From 707260bedb5c923567a9612c89cf695f7cc43984 Mon Sep 17 00:00:00 2001 From: Philippe Coval Date: Tue, 2 Mar 2021 22:16:14 +0100 Subject: [PATCH 01/29] debian: Bump to current standards Change-Id: Ib259d270399dbb9d1ebb0c133f4d9cda47c7ee75 Signed-off-by: Philippe Coval --- debian/control | 5 +++-- debian/watch | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/debian/control b/debian/control index ba58589b73..bade94da5d 100644 --- a/debian/control +++ b/debian/control @@ -4,13 +4,14 @@ Uploaders: Philippe Coval Section: devel Priority: optional Build-Depends: dh-python, - debhelper-compat (= 12), + debhelper-compat (= 13), python3-all, python3-setuptools, python3-six, python3-requests, python3-securesystemslib -Standards-Version: 4.5.0 +Standards-Version: 4.5.1 +Rules-Requires-Root: no Vcs-Browser: https://github.com/theupdateframework/tuf Vcs-Git: https://github.com/theupdateframework/tuf.git Homepage: https://theupdateframework.com diff --git a/debian/watch b/debian/watch index 2ac47668ae..129733b992 100644 --- a/debian/watch +++ b/debian/watch @@ -1,3 +1,3 @@ -version=3 +version=4 opts=uversionmangle=s/(rc|a|b|c)/~$1/,pgpsigurlmangle=s/$/.asc/ \ https://pypi.debian.net/tuf/tuf-(.+)\.(?:zip|tgz|tbz|txz|(?:tar\.(?:gz|bz2|xz))) From d8c65f9dd04fcdf246dc12548a680cb8f2329100 Mon Sep 17 00:00:00 2001 From: Philippe Coval Date: Tue, 2 Mar 2021 16:42:35 +0100 Subject: [PATCH 02/29] g/gbs.conf: Add configuration that use upstream tags Signed-off-by: Philippe Coval --- debian/gbp.conf | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 debian/gbp.conf diff --git a/debian/gbp.conf b/debian/gbp.conf new file mode 100644 index 0000000000..8685daefe6 --- /dev/null +++ b/debian/gbp.conf @@ -0,0 +1,3 @@ +[DEFAULT] +debian-branch=debian/master +upstream-tag = v%(version)s From cf951b4ca0f33a64db301c7df4ffb8936b0b0b42 Mon Sep 17 00:00:00 2001 From: Philippe Coval Date: Wed, 10 Mar 2021 14:13:25 +0100 Subject: [PATCH 03/29] d/watch: Use git tags as base Signed-off-by: Philippe Coval --- debian/watch | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/debian/watch b/debian/watch index 129733b992..e1c0304646 100644 --- a/debian/watch +++ b/debian/watch @@ -1,3 +1,4 @@ version=4 -opts=uversionmangle=s/(rc|a|b|c)/~$1/,pgpsigurlmangle=s/$/.asc/ \ -https://pypi.debian.net/tuf/tuf-(.+)\.(?:zip|tgz|tbz|txz|(?:tar\.(?:gz|bz2|xz))) +opts=pgpmode=auto \ +https://github.com/theupdateframework/tuf/releases \ +/theupdateframework/tuf/releases/download/.*/tuf-@ANY_VERSION@@ARCHIVE_EXT@ From 20a71eeef5aee0e04810c20f51280fdfcfca7200 Mon Sep 17 00:00:00 2001 From: Philippe Coval Date: Thu, 18 Feb 2021 10:10:27 +0100 Subject: [PATCH 04/29] d/rules: Temporary disable tests system's tox can't be used for now I'll add a change to support pip's one. Change-Id: I98e1ddaeec93492bf3724fe1f0e0fdf0c80140d0 Signed-off-by: Philippe Coval --- debian/rules | 1 + 1 file changed, 1 insertion(+) diff --git a/debian/rules b/debian/rules index 810d328e1c..ee3944c25e 100755 --- a/debian/rules +++ b/debian/rules @@ -2,6 +2,7 @@ #export DH_VERBOSE = 1 export PYBUILD_NAME = tuf +export PYBUILD_DISABLE_python3 = test %: dh $@ --with python3 --buildsystem=pybuild From 48ced2e9ebdba21aeb31d122463a80ab4b13ce3e Mon Sep 17 00:00:00 2001 From: Philippe Coval Date: Tue, 2 Mar 2021 15:23:38 +0100 Subject: [PATCH 05/29] d/rules: Prevent to install scripts to PATH User will have to use thoses already packaged in python directory Change-Id: I0d985b21225a0553c8d0279582ce8307ad575fe0 Signed-off-by: Philippe Coval --- debian/rules | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/debian/rules b/debian/rules index ee3944c25e..0754fd8a70 100755 --- a/debian/rules +++ b/debian/rules @@ -6,3 +6,7 @@ export PYBUILD_DISABLE_python3 = test %: dh $@ --with python3 --buildsystem=pybuild + +override_dh_install: + dh_install + rm -rfv debian/*/usr/bin/*.py From 8c09887ca4d8d6e5b0e12244048c8cf4640a9b8e Mon Sep 17 00:00:00 2001 From: Philippe Coval Date: Tue, 2 Mar 2021 15:08:06 +0100 Subject: [PATCH 06/29] d/control: Set section to python Fix wrong-section-according-to-package-name warning Change-Id: I66d50145984f96d6798542319d9e1833b4627a6a Signed-off-by: Philippe Coval --- debian/control | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/control b/debian/control index bade94da5d..e5260a9763 100644 --- a/debian/control +++ b/debian/control @@ -1,7 +1,7 @@ Source: python-tuf Maintainer: Debian Python Team Uploaders: Philippe Coval -Section: devel +Section: python Priority: optional Build-Depends: dh-python, debhelper-compat (= 13), From 5cfdc1654374c4f61f561e3a6f2e5f5a05e1c6b1 Mon Sep 17 00:00:00 2001 From: Philippe Coval Date: Tue, 2 Mar 2021 22:07:06 +0100 Subject: [PATCH 07/29] d/copyright: Update URLs to https Signed-off-by: Philippe Coval Change-Id: I4729f1a335b1860122293b629a69e852ceb1e858 --- debian/copyright | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/copyright b/debian/copyright index 1964e307c6..e7463e73f9 100644 --- a/debian/copyright +++ b/debian/copyright @@ -11,7 +11,7 @@ License: Apache-2.0 you may not use this file except in compliance with the License. You may obtain a copy of the License at . - http://www.apache.org/licenses/LICENSE-2.0 + https://www.apache.org/licenses/LICENSE-2.0 . Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, From dc05ce8e97b60256158747886d216b81e3d2c97b Mon Sep 17 00:00:00 2001 From: Philippe Coval Date: Tue, 2 Mar 2021 15:19:33 +0100 Subject: [PATCH 08/29] d/upstream: Add metadata file Fix lintian warning upstream-metadata-file-is-missing Signed-off-by: Philippe Coval Change-Id: Idb36dee8b356d5fe3146c10c36ba20e204c22b21 --- debian/upstream/metadata | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 debian/upstream/metadata diff --git a/debian/upstream/metadata b/debian/upstream/metadata new file mode 100644 index 0000000000..6af0dd0299 --- /dev/null +++ b/debian/upstream/metadata @@ -0,0 +1,5 @@ +Bug-Database: https://github.com/theupdateframework/tuf/issues/ +Bug-Submit: https://github.com/theupdateframework/tuf/issues/new +Documentation: https://theupdateframework.io/ +Repository-Browse: https://github.com/theupdateframework/tuf/ +Repository: https://github.com/theupdateframework/tuf.git From 19f361093039cc9cebe4a0400fd37ef8cc429edd Mon Sep 17 00:00:00 2001 From: Philippe Coval Date: Tue, 2 Mar 2021 21:58:46 +0100 Subject: [PATCH 09/29] d/copyright: Add Upstream-Contact Signed-off-by: Philippe Coval --- debian/copyright | 2 ++ 1 file changed, 2 insertions(+) diff --git a/debian/copyright b/debian/copyright index e7463e73f9..ea032bd126 100644 --- a/debian/copyright +++ b/debian/copyright @@ -1,4 +1,6 @@ Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Contact: https://github.com/theupdateframework, + tuf developers Upstream-Name: tuf Source: https://github.com/theupdateframework From 0040dfda756d4b22b154fc2572650d1ca226877d Mon Sep 17 00:00:00 2001 From: Philippe Coval Date: Wed, 10 Mar 2021 17:41:43 +0100 Subject: [PATCH 10/29] d/copyright: Add packaging files Signed-off-by: Philippe Coval --- debian/copyright | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/debian/copyright b/debian/copyright index ea032bd126..f70c5e0cb8 100644 --- a/debian/copyright +++ b/debian/copyright @@ -6,6 +6,13 @@ Source: https://github.com/theupdateframework Files: * Copyright: 2018 New York University +License: Apache-2.0 + +Files: debian/* +Copyright: 2018 New York University + 2021 Philippe Coval +License: Apache-2.0 + License: Apache-2.0 Copyright 2018 New York University . From 4e63257d3622d0692f7f38bbaa6c15e9a538865e Mon Sep 17 00:00:00 2001 From: Philippe Coval Date: Fri, 26 Mar 2021 16:57:53 +0100 Subject: [PATCH 11/29] d/control: Update Vcs URL to use DPT salsa Signed-off-by: Philippe Coval --- debian/control | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian/control b/debian/control index e5260a9763..487b1de634 100644 --- a/debian/control +++ b/debian/control @@ -12,8 +12,8 @@ Build-Depends: dh-python, python3-securesystemslib Standards-Version: 4.5.1 Rules-Requires-Root: no -Vcs-Browser: https://github.com/theupdateframework/tuf -Vcs-Git: https://github.com/theupdateframework/tuf.git +Vcs-Browser: https://salsa.debian.org/python-team/packages/python-tuf/-/tree/debian/master +Vcs-Git: https://salsa.debian.org/python-team/packages/python-tuf.git Homepage: https://theupdateframework.com Package: python3-tuf From 8294fc2cd5b55da4deb632b8add7a0ab7d757c22 Mon Sep 17 00:00:00 2001 From: Philippe Coval Date: Sat, 27 Mar 2021 14:05:02 +0100 Subject: [PATCH 12/29] d/watch: Use signed tags as upstream Signed-off-by: Philippe Coval --- debian/watch | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/debian/watch b/debian/watch index e1c0304646..7f2254305d 100644 --- a/debian/watch +++ b/debian/watch @@ -1,4 +1,5 @@ version=4 -opts=pgpmode=auto \ -https://github.com/theupdateframework/tuf/releases \ -/theupdateframework/tuf/releases/download/.*/tuf-@ANY_VERSION@@ARCHIVE_EXT@ +opts="mode=git,pgpmode=gittag" \ +https://github.com/theupdateframework/tuf.git \ +refs/tags/v([\d\.]