Skip to content

Update securesystemslib to 0.12.0 #934

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Oct 14, 2019
Merged

Update securesystemslib to 0.12.0 #934

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
2342e18
Update securesystemslib dependency to 0.12.0
Oct 14, 2019
f5c168d
Explicitly encode data passed to securesystemslib.keys
joshuagl Sep 16, 2019
78356ef
Remove uses of securesystemslib.util.TempFile
joshuagl Sep 16, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion dev-requirements.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ pylint==1.9.3 ; python_version < "3.0" # pyup: ignore
pynacl==1.3.0
pyyaml==5.1.2
requests==2.22.0
securesystemslib[crypto,pynacl]==0.11.3
securesystemslib[crypto,pynacl]==0.12.0
singledispatch==3.4.0.3
six==1.12.0
smmap2==2.0.5
Expand Down
2 changes: 1 addition & 1 deletion requirements.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,7 @@ pynacl==1.3.0 \
requests==2.22.0 \
--hash=sha256:11e007a8a2aa0323f5a921e9e6a2d7e4e67d9877e85773fba9ba6419025cbeb4 \
--hash=sha256:9cf5292fcd0f598c671cfc1e0d7d1a7f13bb8085e9a590f48c010551dc6c4b31
securesystemslib==0.11.3 \
securesystemslib==0.12.0 \
--hash=sha256:368ef6f6cc40d3636e271485c7adb21c53c22200bab44a2fe8af62886a01c3d5 \
--hash=sha256:cbd1f7f1af2f2921be33b9fd17384705f5f4147d3a8b5d95b33ec3ce2213f176
six==1.12.0 \
Expand Down
2 changes: 1 addition & 1 deletion setup.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -114,7 +114,7 @@
'iso8601>=0.1.12',
'requests>=2.19.1',
'six>=1.11.0',
'securesystemslib>=0.11.3'
'securesystemslib>=0.12.0'
],
packages = find_packages(exclude=['tests']),
scripts = [
Expand Down
10 changes: 6 additions & 4 deletions tests/test_download.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -111,9 +111,11 @@ def test_download_url_to_tempfileobj(self):
download_file = download.safe_download

temp_fileobj = download_file(self.url, self.target_data_length)
self.assertEqual(self.target_data, temp_fileobj.read().decode('utf-8'))
self.assertEqual(self.target_data_length, len(temp_fileobj.read()))
temp_fileobj.close_temp_file()
temp_fileobj.seek(0)
temp_file_data = temp_fileobj.read().decode('utf-8')
self.assertEqual(self.target_data, temp_file_data)
self.assertEqual(self.target_data_length, len(temp_file_data))
temp_fileobj.close()



Expand Down Expand Up @@ -158,7 +160,7 @@ def test_download_url_to_tempfileobj_and_performance(self):

self.assertEqual(self.target_data, temp_fileobj.read())
self.assertEqual(self.target_data_length, len(temp_fileobj.read()))
temp_fileobj.close_temp_file()
temp_fileobj.close()

print "Performance cpu time: "+str(end_cpu - star_cpu)
print "Performance real time: "+str(end_real - star_real)
Expand Down
3 changes: 2 additions & 1 deletion tests/test_repository_lib.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -906,8 +906,9 @@ def test__remove_invalid_and_duplicate_signatures(self):
# Append the new valid, but duplicate PSS signature, and test that
# duplicates are removed. create_signature() generates a key for the
# key type of the first argument (i.e., root_rsa_key).
data = securesystemslib.formats.encode_canonical(root_signable['signed']).encode('utf-8')
new_pss_signature = securesystemslib.keys.create_signature(root_rsa_key,
root_signable['signed'])
data)
root_signable['signatures'].append(new_pss_signature)

expected_number_of_signatures = len(root_signable['signatures'])
Expand Down
46 changes: 29 additions & 17 deletions tests/test_sig.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -82,8 +82,9 @@ def test_get_signature_status_no_role(self):
# Should verify we are not adding a duplicate signature
# when doing the following action. Here we know 'signable'
# has only one signature so it's okay.
signed = securesystemslib.formats.encode_canonical(signable['signed']).encode('utf-8')
signable['signatures'].append(securesystemslib.keys.create_signature(
KEYS[0], signable['signed']))
KEYS[0], signed))

tuf.keydb.add_key(KEYS[0])

