Jussi Kukkonen
f3eddc19ff
lint: Accept ruff suggestions for cast()
...
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2025-03-18 18:20:11 +02:00
dependabot[bot]
075949fece
build(deps): bump the test-and-lint-dependencies group with 2 updates
...
Bumps the test-and-lint-dependencies group with 2 updates: [ruff](https://github.com/astral-sh/ruff ) and [zizmor](https://github.com/woodruffw/zizmor ).
Updates `ruff` from 0.9.10 to 0.11.0
- [Release notes](https://github.com/astral-sh/ruff/releases )
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md )
- [Commits](https://github.com/astral-sh/ruff/compare/0.9.10...0.11.0 )
Updates `zizmor` from 1.4.1 to 1.5.1
- [Release notes](https://github.com/woodruffw/zizmor/releases )
- [Changelog](https://github.com/woodruffw/zizmor/blob/main/docs/release-notes.md )
- [Commits](https://github.com/woodruffw/zizmor/compare/v1.4.1...v1.5.1 )
---
updated-dependencies:
- dependency-name: ruff
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: test-and-lint-dependencies
- dependency-name: zizmor
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: test-and-lint-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2025-03-17 21:31:22 +00:00
Jussi Kukkonen
ea88fdecc3
Merge pull request #2812 from jku/include-version-in-docs
2025-03-14 19:04:03 +02:00
Jussi Kukkonen
b690d8f573
docs: Include version number in docs
...
Otherwise on readthedocs it's not clear what version "latest" is.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2025-03-14 15:00:33 +02:00
Jussi Kukkonen
bb6d459ce3
Merge pull request #2806 from jku/prep-v6
...
Prepare v6.0
2025-03-11 12:37:42 +02:00
Jussi Kukkonen
44eed614f0
Prepare v6.0
...
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2025-03-11 11:41:10 +02:00
Jussi Kukkonen
bef804bad0
Merge pull request #2811 from DimitriPapadopoulos/codespell
...
Fix typos
2025-03-11 10:07:09 +02:00
Dimitri Papadopoulos
4a28307270
Fix typos
...
Signed-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com>
2025-03-10 22:06:30 +01:00
dependabot[bot]
b1d9021ae8
build(deps): bump ruff in the test-and-lint-dependencies group ( #2810 )
2025-03-09 21:08:08 +00:00
Jussi Kukkonen
15933a93b6
ngclient: Create directories as needed ( #2808 )
2025-03-09 06:56:37 +00:00
Kairo Araujo
067ba1ad92
Merge pull request #2809 from theupdateframework/dependabot-add-zizmor-to-group
2025-03-08 13:59:55 +01:00
Jussi Kukkonen
097de2b3ef
dependabot: Add zizmor to lint dependencies
...
This is for better dependabot grouping
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2025-03-07 15:08:42 +02:00
dependabot[bot]
8df9f0fd12
build(deps): bump the dependencies group with 2 updates ( #2805 )
2025-03-04 07:42:56 +00:00
dependabot[bot]
f66168f5cb
build(deps): bump ruff in the test-and-lint-dependencies group ( #2804 )
2025-03-04 07:42:13 +00:00
dependabot[bot]
6d8b97e3d7
build(deps): bump actions/download-artifact ( #2803 )
2025-03-04 07:41:44 +00:00
Kairo Araujo
fee5148abd
Merge pull request #2789 from jku/handle-proxy-variables
2025-03-04 02:58:47 +01:00
Jussi Kukkonen
75db8c0f2a
Merge pull request #2802 from theupdateframework/dependabot/pip/test-and-lint-dependencies-74e84135a1
...
build(deps): bump ruff from 0.9.6 to 0.9.7 in the test-and-lint-dependencies group
2025-02-25 08:39:32 +00:00
dependabot[bot]
a5284f4301
build(deps): bump ruff in the test-and-lint-dependencies group
...
Bumps the test-and-lint-dependencies group with 1 update: [ruff](https://github.com/astral-sh/ruff ).
