Elgato_dark/python-tuf
1
0
Fork 0
mirror of https://github.com/theupdateframework/python-tuf synced 2026-05-24 10:08:28 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
3693 commits 28 branches 35 tags 23 MiB
Commit graph

3693 commits

This branch
This branch
All branches
Author SHA1 Message Date
Joshua Lock
eb93fe133e tuf.api: make expires a property 
Signed-off-by: Joshua Lock <jlock@vmware.com>
 2020-07-03 14:41:31 +01:00
Teodora Sechkova
0ca471ed2a tuf.api: use StorageBackendInterface 
Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
 2020-07-02 15:05:51 +01:00
Teodora Sechkova
1fbff557ad tuf.api: add basic schema checks in read_from_json 
Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
 2020-07-02 15:03:49 +01:00
Teodora Sechkova
916055aa54 tuf.api: simplify metadata.Targets.signable() 
Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
 2020-07-02 10:32:25 +01:00
Teodora Sechkova
3e022aae32 Skip an optional keyword in the schema 
Skip a keyword if it is optional in the schema and the value
passed in is set to None.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
 2020-07-02 10:32:19 +01:00
Teodora Sechkova
46977f977e tux.api: implement metadata.Targets.signable() 
Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
 2020-07-02 10:32:13 +01:00
Teodora Sechkova
db0f8a73a7 tuf.api: implement metadata.Targets.update() 
Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
 2020-07-02 10:32:04 +01:00
Teodora Sechkova
37a235f97c tuf.api: implement metadata.Targtes.read_from_json() 
Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
 2020-07-02 10:31:55 +01:00
Trishank Karthik Kuppusamy
f2861bfd41
much simpler keys 
Signed-off-by: Trishank Karthik Kuppusamy <trishank.kuppusamy@datadoghq.com>
 2020-07-01 18:39:35 -04:00
Joshua Lock
11d76e72dd tuf.api: WIP implement Timestamp 
Signed-off-by: Joshua Lock <jlock@vmware.com>
 2020-07-01 17:17:33 +01:00
Joshua Lock
57c98d45ac WIP tests for tuf.api.metadata 
Signed-off-by: Joshua Lock <jlock@vmware.com>
 2020-07-01 17:17:33 +01:00
Joshua Lock
bc1134f488 tuf.api: fix loading expiration 
Signed-off-by: Joshua Lock <jlock@vmware.com>
 2020-07-01 17:17:33 +01:00
Joshua Lock
2758f48214 tuf.api: fix version check in metadata 
Signed-off-by: Joshua Lock <jlock@vmware.com>
 2020-07-01 17:17:33 +01:00
Joshua Lock
d58a944c8b tuf.api: fix imports in metadata 
Signed-off-by: Joshua Lock <jlock@vmware.com>
 2020-07-01 17:17:33 +01:00
Joshua Lock
eb9c56b52d tuf.api: fix missing ':' in keys 
Signed-off-by: Joshua Lock <jlock@vmware.com>
 2020-07-01 17:17:33 +01:00
Joshua Lock
92f97a45e3 tuf.api: implement metadata.Snapshot 
Signed-off-by: Joshua Lock <jlock@vmware.com>
 2020-07-01 17:17:33 +01:00
Joshua Lock
5ef60ca187 tuf.api: implement update_signatures() 
Signed-off-by: Joshua Lock <jlock@vmware.com>
 2020-07-01 17:17:24 +01:00
Joshua Lock
721def4eb0 tuf.api: add helpers to bump version and expiration 
Signed-off-by: Joshua Lock <jlock@vmware.com>
 2020-07-01 17:15:47 +01:00
Joshua Lock
2e3ceb7ff3 tuf.api: set consistent_snapshot during read_from_json 
Signed-off-by: Joshua Lock <jlock@vmware.com>
 2020-07-01 17:15:47 +01:00
Trishank Karthik Kuppusamy
83d6d07943
WIP 2020-06-26 16:40:59 -04:00
lukpueh
5d16f91ca7
Merge pull request #1054 from jku/update-docs-on-crypto-details 
Update docs on crypto details
 2020-06-23 12:00:31 +02:00
Jussi Kukkonen
dc78d89f4f Update Tutorial on dependency installation 
* Remove reference to deprecated settings
* Mention that the tutorial expects the dependencies and link to
  instructions