+) + From 2452949bb615c0282f3ef8ad24b99da8028e844c Mon Sep 17 00:00:00 2001 From: Philippe Coval Date: Sat, 27 Mar 2021 11:20:24 +0000 Subject: [PATCH 13/29] d/control: Add deps for tests Signed-off-by: Philippe Coval --- debian/control | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/debian/control b/debian/control index 487b1de634..01d9771083 100644 --- a/debian/control +++ b/debian/control @@ -4,12 +4,27 @@ Uploaders: Philippe Coval Section: python Priority: optional Build-Depends: dh-python, + black, debhelper-compat (= 13), python3-all, + python3-astroid, + python3-bandit, + python3-certifi, + python3-cffi, + python3-chardet, + python3-coverage, + python3-cryptography, + python3-dateutil, + python3-idna, + python3-nacl, + python3-pycparser, + python3-pytest-pylint, + python3-requests, + python3-securesystemslib, python3-setuptools, python3-six, - python3-requests, - python3-securesystemslib + python3-urllib3, + tox Standards-Version: 4.5.1 Rules-Requires-Root: no Vcs-Browser: https://salsa.debian.org/python-team/packages/python-tuf/-/tree/debian/master From e2b9a8cf3f413c7a1cb8c8ebdc9ca742e4231a0e Mon Sep 17 00:00:00 2001 From: Philippe Coval Date: Wed, 3 Mar 2021 13:57:33 +0100 Subject: [PATCH 14/29] debian/rules: Add tests that pull pip deps It's not enabled by default because pip will pull deps, but it can be convient to try using: fakeroot ./debian/rules binary \ PYBUILD_DISABLE_python3='' \ DEB_BUILD_OPTIONS='' \ TOX_OPTIONS="--sitepackages" offline testing will need to be introduced later (once debian's tox is supported with tuf) Signed-off-by: Philippe Coval --- debian/control | 1 - debian/rules | 20 +++++++++++++++++++- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/debian/control b/debian/control index 01d9771083..03c5cffdaa 100644 --- a/debian/control +++ b/debian/control @@ -18,7 +18,6 @@ Build-Depends: dh-python, python3-idna, python3-nacl, python3-pycparser, - python3-pytest-pylint, python3-requests, python3-securesystemslib, python3-setuptools, diff --git a/debian/rules b/debian/rules index 0754fd8a70..66bce02c09 100755 --- a/debian/rules +++ b/debian/rules @@ -1,8 +1,12 @@ #!/usr/bin/make -f -#export DH_VERBOSE = 1 +export DH_VERBOSE = 1 export PYBUILD_NAME = tuf export PYBUILD_DISABLE_python3 = test +export DEB_BUILD_OPTIONS += nocheck + +PYVERS ?= $(shell py3versions -rv) +TOX_OPTIONS += --recreate %: dh $@ --with python3 --buildsystem=pybuild @@ -10,3 +14,17 @@ export PYBUILD_DISABLE_python3 = test override_dh_install: dh_install rm -rfv debian/*/usr/bin/*.py + +override_dh_auto_test: +ifeq (,$(findstring nocheck,$(DEB_BUILD_OPTIONS))) + sed -e 's/--use-deprecated=legacy-resolver//g' -i tox.ini + tox -l + for py in $(PYVERS); do \ + env=$$(echo "py$${py}" | tr -d '.') ; \ + tox ${TOX_OPTIONS} -e "$${env}" -- -s ; \ +done +endif + +override_dh_auto_clean: + rm -rf .tox + dh_auto_clean From 9abadf023b49dba2a57f3fe9bb061cbc7ff7cd18 Mon Sep 17 00:00:00 2001 From: Philippe Coval Date: Sat, 27 Mar 2021 12:27:05 +0100 Subject: [PATCH 15/29] d/patches: Add downstream patches to relax tests Those patches should net be forwarded to upstream's main branch Relate-to: https://github.com/theupdateframework/python-tuf/issues/263 Signed-off-by: Philippe Coval --- ...-Ignore-pinned-deps-use-systems-ones.patch | 31 +++++++++++ ...e-python3-coverage-from-sitepackages.patch | 55 +++++++++++++++++++ debian/patches/series | 2 + 3 files changed, 88 insertions(+) create mode 100644 debian/patches/0001-test-Ignore-pinned-deps-use-systems-ones.patch create mode 100644 debian/patches/0002-test-Use-python3-coverage-from-sitepackages.patch create mode 100644 debian/patches/series diff --git a/debian/patches/0001-test-Ignore-pinned-deps-use-systems-ones.patch b/debian/patches/0001-test-Ignore-pinned-deps-use-systems-ones.patch new file mode 100644 index 0000000000..4da30a34a4 --- /dev/null +++ b/debian/patches/0001-test-Ignore-pinned-deps-use-systems-ones.patch @@ -0,0 +1,31 @@ +From: Philippe Coval +Date: Sat, 27 Mar 2021 11:20:24 +0000 +Subject: test: Ignore pinned deps use systems ones + +Relate-to: https://github.com/theupdateframework/tuf/pull/1325 +Forwarded: not-needed +Signed-off-by: Philippe Coval +--- + tox.ini | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/tox.ini b/tox.ini +index acf8044..c98517e 100644 +--- a/tox.ini ++++ b/tox.ini +@@ -19,7 +19,6 @@ commands = + coverage report -m --fail-under 97 + + deps = +- -r{toxinidir}/requirements-test.txt + # Install TUF in editable mode, instead of tox default virtual environment + # installation (see `skipsdist`), to get relative paths in coverage reports + --editable {toxinidir} +@@ -33,7 +32,6 @@ install_command = pip install --use-deprecated=legacy-resolver --pre {opts} {pac + [testenv:with-sslib-master] + deps = + git+http://github.com/secure-systems-lab/securesystemslib.git@master#egg=securesystemslib +- -r{toxinidir}/requirements-test.txt + --editable {toxinidir} + + commands = diff --git