Skip to content
GitLab
Explore
Sign in
Register
Primary navigation
Search or go to…
Project
P
python-tuf
Manage
Activity
Members
Labels
Plan
Wiki
Code
Merge requests
0
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Container Registry
Model registry
Operate
Environments
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
Debian Python Team
packages
python-tuf
Commits
febe6c3d
Unverified
Commit
febe6c3d
authored
3 years ago
by
Lukas
Committed by
GitHub
3 years ago
Browse files
Options
Downloads
Plain Diff
Merge pull request #1732 from jku/release-0.20.0
Release 0.20.0
parents
0285bf99
97d5395e
No related branches found
Branches containing commit
Tags
v0.20.0
Tags containing commit
No related merge requests found
Changes
5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
README.md
+17
-25
17 additions, 25 deletions
README.md
docs/1.0.0-ANNOUNCEMENT.md
+0
-0
0 additions, 0 deletions
docs/1.0.0-ANNOUNCEMENT.md
docs/CHANGELOG.md
+37
-0
37 additions, 0 deletions
docs/CHANGELOG.md
setup.cfg
+1
-1
1 addition, 1 deletion
setup.cfg
tuf/__init__.py
+1
-1
1 addition, 1 deletion
tuf/__init__.py
with
56 additions
and
27 deletions
README.md
+
17
−
25
View file @
febe6c3d
...
...
@@ -9,7 +9,7 @@
----------------------------
*
__IMPORTANT NOTICE:__
A stable 1.0.0 release of the modern implementation only
is scheduled for January 2022. Please see the
[
*1.0.0
announcement*
](
1.0.0-ANNOUNCEMENT.md
)
page for more details about the release
announcement*
](
docs/
1.0.0-ANNOUNCEMENT.md
)
page for more details about the release
and the deprecation of the legacy implementation, including migration
instructions.
*
...
...
@@ -19,31 +19,22 @@ This repository is the **reference implementation** of
It is written in Python and intended to conform to version 1.0 of the
[
TUF specification
](
https://theupdateframework.github.io/specification/latest/
)
.
The repository currently includes two implementations:
1) A
*legacy implementation*
, with
[
`tuf/client/updater.py`
](
tuf/client/updater.py
)
implementing the detailed
client workflow and
[
`tuf/repository_tool.py`
](
tuf/repository_tool.py
)
providing a high-level interface for repository operations.
The legacy implementation is in use in production systems, but is
[
no longer
being actively worked on
](
docs/adr/0002-pre-1-0-deprecation-strategy.md
)
.
2) A
*modern implementation*
. We are in the process of rewriting the reference
implementation in
[
modern Python
](
docs/adr/0001-python-version-3-6-plus.md
)
to both: a) address scalability and integration issues identified in
supporting integration into the Python Package Index (PyPI), and other
large-scale repositories, and b) to ensure maintainability of the project.
This implementation consists of:
*
a "low-level" metadata API, designed to provide easy and safe access to
TUF metadata and handle (de)serialization from/to files, provided in the
[
`tuf/api/metadata.py`
](
tuf/api/metadata.py
)
module.
*
an implementation of the detailed client workflow built on top of the
metadata API, provided in the
[
`tuf/ngclient/updater.py`
](
tuf/ngclient/updater.py
)
module.
The modern implementation is not considered production ready and does not yet
provide any high-level support for implementing
[
repository operations
](
https://theupdateframework.github.io/specification/latest/#repository-operations
)
,
though the addition of API to support them is planned.
Python-TUF provides two APIs:
*
[
`tuf.api.metadata`
](
https://theupdateframework.readthedocs.io/en/latest/api/tuf.api.html
)
,
a "low-level" API, designed to provide easy and safe access to TUF
metadata and to handle (de)serialization from/to files.
*
[
`tuf.ngclient`
](
https://theupdateframework.readthedocs.io/en/latest/api/tuf.ngclient.html
)
,
a client implementation built on top of the metadata API.
High-level support for implementing
[
repository operations
](
https://theupdateframework.github.io/specification/latest/#repository-operations
)
is planned but not yet provided: see
[
1.0.0 plans
](
docs/1.0.0-ANNOUNCEMENT.md
)
.
