From 8169b00745580652546e7cf73ba54aff55d136cb Mon Sep 17 00:00:00 2001 From: Joshua Lock Date: Wed, 21 Oct 2020 11:42:18 +0100 Subject: [PATCH 1/4] Prepare 0.15.0 release Update docs/CHANGELOG.md and bump version number for a 0.15.0 release Signed-off-by: Joshua Lock --- docs/CHANGELOG.md | 25 +++++++++++++++++++++++++ setup.py | 2 +- tuf/__init__.py | 2 +- 3 files changed, 27 insertions(+), 2 deletions(-) diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md index ad158955cb..a428b83230 100644 --- a/docs/CHANGELOG.md +++ b/docs/CHANGELOG.md @@ -1,5 +1,30 @@ # Changelog +## v0.15.0 +### Added +* Simple TUF role metadata model in the `tuf.api` package for interacting with + metadata files directly, per-file without the overheads of reading and + writing the entire repository at once (#1112) +* Raise `MissingLocalRepositoryError` in updater when local repository can not + be found (#1173) + +### Changed +* Raise an error in `tuf.client.updater` when metadata is loaded without a + signature (#1100) +* Print a warning in `tuf.repository_tool` when metadata is written without a + signature (#1100) +* Remove iso8661 dependency (#1176) +* Bump dependencies: cffi (#1146), cryptography (#1149), urllib (#1179) +* Overhauled logging to be less verbose and less alarming, by removing logging + in the library when an exception is raised (including the same information + that was logged) and using more appropriate log levels (#1145) +* Make test output more useful by reducing and improving logging (#1145, #1104, #1170) +* Make the `targets_path`, `metadata_path` and `confined_target_dirs` fields in + `tuf.client.updater`s mirror configuration optional (#1153, #1166) + +### Fixed +* Ensure file objects and `requests.Responses` are closed during tests (#1147) + ## v0.14.0 ### Added * Added a mechanism to the Updater to disable the hash prefix for target files diff --git a/setup.py b/setup.py index 4d6f523cbf..d245823c52 100755 --- a/setup.py +++ b/setup.py @@ -78,7 +78,7 @@ setup( name = 'tuf', - version = '0.14.0', # If updating version, also update it in tuf/__init__.py + version = '0.15.0', # If updating version, also update it in tuf/__init__.py description = 'A secure updater framework for Python', long_description = long_description, long_description_content_type='text/markdown', diff --git a/tuf/__init__.py b/tuf/__init__.py index 681f31e74d..6ae8b31db5 100755 --- a/tuf/__init__.py +++ b/tuf/__init__.py @@ -2,7 +2,7 @@ # setup.py has it hard-coded separately. # Currently, when the version is changed, it must be set in both locations. # TODO: Single-source the version number. -__version__ = "0.14.0" +__version__ = "0.15.0" # This reference implementation produces metadata intended to conform to # version 1.0.0 of the TUF specification, and is expected to consume metadata From 33ac3741846a7a6f77497d9c7172611af830c6fe Mon Sep 17 00:00:00 2001 From: Joshua Lock Date: Wed, 21 Oct 2020 16:53:16 +0100 Subject: [PATCH 2/4] Bump securesystemslib from 0.16.0 to 0.17.0 We just released securesystemslib 0.17.0 and it would be better if tuf did not pin the prior version. https://pypi.org/project/securesystemslib/0.17.0/ https://github.com/secure-systems-lab/securesystemslib/releases/tag/v0.17.0 Signed-off-by: Joshua Lock --- docs/CHANGELOG.md | 3 ++- requirements-pinned.txt | 3 +-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md index a428b83230..3d01f5b71a 100644 --- a/docs/CHANGELOG.md +++ b/docs/CHANGELOG.md @@ -14,7 +14,8 @@ * Print a warning in `tuf.repository_tool` when metadata is written without a signature (#1100) * Remove iso8661 dependency (#1176) -* Bump dependencies: cffi (#1146), cryptography (#1149), urllib (#1179) +* Bump dependencies: cffi (#1146), cryptography (#1149), urllib (#1179), + securesystemslib (#1183) * Overhauled logging to be less verbose and less alarming, by removing logging in the library when an exception is raised (including the same information that was logged) and using more appropriate log levels (#1145) diff --git a/requirements-pinned.txt b/requirements-pinned.txt index 0ad9636ecf..84c01e05c1 100644 --- a/requirements-pinned.txt +++ b/requirements-pinned.txt @@ -7,9 +7,8 @@ idna==2.10 # via requests ipaddress==1.0.23 ; python_version < '3' # via cryptography pycparser==2.20 # via cffi pynacl==1.4.0 # via securesystemslib -python-dateutil==2.8.1 # via securesystemslib requests==2.24.0 -securesystemslib[crypto,pynacl]==0.16.0 +securesystemslib[crypto,pynacl]==0.17.0 six==1.15.0 subprocess32==3.5.4 ; python_version < '3' # via securesystemslib urllib3==1.25.11 # via requests From d992e8b128d6ec7d3ab70f38d0e3136e4296504d Mon Sep 17 00:00:00 2001 From: Joshua Lock Date: Wed, 21 Oct 2020 17:25:07 +0100 Subject: [PATCH 3/4] Add python-dateutil to test requirements tests/test_api.py uses python-dateutil, therefore ensure it is installed for Travis and AppVeyor. Signed-off-by: Joshua Lock --- appveyor.yml | 2 +- requirements-test.txt | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/appveyor.yml b/appveyor.yml index a480c5fc2e..5c6c4cf07e 100644 --- a/appveyor.yml +++ b/appveyor.yml @@ -27,7 +27,7 @@ install: - set PATH=%PYTHON%;%PYTHON%\\Scripts;%PATH% - python -m pip install -U pip setuptools - pip install -e . - - pip install securesystemslib[crypto,pynacl] + - pip install securesystemslib[crypto,pynacl] python-dateutil - if %PYTHON_VERSION%==2.7 pip install mock build: false diff --git a/requirements-test.txt b/requirements-test.txt index b3ee09c4f2..d6cc7fc565 100644 --- a/requirements-test.txt +++ b/requirements-test.txt @@ -6,6 +6,9 @@ # test runtime dependencies (see 'tests_require' field in setup.py) mock; python_version < "3.3" +# tuf.api tests use python-dateutil +python-dateutil + # additional test tools for linting and coverage measurement coverage pylint From 10b9db1e40c74493bff7ad3995058e11b22afb2d Mon Sep 17 00:00:00 2001 From: Lukas Puehringer Date: Thu, 22 Oct 2020 13:57:27 +0200 Subject: [PATCH 4/4] Prepare 0.15.0 release (II) Update docs/CHANGELOG.md to include missing items. Signed-off-by: Lukas Puehringer --- docs/CHANGELOG.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md index 3d01f5b71a..fd4c662c81 100644 --- a/docs/CHANGELOG.md +++ b/docs/CHANGELOG.md @@ -4,9 +4,11 @@ ### Added * Simple TUF role metadata model in the `tuf.api` package for interacting with metadata files directly, per-file without the overheads of reading and - writing the entire repository at once (#1112) + writing the entire repository at once (#1112, #1177, #1183) * Raise `MissingLocalRepositoryError` in updater when local repository can not be found (#1173) +* Tests for targets metadata generation with existing `fileinfo` (#1078) +* Test-verbosity documentation (#1151) ### Changed * Raise an error in `tuf.client.updater` when metadata is loaded without a @@ -22,9 +24,14 @@ * Make test output more useful by reducing and improving logging (#1145, #1104, #1170) * Make the `targets_path`, `metadata_path` and `confined_target_dirs` fields in `tuf.client.updater`s mirror configuration optional (#1153, #1166) +* Include LICENSE files with source distributions (#1162) +* Update Python version to be used in release instructions (#1163) +* Remove direct use of `colorama` and dependency (#1180) ### Fixed * Ensure file objects and `requests.Responses` are closed during tests (#1147) +* Auto-test against `securesystemslib` head of development (#1185) +* Fix parameter name in `tuf.repository_lib` error message (#1078) ## v0.14.0 ### Added