From 89b532db7974534a5c959a928fe4b7ea069cdccf Mon Sep 17 00:00:00 2001 From: Jussi Kukkonen Date: Tue, 14 Dec 2021 16:53:59 +0200 Subject: [PATCH 1/3] Move 1.0.0 announcement to docs Signed-off-by: Jussi Kukkonen --- 1.0.0-ANNOUNCEMENT.md => docs/1.0.0-ANNOUNCEMENT.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename 1.0.0-ANNOUNCEMENT.md => docs/1.0.0-ANNOUNCEMENT.md (100%) diff --git a/1.0.0-ANNOUNCEMENT.md b/docs/1.0.0-ANNOUNCEMENT.md similarity index 100% rename from 1.0.0-ANNOUNCEMENT.md rename to docs/1.0.0-ANNOUNCEMENT.md From 1ea497abaecf0066a6e3e532c75161f09bff35ba Mon Sep 17 00:00:00 2001 From: Jussi Kukkonen Date: Wed, 15 Dec 2021 13:49:21 +0200 Subject: [PATCH 2/3] README: Update descriptions of the provided APIs * ngclient and Metadata API are production ready: start with them, then mention legacy * link to API reference instead of code * link to examples instead of (legacy) getting started document Signed-off-by: Jussi Kukkonen --- README.md | 42 +++++++++++++++++------------------------- 1 file changed, 17 insertions(+), 25 deletions(-) diff --git a/README.md b/README.md index 946244910c..70672ecd3a 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ ---------------------------- *__IMPORTANT NOTICE:__ A stable 1.0.0 release of the modern implementation only is scheduled for January 2022. Please see the [*1.0.0 -announcement*](1.0.0-ANNOUNCEMENT.md) page for more details about the release +announcement*](docs/1.0.0-ANNOUNCEMENT.md) page for more details about the release and the deprecation of the legacy implementation, including migration instructions.* @@ -19,31 +19,22 @@ This repository is the **reference implementation** of It is written in Python and intended to conform to version 1.0 of the [TUF specification](https://theupdateframework.github.io/specification/latest/). -The repository currently includes two implementations: -1) A *legacy implementation*, with - [`tuf/client/updater.py`](tuf/client/updater.py) implementing the detailed - client workflow and [`tuf/repository_tool.py`](tuf/repository_tool.py) - providing a high-level interface for repository operations. - The legacy implementation is in use in production systems, but is [no longer - being actively worked on](docs/adr/0002-pre-1-0-deprecation-strategy.md). -2) A *modern implementation*. We are in the process of rewriting the reference - implementation in [modern Python](docs/adr/0001-python-version-3-6-plus.md) - to both: a) address scalability and integration issues identified in - supporting integration into the Python Package Index (PyPI), and other - large-scale repositories, and b) to ensure maintainability of the project. - This implementation consists of: - * a "low-level" metadata API, designed to provide easy and safe access to - TUF metadata and handle (de)serialization from/to files, provided in the - [`tuf/api/metadata.py`](tuf/api/metadata.py) module. - * an implementation of the detailed client workflow built on top of the - metadata API, provided in the - [`tuf/ngclient/updater.py`](tuf/ngclient/updater.py) module. - The modern implementation is not considered production ready and does not yet - provide any high-level support for implementing - [repository operations](https://theupdateframework.github.io/specification/latest/#repository-operations), - though the addition of API to support them is planned. +Python-TUF provides two APIs: + * [`tuf.api.metadata`](https://theupdateframework.readthedocs.io/en/latest/api/tuf.api.html), + a "low-level" API, designed to provide easy and safe access to TUF + metadata and to handle (de)serialization from/to files. + * [`tuf.ngclient`](https://theupdateframework.readthedocs.io/en/latest/api/tuf.ngclient.html), + a client implementation built on top of the metadata API. +High-level support for implementing +[repository operations](https://theupdateframework.github.io/specification/latest/#repository-operations) +is planned but not yet provided: see [1.0.0 plans](docs/1.0.0-ANNOUNCEMENT.md). +In addition to these APIs the project also provides a *legacy +implementation* with `tuf.client` implementing the client workflow and +`tuf.repository_tool` providing a