Comments (5)
tuf.repo.signerlib.check_directory(directory)
The call above performs the following checks:
Does 'directory' have the correct format?
Raise 'tuf.FormatError' if there is a mismatch.
tuf.formats.PATH_SCHEMA.check_match(directory)
directory = os.path.abspath(directory)
from python-tuf.
Unfortunately, that does not fix the problem.
tuf.formats.PATH_SCHEMA simply asserts that the directory is a string.
The rest of tuf.repo.signerlib.check_directory() checks the absolute version of the given directory, but not does check that the given directory was an absolute path in the first place.
Going back to our original example, suppose that the user very well does not know that he is supposed to specify an absolute path for the delegated targets directory. Then signercli.py fails with an error that is only comprehensible after reading its source code.
Does this make sense?
I have a one-line patch I can push to the repository.
from python-tuf.
Ah, you're correct. Line 899 should have been
delegated_targets_directory = tuf.repo.signerlib.check_directory(delegated_targets_directory)
The behavior of this function was modified during unit testing and was not fully updated.
An incorrect version may have also been copied during the move from the hg repository.
from python-tuf.
The line causing the bug was modified to:
delegated_targets_directory = _check_directory(delegated_targets_directory)
The check_directory() function of 'signerlib.py' was also modified to remove traces of its previous behavior.
Ran the unit tests and gave signercli.py a test run. This bug should be fixed now.
Please confirm.
ef53ca6
from python-tuf.
Works, thanks!
from python-tuf.
Related Issues (20)
- build: Enable python 3.12 HOT 4
- investigate alternative hatchling version pinning HOT 2
- Consider including `securesystemslib[crypto]` as a dependency in TUF HOT 4
- VerificationResult should include keys for keyids HOT 4
- Replace most linting tools with ruff HOT 1
- repository: maybe provide a Repository.get_delegating_role() HOT 2
- Yearly maintainer permissions review HOT 1
- Change `securesystemslib.dsse.Envelope.signatures` to dict upstream HOT 2
- Test all components with DSSE
- Test "ruff check --output-format=github" HOT 2
- linting: Enable more ruff rulesets HOT 7
- linting: enable pycodestyle for tests
- datetime.utcnow() is deprecated: stop using it HOT 1
- SimpleEnvelope._DEFAULT_PAYLOAD_TYPE should be public? HOT 1
- should build job require prior test job to pass? HOT 3
- possible blog post: Caching TUF metadata HOT 3
- provide user-agent customization?
- workflows: macos runners are missing older pythons
- next release HOT 1
- user-agent should maybe mention "python"? HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from python-tuf.