Expand All @@ -101,9 +102,10 @@ def test_get_signature_status_no_role(self):

def test_get_signature_status_bad_sig(self):
signable = {'signed' : 'test', 'signatures' : []}
signed = securesystemslib.formats.encode_canonical(signable['signed']).encode('utf-8')

signable['signatures'].append(securesystemslib.keys.create_signature(
KEYS[0], signable['signed']))
KEYS[0], signed))
signable['signed'] += 'signature no longer matches signed data'

tuf.keydb.add_key(KEYS[0])
Expand Down Expand Up @@ -133,9 +135,10 @@ def test_get_signature_status_bad_sig(self):

def test_get_signature_status_unknown_signing_scheme(self):
signable = {'signed' : 'test', 'signatures' : []}
signed = securesystemslib.formats.encode_canonical(signable['signed']).encode('utf-8')

signable['signatures'].append(securesystemslib.keys.create_signature(
KEYS[0], signable['signed']))
KEYS[0], signed))

valid_scheme = KEYS[0]['scheme']
KEYS[0]['scheme'] = 'unknown_signing_scheme'
Expand Down Expand Up @@ -168,9 +171,10 @@ def test_get_signature_status_unknown_signing_scheme(self):

def test_get_signature_status_single_key(self):
signable = {'signed' : 'test', 'signatures' : []}
signed = securesystemslib.formats.encode_canonical(signable['signed']).encode('utf-8')

signable['signatures'].append(securesystemslib.keys.create_signature(
KEYS[0], signable['signed']))
KEYS[0], signed))

threshold = 1

Expand Down Expand Up @@ -209,9 +213,10 @@ def test_get_signature_status_single_key(self):

def test_get_signature_status_below_threshold(self):
signable = {'signed' : 'test', 'signatures' : []}
signed = securesystemslib.formats.encode_canonical(signable['signed']).encode('utf-8')

signable['signatures'].append(securesystemslib.keys.create_signature(
KEYS[0], signable['signed']))
KEYS[0], signed))

tuf.keydb.add_key(KEYS[0])
threshold = 2
Expand Down Expand Up @@ -243,12 +248,13 @@ def test_get_signature_status_below_threshold(self):

def test_get_signature_status_below_threshold_unrecognized_sigs(self):
signable = {'signed' : 'test', 'signatures' : []}
signed = securesystemslib.formats.encode_canonical(signable['signed']).encode('utf-8')

# Two keys sign it, but only one of them will be trusted.
signable['signatures'].append(securesystemslib.keys.create_signature(
KEYS[0], signable['signed']))
KEYS[0], signed))
signable['signatures'].append(securesystemslib.keys.create_signature(
KEYS[2], signable['signed']))
KEYS[2], signed))

tuf.keydb.add_key(KEYS[0])
tuf.keydb.add_key(KEYS[1])
Expand Down Expand Up @@ -282,13 +288,13 @@ def test_get_signature_status_below_threshold_unrecognized_sigs(self):

def test_get_signature_status_below_threshold_unauthorized_sigs(self):
signable = {'signed' : 'test', 'signatures' : []}

signed = securesystemslib.formats.encode_canonical(signable['signed']).encode('utf-8')
# Two keys sign it, but one of them is only trusted for a different
# role.
signable['signatures'].append(securesystemslib.keys.create_signature(
KEYS[0], signable['signed']))
KEYS[0], signed))
signable['signatures'].append(securesystemslib.keys.create_signature(
KEYS[1], signable['signed']))
KEYS[1], signed))

tuf.keydb.add_key(KEYS[0])
tuf.keydb.add_key(KEYS[1])
Expand Down Expand Up @@ -334,9 +340,10 @@ def test_get_signature_status_below_threshold_unauthorized_sigs(self):

def test_check_signatures_no_role(self):
signable = {'signed' : 'test', 'signatures' : []}
signed = securesystemslib.formats.encode_canonical(signable['signed']).encode('utf-8')

signable['signatures'].append(securesystemslib.keys.create_signature(
KEYS[0], signable['signed']))
KEYS[0], signed))

tuf.keydb.add_key(KEYS[0])

Expand All @@ -353,8 +360,10 @@ def test_check_signatures_no_role(self):

def test_verify_single_key(self):
signable = {'signed' : 'test', 'signatures' : []}
signed = securesystemslib.formats.encode_canonical(signable['signed']).encode('utf-8')

signable['signatures'].append(securesystemslib.keys.create_signature(
KEYS[0], signable['signed']))
KEYS[0], signed))

tuf.keydb.add_key(KEYS[0])
threshold = 1
Expand All @@ -377,12 +386,13 @@ def test_verify_single_key(self):

def test_verify_unrecognized_sig(self):
signable = {'signed' : 'test', 'signatures' : []}
signed = securesystemslib.formats.encode_canonical(signable['signed']).encode('utf-8')

# Two keys sign it, but only one of them will be trusted.
signable['signatures'].append(securesystemslib.keys.create_signature(
KEYS[0], signable['signed']))
KEYS[0], signed))
signable['signatures'].append(securesystemslib.keys.create_signature(
KEYS[2], signable['signed']))
KEYS[2], signed))

tuf.keydb.add_key(KEYS[0])
tuf.keydb.add_key(KEYS[1])
Expand All @@ -408,9 +418,10 @@ def test_verify_unrecognized_sig(self):

def test_generate_rsa_signature(self):
signable = {'signed' : 'test', 'signatures' : []}
signed = securesystemslib.formats.encode_canonical(signable['signed']).encode('utf-8')

signable['signatures'].append(securesystemslib.keys.create_signature(
KEYS[0], signable['signed']))
KEYS[0], signed))

self.assertEqual(1, len(signable['signatures']))
signature = signable['signatures'][0]
Expand All @@ -420,7 +431,7 @@ def test_generate_rsa_signature(self):
self.assertTrue(securesystemslib.formats.SIGNATURE_SCHEMA.matches(returned_signature))

signable['signatures'].append(securesystemslib.keys.create_signature(
KEYS[1], signable['signed']))
KEYS[1], signed))

self.assertEqual(2, len(signable['signatures']))
signature = signable['signatures'][1]
Expand All @@ -431,9 +442,10 @@ def test_generate_rsa_signature(self):
def test_may_need_new_keys(self):
# One untrusted key in 'signable'.
signable = {'signed' : 'test', 'signatures' : []}
signed = securesystemslib.formats.encode_canonical(signable['signed']).encode('utf-8')

signable['signatures'].append(securesystemslib.keys.create_signature(
KEYS[0], signable['signed']))
KEYS[0], signed))

tuf.keydb.add_key(KEYS[1])
threshold = 1
Expand Down
6 changes: 3 additions & 3 deletions tests/test_updater.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1568,7 +1568,7 @@ def test_9__get_target_hash(self):

def test_10__hard_check_file_length(self):
# Test for exception if file object is not equal to trusted file length.
temp_file_object = securesystemslib.util.TempFile()
temp_file_object = tempfile.TemporaryFile()
temp_file_object.write(b'X')
temp_file_object.seek(0)
self.assertRaises(tuf.exceptions.DownloadLengthMismatchError,
Expand All @@ -1581,7 +1581,7 @@ def test_10__hard_check_file_length(self):

def test_10__soft_check_file_length(self):
# Test for exception if file object is not equal to trusted file length.
temp_file_object = securesystemslib.util.TempFile()
temp_file_object = tempfile.TemporaryFile()
temp_file_object.write(b'XXX')
temp_file_object.seek(0)
self.assertRaises(tuf.exceptions.DownloadLengthMismatchError,
Expand Down Expand Up @@ -1704,7 +1704,7 @@ def test_10__visit_child_role(self):

def test_11__verify_uncompressed_metadata_file(self):
# Test for invalid metadata content.
metadata_file_object = securesystemslib.util.TempFile()
metadata_file_object = tempfile.TemporaryFile()
metadata_file_object.write(b'X')
metadata_file_object.seek(0)

Expand Down
Loading