Dimitrovr/test permissions #14
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
I looked into all changes between our current version 1.0.19 and the current version of the specification 1.0.28 and I agree with Jussi that the only one not fully resolved is: "8dafd00 (tag: v1.0.24) Clarify optional attributes" and more precisely the changes from commit: theupdateframework/specification@4dd279b It doesn't make sense to have a target file without "paths" or "path_hash_prefixes", so our `python-tuf requirement to have at least one of them set makes sense. Both with Jussi we agreed that we can easily loosen this requirement if when solving theupdateframework/specification#200 it's decided that both of them can be omitted, but for now, we decided it's better to stick to our current requirement to have one of them set. Signed-off-by: Martin Vrachev <[email protected]>
This reverts commit 55d6cb4. According to changelog setup-python v2.3.2 should include a workaround for the issue. Signed-off-by: Jussi Kukkonen <[email protected]>
Bumps [pynacl](https://github.com/pyca/pynacl) from 1.4.0 to 1.5.0. - [Release notes](https://github.com/pyca/pynacl/releases) - [Changelog](https://github.com/pyca/pynacl/blob/main/CHANGELOG.rst) - [Commits](pyca/pynacl@1.4.0...1.5.0) --- updated-dependencies: - dependency-name: pynacl dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: Jussi Kukkonen <[email protected]>
Bumps [requests](https://github.com/psf/requests) from 2.26.0 to 2.27.1. - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](psf/requests@v2.26.0...v2.27.1) --- updated-dependencies: - dependency-name: requests dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: Jussi Kukkonen <[email protected]>
Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.7 to 1.26.8. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](urllib3/urllib3@1.26.7...1.26.8) --- updated-dependencies: - dependency-name: urllib3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: Jussi Kukkonen <[email protected]>
Bumps [charset-normalizer](https://github.com/ousret/charset_normalizer) from 2.0.7 to 2.0.11. - [Release notes](https://github.com/ousret/charset_normalizer/releases) - [Changelog](https://github.com/Ousret/charset_normalizer/blob/master/CHANGELOG.md) - [Commits](jawah/charset_normalizer@2.0.7...2.0.11) --- updated-dependencies: - dependency-name: charset-normalizer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: Jussi Kukkonen <[email protected]>
Bumps [cryptography](https://github.com/pyca/cryptography) from 35.0.0 to 36.0.1. - [Release notes](https://github.com/pyca/cryptography/releases) - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@35.0.0...36.0.1) --- updated-dependencies: - dependency-name: cryptography dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: Jussi Kukkonen <[email protected]>
It's not obvious to casual reader that reading metadata and then writing it might not always produce the same file. It's also not immediately obvious why this matters. Document both concepts. Fixes theupdateframework#1392 Signed-off-by: Jussi Kukkonen <[email protected]>
…disable Revert "github: disable pip caching temporarily"
…b-for-dependabot Do dependabots job
…ation-hash-issue Metadata API: Document serialization "repro" issue
Configure docs to display - tuf icon as favicon - tuf horizontal logo (white) in navbar Signed-off-by: Lukas Puehringer <[email protected]>
Document ValueError, KeyError and TypeError exceptions for __init__ and from_dict() methods in Metadata API. Signed-off-by: Martin Vrachev <[email protected]>
This allows us to control when our workflows change. Dependabot should now open PRs when the actions update. This still leaves the actual OS image as a variable but Github does not support pinning that: we'd have to start using our own containers (and installing our own pythons, etc) to do that -- not worth the trouble. Fixes theupdateframework#1826 Signed-off-by: Jussi Kukkonen <[email protected]>
…n-version Update supported specification version to 1.0.28
Add a test triggering the MetaFile version validation and a TargetFile test accessing custom. Signed-off-by: Martin Vrachev <[email protected]>
The Python build tools are fine without a setup.py but Dependabot chokes: dependabot/dependabot-core#4483 Add a setup.py to keep Dependabot happy. Fixes theupdateframework#1828 Signed-off-by: Jussi Kukkonen <[email protected]>
pylint config lives in pyproject.toml nowadays. Signed-off-by: Jussi Kukkonen <[email protected]>
doc: render tuf logo and favicon on rtd
Add missing small tests
Re-add setup.py to fix dependabot
Bumps [pycparser](https://github.com/eliben/pycparser) from 2.20 to 2.21. - [Release notes](https://github.com/eliben/pycparser/releases) - [Changelog](https://github.com/eliben/pycparser/blob/master/CHANGES) - [Commits](eliben/pycparser@release_v2.20...release_v2.21) --- updated-dependencies: - dependency-name: pycparser dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
…-documentation Add exceptions docs for __init__ and from_dict()
We should handle the possible SerializationError inside Key.verify_signature(), because the user of this API is not interested in SerializationError when he is trying to verify his signature. Note that the SerializationError can be thrown when calling signed_serializer.serialize() on the metadata signed part. Signed-off-by: Martin Vrachev <[email protected]>
…pec-version Metadata API: Accept X.Y spec_version
