Adopt mandatory semantic versioning for TUF specification version #914
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Updates SPEC_VERSION definition in tuf/__init__.py, test files and docstring in formats.build_dict_conforming_to_schema. Test metadata will be updated in separate commits. Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Re-generate metadata to adopt spec version format change, using
`generate.py` plus some working around (see script below):
```
# QUICKFIX: Patch add_target to pass file paths relative to targets dir
git apply - <<EOF
diff --git a/tests/repository_data/generate.py b/tests/repository_data/generate.py
index 6c263575..699ed00f 100755
--- a/tests/repository_data/generate.py
+++ b/tests/repository_data/generate.py
@@ -119,12 +119,11 @@ if not options.dry_run:
# about the target (i.e., file permissions in octal format.)
octal_file_permissions = oct(os.stat(target1_filepath).st_mode)[4:]
file_permissions = {'file_permissions': octal_file_permissions}
-repository.targets.add_target(target1_filepath, file_permissions)
-repository.targets.add_target(target2_filepath)
+repository.targets.add_target('file1.txt', file_permissions)
+repository.targets.add_target('file2.txt')
-repository.targets.delegate('role1', [delegation_public],
- [os.path.basename(target3_filepath)])
-repository.targets('role1').add_target(target3_filepath)
+repository.targets.delegate('role1', [delegation_public], ['file3.txt'])
+repository.targets('role1').add_target('file3.txt')
repository.targets('role1').load_signing_key(delegation_private)
repository.targets('role1').delegate('role2', [delegation_public], [])
EOF
# Remove repository and client data
cd repository_data && rm -rf repository client
# Generate metadata
python generate.py
# Duplicate metadata files
cp -r client/test_repository1 client/test_repository2
# Recover non-signed file
git checkout client/map.json
```
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Re-generate metadata to adopt spec version format change, using `generate_project_data.py`: ``` cd tests/repository_data && rm -rf project python generate_project_data.py ``` Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Mandates Semantic Versioning format with tuf.formats.SPECIFICATION_VERSION_SCHEMA using the regex referenced on the official semver website. See: https://semver.org/spec/v2.0.0.html#is-there-a-suggested-regular-expression-regex-to-check-a-semver-string https://regex101.com/r/Ly7O1x/3/ Adopts tests accordingly: - removes tests that now fail earlier due to stricter format - adds tests to check exemplary valid and invalid version schemas Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
|
Thanks for the quick review, @JustinCappos and @mnm678! :) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
*This introduces changes that are backwards incompatible with metadata whose
spec_versionfield does not contain a version number compliant with Semantic Versioning 2.0.0.Fixes issue #:
Related to theupdateframework/specification#51
Description of the changes being introduced by the pull request:
tuf.formats.SPECIFICATION_VERSION_SCHEMAto require a "Semantic Versioning 2.0"-compliant version string. Before this PR any string was allowed.tuf.SPECIFICATION_VERSION, i.e. TUF specification compliance, to 1.0.0. Before this PR it was 1.0 which is not a valid version string anymore (see above).Please see commit messages for details, e.g. how the test and sample metadata was re-generated.
For review the repetitive metadata generation commits may be skimmed.
Please verify and check that the pull request fulfills the following
requirements: