Commit graph

22 commits

Author SHA1 Message Date
Lukas Puehringer
ff8819577b Adopt sslib keygen interface encryption changes
secure-systems-lab/securesystemslib#288 changes the key generation
interface functions in such a way that it is clear if a call opens
a blocking prompt, or writes the key unencrypted. To do this two
functions are added per key type:
 - `generate_and_write_*_keypair_with_prompt`
 - `generate_and_write_unencrypted_*_keypair`

The default `generate_and_write_*_keypair` function now only allows
encrypted keys and only using a passed password. This respects the
principle of secure defaults and least surprise.

sslib#288 furthermore adds a protected
`_generate_and_write_*_keypair`, which is not exposed publicly
because it does not encrypt by default, but is more flexible and
thus convenient e.g. to consume all arguments from a key generation
command line tool such as 'repo.py'.

This commit adds the new public functions to the tuf namespace and
adopts their usage accordingly.

NOTE regarding repo.py:
This commit does not fix any problematic password behavior of
'repo.py' like default passwords, etc. (see #881). It only adopts
the sslib#288 changes to maintain the current behvior, plus
removing one glaringly obsolete password prompt.

NOTE regarding key import:
The securesystemslib private key import functions were also changed
to no longer auto-prompt for decryption passwords , TUF, however,
only exposes custom wrappers (see repository_lib) that do
auto-prompt. sslib#288 changes to the prompt texts are nevertheless
propagated to tuf and reflected in this commit.

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2020-11-11 10:27:56 +01:00
Joshua Lock
4bd9b5ef6b Improve determinism of test repository generator
One of the created target files has its file permissions encoded in the
targets metadata via the custom attribute of the add_target() function.
On Linux-based OS the umask value of the environment the script is run
in can result in different octal permissions for the created file, i.e.
on Fedora the default umask is 0002 (default permissions 664) whereas
on Debian/Ubuntu the default umask is 0022 (default permissions 644).

Explicitly chown 'file1' to octal permissions 644 so that the generated
data has the same custom attributes for targets regardless of which
Linux host they are generated on.

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-03-11 11:35:37 +00:00
Joshua Lock
a134db0a43 Update test repository data generator
* Fix the path referenced in the Purpose
* Change add_target() calls to pass file paths relative to targets dir

Signed-off-by: Joshua Lock <jlock@vmware.com>
2020-03-11 11:35:37 +00:00
Lukas Puehringer
5d2898a13c Remove obsolete 'interposition' from docs
The interposition sub-package was removed in #537.
This commits removes obsolete mentions of 'interposition' from code
comments and documentation.

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2019-09-24 14:31:54 +02:00
Vladimir Diaz
a434652143
Edit test repo scripts to exclude target files with leading os.sep
Signed-off-by: Vladimir Diaz <vladimir.v.diaz@gmail.com>
2018-04-06 11:08:45 -04:00
Vladimir Diaz
25ccb769b5
Add copyright and license to unit test scripts
Signed-off-by: Vladimir Diaz <vladimir.v.diaz@gmail.com>
2017-11-30 13:26:44 -05:00
Vladimir Diaz
33721556ed
Do not generate compressed top-level repository data 2017-08-25 15:59:08 -04:00
Vladimir Diaz
17ea827e76 Add repository data where the client directory is reorganized 2017-02-06 16:14:35 -05:00
Vladimir Diaz
5e22d02b17 Fix import statements for the repository_data tools 2017-01-12 15:23:16 -05:00
Artiom Baloian
b0156944bb Moved util.py, now it is common 2016-11-02 09:49:37 -04:00
Vladimir Diaz
26016479e9 Add test repository following changes to repository writing and backtracking 2016-09-15 15:19:27 -04:00
Vladimir Diaz
bd5b398ee4 Remove repository.status() (used for testing) from generate.py 2016-06-28 16:54:18 -04:00
Vladimir Diaz
c55f548551 Generate Ed25519 keys for tests/repository_data 2016-06-17 09:54:46 -04:00
Vladimir Diaz
ba0f9ca936 Initial changes for multihash keyid algorithms support on write 2016-06-08 16:49:13 -04:00
Vladimir Diaz
b7cf7e6588 Improve each module's code coverage to at least 90%
Update unit tests for download.py, repository_lib.py, repository_tool.py, and updater.py.
Re-generate repository data so that compressed metadata may be tested.
2015-02-11 13:22:46 -05:00
Vladimir Diaz
5d766d3d6f Review and update docstrings and README. 2014-06-25 09:45:55 -04:00
Vladimir Diaz
337c9f9ffc Regenerate '/tests/repository_data/' to include example of custom data. 2014-06-24 10:17:14 -04:00
vladdd
f0ac659110 Move optparse import statement.
Organize import statements of standard Python and TUF modules into separate blocks.
2014-06-16 13:11:35 -04:00
Santiago Torres
5a097faaf8 Added switches to the generate script
Added two switches to the generate script:

  -k (or --keys), which forces the creation of new keys.
  -d (or --dry-run), which skips the actual writing or copying phases

The second option might be useful in the future, and helped me debug the
optparse module, so I left it there.
2014-06-13 15:33:07 -04:00
Vladimir Diaz
80ad012bc3 Re-generate repository data. 2014-06-03 14:28:46 -04:00
Vladimir Diaz
25e800a59c Re-generate 'tests/repository_data' to include metadata unix timestamps. 2014-04-15 12:43:12 -04:00
Vladimir Diaz
63afb1e99f Re-add repository data for the tests. 2014-04-03 08:52:16 -04:00