Skip to content

Adopt mandatory semantic versioning for TUF specification version#914

Merged
JustinCappos merged 5 commits intotheupdateframework:developfrom
lukpueh:adopt-spec-semver
Sep 16, 2019
Merged

Adopt mandatory semantic versioning for TUF specification version#914
JustinCappos merged 5 commits intotheupdateframework:developfrom
lukpueh:adopt-spec-semver

Conversation

@lukpueh
Copy link
Member

@lukpueh lukpueh commented Sep 16, 2019

*This introduces changes that are backwards incompatible with metadata whose spec_version field does not contain a version number compliant with Semantic Versioning 2.0.0.

Fixes issue #:
Related to theupdateframework/specification#51

Description of the changes being introduced by the pull request:

  • Changes tuf.formats.SPECIFICATION_VERSION_SCHEMA to require a "Semantic Versioning 2.0"-compliant version string. Before this PR any string was allowed.
  • Updates tuf.SPECIFICATION_VERSION, i.e. TUF specification compliance, to 1.0.0. Before this PR it was 1.0 which is not a valid version string anymore (see above).
  • Adopts sample and test metadata accordingly.
  • Adopts tests accordingly.
  • Mildly unrelated: Updates link to historical tuf-spec.

Please see commit messages for details, e.g. how the test and sample metadata was re-generated.

For review the repetitive metadata generation commits may be skimmed.

Please verify and check that the pull request fulfills the following
requirements:

  • The code follows the Code Style Guidelines
  • Tests have been added for the bug fix or new feature
  • Docs have been added for the bug fix or new feature

Lukas Puehringer added 5 commits September 16, 2019 15:43
Update link to historical tuf-spec.0.9.txt
94d1c51 
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Update SPEC_VERSION to semver-compliant 1.0.0
9d201d1 
Updates SPEC_VERSION definition in tuf/__init__.py, test files and
docstring in formats.build_dict_conforming_to_schema.

Test metadata will be updated in separate commits.

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Re-generate repository and client test metadata
af1a21b 
Re-generate metadata to adopt spec version format change, using
`generate.py` plus some working around (see script below):

```
 # QUICKFIX: Patch add_target to pass file paths relative to targets dir
git apply - <<EOF
diff --git a/tests/repository_data/generate.py b/tests/repository_data/generate.py
index 6c26357..699ed00f 100755
--- a/tests/repository_data/generate.py
+++ b/tests/repository_data/generate.py
@@ -119,12 +119,11 @@ if not options.dry_run:
 # about the target (i.e., file permissions in octal format.)
 octal_file_permissions = oct(os.stat(target1_filepath).st_mode)[4:]
 file_permissions = {'file_permissions': octal_file_permissions}
-repository.targets.add_target(target1_filepath, file_permissions)
-repository.targets.add_target(target2_filepath)
+repository.targets.add_target('file1.txt', file_permissions)
+repository.targets.add_target('file2.txt')

-repository.targets.delegate('role1', [delegation_public],
-    [os.path.basename(target3_filepath)])
-repository.targets('role1').add_target(target3_filepath)
+repository.targets.delegate('role1', [delegation_public], ['file3.txt'])
+repository.targets('role1').add_target('file3.txt')
 repository.targets('role1').load_signing_key(delegation_private)

 repository.targets('role1').delegate('role2', [delegation_public], [])
EOF

 # Remove repository and client data
cd repository_data && rm -rf repository client
 # Generate metadata
python generate.py
 # Duplicate metadata files
cp -r client/test_repository1 client/test_repository2
 # Recover non-signed file
git checkout client/map.json
```

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Re-generate projects test metadata
2e21950 
Re-generate metadata to adopt spec version format change, using
`generate_project_data.py`:

```
cd tests/repository_data && rm -rf project
python generate_project_data.py
```

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Mandate semver for SPECIFICATION_VERSION_SCHEMA
b136584 
Mandates Semantic Versioning format with
tuf.formats.SPECIFICATION_VERSION_SCHEMA using the regex referenced
on the official semver website. See:
https://semver.org/spec/v2.0.0.html#is-there-a-suggested-regular-expression-regex-to-check-a-semver-string
https://regex101.com/r/Ly7O1x/3/

Adopts tests accordingly:
 - removes tests that now fail earlier due to stricter format
 - adds tests to check exemplary valid and invalid version schemas

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
mnm678
mnm678 approved these changes Sep 16, 2019
View reviewed changes
Copy link
Contributor

@mnm678 mnm678 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, but the link to the historical spec will not work until #51 is merged, so I suggest we wait on that.

JustinCappos
JustinCappos approved these changes Sep 16, 2019
View reviewed changes
Copy link
Member

@JustinCappos JustinCappos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me.

@JustinCappos JustinCappos merged commit c4be348 into theupdateframework:develop Sep 16, 2019
@lukpueh
Copy link
Member Author

lukpueh commented Sep 16, 2019

Thanks for the quick review, @JustinCappos and @mnm678! :)

@lukpueh lukpueh mentioned this pull request Sep 26, 2019
Closed
@lukpueh lukpueh mentioned this pull request Mar 5, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@JustinCappos JustinCappos JustinCappos approved these changes

@mnm678 mnm678 mnm678 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@lukpueh @JustinCappos @mnm678