DelegatorMixin and sphinx will find them there.

Tweak a few other strings to remove duplication in the sentence.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>

Metadata API: Improve dosctrings

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-08-01 13:08:13 +02:00
Jussi Kukkonen
0184edcab1 Metadata API: Annotation syntax tweak
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-08-01 13:08:13 +02:00
Jussi Kukkonen
2ace345afe metadata: Rename _Delegator to _DelegatorMixin
Make it clearer that this is not part of the main inheritance path.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-08-01 13:08:13 +02:00
Jussi Kukkonen
a69ddf1f04 ngclient,tests,examples: Use new verify_delegate()
Avoid Metadata.verify_delegate() now that it's deprecated.

Note that this commit does not try to make any code cleanups
that are now possible: this is the minimal change to use the new
API.

Future improvements can make code in TrustedMetadataSet and
Updater slightly easier to read: as an example there's no need for
TrustedMetadataSet to actually store or expose actual Metadata in its
cache -- Signed is all that's needed.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-08-01 13:08:13 +02:00
Jussi Kukkonen
55f6824c24 Move verify_delegate() to Root/Targets
This makes logical sense and makes a lot of code using
verify_delegate() a little easier since there is no need to keep a
reference to the containing metadata anymore.

The implementation is in practice in a new class but that's an
implementation detail that allows sharing between Targets and Root.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-08-01 13:08:13 +02:00
Jussi Kukkonen
12d0c3cd1e
Merge pull request #2432 from theupdateframework/dependabot/github_actions/github/codeql-action-2.21.2
build(deps): bump github/codeql-action from 2.21.1 to 2.21.2
2023-07-31 20:48:20 +03:00
dependabot[bot]
34507c46ae
build(deps): bump github/codeql-action from 2.21.1 to 2.21.2
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.1 to 2.21.2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](6ca1aa8c19...0ba4244466)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-07-31 10:57:23 +00:00
Jussi Kukkonen
9a2c2c59d2
Merge pull request #2430 from theupdateframework/dependabot/pip/pylint-2.17.5
build(deps): bump pylint from 2.17.4 to 2.17.5
2023-07-27 13:37:42 +03:00
Jussi Kukkonen
671142087f
Merge pull request #2431 from theupdateframework/dependabot/github_actions/github/codeql-action-2.21.1
build(deps): bump github/codeql-action from 2.21.0 to 2.21.1
2023-07-27 13:36:44 +03:00
dependabot[bot]
f17c3b13ac
build(deps): bump github/codeql-action from 2.21.0 to 2.21.1
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.0 to 2.21.1.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](1813ca74c3...6ca1aa8c19)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-07-27 10:09:15 +00:00
dependabot[bot]
7e3307cf7e
build(deps): bump pylint from 2.17.4 to 2.17.5
Bumps [pylint](https://github.com/pylint-dev/pylint) from 2.17.4 to 2.17.5.
- [Release notes](https://github.com/pylint-dev/pylint/releases)
- [Commits](https://github.com/pylint-dev/pylint/compare/v2.17.4...v2.17.5)

---
updated-dependencies:
- dependency-name: pylint
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-07-26 10:10:44 +00:00
Jussi Kukkonen
11801fff88
Merge pull request #2429 from theupdateframework/dependabot/pip/requirements/certifi-2023.7.22
build(deps): bump certifi from 2023.5.7 to 2023.7.22 in /requirements
2023-07-26 09:53:03 +03:00
dependabot[bot]
3d8d8e97d5
build(deps): bump certifi from 2023.5.7 to 2023.7.22 in /requirements
Bumps [certifi](https://github.com/certifi/python-certifi) from 2023.5.7 to 2023.7.22.
- [Commits](https://github.com/certifi/python-certifi/compare/2023.05.07...2023.07.22)