a/debian/patches/0002-test-Use-python3-coverage-from-sitepackages.patch b/debian/patches/0002-test-Use-python3-coverage-from-sitepackages.patch new file mode 100644 index 0000000000..d71aa275b9 --- /dev/null +++ b/debian/patches/0002-test-Use-python3-coverage-from-sitepackages.patch @@ -0,0 +1,55 @@ +From: Philippe Coval +Date: Sat, 27 Mar 2021 11:20:24 +0000 +Subject: test: Use python3-coverage from sitepackages + +Suppress coverage fail threshold + +Debian python team prefer to not break on coverage issues, +so they are just skip for now. + +I suspect this is caused by unaligned deps, +threshold may be reintroduced once sitepackages get aligned with: +requirements-pinned.txt + +For example this one is currently outdated: + +https://tracker.debian.org/pkg/python-certifi + +Relate-to: https://github.com/theupdateframework/tuf/issues/263 +Forwarded: not-needed +Signed-off-by: Philippe Coval +--- + tox.ini | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +diff --git a/tox.ini b/tox.ini +index c98517e..d8d1b34 100644 +--- a/tox.ini ++++ b/tox.ini +@@ -13,10 +13,13 @@ skipsdist = true + # would make use of other testing tools such as coverage/coveralls easier. + changedir = tests + ++allowlist_externals = python3-coverage ++ ++ + commands = + python --version +- coverage run aggregate_tests.py +- coverage report -m --fail-under 97 ++ python3 -m coverage run aggregate_tests.py ++ python3-coverage report -m + + deps = + # Install TUF in editable mode, instead of tox default virtual environment +@@ -35,8 +38,8 @@ deps = + --editable {toxinidir} + + commands = +- coverage run aggregate_tests.py +- coverage report -m ++ python3 -m coverage run aggregate_tests.py ++ python3-coverage report -m + + [testenv:lint] + commands = diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000000..50c14c75f2 --- /dev/null +++ b/debian/patches/series @@ -0,0 +1,2 @@ +0001-test-Ignore-pinned-deps-use-systems-ones.patch +0002-test-Use-python3-coverage-from-sitepackages.patch From 41fcee2d35f94f7cd7645665f913af6ccd3ebaea Mon Sep 17 00:00:00 2001 From: Philippe Coval Date: Sat, 27 Mar 2021 11:20:24 +0000 Subject: [PATCH 16/29] d/rules: Enable tests with sitepackages Signed-off-by: Philippe Coval --- debian/rules | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/debian/rules b/debian/rules index 66bce02c09..daa60b6266 100755 --- a/debian/rules +++ b/debian/rules @@ -2,11 +2,9 @@ export DH_VERBOSE = 1 export PYBUILD_NAME = tuf -export PYBUILD_DISABLE_python3 = test -export DEB_BUILD_OPTIONS += nocheck PYVERS ?= $(shell py3versions -rv) -TOX_OPTIONS += --recreate +TOX_OPTIONS += --sitepackages %: dh $@ --with python3 --buildsystem=pybuild From 66ff20eee44ece4983907e7712ef5213630a410a Mon Sep 17 00:00:00 2001 From: Philippe Coval Date: Sat, 27 Mar 2021 23:31:22 +0100 Subject: [PATCH 17/29] d/tests: Add autopkgtest Signed-off-by: Philippe Coval --- debian/control | 1 + debian/tests/control | 29 +++++++++++++++++++++++++++++ debian/tests/testsuite | 13 +++++++++++++ 3 files changed, 43 insertions(+) create mode 100644 debian/tests/control create mode 100755 debian/tests/testsuite diff --git a/debian/control b/debian/control index 03c5cffdaa..1358325222 100644 --- a/debian/control +++ b/debian/control @@ -29,6 +29,7 @@ Rules-Requires-Root: no Vcs-Browser: https://salsa.debian.org/python-team/packages/python-tuf/-/tree/debian/master Vcs-Git: https://salsa.debian.org/python-team/packages/python-tuf.git Homepage: https://theupdateframework.com +Testsuite: autopkgtest-pkg-python Package: python3-tuf Architecture: all diff --git a/debian/tests/control b/debian/tests/control new file mode 100644 index 0000000000..ecd99ac0c9 --- /dev/null +++ b/debian/tests/control @@ -0,0 +1,29 @@ +Test-Command: set -e ; for py in $(py3versions -r 2>/dev/null) ; do cd "$AUTOPKGTEST_TMP" ; echo "Testing with $py:" ; $py -c "import tuf; print(tuf)" ; done +Depends: + python3-all, + @, +Restrictions: allow-stderr, superficial, +Features: test-name=autodep8-python3 + +Tests: testsuite +Depends: + @, + python-is-python3, + python3-pytest, + python3-all, + python3-astroid, + python3-bandit, + python3-certifi, + python3-cffi, + python3-chardet, + python3-cryptography, + python3-dateutil, + python3-idna, + python3-nacl, + python3-pycparser, + python3-requests, + python3-securesystemslib, + python3-setuptools, + python3-six, + python3-urllib3, +Restrictions: allow-stderr diff --git a/debian/tests/testsuite b/debian/tests/testsuite new file mode 100755 index 0000000000..dbdfcef3c6 --- /dev/null +++ b/debian/tests/testsuite @@ -0,0 +1,13 @@ +#!