This commit fixes the relatives links on README.md, adding absolute
links.
The PyPI renders the README.md as an HTML page on the landing page
of the python-tuf package. If the links are not absolute links to
the files in git repository, they will fail.
Fixes: #1739
Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
This commit explicitly encodes role names. Mostly this encoding is already
happening in ``requests`` for what is not a URL.
The "/" in a role name will now be encoded.
Also, a slight change in the RepositorySimulator will align with the tests.
This commit partially covers issue #1634
Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
Remove old doc/tuf-spec* documents, which are merely pointers to
the theupdateframework/specification repo (created in late 2017).
They were likely kept in place to avoid 404s of old links, but the
up-to-date TUF specification location should be discoverable enough
to get rid of the pointers.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
This commit is a simple trailing whitespaces cleanup from the files
inside the docs folder.
The files on docs sub-directories are not part of this commit.
The docs/SECURITY.md will be removed on PR #1769
Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
These documents describe TUF server (mostly key management) and
client (mostly targets delegation) operations referring to a long
outdated TUF specification and suggesting the use of long gone
python-tuf tooling.
A deprecation disclaimer was added to the document headers already
in 2014 (see b84225f3e7).
I think it is safe to remove them.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
fossa.com integration for automated license compliance scans was
discontinued with #1242. There has been no initiative to
re-enable it in over a year.
This patch removes a since then obsolete config file. Let's re-add
when needed.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Just came across two instances where line-continued strings missed
a separating whitespace and fixed them.
Note: I also checked the entire repo for more such cases using the
regex `[^ ]["']\n *f?["'][^ ]` but didn't find any.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
When calling updater._persist_metadata() there is a possibility that
writing the temporary file to storage can succeed, but moving it with
os.replace could fail with OSError.
Make sure we are removing the newly created temporary file in that case.
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
Remove `bump_version()` method, which is just an alias for "+= 1"
on the version attribute. For a slim low-level API it seems okay to
just directly access/modify the attribute.
The extra level of abstraction of "bumping a version" is more
appropriate for a repository library (see #1136).
This patch also removes a related unit test and updates another one
to directly do `(...).version +=`.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
This commit adds to the CI an automatic check for the TUF
specification version and compares it with the python-tuf metadata
API version.
If the version does not match and there is not a issue already open,
a new issue is opened.
Closes#1598
Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
New pylint warnings appeared related to changes
in urlib3:
- tests/test_fetcher_ng.py:128: error: Argument 1 to "ReadTimeoutError"
has incompatible type "None"; expected "ConnectionPool" [arg-type]
- tests/test_fetcher_ng.py:128: error: Argument 2 to "ReadTimeoutError"
has incompatible type "None"; expected "str" [arg-type]
I noticed these error in this CI run:
https://github.com/theupdateframework/python-tuf/runs/4764931441?check_suite_focus=true
I fixed them by creating a urllib3.HTTPConnectionPool() instance as
the first argument and replaced the second argument with an empty
string.
This seems to do the job.
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
After making a successful update of valid metadata which stores it
in cache and performing a second update with a new updater while
the metadata is already stored in cache, this test verifies that
timestamp, snaphot and targets are loaded from cache and not
downloaded
Fixes#1681
Signed-off-by: Ivana Atanasova <iyovcheva@vmware.com>
Dictionary.get() by default will return "None" if the key is not
found as documented in:
https://docs.python.org/3/library/stdtypes.html#dict.get
This means we don't get anything by passing the default type.
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
keyids are ordered in the data we deserialize: Not preserving that order
breaks canonicalization. Set does not preserve order.
Change Role.keyids type from Set to List. This is strictly speaking
an API change but a minor one: keyids are supposed to be changed
via add_key()/remove_key().
Add tests for this for both Role and DelegatedRole. Shorten a related
exception message.
Fix#1752
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
This test simulates the targets fast-forward attack recovery.
It simulates that the targets keys were compromised, the attacker
generated a new high version of the targets.
The repository generates new key for snapshot to rollback the
targets version to the initial version.
Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
TUF uses file name hashes elsewhere so make it clear when hashes are for
file _contents_.
Fixes#1737.
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
Move the remaining
test_snapshot_rollback_with_local_snapshot_hash_mismatch
to test_updater_top_level_update.py and remove the file.
Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
