python-tuf

mirror of https://github.com/theupdateframework/python-tuf synced 2026-05-24 10:08:28 +00:00

Author	SHA1	Message	Date
Jussi Kukkonen	efcb3cfb80	examples: Add further scaffolding for upload API The API doesn't modify the repository yet but the data flow is there now. Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2023-02-02 16:21:52 +02:00
Jussi Kukkonen	9ec8459379	examples: Add skeleton API endpoints Also use ThreadingHTTPServer: Using Chrome utterly breaks the non-threading server. Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2023-02-02 16:21:52 +02:00
Jussi Kukkonen	d61dbabc78	Merge pull request #2281 from fridex/pydocstyle-d209 Fix pydocstyle D209	2023-02-02 14:33:41 +02:00
Jussi Kukkonen	4eea38da42	Merge pull request #2285 from theupdateframework/dependabot/github_actions/actions/github-script-6.4.0 build(deps): bump actions/github-script from 6.3.3 to 6.4.0	2023-02-02 12:56:21 +02:00
Jussi Kukkonen	21b0f2393b	Merge pull request #2284 from theupdateframework/dependabot/github_actions/github/codeql-action-2.2.1 build(deps): bump github/codeql-action from 2.1.39 to 2.2.1	2023-02-02 12:56:03 +02:00
Jussi Kukkonen	24118dacee	Merge pull request #2288 from theupdateframework/dependabot/pip/pylint-2.16.0 build(deps): bump pylint from 2.15.10 to 2.16.0	2023-02-02 12:51:52 +02:00
dependabot[bot]	6144357c21	build(deps): bump pylint from 2.15.10 to 2.16.0 Bumps [pylint](https://github.com/PyCQA/pylint) from 2.15.10 to 2.16.0. - [Release notes](https://github.com/PyCQA/pylint/releases) - [Commits](https://github.com/PyCQA/pylint/compare/v2.15.10...v2.16.0) --- updated-dependencies: - dependency-name: pylint dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2023-02-02 10:01:35 +00:00
Lukas Pühringer	d2c12f2d14	Merge pull request #2165 from jku/no-key Move (most of) Key to Securesystemslib	2023-01-31 09:20:44 +01:00
Lukas Pühringer	93b8fb6377	Merge pull request #2279 from fridex/export-targetfile-ngclient Export TUF TargetFile in ngclient	2023-01-31 09:19:41 +01:00
Lukas Pühringer	daa41a9bc9	Merge pull request #2280 from lukpueh/release-2.1.0 python-tuf 2.1.0	2023-01-30 10:37:39 +01:00
Jussi Kukkonen	8278f3f805	packaging: Depend on securesystemslib 0.26 We need signer.Key which was added in 0.26. Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2023-01-27 20:45:29 +02:00
dependabot[bot]	f2fff33566	build(deps): bump actions/github-script from 6.3.3 to 6.4.0 Bumps [actions/github-script](https://github.com/actions/github-script) from 6.3.3 to 6.4.0. - [Release notes](https://github.com/actions/github-script/releases) - [Commits](`d556feaca3...98814c53be`) --- updated-dependencies: - dependency-name: actions/github-script dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2023-01-27 10:05:30 +00:00
dependabot[bot]	49b0385c40	build(deps): bump github/codeql-action from 2.1.39 to 2.2.1 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.39 to 2.2.1. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`a34ca99b46...3ebbd71c74`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2023-01-27 10:05:26 +00:00
Fridolin Pokorny	744f75c1e7	Fix pydocstyle D209 Fix multi-line docstring closing quotes should be on a separate line Signed-off-by: Fridolin Pokorny <fridolin.pokorny@datadoghq.com>	2023-01-26 16:36:13 +01:00
Lukas Puehringer	9811ac3568	python-tuf 2.1.0 * update changelog * bump version Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>	2023-01-26 16:26:38 +01:00
Fridolin Pokorny	524a6b848f	Export TUF TargetFile in ngclient Signed-off-by: Fridolin Pokorny <fridolin.pokorny@datadoghq.com>	2023-01-26 15:54:44 +01:00
Lukas Pühringer	a6460c60ba	Merge pull request #2278 from fridex/pydocstyle-first-line-period-rebase Fix pydocstyle D400: first line should end with a period	2023-01-26 15:38:03 +01:00
Fridolin Pokorny	5d347b8707	Fix pydocstyle D400: first line should end with a period Signed-off-by: Fridolin Pokorny <fridolin.pokorny@datadoghq.com>	2023-01-26 15:33:09 +01:00
Jussi Kukkonen	7f04a6e888	Merge pull request #2276 from jku/securesystemslib-blog Add new blog post about the signer API	2023-01-26 14:35:43 +02:00
Jussi Kukkonen	388768db3d	Add new blog post about the signer API Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2023-01-26 11:37:47 +02:00