Updates `ruff` from 0.9.6 to 0.9.7
- [Release notes](https://github.com/astral-sh/ruff/releases )
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md )
- [Commits](https://github.com/astral-sh/ruff/compare/0.9.6...0.9.7 )
---
updated-dependencies:
- dependency-name: ruff
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: test-and-lint-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2025-02-24 22:01:49 +00:00
Kairo Araujo
5e0a7efdf4
Merge pull request #2801 from theupdateframework/dependabot/github_actions/action-dependencies-ff9a44dc5a
...
build(deps): bump the action-dependencies group with 2 updates
2025-02-24 22:17:33 +01:00
dependabot[bot]
d2b6b6d50d
build(deps): bump the action-dependencies group with 2 updates
...
Bumps the action-dependencies group with 2 updates: [actions/upload-artifact](https://github.com/actions/upload-artifact ) and [ossf/scorecard-action](https://github.com/ossf/scorecard-action ).
Updates `actions/upload-artifact` from 4.6.0 to 4.6.1
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](65c4c4a1dd...4cec3d8aa0 )
Updates `ossf/scorecard-action` from 2.4.0 to 2.4.1
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](62b2cac7ed...f49aabe0b5 )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: action-dependencies
- dependency-name: ossf/scorecard-action
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: action-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2025-02-24 21:14:31 +00:00
Kairo Araujo
d0766dce4a
Merge pull request #2800 from jku/remove-hatchling-workaround
...
build: Remove workaround for hatchling upgrades
2025-02-21 12:27:38 +01:00
Jussi Kukkonen
5a2a4f7927
build: Remove workaround for hatchling upgrades
...
Apparently Dependabot now supports upgrading build-system.requires: we
don't need the workarounds anymore.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2025-02-21 10:05:18 +02:00
Jussi Kukkonen
39388c3e34
Merge pull request #2798 from NicholasTanz/addZizmor
...
add zizmor for linting workflows.
2025-02-21 07:34:48 +00:00
NicholasTanz
a6fc606298
make pedantic and silence info logs
...
Signed-off-by: NicholasTanz <nicholastanzillo@gmail.com>
2025-02-20 17:46:48 -05:00
Kairo Araujo
54789bc640
Merge pull request #2799 from jku/silence-docs-build
...
tox: Silence docs build
2025-02-20 13:29:42 +01:00
Kairo Araujo
7e35986b5d
Merge pull request #2767 from jku/bootstrap-root-metadata
...
Cache all root metadata versions
2025-02-20 13:28:42 +01:00
Jussi Kukkonen
109d809459
tox: Silence docs build
...
* Add "--quiet" to the docs build: otherwise it drowns out everything
else when running "tox"
* switch other short arguments to long ones as well for clarity
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2025-02-20 11:27:52 +02:00
Jussi Kukkonen
38e4eaba1f
updater: Improve comments on bootstrap arg
...
This includes some minor example improvements
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2025-02-20 11:11:28 +02:00
Jussi Kukkonen
c4cd7935e3
tests: lint fixes
...
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2025-02-20 11:10:04 +02:00
Jussi Kukkonen
339b52394e
tests: Add tests for caching intermediate roots
...
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2025-02-20 11:10:04 +02:00
Jussi Kukkonen
ab288304a6
updater: Update root.json symlink on initialize
...
When application initializes an Updater with bootstrap, it should be
considered the trusted version from that point onwards: Update the
symlink "root.json" already here (even if refresh is never called).
n that Updater instance).
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2025-02-20 11:10:04 +02:00
Jussi Kukkonen
3798002345
tests: Use Updater bootstrap argument
...
Update test_updater_toplevel_update to use bootstrap argument by
default.
This still does not include tests for bootstrap feature specifically
but it should prove nothing has broken when the feature was added.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2025-02-20 11:10:04 +02:00
Jussi Kukkonen
8519bb43ed
ngclient: Make sure non-versioned link in cache is up-to-date
...
Even if last root version from remote is not accepted (leading to an
exception in load_root()) we should update the symlink "root.json" in
local cache to point to last good version.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2025-02-20 11:10:04 +02:00
Jussi Kukkonen
4aa09ff7d5
tests: Fix test_load_metadata_from_cache for versioned roots
...