/bin/sh +set -efu +set -x + +pys="$(py3versions -s 2> /dev/null)" + +cp -rva tests "$AUTOPKGTEST_TMP/" +cd "$AUTOPKGTEST_TMP/tests" + +for py in $pys; do + echo "=== $py ===" + PYTHONPATH="../tests/.." $py aggregate_tests.py +done From 2dbdf8c3158db21c6b7d1d50b5481e06709825fb Mon Sep 17 00:00:00 2001 From: Philippe Coval Date: Mon, 29 Mar 2021 12:35:46 +0200 Subject: [PATCH 18/29] debian: Use python-is-python3 Then part of patch can be upstreamed Signed-off-by: Philippe Coval --- debian/control | 1 + ...0002-test-Use-python3-coverage-from-sitepackages.patch | 8 ++++---- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/debian/control b/debian/control index 1358325222..00d5824891 100644 --- a/debian/control +++ b/debian/control @@ -6,6 +6,7 @@ Priority: optional Build-Depends: dh-python, black, debhelper-compat (= 13), + python-is-python3, python3-all, python3-astroid, python3-bandit, diff --git a/debian/patches/0002-test-Use-python3-coverage-from-sitepackages.patch b/debian/patches/0002-test-Use-python3-coverage-from-sitepackages.patch index d71aa275b9..bd42af0622 100644 --- a/debian/patches/0002-test-Use-python3-coverage-from-sitepackages.patch +++ b/debian/patches/0002-test-Use-python3-coverage-from-sitepackages.patch @@ -37,8 +37,8 @@ index c98517e..d8d1b34 100644 python --version - coverage run aggregate_tests.py - coverage report -m --fail-under 97 -+ python3 -m coverage run aggregate_tests.py -+ python3-coverage report -m ++ python -m coverage run aggregate_tests.py ++ python -m coverage report -m deps = # Install TUF in editable mode, instead of tox default virtual environment @@ -48,8 +48,8 @@ index c98517e..d8d1b34 100644 commands = - coverage run aggregate_tests.py - coverage report -m -+ python3 -m coverage run aggregate_tests.py -+ python3-coverage report -m ++ python -m coverage run aggregate_tests.py ++ python -m coverage report -m [testenv:lint] commands = From 34d9250fa2b599893ad2d42349cf0d6772a22b62 Mon Sep 17 00:00:00 2001 From: Philippe Coval Date: Mon, 29 Mar 2021 12:35:46 +0200 Subject: [PATCH 19/29] debian: Add docs Signed-off-by: Philippe Coval --- debian/control | 8 ++++++++ debian/python3-tuf-doc.doc-base | 13 +++++++++++++ debian/python3-tuf-doc.docs | 2 ++ debian/rules | 5 +++++ 4 files changed, 28 insertions(+) create mode 100644 debian/python3-tuf-doc.doc-base create mode 100644 debian/python3-tuf-doc.docs diff --git a/debian/control b/debian/control index 00d5824891..3e5e4e6e3a 100644 --- a/debian/control +++ b/debian/control @@ -42,3 +42,11 @@ Description: plug-and-play library for securing a software updater or signing keys. . tuf is developed at the Secure Systems Lab of NYU. + +Package: python3-tuf-doc +Architecture: all +Section: doc +Depends: ${misc:Depends} +Description: Documentation and specification for TUF library and more + TUF's documentation from source package, it contains specification, + tutorial and more detailed documents, more can be found online. diff --git a/debian/python3-tuf-doc.doc-base b/debian/python3-tuf-doc.doc-base new file mode 100644 index 0000000000..e16f13504a --- /dev/null +++ b/debian/python3-tuf-doc.doc-base @@ -0,0 +1,13 @@ +Document: python3-tuf-doc +Title: TUF The update framework documentation +Abstract: Specification, tutorial and papers about using and implementing TUF. +Section: Video + +Format: Text +Index: /usr/share/doc/python3-tuf/docs/GETTING_STARTED.rst +Files: /usr/share/doc/python3-tuf/docs/*.md + /usr/share/doc/python3-tuf/docs/*.rst + /usr/share/doc/python3-tuf/docs/*.txt + +Format: PDF +Files: /usr/share/doc/python3-tuf/docs/papers/*.pdf.gz diff --git a/debian/python3-tuf-doc.docs b/debian/python3-tuf-doc.docs new file mode 100644 index 0000000000..86f744e964 --- /dev/null +++ b/debian/python3-tuf-doc.docs @@ -0,0 +1,2 @@ +README.md +docs diff --git a/debian/rules b/debian/rules index daa60b6266..e466609ebd 100755 --- a/debian/rules +++ b/debian/rules @@ -26,3 +26,8 @@ endif override_dh_auto_clean: rm -rf .tox dh_auto_clean + +override_dh_installdocs: + dh_installdocs + ln -fs tuf-spec.md \ +debian/python3-tuf-doc/usr/share/doc/python3-tuf/docs/tuf-spec.txt From ba175120a64c02eb458936542bf5676905a7f8f7 Mon Sep 17 00:00:00 2001 From: Philippe Coval Date: Mon, 29 Mar 2021 16:14:00 +0200 Subject: [PATCH 20/29] debian: Align source package to upstream name Signed-off-by: Philippe Coval --- debian/changelog | 2 +- debian/control | 6 +++--- debian/watch | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/debian/changelog b/debian/changelog index 031945b703..a70c75f771 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,4 @@ -python-tuf (0.17.0-1) UNRELEASED; urgency=low +tuf (0.17.0-1) UNRELEASED; urgency=low [Lukas Puehringer] * Initial packaging effort on 0.11.2.dev3-1 diff --git a/debian/control b/debian/control index 3e5e4e6e3a..906f0f5136 100644 --- a/debian/control +++ b/debian/control @@ -1,4 +1,4 @@ -Source: python-tuf +Source: tuf Maintainer: Debian Python Team Uploaders: Philippe Coval Section: python @@ -27,8 +27,8 @@ Build-Depends: dh-python, tox Standards-Version: 4.5.1 Rules-Requires-Root: no -Vcs-Browser: https://salsa.debian.org/python-team/packages/python-tuf/-/tree/debian/master -Vcs-Git: https://salsa.debian.org/python-team/packages/python-tuf.git +Vcs-Browser: https://salsa.debian.org/python-team/packages/tuf/-/tree/debian/master +Vcs-Git: https://salsa.debian.org/python-team/packages/tuf.git Homepage: https://theupdateframework.com Testsuite: autopkgtest-pkg-python diff --git a/debian/watch b/debian/watch index 7f2254305d..dc6ed45a62 100644 --- a/debian/watch +++ b/debian/watch @@ -1,5 +1,5 @@ version=4 opts="mode=git,pgpmode=gittag" \ -https://github.com/theupdateframework/tuf.git \ +https://github.com/theupdateframework/@PACKAGE@.git \ refs/tags/v([\d\.]+) From ad9ba19dac5a60bcd0d669bad1e02f797d17b4a5 Mon Sep 17 00:00:00 2001 From: Philippe Coval Date: Mon, 29 Mar 2021 16:07:21 +0200 Subject: [PATCH 21/29] d/salsa-ci.yml: Enable CI Then set default CI/CD configuration path to "debian/salsa-ci.yml" on https://salsa.debian.org/python-team/packages/tuf/-/settings/ci_cd Signed-off-by: Philippe Coval --- debian/salsa-ci.yml | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 debian/salsa-ci.yml diff --git a/debian/salsa-ci.yml b/debian/salsa-ci.yml new file mode 100644 index 0000000000..892f3cd2be --- /dev/null +++ b/debian/salsa-ci.yml @@ -0,0 +1,3 @@ +include: + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml From 495124c6df6983815b8a0f983e699f9dbc66951c Mon Sep 17 00:00:00 2001 From: Philippe Coval Date: Mon, 5 Apr 2021 16:44:30 +0200 Subject: [PATCH 22/29] debian/patches: ci: Remove workaround for pip resolver issue Origin: Upstream Thanks-to: @tumbleweed Signed-off-by: Philippe Coval --- ...e-python3-coverage-from-sitepackages.patch | 2 +- ...ve-workaround-for-pip-resolver-issue.patch | 28 +++++++++++++++++++ debian/patches/series | 1 + 3 files changed, 30 insertions(+), 1 deletion(-) create mode 100644 debian/patches/0003-ci-Remove-workaround-for-pip-resolver-issue.patch diff --git a/debian/patches/0002-test-Use-python3-coverage-from-sitepackages.patch b/debian/patches/0002-test-Use-python3-coverage-from-sitepackages.patch index bd42af0622..6c00c5af74 100644 --- a/debian/patches/0002-test-Use-python3-coverage-from-sitepackages.patch +++ b/debian/patches/0002-test-Use-python3-coverage-from-sitepackages.patch @@ -23,7 +23,7 @@ Signed-off-by: Philippe Coval 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/tox.ini b/tox.ini -index c98517e..d8d1b34 100644 +index c98517e..6327265 100644 --- a/tox.ini +++ b/tox.ini @@ -13,10 +13,13 @@ skipsdist = true diff --git a/debian/patches/0003-ci-Remove-workaround-for-pip-resolver-issue.patch b/debian/patches/0003-ci-Remove-workaround-for-pip-resolver-issue.patch new file mode 100644 index 0000000000..d4bdc6d379 --- /dev/null +++ b/debian/patches/0003-ci-Remove-workaround-for-pip-resolver-issue.patch @@ -0,0 +1,28 @@ +From: Jussi Kukkonen +Date: Mon, 22 Feb 2021 11:07:45 +0200 +Subject: ci: Remove workaround for pip resolver issue + +Workaround was added for pip issue 9215 and does not _seem_ to appear +anymore with pip 21.0.1. + +Signed-off-by: Jussi Kukkonen +Origin: upstream#2de2758393883ae0f96c30b43cc6b2b2107bf921 +--- + tox.ini | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +diff --git a/tox.ini b/tox.ini +index 6327265..17dfdef 100644 +--- a/tox.ini ++++ b/tox.ini +@@ -26,9 +26,7 @@ deps = + # installation (see `skipsdist`), to get relative paths in coverage reports + --editable {toxinidir} + +-# FIXME: use legacy resolver because https://github.com/pypa/pip/issues/9215 +-install_command = pip install --use-deprecated=legacy-resolver --pre {opts} {packages} +- ++install_command = pip install --pre {opts} {packages} + + # Develop test env to run tests against securesystemslib's master branch + # Must to be invoked explicitly with, e.g. `tox -e with-sslib-master` diff --git a/debian/patches/series b/debian/patches/series index 50c14c75f2..495546fb4d 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,2 +1,3 @@ 0001-test-Ignore-pinned-deps-use-systems-ones.patch 0002-test-Use-python3-coverage-from-sitepackages.patch +0003-ci-Remove-workaround-for-pip-resolver-issue.patch From 76c321986bf5cfc921cb289012bd7eb97e658109 Mon Sep 17 00:00:00 2001 From: Philippe Coval Date: Mon, 5 Apr 2021 16:44:47 +0200 Subject: [PATCH 23/29] d/rules: Don't touch files use patch Reformat as suggested by DPT Thanks-to: @tumbleweed Signed-off-by: