Elgato_dark/python-tuf
1
0
Fork 0
mirror of https://github.com/theupdateframework/python-tuf synced 2026-05-24 10:08:28 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
5211 commits 28 branches 35 tags 23 MiB
Commit graph

5211 commits

This branch
This branch
All branches
Author SHA1 Message Date
Martin Vrachev
addb199100 Fix comment about SuccinctRoles zero-padding 
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
 2022-07-21 22:39:31 +03:00
Martin Vrachev
a872eb5b6d Hash bin delegation example: save versioned files 
If we have a goal of making metadata that can just be served to clients,
then these (and the parent metadata) should have versioned filenames.
Change the file names of the delegated files in the
hashed_bin_delegation.py to versioned.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
 2022-07-21 22:39:31 +03:00
Martin Vrachev
b8ea2fb9b9 Add an example script about succinct roles usage 
Add a basic example script showing all features of the succinct hash bin
delegations and the available API calls of SuccinctRoles.

The explanations are used to promote the usage of succinct hash bin
delegations by explaining it well enough so our users can understand
the API limitations and how to use them and at the same time I tried not
going into too many details of the SuccinctRoles math as its
implementation is inside tuf/api/metadata.py and there there are
explanations about that.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
 2022-07-21 22:39:31 +03:00
Martin Vrachev
bfcd3a54a2 Simplifications on hashed_bin_delegatio example 
We no longer need or use SPEC_VERSION variable defined in the
begging of the script.

Additionally, I decided to add a small addition to the "roles"
type annotation as that gives better context to the syntax highlighter
of VS code.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
 2022-07-21 22:33:46 +03:00
Lukas Pühringer
e07fa27762
Merge pull request #2050 from theupdateframework/dependabot/pip/cryptography-37.0.4 
build(deps): bump cryptography from 37.0.3 to 37.0.4
 2022-07-19 12:00:02 +02:00
Lukas Pühringer
e3ed9e156b
Merge pull request #2053 from theupdateframework/dependabot/pip/urllib3-1.26.10 
build(deps): bump urllib3 from 1.26.9 to 1.26.10
 2022-07-19 11:40:42 +02:00
Lukas Pühringer
507b6725fb
Merge pull request #2055 from theupdateframework/dependabot/pip/coverage-6.4.2 
build(deps): bump coverage from 6.4.1 to 6.4.2
 2022-07-19 11:29:04 +02:00
Lukas Pühringer
e00e854841
Merge pull request #2054 from theupdateframework/dependabot/github_actions/actions/setup-python-4.1.0 
build(deps): bump actions/setup-python from 4.0.0 to 4.1.0
 2022-07-19 11:26:37 +02:00
Lukas Pühringer
43f5db694d
Merge pull request #2057 from theupdateframework/dependabot/github_actions/actions/dependency-review-action-2.0.4 
build(deps): bump actions/dependency-review-action from 2.0.2 to 2.0.4
 2022-07-19 11:23:47 +02:00
Lukas Pühringer
2e11651151
Merge pull request #2058 from theupdateframework/dependabot/github_actions/github/codeql-action-2.1.16 
build(deps): bump github/codeql-action from 2.1.15 to 2.1.16
 2022-07-19 11:22:08 +02:00
dependabot[bot]
559136132e
build(deps): bump coverage from 6.4.1 to 6.4.2 
Bumps [coverage](https://github.com/nedbat/coveragepy) from 6.4.1 to 6.4.2.
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](https://github.com/nedbat/coveragepy/compare/6.4.1...6.4.2)

---
updated-dependencies:
- dependency-name: coverage
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-07-19 09:21:00 +00:00
Lukas Pühringer
764414aa87
Merge pull request #2059 from theupdateframework/dependabot/pip/pylint-2.14.5 
build(deps): bump pylint from 2.14.4 to 2.14.5
 2022-07-19 11:20:10 +02:00
dependabot[bot]
5f047e0bac
build(deps): bump pylint from 2.14.4 to 2.14.5 
Bumps [pylint](https://github.com/PyCQA/pylint) from 2.14.4 to 2.14.5.
- [Release notes](https://github.com/PyCQA/pylint/releases)
- [Commits](https://github.com/PyCQA/pylint/compare/v2.14.4...v2.14.5)

---
updated-dependencies:
- dependency-name: pylint
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-07-18 10:08:05 +00:00
dependabot[bot]
a49d8cbc8d
build(deps): bump github/codeql-action from 2.1.15 to 2.1.16 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.15 to 2.1.16.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](3f62b754e2...3e7e3b32d0)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-07-14 10:21:41 +00:00
dependabot[bot]
f617ae5d77
build(deps): bump actions/dependency-review-action from 2.0.2 to 2.0.4 
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 2.0.2 to 2.0.4.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](1c59cdf2a9...94145f3150)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-07-14 10:21:36 +00:00
dependabot[bot]
deb9633879
build(deps): bump actions/setup-python from 4.0.0 to 4.1.0 
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](d09bd5e600...c4e89fac7e)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-07-12 10:20:32 +00:00
Lukas Pühringer
c12be4857d
Merge pull request #2051 from abs007/patch-3 
Updated updater.py
 2022-07-12 09:34:38 +02:00
dependabot[bot]
24d14a40d6
build(deps): bump urllib3 from 1.26.9 to 1.26.10 
Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.9 to 1.26.10.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/1.26.10/CHANGES.rst)
- [Commits](https://github.com/urllib3/urllib3/compare/1.26.9...1.26.10)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-07-08 10:15:11 +00:00
Abhisman Sarkar
c9505ae3cc Updated updater.py 
Changed None to ``None`` in the docstring

