Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prepare for securesystemslib v1.0.0 #507

Merged
merged 6 commits into from
Jul 26, 2024
Merged

Prepare for securesystemslib v1.0.0 #507

merged 6 commits into from
Jul 26, 2024

Conversation

lukpueh
Copy link
Collaborator

@lukpueh lukpueh commented May 3, 2024
edited by kairoaraujo
Loading

blocks on next tuf release (theupdateframework/python-tuf#2617)

  • Updates securesystemslib 1.0.0 in requirements*.txt files -> requires pinning a dev version of tuf

    • TODO: adopt in Pipfile (I tried, but pipenv lock was taking way too long for my taste)
    • TODO: remove pinned tuf revision

  • Removes local keyvault service, which makes heavy use of legacy securesystemslib interfaces, which are no longer available in 1.0.0.

  • Removes keyvault initialisation in MetadatRepository, which would try to load local key vault in tests, given the current configs

  • Adopts removal in tests, just enough, so that they pass.

    • TODO: check if the tests still make sense

  • Drops registration of CryptoSigner and use sits new uri scheme "file2" in SignerStore. "file2" can be used like "file", but only for non-encrypted key files, which is all we care for in the worker. "file2" can also be used like "fn" from the custom "FileNameSigner", i.e. with a directory specified via envvar.

    • TODO: consider only using "file2" and dropping the custom "FileNameSigner" (or only using it to ovverride the scheme name and the envvar name)

@lukpueh lukpueh mentioned this pull request May 3, 2024
Open
1 task
kairoaraujo added a commit to kairoaraujo/repository-service-tuf-worker that referenced this pull request May 15, 2024
@kairoaraujo
build: update deps and pin sslib >=0.31.0,<1.0.0
2ed2b71 
Update all dependencies and pin securesystemslib to 0.31.0,<1.0.0

This will allow the deps to be updated.

This is for the release before making RSTUF compatible with
securesystemlib 1.0.0 (repository-service-tuf#507)

Signed-off-by: Kairo Araujo <[email protected]>
lukpueh and others added 4 commits July 25, 2024 12:08
@lukpueh @kairoaraujo
Update securesystemslib 1.0.0 (WIP)
6d06e77 
* Update securesystemslib 1.0.0 in requirements*.txt files
  -> requires pinning a dev version of tuf

  TODO: - adopt in Pipfile (I tried, but `pipenv lock` was taking
	  way too long for my taste)
	- update tuf when theupdateframework/python-tuf#2617 is
	  released

* Remove local keyvault service, which makes heavy use of legacy
  securesystemslib interfaces, which are no longer available in 1.0.0.
  TODO: - adopt in docs, config, etc
	- consider removing obsolete IKeyVault

* Remove keyvault initialisation in MetadatRepository, which
  would try to load local key vault in tests, given the current configs
  (see TODO above)

* Adopt removal in tests, just enough, so that they pass.
  TODO: - check if the tests still make sense

* Drop registration of CryptoSigner and use its new uri scheme "file2"
  in SignerStore.
  "file2" can be used like "file", but only for non-encrypted key files,
  which is all we care for in the worker.
  "file2" can also be used like "fn"  from the custom "FileNameSigner",
  i.e. with a directory specified via envvar.

  TODO: - consider only using "file2" and dropping the custom
          "FileNameSigner" (or only using it to ovverride the scheme
	  name and the envvar name)

Signed-off-by: Lukas Puehringer <[email protected]>
@kairoaraujo
chore: dependencies and ci/cd
0a8f383 
Signed-off-by: Kairo Araujo <[email protected]>
@kairoaraujo
fixup! Update securesystemslib 1.0.0 (WIP)
306c741 
Signed-off-by: Kairo Araujo <[email protected]>
@kairoaraujo
docs: update related docs about IKeyVault removal
8a8853e 
Signed-off-by: Kairo Araujo <[email protected]>
@codecov Codecov
Copy link

codecov bot commented Jul 25, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 100.00%. Comparing base (714a29d) to head (26dd46a).
Report is 70 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff            @@
##              main      #507   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files           15        14    -1     
  Lines         1071      1072    +1     
=========================================
+ Hits          1071      1072    +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@kairoaraujo kairoaraujo marked this pull request as ready for review July 25, 2024 11:48
@kairoaraujo kairoaraujo requested a review from MVrachev July 25, 2024 11:49
kairoaraujo
kairoaraujo previously approved these changes Jul 26, 2024
View reviewed changes
MVrachev
MVrachev previously approved these changes Jul 26, 2024
View reviewed changes
@kairoaraujo kairoaraujo dismissed stale reviews from MVrachev and themself via 26dd46a July 26, 2024 08:06
@MVrachev MVrachev merged commit a4c6e73 into repository-service-tuf:main Jul 26, 2024
54 checks passed
@kairoaraujo kairoaraujo mentioned this pull request Jul 27, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kairoaraujo kairoaraujo kairoaraujo approved these changes

@MVrachev MVrachev MVrachev approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@lukpueh @kairoaraujo @MVrachev