List our licenses in the license field of setup.cfg While the PyPA packaging documentation states that the license field is optional[1] and that classifiers should be the main way to indicate license, this field is used to populate the License printed by pip show. 1. https://packaging.python.org/en/latest/guides/distributing-packages-using-setuptools/#license Fixes theupdateframework#1833 Signed-off-by: Joshua Lock <[email protected]>
This change unifies quotes to double backtick across docs in the Metadata API in order to provide better visualisation Signed-off-by: Ivana Atanasova <[email protected]>
This change unifies wording across docs in the Metadata API, like Args vs. Arguments and same repetitive descriptions written differently in different classes/methods Signed-off-by: Ivana Atanasova <[email protected]>
This change unifies as mush as the context allows and improves the use of definite vs. indefinite vs. no article across docs in the Metadata API. It sticks to no article in most cases for simplisity and readability, but leaves definite article where it's strictly necessary Signed-off-by: Ivana Atanasova <[email protected]>
Mention how to use verify_release with the recently added --sign option to create signatures for a verified release. Signed-off-by: Lukas Puehringer <[email protected]>
…pendabot/pip/securesystemslib-cryptopynacl--0.23.0 build(deps): bump securesystemslib[crypto,pynacl] from 0.22.0 to 0.23.0
Co-authored-by: Joshua Lock <[email protected]> Signed-off-by: Lukas Puehringer <[email protected]>
…e-sign Add option to sign release artifacts with verify_release
* Update Changelog * bump version Signed-off-by: Jussi Kukkonen <[email protected]>
python-tuf 1.1.0 release
It seems --no-deps does not work as it used to (and actually installs all build dependencies). This is very bad because verify_release also uses "--no-binary :all:" leading to actually _building_ all build dependencies from source. Use "--no-binary tuf" instead: build dependencies will still be installed (into a working environment) but at least they won't be built from source. Signed-off-by: Jussi Kukkonen <[email protected]>
* Release permissions are now controlled in GitHub release environment * It is no longer required for a releasing maintainer to have PyPI permissions Signed-off-by: Jussi Kukkonen <[email protected]>
verify_release: Tweak pip download
Building a specific release with specific build tools feels like correct choice for reproducibility in general. It's also practically required as the hatchling version is embedded in the WHEEL file: this means updating the build tool modifies the resulting build artifact. Pin hatchling version. This version should be kept up-to-date: my working assumption is that Dependabot will handle it. Signed-off-by: Jussi Kukkonen <[email protected]>
Bumps [cryptography](https://github.com/pyca/cryptography) from 36.0.2 to 37.0.1. - [Release notes](https://github.com/pyca/cryptography/releases) - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@36.0.2...37.0.1) --- updated-dependencies: - dependency-name: cryptography dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [mypy](https://github.com/python/mypy) from 0.942 to 0.950. - [Release notes](https://github.com/python/mypy/releases) - [Commits](python/mypy@v0.942...v0.950) --- updated-dependencies: - dependency-name: mypy dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
…sion build: Pin hatchling version
…-permissions-list Update maintainers permission checklist
requests project does not maintain annotations: typeshed project tries to do it for them, and releases the annotations as "types-requests". There's two main problems: * typeshed releases constantly: this means a lot of test dependency updates * typeshed releases are not tagged in git: updates are impossible to review The benefit we get from types-requests is minimal as there is very little requests-related code and it does not change often. Remove annotations to lower the test dependency update churn. Signed-off-by: Jussi Kukkonen <[email protected]>
Fixes theupdateframework#1937 Initialization of unrecognized_fields acts surprisingly when the input container is empty. Hence, We're checking for None instead of falsyness. Signed-off-by: Abhisman Sarkar <[email protected]>
Checking for None instead of falsyness
…pendabot/pip/cryptography-37.0.1 build(deps): bump cryptography from 36.0.2 to 37.0.1
…pendabot/pip/mypy-0.950 build(deps): bump mypy from 0.942 to 0.950
…checking lint: Stop using requests annotations
Bumps [pylint](https://github.com/PyCQA/pylint) from 2.13.7 to 2.13.8. - [Release notes](https://github.com/PyCQA/pylint/releases) - [Changelog](https://github.com/PyCQA/pylint/blob/main/ChangeLog) - [Commits](pylint-dev/pylint@v2.13.7...v2.13.8) --- updated-dependencies: - dependency-name: pylint dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
…pendabot/pip/pylint-2.13.8 build(deps): bump pylint from 2.13.7 to 2.13.8
Try to explain some decisions made in ngclient. Signed-off-by: Jussi Kukkonen <[email protected]>
Signed-off-by: Jussi Kukkonen <[email protected]>
Signed-off-by: Jussi Kukkonen <[email protected]>
docs: Add a blog post about ngclient design
…release Signed-off-by: Radoslav Dimitrov <[email protected]>
…rkflow Signed-off-by: Radoslav Dimitrov <[email protected]>
Signed-off-by: Radoslav Dimitrov <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Please fill in the fields below to submit a pull request. The more information
that is provided, the better.
Fixes #
Description of the changes being introduced by the pull request:
Please verify and check that the pull request fulfills the following
requirements: