It was excluded from the Timestamp schema definition in error.
In the process of making metadata writing use the Timestamp schema
strictly, this bug was discovered. Metadata previously written
included specification version, but the schema check did not.
Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
Add a tuf-level variable in tuf/__init__.py indicating the version
of the TUF specification that the code in this repository is
intended and expected to conform to.
This will be used when writing metadata.
Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
Kills classes MetaFile, RootFile, TargetsFile, MirrorsFile,
SnapshotFile, and TimestampFile. They each had an unused
from_ method and a used make_ method. They were all additional,
unnecessary representations of the same metadata, and it is
very important that metadata formats be defined once in the
reference implementation, in the schemas that are already used
more broadly, in foramts.py.
Replaces the classes, their methods, and some associated variables
with a single short function called build_dict_conforming_to_schema
that takes keyword arguments and builds a dictionary, then checks
to make sure that the result conforms to the given schema.
This commit shifts repository_lib from use of the old classes to
the new function.
In later commits, we should use this function more broadly, since it
can be of use in all schema construction.
There are several TODOs added to the code, mostly for post-#660
tasks.
Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
Specification version now only lives in tuf/__init__.py, and will only be
derived from there.
Specification version info is no longer in tuf.formats, where it was
previously moved from tuf.updater, since this was redundant.
Also finally corrects spec version testing in test_updater.py.
Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
and generate more friendly errors. Prior to this, a test in
test_updater.py was written in such a way to not actually be
testing whether or not specification version checking was
working correctly -- the error updater.py raised if a specification
version number was not supported was the same as would be raised
if a role version was not the expected version, and, amusingly,
the test could not distinguish between these two scenarios and
was providing the wrong role version......
Specification version mismatch now raises a particular error:
UnsupportedSpecificationError.
The specification version supported by this code is now also all
in one place, tuf.formats rather than tuf.updater.
Related error messages and testing were improved (with some
edge cases closed).
Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
Python3 does not support exception subscripting:
e.g. except ... as e:
e[1] # does not work in Python3
This line of code was presumably not covered by testing,
allowing it to persist.
Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
Add note to make clear what was implicit: that once a delegated role is created,
it can be accessed (for the same purposes as you'd access the Targets role
using `repository.targets`) as: `repository.targets("<delegated rolename>")`.
Also add that specific note to the add_targets section of the tutorial.
Note that the `repo.py --init` call also sets up a client directory.
A student recently ran into some confusion on this point, and it's not properly documented here.
- refer to the authoritative sources for the latest releases
- include new packager information
- add tasks for upcoming releases
- generalize release schedule
Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
Thanks go to @lukpueh for this helpful tip.
After merge, stdout should only appear if a test has failed. This
functionality is provided by `unittest.TextTestRunner` argument `buffer=True`.
This functions like the `--buffer` command line argument listed here:
https://docs.python.org/3/library/unittest.html#command-line-options
std out is discarded if a test succeeds.
Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
Hi, I did the quick-start today and missed some context. This is my suggestion.
Thanks for a cool framework!
Regards Håvard
Signed-off-by: Håvard B Line <havard.line@gmail.com>
Also add note about how this is done.
The dev-requirements.txt dependencies that do not appear in
requirements.txt have not been updated.
Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
If the role you're fetching the targets of is the 'targets' role,
do not download all delegated targets roles....
Continue to do that only if you're fetching the targets of a
delegated targets role, for historical reasons until this
deprecated function is removed / replaced.
Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
in tuf/exceptions.py, since those class definitions have docstrings,
and that is apparently sufficient in a class definition to make a
'pass' statement unnecessary. pylint version 2.2.0 complains about
unnecessary pass statements in this situation, so this resolves that.
Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
