Commit graph

6459 commits

Author SHA1 Message Date
Jussi Kukkonen
f3eddc19ff lint: Accept ruff suggestions for cast()
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2025-03-18 18:20:11 +02:00
dependabot[bot]
075949fece
build(deps): bump the test-and-lint-dependencies group with 2 updates
Bumps the test-and-lint-dependencies group with 2 updates: [ruff](https://github.com/astral-sh/ruff) and [zizmor](https://github.com/woodruffw/zizmor).


Updates `ruff` from 0.9.10 to 0.11.0
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.9.10...0.11.0)

Updates `zizmor` from 1.4.1 to 1.5.1
- [Release notes](https://github.com/woodruffw/zizmor/releases)
- [Changelog](https://github.com/woodruffw/zizmor/blob/main/docs/release-notes.md)
- [Commits](https://github.com/woodruffw/zizmor/compare/v1.4.1...v1.5.1)

---
updated-dependencies:
- dependency-name: ruff
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: test-and-lint-dependencies
- dependency-name: zizmor
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: test-and-lint-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-03-17 21:31:22 +00:00
Jussi Kukkonen
ea88fdecc3
Merge pull request #2812 from jku/include-version-in-docs 2025-03-14 19:04:03 +02:00
Jussi Kukkonen
b690d8f573 docs: Include version number in docs
Otherwise on readthedocs it's not clear what version "latest" is.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2025-03-14 15:00:33 +02:00
Jussi Kukkonen
bb6d459ce3
Merge pull request #2806 from jku/prep-v6
Prepare v6.0
2025-03-11 12:37:42 +02:00
Jussi Kukkonen
44eed614f0 Prepare v6.0
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2025-03-11 11:41:10 +02:00
Jussi Kukkonen
bef804bad0
Merge pull request #2811 from DimitriPapadopoulos/codespell
Fix typos
2025-03-11 10:07:09 +02:00
Dimitri Papadopoulos
4a28307270
Fix typos
Signed-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com>
2025-03-10 22:06:30 +01:00
dependabot[bot]
b1d9021ae8
build(deps): bump ruff in the test-and-lint-dependencies group (#2810) 2025-03-09 21:08:08 +00:00
Jussi Kukkonen
15933a93b6
ngclient: Create directories as needed (#2808) 2025-03-09 06:56:37 +00:00
Kairo Araujo
067ba1ad92
Merge pull request #2809 from theupdateframework/dependabot-add-zizmor-to-group 2025-03-08 13:59:55 +01:00
Jussi Kukkonen
097de2b3ef
dependabot: Add zizmor to lint dependencies
This is for better dependabot grouping

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2025-03-07 15:08:42 +02:00
dependabot[bot]
8df9f0fd12
build(deps): bump the dependencies group with 2 updates (#2805) 2025-03-04 07:42:56 +00:00
dependabot[bot]
f66168f5cb
build(deps): bump ruff in the test-and-lint-dependencies group (#2804) 2025-03-04 07:42:13 +00:00
dependabot[bot]
6d8b97e3d7
build(deps): bump actions/download-artifact (#2803) 2025-03-04 07:41:44 +00:00
Kairo Araujo
fee5148abd
Merge pull request #2789 from jku/handle-proxy-variables 2025-03-04 02:58:47 +01:00
Jussi Kukkonen
75db8c0f2a
Merge pull request #2802 from theupdateframework/dependabot/pip/test-and-lint-dependencies-74e84135a1
build(deps): bump ruff from 0.9.6 to 0.9.7 in the test-and-lint-dependencies group
2025-02-25 08:39:32 +00:00
dependabot[bot]
a5284f4301
build(deps): bump ruff in the test-and-lint-dependencies group
Bumps the test-and-lint-dependencies group with 1 update: [ruff](https://github.com/astral-sh/ruff).


Updates `ruff` from 0.9.6 to 0.9.7
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.9.6...0.9.7)

---
updated-dependencies:
- dependency-name: ruff
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: test-and-lint-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-02-24 22:01:49 +00:00
Kairo Araujo
5e0a7efdf4
Merge pull request #2801 from theupdateframework/dependabot/github_actions/action-dependencies-ff9a44dc5a
build(deps): bump the action-dependencies group with 2 updates
2025-02-24 22:17:33 +01:00
dependabot[bot]
d2b6b6d50d
build(deps): bump the action-dependencies group with 2 updates
Bumps the action-dependencies group with 2 updates: [actions/upload-artifact](https://github.com/actions/upload-artifact) and [ossf/scorecard-action](https://github.com/ossf/scorecard-action).


Updates `actions/upload-artifact` from 4.6.0 to 4.6.1
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](65c4c4a1dd...4cec3d8aa0)

Updates `ossf/scorecard-action` from 2.4.0 to 2.4.1
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](62b2cac7ed...f49aabe0b5)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: action-dependencies
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: action-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-02-24 21:14:31 +00:00
Kairo Araujo
d0766dce4a
Merge pull request #2800 from jku/remove-hatchling-workaround
build: Remove workaround for hatchling upgrades
2025-02-21 12:27:38 +01:00
Jussi Kukkonen
5a2a4f7927 build: Remove workaround for hatchling upgrades
Apparently Dependabot now supports upgrading build-system.requires: we
don't need the workarounds anymore.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2025-02-21 10:05:18 +02:00
Jussi Kukkonen
39388c3e34
Merge pull request #2798 from NicholasTanz/addZizmor
add zizmor for linting workflows.
2025-02-21 07:34:48 +00:00
NicholasTanz
a6fc606298 make pedantic and silence info logs
Signed-off-by: NicholasTanz <nicholastanzillo@gmail.com>
2025-02-20 17:46:48 -05:00
Kairo Araujo
54789bc640
Merge pull request #2799 from jku/silence-docs-build
tox: Silence docs build
2025-02-20 13:29:42 +01:00
Kairo Araujo
7e35986b5d
Merge pull request #2767 from jku/bootstrap-root-metadata
Cache all root metadata versions
2025-02-20 13:28:42 +01:00
Jussi Kukkonen
109d809459 tox: Silence docs build
* Add "--quiet" to the docs build: otherwise it drowns out everything
  else when running "tox"
* switch other short arguments to long ones as well for clarity