Philippe Coval --- debian/rules | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/debian/rules b/debian/rules index e466609ebd..edea446647 100755 --- a/debian/rules +++ b/debian/rules @@ -15,12 +15,11 @@ override_dh_install: override_dh_auto_test: ifeq (,$(findstring nocheck,$(DEB_BUILD_OPTIONS))) - sed -e 's/--use-deprecated=legacy-resolver//g' -i tox.ini tox -l - for py in $(PYVERS); do \ - env=$$(echo "py$${py}" | tr -d '.') ; \ - tox ${TOX_OPTIONS} -e "$${env}" -- -s ; \ -done + set -e ; for py in $(PYVERS); do \ + env=$$(echo "py$${py}" | tr -d '.') ; \ + tox ${TOX_OPTIONS} -e "$${env}" -- -s ; \ + done endif override_dh_auto_clean: From 780a1647226b98665aacc53e400c09859ce20081 Mon Sep 17 00:00:00 2001 From: Philippe Coval Date: Mon, 5 Apr 2021 16:48:42 +0200 Subject: [PATCH 24/29] d/patches: Use python3 explicitly Thanks-to: @tumbleweed Forwarded: Not-Needed Signed-off-by: Philippe Coval --- ...ebian-patches-Use-python3-explicitly.patch | 41 +++++++++++++++++++ debian/patches/series | 1 + 2 files changed, 42 insertions(+) create mode 100644 debian/patches/0004-debian-patches-Use-python3-explicitly.patch diff --git a/debian/patches/0004-debian-patches-Use-python3-explicitly.patch b/debian/patches/0004-debian-patches-Use-python3-explicitly.patch new file mode 100644 index 0000000000..c5eb5fdad7 --- /dev/null +++ b/debian/patches/0004-debian-patches-Use-python3-explicitly.patch @@ -0,0 +1,41 @@ +From: Philippe Coval +Date: Mon, 5 Apr 2021 16:47:55 +0200 +Subject: debian/patches: Use python3 explicitly + +python-is-python3. It's meant for end-users only + +Thanks-to: @tumbleweed +Forwarded: Not-Needed +Signed-off-by: Philippe Coval +--- + tox.ini | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/tox.ini b/tox.ini +index 17dfdef..ab7196c 100644 +--- a/tox.ini ++++ b/tox.ini +@@ -17,9 +17,9 @@ allowlist_externals = python3-coverage + + + commands = +- python --version +- python -m coverage run aggregate_tests.py +- python -m coverage report -m ++ python3 --version ++ python3 -m coverage run aggregate_tests.py ++ python3 -m coverage report -m + + deps = + # Install TUF in editable mode, instead of tox default virtual environment +@@ -36,8 +36,8 @@ deps = + --editable {toxinidir} + + commands = +- python -m coverage run aggregate_tests.py +- python -m coverage report -m ++ python3 -m coverage run aggregate_tests.py ++ python3 -m coverage report -m + + [testenv:lint] + commands = diff --git a/debian/patches/series b/debian/patches/series index 495546fb4d..f4dbf05e9a 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,3 +1,4 @@ 0001-test-Ignore-pinned-deps-use-systems-ones.patch 0002-test-Use-python3-coverage-from-sitepackages.patch 0003-ci-Remove-workaround-for-pip-resolver-issue.patch +0004-debian-patches-Use-python3-explicitly.patch From ab90a0d8a854dddbe54a8b390566e0098e83a823 Mon Sep 17 00:00:00 2001 From: Philippe Coval Date: Mon, 5 Apr 2021 16:44:47 +0200 Subject: [PATCH 25/29] d/tests: Remove duplicated automatic test Generated by autodep8-python3 Thanks-to: @tumbleweed Signed-off-by: Philippe Coval --- debian/tests/control | 7 ------- 1 file changed, 7 deletions(-) diff --git a/debian/tests/control b/debian/tests/control index ecd99ac0c9..00982bd4fc 100644 --- a/debian/tests/control +++ b/debian/tests/control @@ -1,10 +1,3 @@ -Test-Command: set -e ; for py in $(py3versions -r 2>/dev/null) ; do cd "$AUTOPKGTEST_TMP" ; echo "Testing with $py:" ; $py -c "import tuf; print(tuf)" ; done -Depends: - python3-all, - @, -Restrictions: allow-stderr, superficial, -Features: test-name=autodep8-python3 - Tests: testsuite Depends: @, From 2c05be739ced67e92c205bfe031ce4d07ce24a3b Mon Sep 17 00:00:00 2001 From: Philippe Coval Date: Mon, 5 Apr 2021 16:44:47 +0200 Subject: [PATCH 26/29] d/t/testsuite: Explain path Cc: @tumbleweed Signed-off-by: Philippe Coval --- debian/tests/testsuite | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/debian/tests/testsuite b/debian/tests/testsuite index dbdfcef3c6..ba82620e3b 100755 --- a/debian/tests/testsuite +++ b/debian/tests/testsuite @@ -7,7 +7,11 @@ pys="$(py3versions -s 2> /dev/null)" cp -rva tests "$AUTOPKGTEST_TMP/" cd "$AUTOPKGTEST_TMP/tests" +# Resolve "from tests import utils" +PYTHONPATH=".." +export PYTHONPATH + for py in $pys; do echo "=== $py ===" - PYTHONPATH="../tests/.." $py aggregate_tests.py + $py aggregate_tests.py done From a9faa21b75a6277dd9765b2ac4db12d2ff3a32c8 Mon Sep 17 00:00:00 2001 From: Stefano Rivera Date: Mon, 5 Apr 2021 18:10:56 -0700 Subject: [PATCH 27/29] Drop python-is-python3 Build-Depends and autopkgtest Depends Signed-off-by: Stefano Rivera Relate-to: https://github.com/theupdateframework/python-tuf/issues/263 