Lukas Pühringer	e6a3e9ee0b	Merge pull request #2277 from jku/expose-default-fetcher Expose default fetcher	2023-01-26 09:30:07 +01:00
Jussi Kukkonen	bfd7f2058d	Merge pull request #2275 from theupdateframework/dependabot/pip/coverage-7.1.0 build(deps): bump coverage from 7.0.5 to 7.1.0	2023-01-26 10:01:18 +02:00
Jussi Kukkonen	889b218e7a	Add comment explaining public status to the module itself Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2023-01-26 09:33:44 +02:00
Jussi Kukkonen	236bc9f070	docs: Tweak API docs to include RequestsFetcher This only documents the configurable attributes and not the inherited methods. Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2023-01-25 16:07:12 +02:00
Jussi Kukkonen	f8a7881c87	Make RequestsFetcher public This is useful for those who want to use the default fetcher but modify some attributes The file itself could be moved to tuf/ngclient/ but this is not done yet as sigstore-python is using this internal module. Move can be done once sigstore-python 1.0 is no longer relevant. Fixes #2268 Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2023-01-25 15:55:11 +02:00
dependabot[bot]	b0fbc3cfc8	build(deps): bump coverage from 7.0.5 to 7.1.0 Bumps [coverage](https://github.com/nedbat/coveragepy) from 7.0.5 to 7.1.0. - [Release notes](https://github.com/nedbat/coveragepy/releases) - [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst) - [Commits](https://github.com/nedbat/coveragepy/compare/7.0.5...7.1.0) --- updated-dependencies: - dependency-name: coverage dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2023-01-25 10:02:03 +00:00
Jussi Kukkonen	d2908c0041	Merge pull request #2269 from theupdateframework/dependabot/github_actions/actions/setup-python-4.5.0 build(deps): bump actions/setup-python from 4.4.0 to 4.5.0	2023-01-24 15:06:10 +02:00
Jussi Kukkonen	cc48e9d5f1	Merge pull request #2274 from theupdateframework/dependabot/github_actions/github/codeql-action-2.1.39 build(deps): bump github/codeql-action from 2.1.38 to 2.1.39	2023-01-19 18:58:02 +02:00
dependabot[bot]	2a250df063	build(deps): bump github/codeql-action from 2.1.38 to 2.1.39 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.38 to 2.1.39. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`515828d974...a34ca99b46`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2023-01-19 10:04:05 +00:00
Jussi Kukkonen	2202a83d82	docs: Remove securesystemslib mock import We want to document some securesystemslib classes (Key gets documented with this change already as it's part of the metadata API). Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2023-01-17 17:45:28 +02:00
Jussi Kukkonen	22642ed267	examples: Update one more from_securesystemslib_key() usage This method is now in SSlibKey Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2023-01-17 15:27:06 +02:00
Jussi Kukkonen	361bbe40f3	metadata: Refactor delegators key and role lookup Simplify the lookup of delegated keys and roles by moving it to Targets and Root: this follows the examples set by add_key() and remove_key(). Most of the methods are trivial but they make sense because this way the calling code does not have to care if the object is a Targets or a Root: the same methods work on both. The new methods are public since they are useful to applications as well. Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2023-01-17 15:26:51 +02:00
Jussi Kukkonen	41b9b5c60b	tests: Remove unnecessary ignores Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2023-01-17 14:31:22 +02:00
Jussi Kukkonen	ed0ec03399	Metadata API: Fix verify_delegate for new Key API verify_delegate() unfortunately needs an almost complete rewrite as the Key.verify_signature() API change affects it quite a bit. Refactoring the role and key lookup into a separate method makes the code readable again. Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2023-01-17 14:31:22 +02:00
Jussi Kukkonen	b55ac25cf5	tests: Fix tests for Key.verify_signature() Key.verify_signature() API has changed: * argument is bytes, not metadata * raised error now comes from securesystemslib Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2023-01-17 14:31:22 +02:00