In addition to these APIs the project also provides a
*
legacy
implementation
*
with
`tuf.client`
implementing the client workflow and
`tuf.repository_tool`
providing a high-level interface for repository
operations. The legacy implementation is going to be
[
deprecated
](
docs/1.0.0-ANNOUNCEMENT.md
)
in the near future.
The reference implementation strives to be a readable guide and demonstration
for those working on implementing TUF in their own languages, environments, or
...
...
@@ -75,7 +66,8 @@ Documentation
-------------
*
[
Introduction to TUF's Design
](
docs/OVERVIEW.rst
)
*
[
The TUF Specification
](
https://theupdateframework.github.io/specification/latest/
)
*
[
Getting Started with the TUF Reference Implementation
](
docs/GETTING_STARTED.rst
)
*
Examples:
[
client
](
examples/client_example
)
and
[
repository
](
examples/repo_example
)
*
[
API Reference
](
https://theupdateframework.readthedocs.io/
)
*
[
Governance
](
docs/GOVERNANCE.md
)
and
[
Maintainers
](
docs/MAINTAINERS.txt
)
for the reference implementation
*
[
Miscellaneous Docs
](
docs/
)
...
...
This diff is collapsed.
Click to expand it.
1.0.0-ANNOUNCEMENT.md
→
docs/
1.0.0-ANNOUNCEMENT.md
+
0
−
0
View file @
febe6c3d
File moved
This diff is collapsed.
Click to expand it.
docs/CHANGELOG.md
+
37
−
0
View file @
febe6c3d
# Changelog
## v0.20.0
*
__NOTE:__
This will be the final release of python-tuf that includes the
legacy implementation code. Please see the
[
*1.0.0
announcement*
](
1.0.0-ANNOUNCEMENT.md
)
page for more details about the next
release and the deprecation of the legacy implementation, including migration
instructions.
*
### Added
*
metadata API: misc input validation (#1630, #1688, #1668, #1672, #1690)
*
doc: repository library design document and ADR (#1693)
*
doc: 1.0.0 announcement (#1706)
*
doc: misc docstrings in metadata API (#1620)
*
doc: repository and client examples (#1675, #1685, #1700)
*
test: ngclient key rotation (#1635, #1649, #1691)
*
test: ngclient top-level role update (#1636)
*
test: ngclient non-consistent snapshot (#1666, #1705)
*
test: more lint/type checks and auto-formatting (#1658, #1664, #1659, #1674,
#1677, #1687, #1699, #1701, #1708, #1710, #1720, #1726)
*
build: Python 3.10 support (#1628)
### Changed
*
ngclient: misc API changes (#1604, #1731)
*
ngclient: avoid re-loading verified targets metadata (#1593)
*
ngclient: implicitly call refresh() (#1654)
*
ngclient: return loaded metadata (#1680)
*
ngclient: skip visited nodes on delegation tree traversal (#1683)
*
ngclient: remove URL normalisation (#1686)
*
build: modernise packaging configuration (#1626)
*
build: bump dependencies (#1609, #1611, #1616, #1621)
*
build: limit GitHub Action token visibility and permissions (#1652, #1663)
*
test: misc test changes (#1715, #1670, #1671, #1631, #1695, #1702)
### Removed
*
doc: obsolete roadmap (#1698)
## v0.19.0
For users of legacy client (tuf.client module) this is purely a security fix
...
...
This diff is collapsed.
Click to expand it.
setup.cfg
+
1
−
1
View file @
febe6c3d
[metadata]
name
= tuf
version
= 0.
19
.0
version
= 0.
20
.0
author
= https://www.updateframework.com
author_email
= theupdateframework@googlegroups.com
description
= A secure updater framework for Python
...
...
This diff is collapsed.
Click to expand it.
tuf/__init__.py
+
1
−
1
View file @
febe6c3d
...
...
@@ -2,7 +2,7 @@
# setup.cfg has it hard-coded separately.
# Currently, when the version is changed, it must be set in both locations.
# TODO: Single-source the version number.
__version__
=
"
0.
19
.0
"
__version__
=
"
0.
20
.0
"
# This reference implementation produces metadata intended to conform to
# version 1.0.0 of the TUF specification, and is expected to consume metadata
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment