Reasons are:
- The prompt says 2.7.3 Sep 26 2013, which makes the tutorial look
outdated
- There is another section that explains how snippets should be
executed in a Python interactive interpreter
- The only activity in the snippet is importing tuf functions and
creating a repo, both of which is done in another snippet below.
And the here created repo is not re-used
- The tutorial is long enough
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Because leading '/' is no longer allowed in target filenames in
target addition or delegation.
See https://github.com/theupdateframework/tuf/issues/639
While we're at it, remove some other unnecessary '/' characters
in repository creation and loading in the tutorial and tutorial
test.
Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
add_restricted_paths was renamed to add_path; however, this
function represents a problematic element of TUF that assumes
that roles are have a single delegator and delegatee, and that
one can refer to a role's expected keys without being concerned
about any delegation metadata....
So this is being removed from the tutorial. In time, add_paths
will either be removed or changed (to expect a delegator role
and a delegatee role, not just a delegatee role).
This comment does not do justice to the issue: please see TUF
GitHub Issue #660:
https://github.com/theupdateframework/tuf/issues/660
Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
While it may be nice, the use of a keystore/ directory for the
temporary keys created in the tutorial complicates the code a
good bit when it's done in a portable way (tons of os.path.join()
calls), and that's not worth it. It also is a slight complication
in a tutorial that profits from being as simple as possible.
Tests will be run in multiple environments (including non-Linux
environments) and to leave so many extra subdirectory uses in the
tutorial means that the tutorial test will deviate over a large
number of lines from the TUTORIAL.md content it is intended to
test, which would be bad.
This commit adjusts both the tutorial doc and the regression test
for the tutorial.
Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
- line-wraps are integrated with
190a736d297ef5d8d3c1e8761ac196666954f3a2 in #775
- sorting the value returned by `get_dirty_roles()` in
`dirty_roles()` is not necessary as `get_dirty_roles()` already
returns a sorted list per ac010337f0e154f9c183f8abe759ce26ed16731c
in #775.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
An attempt to make part of the tutorial less jarring, and reformatting
of the surrounding text to keep the lines <80 characters.
Signed-off-by: Joshua Lock <jlock@vmware.com>
Since https://github.com/theupdateframework/tuf/pull/781 we
only provide limited protection against slow retrieval attacks.
So far this has only been discussed in above issue and hinted at
by a disabled test and a code comment in that test.
This change adds a corresponding disclaimer to a more prominent
place, i.e. the list of attacks in SECURITY.md.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Co-Authored-By: Trishank K Kuppusamy <33133073+trishankatdatadog@users.noreply.github.com>
Add hint to install `coverage` before using it.
This should be installed via dev-requirements.txt, however it
does not seem to fit in there, because dev-requirements.txt pins
all its dependencies which does not seem to make sense for a
development tool.
Maybe a hierarchy of requirements.txt similar to
06a28987dc
could be established.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Add a tox build that runs tests against securesystemslib's tip of
development, i.e. master branch, to ease preparation of tuf for a
new securesystmeslib release.
The tox build is run on travis but is allowed to fail.
This commit also fleshes out the testing section of the
contribution documentation.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
and note that if errors occur while installing the optional
crypto dependencies, that the non-Python dependencies section
should be consulted.
Also adds a git clone step to the development installation
instructions in the contributors' instructions, and other
minor installation notes for contributors.
Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
- correctly frame the CLI's current state as a tutorial toy.
- provide a friendlier quickstart that puts what it's doing into
perspective and guides you to next steps.
- provide a better sense of what each tutorial/quickstart doc is
for.
- make the getting started page slightly more friendly.
Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
Add note to make clear what was implicit: that once a delegated role is created,
it can be accessed (for the same purposes as you'd access the Targets role
using `repository.targets`) as: `repository.targets("<delegated rolename>")`.
Also add that specific note to the add_targets section of the tutorial.
Note that the `repo.py --init` call also sets up a client directory.
A student recently ran into some confusion on this point, and it's not properly documented here.
- refer to the authoritative sources for the latest releases
- include new packager information
- add tasks for upcoming releases
- generalize release schedule
Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
Hi, I did the quick-start today and missed some context. This is my suggestion.
Thanks for a cool framework!
Regards Håvard
Signed-off-by: Håvard B Line <havard.line@gmail.com>