Signed-off-by: Abhisman Sarkar <abhisman.sarkar@gmail.com>
 2022-07-07 08:17:39 +05:30
dependabot[bot]
bd1292f5b1
build(deps): bump cryptography from 37.0.3 to 37.0.4 
Bumps [cryptography](https://github.com/pyca/cryptography) from 37.0.3 to 37.0.4.
- [Release notes](https://github.com/pyca/cryptography/releases)
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/37.0.3...37.0.4)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-07-06 10:08:57 +00:00
Jussi Kukkonen
b5e952cee3
Merge pull request #2046 from theupdateframework/dependabot/pip/cffi-1.15.1 
build(deps): bump cffi from 1.15.0 to 1.15.1
 2022-07-04 12:18:10 +03:00
Jussi Kukkonen
b68df2ba65
Merge pull request #2035 from MVrachev/bump-spec-version 
Bump supported spec version to 1.0.30
 2022-07-04 12:07:11 +03:00
dependabot[bot]
0eafff56f0
build(deps): bump cffi from 1.15.0 to 1.15.1 
Bumps [cffi](http://cffi.readthedocs.org) from 1.15.0 to 1.15.1.

---
updated-dependencies:
- dependency-name: cffi
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-07-01 10:10:46 +00:00
Jussi Kukkonen
1aed4bd80e
Merge pull request #2033 from theupdateframework/dependabot/pip/charset-normalizer-2.1.0 
build(deps): bump charset-normalizer from 2.0.12 to 2.1.0
 2022-07-01 09:39:04 +03:00
dependabot[bot]
533bbbd5cd
build(deps): bump charset-normalizer from 2.0.12 to 2.1.0 
Bumps [charset-normalizer](https://github.com/ousret/charset_normalizer) from 2.0.12 to 2.1.0.
- [Release notes](https://github.com/ousret/charset_normalizer/releases)
- [Changelog](https://github.com/Ousret/charset_normalizer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ousret/charset_normalizer/compare/2.0.12...2.1.0)

---
updated-dependencies:
- dependency-name: charset-normalizer
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-07-01 06:32:47 +00:00
Jussi Kukkonen
a40c47ef27
Merge pull request #2044 from theupdateframework/dependabot/pip/requests-2.28.1 
build(deps): bump requests from 2.28.0 to 2.28.1
 2022-07-01 09:31:40 +03:00
Jussi Kukkonen
155a2d5a30
Merge pull request #2045 from theupdateframework/dependabot/pip/pylint-2.14.4 
build(deps): bump pylint from 2.14.3 to 2.14.4
 2022-07-01 09:29:23 +03:00
dependabot[bot]
d673b5bb61
build(deps): bump pylint from 2.14.3 to 2.14.4 
Bumps [pylint](https://github.com/PyCQA/pylint) from 2.14.3 to 2.14.4.
- [Release notes](https://github.com/PyCQA/pylint/releases)
- [Commits](https://github.com/PyCQA/pylint/compare/v2.14.3...v2.14.4)

---
updated-dependencies:
- dependency-name: pylint
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-30 11:01:13 +00:00
dependabot[bot]
89ef9d386e
build(deps): bump requests from 2.28.0 to 2.28.1 
Bumps [requests](https://github.com/psf/requests) from 2.28.0 to 2.28.1.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](https://github.com/psf/requests/compare/v2.28.0...v2.28.1)

---
updated-dependencies:
- dependency-name: requests
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-30 11:01:05 +00:00
Jussi Kukkonen
80d6e737a3
Merge pull request #2043 from theupdateframework/dependabot/github_actions/github/codeql-action-2.1.15 
build(deps): bump github/codeql-action from 2.1.14 to 2.1.15
 2022-06-29 14:53:36 +03:00
dependabot[bot]
b869320624
build(deps): bump github/codeql-action from 2.1.14 to 2.1.15 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.14 to 2.1.15.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](41a4ada31b...3f62b754e2)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-29 10:37:50 +00:00
Jussi Kukkonen
1796947059
Merge pull request #2042 from theupdateframework/dependabot/pip/black-22.6.0 
build(deps): bump black from 22.3.0 to 22.6.0
 2022-06-29 11:25:58 +03:00
Jussi Kukkonen
ff4879e7a8
Merge pull request #2036 from theupdateframework/dependabot/pip/cryptography-37.0.3 
build(deps): bump cryptography from 37.0.2 to 37.0.3
 2022-06-29 11:21:52 +03:00
dependabot[bot]
dfe51f921c
build(deps): bump black from 22.3.0 to 22.6.0 
Bumps [black](https://github.com/psf/black) from 22.3.0 to 22.6.0.
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](https://github.com/psf/black/compare/22.3.0...22.6.0)