---
updated-dependencies:
- dependency-name: certifi
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-07-25 23:04:21 +00:00
Jussi Kukkonen
ea253de53b
Merge pull request #2426 from theupdateframework/dependabot/pip/urllib3-2.0.4
build(deps): bump urllib3 from 2.0.3 to 2.0.4
2023-07-24 09:45:02 +03:00
Jussi Kukkonen
2077ee269f
Merge pull request #2427 from theupdateframework/dependabot/github_actions/github/codeql-action-2.21.0
build(deps): bump github/codeql-action from 2.20.4 to 2.21.0
2023-07-24 09:44:22 +03:00
dependabot[bot]
9ae7c20760
build(deps): bump github/codeql-action from 2.20.4 to 2.21.0
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.20.4 to 2.21.0.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](489225d82a...1813ca74c3)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-07-20 10:30:25 +00:00
dependabot[bot]
ce43204729
build(deps): bump urllib3 from 2.0.3 to 2.0.4
Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.0.3 to 2.0.4.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](https://github.com/urllib3/urllib3/compare/2.0.3...2.0.4)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-07-20 10:21:42 +00:00
Lukas Pühringer
3262767aec
Merge pull request #2423 from theupdateframework/dependabot/github_actions/actions/setup-python-4.7.0
build(deps): bump actions/setup-python from 4.6.1 to 4.7.0
2023-07-17 14:02:29 +02:00
Lukas Pühringer
9e18fd733d
Merge pull request #2422 from theupdateframework/dependabot/github_actions/pypa/gh-action-pypi-publish-1.8.8
build(deps): bump pypa/gh-action-pypi-publish from 1.8.7 to 1.8.8
2023-07-17 13:52:45 +02:00
Lukas Pühringer
1a664344a2
Merge pull request #2419 from theupdateframework/dependabot/pip/charset-normalizer-3.2.0
build(deps): bump charset-normalizer from 3.1.0 to 3.2.0
2023-07-17 13:47:27 +02:00
Lukas Pühringer
3ab6214892
Merge pull request #2425 from theupdateframework/dependabot/github_actions/github/codeql-action-2.20.4
build(deps): bump github/codeql-action from 2.20.1 to 2.20.4
2023-07-17 13:34:38 +02:00
dependabot[bot]
557f2345bb
build(deps): bump charset-normalizer from 3.1.0 to 3.2.0
Bumps [charset-normalizer](https://github.com/Ousret/charset_normalizer) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/Ousret/charset_normalizer/releases)
- [Changelog](https://github.com/Ousret/charset_normalizer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Ousret/charset_normalizer/compare/3.1.0...3.2.0)

---
updated-dependencies:
- dependency-name: charset-normalizer
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-07-17 11:12:27 +00:00
Lukas Pühringer
77d810d119
Merge pull request #2421 from theupdateframework/dependabot/pip/cryptography-41.0.2
build(deps): bump cryptography from 41.0.1 to 41.0.2
2023-07-17 13:11:30 +02:00
Lukas Pühringer
5be55a8f16
Merge pull request #2420 from theupdateframework/dependabot/pip/black-23.7.0
build(deps): bump black from 23.3.0 to 23.7.0
2023-07-17 13:08:03 +02:00
dependabot[bot]
c6c9644a1f
build(deps): bump github/codeql-action from 2.20.1 to 2.20.4
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.20.1 to 2.20.4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](f6e388ebf0...489225d82a)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-07-17 10:55:18 +00:00
dependabot[bot]
44dbf4bc02
build(deps): bump actions/setup-python from 4.6.1 to 4.7.0
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.6.1 to 4.7.0.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](bd6b4b6205...61a6322f88)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-07-14 10:23:57 +00:00
dependabot[bot]
459c865d44
build(deps): bump pypa/gh-action-pypi-publish from 1.8.7 to 1.8.8
Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) from 1.8.7 to 1.8.8.
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases)
- [Commits](f5622bde02...f8c70e705f)

---
updated-dependencies:
- dependency-name: pypa/gh-action-pypi-publish
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-07-12 10:49:20 +00:00
dependabot[bot]
6249a37ffd
build(deps): bump cryptography from 41.0.1 to 41.0.2
Bumps [cryptography](https://github.com/pyca/cryptography) from 41.0.1 to 41.0.2.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/41.0.1...41.0.2)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-07-11 10:41:31 +00:00
dependabot[bot]
97aa5fc6cd
build(deps): bump black from 23.3.0 to 23.7.0
Bumps [black](https://github.com/psf/black) from 23.3.0 to 23.7.0.
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](https://github.com/psf/black/compare/23.3.0...23.7.0)

---
updated-dependencies:
- dependency-name: black
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-07-11 10:41:26 +00:00