The big change is runtime update from nodejs 12 to nodejs 16: does not
seem to affect us.
Dependabot got confused so this update is done manually to v6.0.0
release commit:
https://github.com/actions/github-script/releases/tag/v6.0.0
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
As described in #1249 requirements-pinned.txt is automatically
updated by Dependabot on version updates, but not if transitive
dependencies are added or removed.
This patch removes the no longer required transient dependency six,
following a run of pip-compile for all supported Python versions.
No other dependency changes were detected, nor were there different
dependencies in different Python versions, requiring env markers
in the requirements file.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
The Document formats section (chapter 4) of the
specification says the following:
"All of the formats described below include the ability to add more
attribute-value fields to objects for backward-compatible format
changes. Implementers who encounter undefined attribute-value pairs in
the format must include the data when calculating hashes or verifying
signatures and must preserve the data when re-serializing."
I initially thought it's applicable only to the SIGNED fields as
"undefined attribute-value pairs in the format must include the data
when calculating hashes or verifying signatures"
This doesn't mean that the sentence before that excludes "Metadata" as a
possible place for additional fields.
The other maintainers agreed with me and we are going to add support for
'unrecognized_fields" inside "Metadata".
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
This change shortens line lengths that exceed the requiremets and
adds more clarification on methods where the short message is not
complete enough
Signed-off-by: Ivana Atanasova <iyovcheva@vmware.com>
This change unifies common wording in the docstrings library of
ngclient, like "Args" vs. "Arguments"
Signed-off-by: Ivana Atanasova <iyovcheva@vmware.com>
This change updates the docstrings library of ngclient with no
article for all Args in order to be unified amongst all python-tuf
docstrings
Signed-off-by: Ivana Atanasova <iyovcheva@vmware.com>
This change updates the docstrings library of ngclient with
unified double backtick quoting for better readability
Signed-off-by: Ivana Atanasova <iyovcheva@vmware.com>
There is no need to copy "case_dict" inside serialization test
functions in test_metadata_serialization.py when we are testing
invalid arguments.
These dictionaries are not be used after calling "from_dict" and
it doesn't matter if they are empty afterward.
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
Move the duplicating signatures tests from test_metadata_base function
in test_api.py into test_metadata_serialization.py.
This is a more logical place to store this test case as
test_metadata_base is actually focused on testing
Metadata.signed.is_expired.
That also is the reason why I renamed test_metadata_base to
test_metadata_signed_is_expired.
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
As discussed in detail in #1793, maintainer-level (GitHub)
permissions should be granted to those who need them, i.e. who
actively maintain the project at the moment.
The MAINTAINERS.txt file should reflect that state.
It will be reviewed regularly (#1803), and can be changed (e.g.
reverted to a prior state) at any time as need arises.
To express our appreciation for past efforts, we might use the
Acknowledgement section of the README, and also update it
regularly.
In the case of this update: Big kudos to @awwad, @SantiagoTorres
and @sechkova for all their valuable contributions to python-tuf!
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
This is an ugly hack to also resolve the link when the document is
rendered in GitHub, where it is likely to be browsed, because it is
the community standard location for a GitHub repo's contributing
docs.
Coordinate with #1849 to better separate RTD docs with GitHub docs
in the future.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Move release signature verification instructions to bottom of
install docs. The doc is short, so the section is still prominent
enough for promoting verification, but does not break the reading
flow as much anymore.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Make contributing document header sentence case for consistency
with other docs and shorten menu name in side navbar to stand out
less.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Replace custom installation section in contribution docs with
pointer to updated installation documentation.
Also configure sphinx autosectionlabel for cross-document refs.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Update severely outdated installation documentation.
- Simplify "Simple Installation" section
- Update "Release Verification" section to actually verify a tuf
release and with a key of an active maintainer
- Update and simplify section about non-python dependencies
(just point to installation instructions for underlying crypto
backends, they are up-to-date and have become a lot easier)
- Add "Development installation" section
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Remove obsolete docs/images directory which contains unused
variants of the logo. The canonical location of TUF logos is
theupdateframework/artwork, which has high-resolution formats (png
and svg) for all variants of the logo.
Also see https://github.com/theupdateframework/artwork/pull/3.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
If a securesystemslib.FormatError is raised inside
Key.from_securesystemslib_key() then reraise ValueError.
This is done so that our users don't have to import securesystemslib
in order to handle the error and because the securesystemslib error
itself is securesystemslib implementation-specific.
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
docutils is a sphinx-rtd-theme requirement: pinning was done
to workaround a bug that seems to now be fixed.
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
This change updates some obvious and unnecessary fields docs in the
Metadata API with more despriptive details
Signed-off-by: Ivana Atanasova <iyovcheva@vmware.com>
This change unifies as mush as the context allows and improves the
use of definite vs. indefinite vs. no article across docs in the
Metadata API. It sticks to no article in most cases for simplisity
and readability, but leaves definite article where it's strictly
necessary
Signed-off-by: Ivana Atanasova <iyovcheva@vmware.com>
This change unifies wording across docs in the Metadata API, like
Args vs. Arguments and same repetitive descriptions written
differently in different classes/methods
Signed-off-by: Ivana Atanasova <iyovcheva@vmware.com>
This change unifies quotes to double backtick across docs in the
Metadata API in order to provide better visualisation
Signed-off-by: Ivana Atanasova <iyovcheva@vmware.com>
List our licenses in the license field of setup.cfg
While the PyPA packaging documentation states that the license field is
optional[1] and that classifiers should be the main way to indicate
license, this field is used to populate the License printed by pip show.
1. https://packaging.python.org/en/latest/guides/distributing-packages-using-setuptools/#licenseFixes#1833
Signed-off-by: Joshua Lock <jlock@vmware.com>
We should handle the possible SerializationError inside
Key.verify_signature(), because the user of this API is not interested
in SerializationError when he is trying to verify his signature.
Note that the SerializationError can be thrown when calling
signed_serializer.serialize() on the metadata signed part.
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