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
 2020-06-23 11:02:31 +03:00
lukpueh
017a5ff33b
Merge pull request #1056 from theupdateframework/dependabot/pip/certifi-2020.6.20 
build(deps): bump certifi from 2020.4.5.2 to 2020.6.20
 2020-06-23 09:47:08 +02:00
lukpueh
116e66e604
Merge pull request #1055 from theupdateframework/dependabot/pip/requests-2.24.0 
build(deps): bump requests from 2.23.0 to 2.24.0
 2020-06-22 19:02:08 +02:00
dependabot-preview[bot]
bc75c8c08c
build(deps): bump certifi from 2020.4.5.2 to 2020.6.20 
Bumps [certifi](https://github.com/certifi/python-certifi) from 2020.4.5.2 to 2020.6.20.
- [Release notes](https://github.com/certifi/python-certifi/releases)
- [Commits](https://github.com/certifi/python-certifi/compare/2020.04.05.2...2020.06.20)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-06-22 11:38:01 +00:00
dependabot-preview[bot]
943ed41ada
build(deps): bump requests from 2.23.0 to 2.24.0 
Bumps [requests](https://github.com/psf/requests) from 2.23.0 to 2.24.0.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/master/HISTORY.md)
- [Commits](https://github.com/psf/requests/compare/v2.23.0...v2.24.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-06-18 10:32:51 +00:00
Jussi Kukkonen
179892c1e9 Update Tutorial on cryptographic keys 
Lot of changes in 7 lines:
* PyCrypto is no longer an option: remove mention of it
* RSA-PSS wiki page now redirects to a fairly useless stub: replace it
  with the RFC (it's not light reading but better than nothing)
* Mention ECDSA
* Remove mention of json for RSA keys: that does not seem to be true

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
 2020-06-17 18:01:45 +03:00
Jussi Kukkonen
5a8f93529b Update comments about optional crypto dependencies 
tools-extra does not exist in tuf anymore: mention the securesystemslib
extras instead.

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
 2020-06-17 17:33:58 +03:00
lukpueh
8e6ca67f31
Merge pull request #1047 from theupdateframework/dependabot/pip/certifi-2020.4.5.2 
build(deps): bump certifi from 2020.4.5.1 to 2020.4.5.2
 2020-06-12 10:08:24 +02:00
lukpueh
d875dd4bd3
Merge pull request #1051 from jcstr/patch2-docs 
Add python 3 use case
 2020-06-11 10:07:32 +02:00
Jesús Castro
9badf8a51e
Add python 3 use case 
This indication can be found on other documents.

Signed-off-by: Jesús Castro <x51v4n@gmail.com>
 2020-06-10 06:30:23 -05:00
lukpueh
ff5afe441a
Merge pull request #1049 from sechkova/issue-1046 
Load full target file info for delegated targets metadata
 2020-06-09 16:34:31 +02:00
Teodora Sechkova
2553dff276
Update test_load_repository 
Extend test_load_repository to check if targets file info is loaded
correctly.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
 2020-06-09 16:48:53 +03:00
Teodora Sechkova
88f6755153
Load full target file info for delegated targets 
Fix load_repository to actually load the full targets file info from
file system for delegated targets.

Update _load_top_level_metadata to load targets and delegated targets
metadata in a consistent way.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
 2020-06-09 16:48:42 +03:00
dependabot-preview[bot]
a5e015f8f7
build(deps): bump certifi from 2020.4.5.1 to 2020.4.5.2 
Bumps [certifi](https://github.com/certifi/python-certifi) from 2020.4.5.1 to 2020.4.5.2.
- [Release notes](https://github.com/certifi/python-certifi/releases)
- [Commits](https://github.com/certifi/python-certifi/compare/2020.04.05.1...2020.04.05.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-06-08 10:59:00 +00:00
Joshua Lock
5d40ffa3c4
Merge pull request #1034 from joshuagl/joshuagl/abstract-files-fixes 
Fix and better test abstract files and directories support
 2020-06-05 13:40:21 +01:00
lukpueh
95d08cc5b4
Merge pull request #1044 from jcstr/patch1 
Remove unused imports
 2020-06-05 09:42:53 +02:00
Jesús Castro
f4121e8f75
Remove unused imports 
Those imports are marked as a non used libraries.