Jussi Kukkonen	09971aea16	tests, examples: Stop using Key constructors New Securesystemslib Keys can now be instantiated in two ways: * deserialize via Key.from_dict() as before * generate new keys via implementation specific methods Fix all cases where we call Key() or Key.from_securesystemslib_key() and use SSlibKey methods instead. Fix related tests. Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2023-01-17 14:31:22 +02:00
Jussi Kukkonen	6dbadaa7b1	Metadata API: Remove Key, import it from Seuresystemslib Key has been moved to Securesystemslib: use it from there. This still fails tests as Key API has changed a bit: issues are fixed in followup commits. Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2023-01-17 14:31:22 +02:00
Jussi Kukkonen	7f85da53b7	metadata API: Refactor exception imports tuf.exceptions should IMO be seen as the "default exception source". Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2023-01-17 14:31:22 +02:00
Jussi Kukkonen	a7f3316de6	tox: Use --force-reinstall with sslib master If the sslib release version matches, pip does not install the version from git because the same version is already installed. Force the install. Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2023-01-17 14:31:22 +02:00
Jussi Kukkonen	10f930997e	Merge pull request #2271 from theupdateframework/dependabot/pip/securesystemslib-cryptopynacl--0.26.0 build(deps): bump securesystemslib[crypto,pynacl] from 0.25.0 to 0.26.0	2023-01-13 13:56:42 +02:00
dependabot[bot]	492b21b82d	build(deps): bump securesystemslib[crypto,pynacl] from 0.25.0 to 0.26.0 Bumps [securesystemslib[crypto,pynacl]](https://github.com/secure-systems-lab/securesystemslib) from 0.25.0 to 0.26.0. - [Release notes](https://github.com/secure-systems-lab/securesystemslib/releases) - [Changelog](https://github.com/secure-systems-lab/securesystemslib/blob/master/CHANGELOG.md) - [Commits](https://github.com/secure-systems-lab/securesystemslib/compare/v0.25.0...v0.26.0) --- updated-dependencies: - dependency-name: securesystemslib[crypto,pynacl] dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2023-01-13 11:50:32 +00:00
Lukas Pühringer	e59538d3ce	Merge pull request #2265 from theupdateframework/dependabot/pip/coverage-7.0.5 build(deps): bump coverage from 7.0.1 to 7.0.5	2023-01-13 11:59:55 +01:00
Lukas Pühringer	6ab7a3af9b	Merge pull request #2267 from theupdateframework/dependabot/pip/build-0.10.0 build(deps): bump build from 0.9.0 to 0.10.0	2023-01-13 11:57:05 +01:00
dependabot[bot]	ba1422682a	build(deps): bump coverage from 7.0.1 to 7.0.5 Bumps [coverage](https://github.com/nedbat/coveragepy) from 7.0.1 to 7.0.5. - [Release notes](https://github.com/nedbat/coveragepy/releases) - [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst) - [Commits](https://github.com/nedbat/coveragepy/compare/7.0.1...7.0.5) --- updated-dependencies: - dependency-name: coverage dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2023-01-13 10:51:30 +00:00
Lukas Pühringer	5ea2600ee2	Merge pull request #2263 from theupdateframework/dependabot/pip/pylint-2.15.10 build(deps): bump pylint from 2.15.9 to 2.15.10	2023-01-13 11:50:49 +01:00
dependabot[bot]	4c3df14a50	build(deps): bump actions/setup-python from 4.4.0 to 4.5.0 Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.4.0 to 4.5.0. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](`5ccb29d877...d27e3f3d7c`) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2023-01-13 10:50:28 +00:00
Lukas Pühringer	fa9761bb8f	Merge pull request #2259 from theupdateframework/dependabot/github_actions/actions/checkout-3.3.0 build(deps): bump actions/checkout from 3.2.0 to 3.3.0	2023-01-13 11:49:36 +01:00
Lukas Pühringer	29b1035362	Merge pull request #2266 from theupdateframework/dependabot/pip/urllib3-1.26.14 build(deps): bump urllib3 from 1.26.13 to 1.26.14	2023-01-13 11:45:33 +01:00
Lukas Pühringer	cc6171b1d7	Merge pull request #2258 from theupdateframework/dependabot/github_actions/actions/download-artifact-3.0.2 build(deps): bump actions/download-artifact from 3.0.1 to 3.0.2	2023-01-13 11:33:33 +01:00
dependabot[bot]	bfbfb55444	build(deps): bump actions/checkout from 3.2.0 to 3.3.0 Bumps [actions/checkout](https://github.com/actions/checkout) from 3.2.0 to 3.3.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](`755da8c3cf...ac59398561`) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2023-01-13 10:32:56 +00:00

1 2 3 4 5 ...

5559 commits