Expect (failing) call to open for "root_history/2.root.json" now that
the client stores versioned roots.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2025-02-20 11:10:04 +02:00
Jussi Kukkonen
cea1745cef
Implement root bootstrapping
...
Application may have a "more secure" data store than the metadata cache
is: Allow application to bootstrap the Updater with this more secure
root. This means the Updater must also cache the subsequent root versions
(and not just the last one).
* Store versioned root metadata in local cache
* maintain a non versioned symlink to last known good root
* When loading root metadata, look in local cache too
* Add a 'bootstrap' argument to Updater: this allows
initializing the Updater with known good root metadata
instead of trusting the root.json in cache
Additional changes to current functionality:
* when using bootstrap argument, the initial root is written to cache.
This write happens every time Updater is initialized with bootstrap
* The "root.json" symlink is recreated at the end of every refresh()
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2025-02-20 11:09:54 +02:00
Jussi Kukkonen
f35b237739
tests: Make tests cope with root history in local cache
...
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2025-02-20 11:00:50 +02:00
Jussi Kukkonen
98fcd7160c
Changelog: Add missing entries
...
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2025-02-20 10:56:23 +02:00
Jussi Kukkonen
265e772dba
ProxyEnvironment: Handle no_proxy="*"
...
Add support for leading dots in no_proxy and "*" as a no_proxy value.
Both are supported in requests and based on
https://about.gitlab.com/blog/2021/01/27/we-need-to-talk-no-proxy/
both are somewhat common.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2025-02-20 10:56:23 +02:00
Jussi Kukkonen
9a4e749def
ngclient: Add docs on HTTP in general
...
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2025-02-20 10:56:23 +02:00
Jussi Kukkonen
80b629013e
Use __future__ to make old python happy
...
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2025-02-20 10:56:23 +02:00
Jussi Kukkonen
5f9fefb80f
tests: Add tests for ProxyEnvironment
...
This does not actually test using tuf through proxies: it only tests
that ProxyEnvironment creates the ProxyManagers that we expect to be
created based on the proxy environment variables.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2025-02-20 10:56:23 +02:00
Jussi Kukkonen
396ba079d6
ngclient: Add proxy environment variable handling
...
urllib3 does not handle this but we do want to support proxy users.
The environment variable handling is slightly simplified from the
requests implementation.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2025-02-20 10:56:23 +02:00
Jussi Kukkonen
72bb243e0b
Merge pull request #2797 from jku/unignore-linter-rule
...
pyproject: Unignore ISC001
2025-02-20 08:52:01 +00:00
Jussi Kukkonen
c6b9e37ea1
Merge pull request #2790 from jku/bring-back-editable-install
...
dev requirements: Bring back editable install
2025-02-20 08:51:52 +00:00
Jussi Kukkonen
73273813f3
Merge pull request #2773 from jku/no-requests
...
More porting from requests to urllib3
2025-02-20 08:51:42 +00:00
NicholasTanz
41c7922c92
add zizmor for linting workflows.
...
Signed-off-by: NicholasTanz <nicholastanzillo@gmail.com>
2025-02-19 21:53:14 -05:00
Jussi Kukkonen
390f79ce55
pyproject: Unignore ISC001
...
This is no longer incompatible with ruff formatter.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2025-02-19 15:34:27 +02:00
Jussi Kukkonen
9c67e27a5f
Merge pull request #2795 from pakagronglb/enable-fa-linting
...
Enable FA (future annotations) linting ruleset
2025-02-19 13:20:35 +00:00
pakagronglb
acd7ed08d1
Update Python shebangs to explicitly use python3
...
Signed-off-by: pakagronglb <pakagronglebel@gmail.com>
2025-02-19 19:44:21 +07:00
pakagronglb
94639360ec
Enable FA (future annotations) linting ruleset
...
Signed-off-by: pakagronglb <pakagronglebel@gmail.com>
2025-02-19 19:44:05 +07:00