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2025-02-20 11:27:52 +02:00
Jussi Kukkonen
38e4eaba1f updater: Improve comments on bootstrap arg
This includes some minor example improvements

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2025-02-20 11:11:28 +02:00
Jussi Kukkonen
c4cd7935e3 tests: lint fixes
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2025-02-20 11:10:04 +02:00
Jussi Kukkonen
339b52394e tests: Add tests for caching intermediate roots
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2025-02-20 11:10:04 +02:00
Jussi Kukkonen
ab288304a6 updater: Update root.json symlink on initialize
When application initializes an Updater with bootstrap, it should be
considered the trusted version from that point onwards: Update the
symlink "root.json" already here (even if refresh is never called).
n that Updater instance).

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2025-02-20 11:10:04 +02:00
Jussi Kukkonen
3798002345 tests: Use Updater bootstrap argument
Update test_updater_toplevel_update to use bootstrap argument by
default.

This still does not include tests for bootstrap feature specifically
but it should prove nothing has broken when the feature was added.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2025-02-20 11:10:04 +02:00
Jussi Kukkonen
8519bb43ed ngclient: Make sure non-versioned link in cache is up-to-date
Even if last root version from remote is not accepted (leading to an
exception in load_root()) we should update the symlink "root.json" in
local cache to point to last good version.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2025-02-20 11:10:04 +02:00
Jussi Kukkonen
4aa09ff7d5 tests: Fix test_load_metadata_from_cache for versioned roots
Expect (failing) call to open for "root_history/2.root.json" now that
the client stores versioned roots.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2025-02-20 11:10:04 +02:00
Jussi Kukkonen
cea1745cef Implement root bootstrapping
Application may have a "more secure" data store than the metadata cache
is: Allow application to bootstrap the Updater with this more secure
root. This means the Updater must also cache the subsequent root versions
(and not just the last one).

* Store versioned root metadata in local cache
* maintain a non versioned symlink to last known good root
* When loading root metadata, look in local cache too
* Add a 'bootstrap' argument to Updater: this allows
  initializing the Updater with known good root metadata
  instead of trusting the root.json in cache

Additional changes to current functionality:
* when using bootstrap argument, the initial root is written to cache.
  This write happens every time Updater is initialized with bootstrap
* The "root.json" symlink is recreated at the end of every refresh()

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2025-02-20 11:09:54 +02:00
Jussi Kukkonen
f35b237739 tests: Make tests cope with root history in local cache
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2025-02-20 11:00:50 +02:00
Jussi Kukkonen
98fcd7160c Changelog: Add missing entries
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2025-02-20 10:56:23 +02:00
Jussi Kukkonen
265e772dba ProxyEnvironment: Handle no_proxy="*"
Add support for leading dots in no_proxy and "*" as a no_proxy value.

Both are supported in requests and based on
https://about.gitlab.com/blog/2021/01/27/we-need-to-talk-no-proxy/
both are somewhat common.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2025-02-20 10:56:23 +02:00
Jussi Kukkonen
9a4e749def ngclient: Add docs on HTTP in general
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2025-02-20 10:56:23 +02:00
Jussi Kukkonen
80b629013e Use __future__ to make old python happy
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2025-02-20 10:56:23 +02:00
Jussi Kukkonen
5f9fefb80f tests: Add tests for ProxyEnvironment
This does not actually test using tuf through proxies: it only tests
that ProxyEnvironment creates the ProxyManagers that we expect to be
created based on the proxy environment variables.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2025-02-20 10:56:23 +02:00
Jussi Kukkonen
396ba079d6 ngclient: Add proxy environment variable handling
urllib3 does not handle this but we do want to support proxy users.

The environment variable handling is slightly simplified from the
requests implementation.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2025-02-20 10:56:23 +02:00
Jussi Kukkonen
72bb243e0b
Merge pull request #2797 from jku/unignore-linter-rule
pyproject: Unignore ISC001
2025-02-20 08:52:01 +00:00
Jussi Kukkonen
c6b9e37ea1
Merge pull request #2790 from jku/bring-back-editable-install
dev requirements: Bring back editable install
2025-02-20 08:51:52 +00:00
Jussi Kukkonen
73273813f3
Merge pull request #2773 from jku/no-requests
More porting from  requests to urllib3
2025-02-20 08:51:42 +00:00
NicholasTanz
41c7922c92 add zizmor for linting workflows.
Signed-off-by: NicholasTanz <nicholastanzillo@gmail.com>
2025-02-19 21:53:14 -05:00
Jussi Kukkonen
390f79ce55 pyproject: Unignore ISC001
This is no longer incompatible with ruff formatter.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2025-02-19 15:34:27 +02:00
Jussi Kukkonen
9c67e27a5f
Merge pull request #2795 from pakagronglb/enable-fa-linting
Enable FA (future annotations) linting ruleset
2025-02-19 13:20:35 +00:00
pakagronglb
acd7ed08d1 Update Python shebangs to explicitly use python3
Signed-off-by: pakagronglb <pakagronglebel@gmail.com>
2025-02-19 19:44:21 +07:00
pakagronglb
94639360ec Enable FA (future annotations) linting ruleset
Signed-off-by: pakagronglb <pakagronglebel@gmail.com>
2025-02-19 19:44:05 +07:00