Signed-off-by: Jesús Castro <x51v4n@gmail.com>
 2020-06-04 19:18:33 -05:00
Joshua Lock
5e5c598769 Support abstract storage for timestamp metadata 
This was erroneously absent in PR 1024, which added support for abstract
files and directories. Resolve by adding a storage_backend argument to
generate_timestamp_metadata() and using it so that the fileinfo (hashes
and length) for the snapshot file can be generated for a snapshot
metadata file on any supported storage.

Signed-off-by: Joshua Lock <jlock@vmware.com>
 2020-06-03 14:16:47 +01:00
Joshua Lock
d9ec10e894 Test abstract storage backend support 
Add a class implementing StorageBackendInterface for testhing which
mutates filenames on put()/get(), such that trying to read the expected
file paths for TUF metadata from the local filesystem doesn't find the
files.

Use this class when creating a repository and writing metadata to test
abstract files and directories support for metadata writing.

Signed-off-by: Joshua Lock <jlock@vmware.com>
 2020-06-03 14:16:47 +01:00
Joshua Lock
05d5639502 Better document generate_targets_metadata() 
Clarify, through the docstrings and code comments, the expected behaviour
of generate_targets_metadata() and the interactions of the
use_existing_fileinfo and write_consistent_targets parameters.

Signed-off-by: Joshua Lock <jlock@vmware.com>
 2020-06-03 14:16:47 +01:00
Marina Moore
a354fc01c0
Merge pull request #1040 from trailofbits/ww/return-bin-name-when-delegating 
tuf/repository_tool: Return delegated bin_name during modifications
 2020-06-01 15:59:45 -07:00
William Woodruff
1e532e825a
tests: Fill in more returned role name use 
Signed-off-by: William Woodruff <william@trailofbits.com>
 2020-06-01 14:22:29 -04:00
William Woodruff
4327a980cd
tests: Use newly returned role name 
Signed-off-by: William Woodruff <william@trailofbits.com>
 2020-06-01 14:01:46 -04:00
William Woodruff
65fd02c4ab
tuf/repository_tool: Return delegated bin_name during modifications 
This makes it easier for consumers of repository_tool to mark the
appropriate delegated bin as dirty when using delegated targets.

Signed-off-by: William Woodruff <william@trailofbits.com>
 2020-06-01 13:46:43 -04:00
lukpueh
a4b52e7e0d
Merge pull request #1036 from theupdateframework/dependabot/pip/pynacl-1.4.0 
build(deps): bump pynacl from 1.3.0 to 1.4.0
 2020-06-01 14:05:00 +02:00
dependabot-preview[bot]
f01a31f2f9
build(deps): bump pynacl from 1.3.0 to 1.4.0 
Bumps [pynacl](https://github.com/pyca/pynacl) from 1.3.0 to 1.4.0.
- [Release notes](https://github.com/pyca/pynacl/releases)
- [Changelog](https://github.com/pyca/pynacl/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/pyca/pynacl/compare/1.3.0...1.4.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-05-28 09:37:12 +00:00
lukpueh
e36080e673
Merge pull request #1035 from theupdateframework/dependabot/pip/six-1.15.0 
build(deps): bump six from 1.14.0 to 1.15.0
 2020-05-28 11:34:26 +02:00
lukpueh
580334e707
Merge pull request #1021 from MVrachev/patch-1 
Fix typo in comment
 2020-05-27 14:16:30 +02:00
dependabot-preview[bot]
bb94dcfff6
build(deps): bump six from 1.14.0 to 1.15.0 
Bumps [six](https://github.com/benjaminp/six) from 1.14.0 to 1.15.0.
- [Release notes](https://github.com/benjaminp/six/releases)
- [Changelog](https://github.com/benjaminp/six/blob/master/CHANGES)
- [Commits](https://github.com/benjaminp/six/compare/1.14.0...1.15.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-05-22 10:37:20 +00:00