high-level interface for repository +operations. The legacy implementation is going to be +[deprecated](docs/1.0.0-ANNOUNCEMENT.md) in the near future. The reference implementation strives to be a readable guide and demonstration for those working on implementing TUF in their own languages, environments, or @@ -75,7 +66,8 @@ Documentation ------------- * [Introduction to TUF's Design](docs/OVERVIEW.rst) * [The TUF Specification](https://theupdateframework.github.io/specification/latest/) -* [Getting Started with the TUF Reference Implementation](docs/GETTING_STARTED.rst) +* Examples: [client](examples/client_example) and [repository](examples/repo_example) +* [API Reference](https://theupdateframework.readthedocs.io/) * [Governance](docs/GOVERNANCE.md) and [Maintainers](docs/MAINTAINERS.txt) for the reference implementation * [Miscellaneous Docs](docs/) From 97d5395e79f2871d653e2e2bf926bba0246a0e04 Mon Sep 17 00:00:00 2001 From: Lukas Puehringer Date: Mon, 13 Dec 2021 13:28:37 +0100 Subject: [PATCH 3/3] Prepare v0.20.0 This will be the final release of python-tuf that includes the legacy implementation code. Please see the [*1.0.0 announcement*](1.0.0-ANNOUNCEMENT.md) page for more details about the next release and the deprecation of the legacy implementation, including migration instructions. Co-authored-by: Jussi Kukkonen Signed-off-by: Jussi Kukkonen --- docs/CHANGELOG.md | 37 +++++++++++++++++++++++++++++++++++++ setup.cfg | 2 +- tuf/__init__.py | 2 +- 3 files changed, 39 insertions(+), 2 deletions(-) diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md index 0a717c96fd..5a24dc97c4 100644 --- a/docs/CHANGELOG.md +++ b/docs/CHANGELOG.md @@ -1,5 +1,42 @@ # Changelog + +## v0.20.0 + +*__NOTE:__ This will be the final release of python-tuf that includes the +legacy implementation code. Please see the [*1.0.0 +announcement*](1.0.0-ANNOUNCEMENT.md) page for more details about the next +release and the deprecation of the legacy implementation, including migration +instructions.* + +### Added +* metadata API: misc input validation (#1630, #1688, #1668, #1672, #1690) +* doc: repository library design document and ADR (#1693) +* doc: 1.0.0 announcement (#1706) +* doc: misc docstrings in metadata API (#1620) +* doc: repository and client examples (#1675, #1685, #1700) +* test: ngclient key rotation (#1635, #1649, #1691) +* test: ngclient top-level role update (#1636) +* test: ngclient non-consistent snapshot (#1666, #1705) +* test: more lint/type checks and auto-formatting (#1658, #1664, #1659, #1674, + #1677, #1687, #1699, #1701, #1708, #1710, #1720, #1726) +* build: Python 3.10 support (#1628) + +### Changed +* ngclient: misc API changes (#1604, #1731) +* ngclient: avoid re-loading verified targets metadata (#1593) +* ngclient: implicitly call refresh() (#1654) +* ngclient: return loaded metadata (#1680) +* ngclient: skip visited nodes on delegation tree traversal (#1683) +* ngclient: remove URL normalisation (#1686) +* build: modernise packaging configuration (#1626) +* build: bump dependencies (#1609, #1611, #1616, #1621) +* build: limit GitHub Action token visibility and permissions (#1652, #1663) +* test: misc test changes (#1715, #1670, #1671, #1631, #1695, #1702) + +### Removed +* doc: obsolete roadmap (#1698) + ## v0.19.0 For users of legacy client (tuf.client module) this is purely a security fix diff --git a/setup.cfg b/setup.cfg index 73a975b948..08d51cc3da 100644 --- a/setup.cfg +++ b/setup.cfg @@ -1,6 +1,6 @@ [metadata] name = tuf -version = 0.19.0 +version = 0.20.0 author = https://www.updateframework.com author_email = theupdateframework@googlegroups.com description = A secure updater framework for Python diff --git a/tuf/__init__.py b/tuf/__init__.py index cca809ba0d..1319171dab 100755 --- a/tuf/__init__.py +++ b/tuf/__init__.py @@ -2,7 +2,7 @@ # setup.cfg has it hard-coded separately. # Currently, when the version is changed, it must be set in both locations. # TODO: Single-source the version number. -__version__ = "0.19.0" +__version__ = "0.20.0" # This reference implementation produces metadata intended to conform to # version 1.0.0 of the TUF specification, and is expected to consume metadata