---
updated-dependencies:
- dependency-name: black
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-28 10:07:12 +00:00
Jussi Kukkonen
8a03abfdeb
Merge pull request #2039 from MVrachev/add-test-case 
SuccinctRoles.is_delegated_role() add a test case
 2022-06-27 22:14:19 +03:00
Jussi Kukkonen
c5f74c6a9b
Merge pull request #2041 from abs007/develop 
Grammar fix
 2022-06-27 15:47:33 +03:00
Abhisman Sarkar
9f1c86f4a9 Grammar Fix 
Fixed a grammatical error in a comment in utils.py

Signed-off-by: Abhisman Sarkar <abhisman.sarkar@gmail.com>
 2022-06-27 18:09:43 +05:30
Jussi Kukkonen
db946f3ebb
Merge pull request #2037 from theupdateframework/dependabot/github_actions/github/codeql-action-2.1.14 
build(deps): bump github/codeql-action from 2.1.13 to 2.1.14
 2022-06-27 14:37:53 +03:00
Martin Vrachev
ddbbcce432 SuccinctRoles.is_delegated_role() add test case 
Add a test case when there is a bin name with the desired prefix, but
which cannot be cast to a hexadecimal number.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
 2022-06-24 16:48:56 +03:00
dependabot[bot]
fbe30683dd
build(deps): bump github/codeql-action from 2.1.13 to 2.1.14 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.13 to 2.1.14.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](d00e8c09a3...41a4ada31b)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-23 12:59:20 +00:00
dependabot[bot]
ad26b7771c
build(deps): bump cryptography from 37.0.2 to 37.0.3 
Bumps [cryptography](https://github.com/pyca/cryptography) from 37.0.2 to 37.0.3.
- [Release notes](https://github.com/pyca/cryptography/releases)
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/37.0.2...37.0.3)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-22 10:06:39 +00:00
Martin Vrachev
773e8f4d3e Bump supported spec version to 1.0.30 
Bump the supported specification version to 1.0.30 and additionally
update the generated test metadata as it has to be up to date with the
latest changes.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
 2022-06-22 12:41:39 +03:00
Lukas Pühringer
01acaa4c7b
Merge pull request #2024 from MVrachev/timestamp-eq-version 
ngclient: pick old timestamp if new.version is equal
 2022-06-22 10:51:14 +02:00
Jussi Kukkonen
46eb5a0169
Merge pull request #2028 from theupdateframework/dependabot/pip/certifi-2022.6.15 
build(deps): bump certifi from 2022.5.18.1 to 2022.6.15
 2022-06-22 11:33:36 +03:00
Jussi Kukkonen
7151ef514b
Merge pull request #2032 from theupdateframework/dependabot/pip/pylint-2.14.3 
build(deps): bump pylint from 2.14.2 to 2.14.3
 2022-06-22 11:18:39 +03:00
Jussi Kukkonen
b52ef0bcbb
Merge pull request #2034 from theupdateframework/dependabot/github_actions/github/codeql-action-2.1.13 
build(deps): bump github/codeql-action from 2.1.12 to 2.1.13
 2022-06-22 11:11:22 +03:00
Martin Vrachev
5fd3ddccbc ngclient: pick old timestamp if new.ver is equal 
In the spec version 1.0.30, a new change has been added considering what
should happen if there is a new timestamp with the same version.
It says the following:
"In case they [versions] are equal, discard the new
timestamp metadata and abort the update cycle.
This is normal and it shouldn't raise any error."

In other words, if there is a new timestamp with the same version, then
stop the update process and use the old timestamp.

Those changes reflect these latest specification modifications.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
 2022-06-21 14:52:31 +03:00
dependabot[bot]
efc530a932
build(deps): bump github/codeql-action from 2.1.12 to 2.1.13 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.12 to 2.1.13.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](27ea8f8fe5...d00e8c09a3)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-21 10:21:08 +00:00
dependabot[bot]
6f07897be2
build(deps): bump pylint from 2.14.2 to 2.14.3 
Bumps [pylint](https://github.com/PyCQA/pylint) from 2.14.2 to 2.14.3.
- [Release notes](https://github.com/PyCQA/pylint/releases)
- [Commits](https://github.com/PyCQA/pylint/compare/v2.14.2...v2.14.3)

---
updated-dependencies:
- dependency-name: pylint
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-20 10:07:54 +00:00
Jussi Kukkonen
39f03ac8b1
Merge pull request #2029 from theupdateframework/dependabot/github_actions/actions/dependency-review-action-2.0.2 
build(deps): bump actions/dependency-review-action from 2.0.0 to 2.0.2
 2022-06-20 12:27:50 +03:00