Signed-off-by: Philippe Coval --- debian/control | 1 - debian/tests/control | 1 - 2 files changed, 2 deletions(-) diff --git a/debian/control b/debian/control index 906f0f5136..62a9051c6b 100644 --- a/debian/control +++ b/debian/control @@ -6,7 +6,6 @@ Priority: optional Build-Depends: dh-python, black, debhelper-compat (= 13), - python-is-python3, python3-all, python3-astroid, python3-bandit, diff --git a/debian/tests/control b/debian/tests/control index 00982bd4fc..a66f69c62a 100644 --- a/debian/tests/control +++ b/debian/tests/control @@ -1,7 +1,6 @@ Tests: testsuite Depends: @, - python-is-python3, python3-pytest, python3-all, python3-astroid, From 4c4648f18958880f9b093c1c35be23d3b00abfc1 Mon Sep 17 00:00:00 2001 From: Philippe Coval Date: Wed, 7 Apr 2021 20:59:13 +0200 Subject: [PATCH 28/29] tests: Use current python interpreter for sub tests Applied-Upstream: https://github.com/theupdateframework/tuf/pull/1337 Relate-to: https://github.com/theupdateframework/python-tuf/issues/263 Signed-off-by: Philippe Coval --- ...ent-python-interpreter-for-sub-tests.patch | 35 +++++++++++++++++++ debian/patches/series | 1 + 2 files changed, 36 insertions(+) create mode 100644 debian/patches/0005-tests-Use-current-python-interpreter-for-sub-tests.patch diff --git a/debian/patches/0005-tests-Use-current-python-interpreter-for-sub-tests.patch b/debian/patches/0005-tests-Use-current-python-interpreter-for-sub-tests.patch new file mode 100644 index 0000000000..c55fe43613 --- /dev/null +++ b/debian/patches/0005-tests-Use-current-python-interpreter-for-sub-tests.patch @@ -0,0 +1,35 @@ +From: Philippe Coval +Date: Wed, 7 Apr 2021 13:02:34 +0200 +Subject: tests: Use current python interpreter for sub tests + +Can be useful to run tests using distro runtimes, +(like python3 on Debian). + +Relate-to: https://github.com/theupdateframework/tuf/issues/263 +Forwarded: https://github.com/theupdateframework/tuf/pull/1337 +Signed-off-by: Philippe Coval +--- + tests/utils.py | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/tests/utils.py b/tests/utils.py +index 8e8c07b..df43a23 100644 +--- a/tests/utils.py ++++ b/tests/utils.py +@@ -25,6 +25,7 @@ from contextlib import contextmanager + import errno + import logging + import socket ++import sys + import time + import subprocess + import threading +@@ -200,7 +201,7 @@ class TestServerProcess(): + """Starts the process running the server.""" + + # The "-u" option forces stdin, stdout and stderr to be unbuffered. +- command = ['python', '-u', self.server] + extra_cmd_args ++ command = [sys.executable, '-u', self.server] + extra_cmd_args + + # Reusing one subprocess in multiple tests, but split up the logs for each. + self.__server_process = subprocess.Popen(command, diff --git a/debian/patches/series b/debian/patches/series index f4dbf05e9a..f0e1a87d8f 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -2,3 +2,4 @@ 0002-test-Use-python3-coverage-from-sitepackages.patch 0003-ci-Remove-workaround-for-pip-resolver-issue.patch 0004-debian-patches-Use-python3-explicitly.patch +0005-tests-Use-current-python-interpreter-for-sub-tests.patch From d9600adad923d6ea463ef92a8d8e55cda19955f5 Mon Sep 17 00:00:00 2001 From: Philippe Coval Date: Mon, 12 Apr 2021 12:17:56 +0200 Subject: [PATCH 29/29] debian: Depends only on explicit depedencies Others will be pulled implicitly. Cc: @jcfp Signed-off-by: Philippe Coval --- debian/control | 11 ----------- debian/tests/control | 13 ------------- 2 files changed, 24 deletions(-) diff --git a/debian/control b/debian/control index 62a9051c6b..87ffa62327 100644 --- a/debian/control +++ b/debian/control @@ -4,25 +4,14 @@ Uploaders: Philippe Coval Section: python Priority: optional Build-Depends: dh-python, - black, debhelper-compat (= 13), python3-all, - python3-astroid, - python3-bandit, - python3-certifi, - python3-cffi, - python3-chardet, python3-coverage, python3-cryptography, python3-dateutil, - python3-idna, python3-nacl, - python3-pycparser, python3-requests, python3-securesystemslib, - python3-setuptools, - python3-six, - python3-urllib3, tox Standards-Version: 4.5.1 Rules-Requires-Root: no diff --git a/debian/tests/control b/debian/tests/control index a66f69c62a..89cef24dd9 100644 --- a/debian/tests/control +++ b/debian/tests/control @@ -2,20 +2,7 @@ Tests: testsuite Depends: @, python3-pytest, - python3-all, - python3-astroid, - python3-bandit, - python3-certifi, - python3-cffi, - python3-chardet, python3-cryptography, python3-dateutil, - python3-idna, python3-nacl, - python3-pycparser, - python3-requests, - python3-securesystemslib, - python3-setuptools, - python3-six, - python3-urllib3, Restrictions: allow-stderr