diff --git a/.gitignore b/.gitignore index e988195f05..6ca43668d8 100644 --- a/.gitignore +++ b/.gitignore @@ -22,6 +22,7 @@ tests/htmlcov/* *~ *.tmp .pre-commit-config.yaml +.vscode # Debian generated files debian/.debhelper/* diff --git a/.gitmodules b/.gitmodules deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/MANIFEST.in b/MANIFEST.in index 6e2a7cbb01..06f92591ed 100644 --- a/MANIFEST.in +++ b/MANIFEST.in @@ -1,29 +1,15 @@ +# License files include LICENSE* -include README.md + +# Development and testing +include *.txt +global-include pylintrc include tox.ini -include tests/repository_data/keystore/delegation_key -include tests/repository_data/keystore/root_key* -include tests/repository_data/keystore/snapshot_key -include tests/repository_data/keystore/targets_key -include tests/repository_data/keystore/timestamp_key -include tests/ssl_certs/*.crt -include tests/ssl_certs/*.key +graft tests -recursive-include docs *.txt -recursive-include docs *.md -recursive-include docs *.rst -recursive-include docs/images *.png -recursive-include tuf/scripts *.py -recursive-include examples * -recursive-include tests *.py -recursive-include tests *.pem -recursive-include tests *.json -recursive-include tests *.txt -recursive-include tests *.cfg -recursive-include tests *.coveragerc -recursive-include tests *.gz -recursive-include tests *.pub -recursive-include tuf *.gitignore +# Documentation +graft docs recursive-include tuf *.md -recursive-include tuf *.rst -recursive-include tuf *.yml + +# To remove +recursive-include tuf/scripts *.py diff --git a/docs/RELEASE.md b/docs/RELEASE.md index b69ae1cdf2..c964407aed 100644 --- a/docs/RELEASE.md +++ b/docs/RELEASE.md @@ -5,12 +5,11 @@ tracked by git * Ensure `docs/CHANGELOG.md` contains a one-line summary of each [notable change](https://keepachangelog.com/) since the prior release -* Update `setup.py` and `tuf/__init__.py` to the new version number vA.B.C +* Update `setup.cfg` and `tuf/__init__.py` to the new version number vA.B.C * Test packaging, uploading to Test PyPI and installing from a virtual environment (ensure commands invoking `python` below are using Python 3) * Remove existing dist build dirs - * Create source dist `python3 setup.py sdist` - * Create wheel `python3 setup.py bdist_wheel` + * Create source dist and wheel `python3 -m build` * Sign the dists `gpg --detach-sign -a dist/tuf-vA.B.C.tar.gz` * Upload to test PyPI `twine upload --repository testpypi dist/*` * Verify the uploaded package https://testpypi.python.org/pypi/tuf/ @@ -24,13 +23,12 @@ * Create a package for the formal release (ensure commands invoking `python` below are using Python 3) * Remove existing dist build dirs - * Create source dist `python3 setup.py sdist` - * Create wheel `python3 setup.py bdist_wheel` + * Create source dist and wheel `python3 -m build` * Sign source dist `gpg --detach-sign -a dist/tuf-vA.B.C.tar.gz` * Sign wheel `gpg --detach-sign -a dist/tuf-vA.B.C-py3-none-any.whl` * Upload to test PyPI `twine upload --repository testpypi dist/*` * Verify the uploaded package https://testpypi.python.org/pypi/tuf/ * Upload to PyPI `twine upload dist/*` -* Attach the signed dists to the release on GitHub +* Attach both signed dists and their detached signatures to the release on GitHub * Announce the release on [#tuf on CNCF Slack](https://cloud-native.slack.com/archives/C8NMD3QJ3) * Ensure [POUF 1](https://github.com/theupdateframework/taps/blob/master/POUFs/reference-POUF/pouf1.md), for the reference implementation, is up-to-date diff --git a/pyproject.toml b/pyproject.toml new file mode 100644 index 0000000000..2f21011953 --- /dev/null +++ b/pyproject.toml @@ -0,0 +1,3 @@ +[build-system] +requires = ["setuptools>=40.8.0", "wheel"] +build-backend = "setuptools.build_meta" diff --git a/requirements-dev.txt b/requirements-dev.txt index f8748752a5..2afa895fb3 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -1,5 +1,8 @@ # Install tuf in editable mode and requirements for local testing with tox, # and also for running test suite or individual tests manually +build tox +twine +wheel -r requirements-test.txt -e . diff --git a/setup.cfg b/setup.cfg index 366a2fbb53..f880a3893d 100644 --- a/setup.cfg +++ b/setup.cfg @@ -1,8 +1,54 @@ +[metadata] +name = tuf +version = 0.19.0 +author = https://www.updateframework.com +author_email = theupdateframework@googlegroups.com +description = A secure updater framework for Python +long_description = file: README.md +long_description_content_type = text/markdown +url = https://www.updateframework.com +project_urls = + Documentation = https://theupdateframework.readthedocs.io/en/stable/ + Issues = https://github.com/theupdateframework/python-tuf/issues + Source = https://github.com/theupdateframework/python-tuf +classifiers = + Development Status :: 4 - Beta + Intended Audience :: Developers + License :: OSI Approved :: MIT License + License :: OSI Approved :: Apache Software License + Operating System :: POSIX + Operating System :: POSIX :: Linux + Operating System :: MacOS :: MacOS X + Operating System :: Microsoft :: Windows + Programming Language :: Python :: 3 + Programming Language :: Python :: 3.6 + Programming Language :: Python :: 3.7 + Programming Language :: Python :: 3.8 + Programming Language :: Python :: 3.9 + Programming Language :: Python :: 3.10 + Programming Language :: Python :: Implementation :: CPython + Topic :: Security + Topic :: Software Development +keywords = update updater secure authentication key compromise revocation +license_files = LICENSE LICENSE-MIT + +[options] +packages = find: +scripts = + tuf/scripts/repo.py + tuf/scripts/client.py +python_requires = ~=3.6 +install_requires = + requests>=2.19.1 + securesystemslib>=0.20.0 + +[options.packages.find] +exclude = tests + [check-manifest] ignore = - requirements-dev.txt - .travis.yml - .coveragerc + .fossa.yml + .readthedocs.yaml [mypy] warn_unused_configs = True diff --git a/setup.py b/setup.py deleted file mode 100755 index 0716124e07..0000000000 --- a/setup.py +++ /dev/null @@ -1,123 +0,0 @@ -#!/usr/bin/env python - -# Copyright 2013 - 2018, New York University and the TUF contributors -# SPDX-License-Identifier: MIT OR Apache-2.0 - -""" - - setup.py - - - Vladimir Diaz - - - March 2013. - - - See LICENSE-MIT OR LICENSE for licensing information. - - - BUILD SOURCE DISTRIBUTION - - The following shell command generates a TUF source archive that can be - distributed to other users. The packaged source is saved to the 'dist' - folder in the current directory. - - $ python3 setup.py sdist - - - INSTALLATION OPTIONS - - pip - installing and managing Python packages (recommended): - - # Installing from Python Package Index (https://pypi.python.org/pypi). - $ python3 -m pip install tuf - - # Installing from local source archive. - $ python3 -m pip install - - # Or from the root directory of the unpacked archive. - $ python3 -m pip install . - - # Installing optional requirements (i.e., after installing tuf). - # Support for creation of Ed25519 signatures and support for RSA and ECDSA - # signatures in general requires optional dependencies: - $ python3 -m pip install securesystemslib[crypto,pynacl] - - - Alternate installation options: - - Navigate to the root directory of the unpacked archive and - run one of the following shell commands: - - Install to the global site-packages directory. - $ python3 setup.py install - - Install to the user site-packages directory. - $ python3 setup.py install --user - - Install to a chosen directory. - $ python3 setup.py install --home= - - - Note: The last two installation options may require modification of - Python's search path (i.e., 'sys.path') or updating an OS environment - variable. For example, installing to the user site-packages directory might - result in the installation of TUF scripts to '~/.local/bin'. The user may - then be required to update his $PATH variable: - $ export PATH=$PATH:~/.local/bin -""" - -from setuptools import setup -from setuptools import find_packages - - -with open('README.md') as file_object: - long_description = file_object.read() - - -setup( - name = 'tuf', - version = '0.19.0', # If updating version, also update it in tuf/__init__.py - description = 'A secure updater framework for Python', - long_description = long_description, - long_description_content_type='text/markdown', - author = 'https://www.updateframework.com', - author_email = 'theupdateframework@googlegroups.com', - url = 'https://www.updateframework.com', - keywords = 'update updater secure authentication key compromise revocation', - classifiers = [ - 'Development Status :: 4 - Beta', - 'Intended Audience :: Developers', - 'License :: OSI Approved :: MIT License', - 'License :: OSI Approved :: Apache Software License', - 'Natural Language :: English', - 'Operating System :: POSIX', - 'Operating System :: POSIX :: Linux', - 'Operating System :: MacOS :: MacOS X', - 'Operating System :: Microsoft :: Windows', - 'Programming Language :: Python :: 3', - 'Programming Language :: Python :: 3.6', - 'Programming Language :: Python :: 3.7', - 'Programming Language :: Python :: 3.8', - 'Programming Language :: Python :: 3.9', - 'Programming Language :: Python :: 3.10', - 'Programming Language :: Python :: Implementation :: CPython', - 'Topic :: Security', - 'Topic :: Software Development' - ], - project_urls={ - 'Source': 'https://github.com/theupdateframework/python-tuf', - 'Issues': 'https://github.com/theupdateframework/python-tuf/issues' - }, - python_requires="~=3.6", - install_requires = [ - 'requests>=2.19.1', - 'securesystemslib>=0.20.0' - ], - packages = find_packages(exclude=['tests']), - scripts = [ - 'tuf/scripts/repo.py', - 'tuf/scripts/client.py' - ] -) diff --git a/tuf/__init__.py b/tuf/__init__.py index e56bdf943b..cca809ba0d 100755 --- a/tuf/__init__.py +++ b/tuf/__init__.py @@ -1,5 +1,5 @@ # This value is used in the requests user agent. -# setup.py has it hard-coded separately. +# setup.cfg has it hard-coded separately. # Currently, when the version is changed, it must be set in both locations. # TODO: Single-source the version number. __version__ = "0.19.0"