From 070a2ff6b8f68b3ccf2484b68b428e85c5494aca Mon Sep 17 00:00:00 2001 From: Jussi Kukkonen Date: Thu, 15 Aug 2024 14:54:05 +0300 Subject: [PATCH 1/3] Support static repository testing Every directory in tuf_conformance/static_data will be tested Signed-off-by: Jussi Kukkonen --- tuf_conformance/client_runner.py | 8 +++- tuf_conformance/conftest.py | 28 ++++++++++++- tuf_conformance/simulator_server.py | 45 +++++++++++++++++++++ tuf_conformance/static_data/README.md | 13 ++++++ tuf_conformance/test_static_repositories.py | 22 ++++++++++ 5 files changed, 113 insertions(+), 3 deletions(-) create mode 100644 tuf_conformance/static_data/README.md create mode 100644 tuf_conformance/test_static_repositories.py diff --git a/tuf_conformance/client_runner.py b/tuf_conformance/client_runner.py index 53bb6f4..fcc9ab7 100644 --- a/tuf_conformance/client_runner.py +++ b/tuf_conformance/client_runner.py @@ -8,7 +8,11 @@ from tuf.api.metadata import Metadata from tuf_conformance.metadata import MetadataTest -from tuf_conformance.simulator_server import ClientInitData, SimulatorServer +from tuf_conformance.simulator_server import ( + ClientInitData, + SimulatorServer, + StaticServer, +) class ClientRunner: @@ -20,7 +24,7 @@ class ClientRunner: ClientRunner manages client resources (like the cache paths etc)""" def __init__( - self, client_cmd: str, server: SimulatorServer, test_name: str + self, client_cmd: str, server: SimulatorServer | StaticServer, test_name: str ) -> None: self._server = server self._cmd = client_cmd.split(" ") diff --git a/tuf_conformance/conftest.py b/tuf_conformance/conftest.py index e47cb5e..1f376b4 100644 --- a/tuf_conformance/conftest.py +++ b/tuf_conformance/conftest.py @@ -4,7 +4,7 @@ import pytest from tuf_conformance.client_runner import ClientRunner -from tuf_conformance.simulator_server import SimulatorServer +from tuf_conformance.simulator_server import SimulatorServer, StaticServer def pytest_addoption(parser: pytest.Parser) -> None: @@ -43,6 +43,16 @@ def server(pytestconfig: pytest.Config) -> Iterator[SimulatorServer]: server.server_close() +@pytest.fixture +def static_server(pytestconfig: pytest.Config) -> Iterator[StaticServer]: + """ + Server that serves static repositories + """ + server = StaticServer() + yield server + server.server_close() + + @pytest.fixture def client( pytestconfig: pytest.Config, server: SimulatorServer, request: pytest.FixtureRequest @@ -57,6 +67,22 @@ def client( return ClientRunner(entrypoint, server, request.node.name) +@pytest.fixture +def static_client( + pytestconfig: pytest.Config, + static_server: StaticServer, + request: pytest.FixtureRequest, +) -> ClientRunner: + """ + Client for running static repository tests. + """ + entrypoint = pytestconfig.getoption("--entrypoint") + if not os.path.isabs(entrypoint): + entrypoint = os.path.join(pytestconfig.invocation_params.dir, entrypoint) + + return ClientRunner(entrypoint, static_server, request.node.name) + + @pytest.fixture(autouse=True) def conformance_xfail( pytestconfig: pytest.Config, request: pytest.FixtureRequest diff --git a/tuf_conformance/simulator_server.py b/tuf_conformance/simulator_server.py index 614d712..756d996 100644 --- a/tuf_conformance/simulator_server.py +++ b/tuf_conformance/simulator_server.py @@ -1,3 +1,4 @@ +import os from dataclasses import dataclass from http.server import BaseHTTPRequestHandler, ThreadingHTTPServer from os import path @@ -82,3 +83,47 @@ def new_test(self, name: str) -> tuple[ClientInitData, RepositorySimulator]: def debug_dump(self, test_name: str) -> None: self.repos[test_name].debug_dump() + + +class StaticServer(ThreadingHTTPServer): + """Web server to serve static repositories""" + + def __init__(self) -> None: + class _StaticReqHandler(BaseHTTPRequestHandler): + def do_GET(self) -> None: # noqa: N802 + filepath = os.path.join("tuf_conformance", "static_data", self.path[1:]) + try: + with open(filepath, "rb") as f: + data = f.read() + except OSError: + self.send_error(404, f" {self.path} not found") + return + + self.send_response(200) + self.send_header("Content-length", str(len(data))) + self.end_headers() + self.wfile.write(data) + + super().__init__(("127.0.0.1", 0), _StaticReqHandler) + self.timeout = 0 + + def new_test(self, static_dir: str) -> tuple[ClientInitData, str]: + sub_dir = os.path.join("tuf_conformance", "static_data", static_dir) + with open(os.path.join(sub_dir, "initial_root.json"), "rb") as f: + initial_root = f.read() + + host, port = self.server_address[0], self.server_address[1] + assert isinstance(host, str) + client_data = ClientInitData( + f"http://{host}:{port}/{static_dir}/metadata/", + f"http://{host}:{port}/{static_dir}/targets/", + initial_root, + ) + + with open(os.path.join(sub_dir, "targetpath")) as f: + targetpath = f.readline().strip("\n") + + return client_data, targetpath + + def debug_dump(self, test_name: str) -> None: + pass # not implemented diff --git a/tuf_conformance/static_data/README.md b/tuf_conformance/static_data/README.md new file mode 100644 index 0000000..4acbac1 --- /dev/null +++ b/tuf_conformance/static_data/README.md @@ -0,0 +1,13 @@ +## Static test data from actual repository implementations + +Subdirectories should contain complete repositories produced by a specific repository +implementation. Each repository in a `` should +* demonstrate all of the TUF features that the implementation uses +* not expire for a very long time +* Store metadata in `` and artifacts in `` +* be ready to be published with just `python -m http.server ` (in other words filenames + should match the TUF http API) + +Additionally there should be + * A version of root in `/initial_root.json`: This will be used to initialize the client + * `/targetpath` containing a targetpath of an artifact that exists in the repository diff --git a/tuf_conformance/test_static_repositories.py b/tuf_conformance/test_static_repositories.py new file mode 100644 index 0000000..a064b48 --- /dev/null +++ b/tuf_conformance/test_static_repositories.py @@ -0,0 +1,22 @@ +import os + +import pytest + +from tuf_conformance.client_runner import ClientRunner +from tuf_conformance.simulator_server import StaticServer + +static_repos = [] +for static_dir in os.listdir(os.path.join("tuf_conformance", "static_data")): + if os.path.isdir(os.path.join("tuf_conformance", "static_data", static_dir)): + static_repos.append(static_dir) + + +@pytest.mark.parametrize("static_repo", static_repos) +def test_static_repo( + static_client: ClientRunner, static_server: StaticServer, static_repo: str +) -> None: + init_data, targetpath = static_server.new_test(static_repo) + + assert static_client.init_client(init_data) == 0 + assert static_client.refresh(init_data) == 0 + assert static_client.download_target(init_data, targetpath) == 0 From 01f9fcbb57c7f96250b5b2db6436179efcb603d5 Mon Sep 17 00:00:00 2001 From: Jussi Kukkonen Date: Thu, 15 Aug 2024 14:55:15 +0300 Subject: [PATCH 2/3] Add static test data for tuf-on-ci current version Signed-off-by: Jussi Kukkonen --- .../tuf-on-ci-0.11/initial_root.json | 65 +++++++++++++ .../tuf-on-ci-0.11/metadata/1.root.json | 65 +++++++++++++ .../tuf-on-ci-0.11/metadata/1.targets.json | 54 +++++++++++ .../metadata/2.delegatedrole.json | 28 ++++++ .../tuf-on-ci-0.11/metadata/2.snapshot.json | 22 +++++ .../tuf-on-ci-0.11/metadata/index.html | 91 +++++++++++++++++++ .../tuf-on-ci-0.11/metadata/index.md | 13 +++ .../tuf-on-ci-0.11/metadata/timestamp.json | 19 ++++ .../static_data/tuf-on-ci-0.11/targetpath | 1 + ...cc7794503ac58a47a78cfe7ebefb7fab3.artifact | 1 + 10 files changed, 359 insertions(+) create mode 100644 tuf_conformance/static_data/tuf-on-ci-0.11/initial_root.json create mode 100644 tuf_conformance/static_data/tuf-on-ci-0.11/metadata/1.root.json create mode 100644 tuf_conformance/static_data/tuf-on-ci-0.11/metadata/1.targets.json create mode 100644 tuf_conformance/static_data/tuf-on-ci-0.11/metadata/2.delegatedrole.json create mode 100644 tuf_conformance/static_data/tuf-on-ci-0.11/metadata/2.snapshot.json create mode 100644 tuf_conformance/static_data/tuf-on-ci-0.11/metadata/index.html create mode 100644 tuf_conformance/static_data/tuf-on-ci-0.11/metadata/index.md create mode 100644 tuf_conformance/static_data/tuf-on-ci-0.11/metadata/timestamp.json create mode 100644 tuf_conformance/static_data/tuf-on-ci-0.11/targetpath create mode 100644 tuf_conformance/static_data/tuf-on-ci-0.11/targets/delegatedrole/45f337ee451b4c098d121d09cc224bacc7794503ac58a47a78cfe7ebefb7fab3.artifact diff --git a/tuf_conformance/static_data/tuf-on-ci-0.11/initial_root.json b/tuf_conformance/static_data/tuf-on-ci-0.11/initial_root.json new file mode 100644 index 0000000..1a30757 --- /dev/null +++ b/tuf_conformance/static_data/tuf-on-ci-0.11/initial_root.json @@ -0,0 +1,65 @@ +{ + "signatures": [ + { + "keyid": "aa61e09f6af7662ac686cf0c6364079f63d3e7a86836684eeced93eace3acd81", + "sig": "3045022100e691c6fa8f401a7f6cb6f2fbf5d2596bf50755acdc95d53bbac1bb7f5c2d6bfc02206a85c8ea8015a63d9903588b3bbc5bd563e043cf43fc1b9198a9112e15f2df53" + } + ], + "signed": { + "_type": "root", + "consistent_snapshot": true, + "expires": "2044-08-10T10:05:04Z", + "keys": { + "a54e905f3e03bb0cccdc954bd40d4d29b5c1a2a95c2777f10f9c63a503c7f777": { + "keytype": "ecdsa", + "keyval": { + "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEu+ebm3VUg6U2b0IIeR6NFZU7uxkL\nR1sVLxV8SEW7G+AMXMasEQf5daxfwVMP1kuEkhGs3mBYLkYXlWDh9BNSxg==\n-----END PUBLIC KEY-----\n" + }, + "scheme": "ecdsa-sha2-nistp256", + "x-tuf-on-ci-online-uri": "gcpkms:projects/python-tuf-kms/locations/global/keyRings/git-repo-demo/cryptoKeys/online/cryptoKeyVersions/1" + }, + "aa61e09f6af7662ac686cf0c6364079f63d3e7a86836684eeced93eace3acd81": { + "keytype": "ecdsa", + "keyval": { + "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEohqIdE+yTl4OxpX8ZxNUPrg3SL9H\nBDnhZuceKkxy2oMhUOxhWweZeG3bfM1T4ZLnJimC6CAYVU5+F5jZCoftRw==\n-----END PUBLIC KEY-----\n" + }, + "scheme": "ecdsa-sha2-nistp256", + "x-tuf-on-ci-keyowner": "@jku" + } + }, + "roles": { + "root": { + "keyids": [ + "aa61e09f6af7662ac686cf0c6364079f63d3e7a86836684eeced93eace3acd81" + ], + "threshold": 1 + }, + "snapshot": { + "keyids": [ + "a54e905f3e03bb0cccdc954bd40d4d29b5c1a2a95c2777f10f9c63a503c7f777" + ], + "threshold": 1, + "x-tuf-on-ci-expiry-period": 7300, + "x-tuf-on-ci-signing-period": 60 + }, + "targets": { + "keyids": [ + "aa61e09f6af7662ac686cf0c6364079f63d3e7a86836684eeced93eace3acd81" + ], + "threshold": 1 + }, + "timestamp": { + "keyids": [ + "a54e905f3e03bb0cccdc954bd40d4d29b5c1a2a95c2777f10f9c63a503c7f777" + ], + "threshold": 1, + "x-tuf-on-ci-expiry-period": 7300, + "x-tuf-on-ci-signing-period": 1 + } + }, + "spec_version": "1.0.31", + "version": 1, + "x-tuf-on-ci-expiry-period": 7300, + "x-tuf-on-ci-signing-period": 60 + } +} \ No newline at end of file diff --git a/tuf_conformance/static_data/tuf-on-ci-0.11/metadata/1.root.json b/tuf_conformance/static_data/tuf-on-ci-0.11/metadata/1.root.json new file mode 100644 index 0000000..1a30757 --- /dev/null +++ b/tuf_conformance/static_data/tuf-on-ci-0.11/metadata/1.root.json @@ -0,0 +1,65 @@ +{ + "signatures": [ + { + "keyid": "aa61e09f6af7662ac686cf0c6364079f63d3e7a86836684eeced93eace3acd81", + "sig": "3045022100e691c6fa8f401a7f6cb6f2fbf5d2596bf50755acdc95d53bbac1bb7f5c2d6bfc02206a85c8ea8015a63d9903588b3bbc5bd563e043cf43fc1b9198a9112e15f2df53" + } + ], + "signed": { + "_type": "root", + "consistent_snapshot": true, + "expires": "2044-08-10T10:05:04Z", + "keys": { + "a54e905f3e03bb0cccdc954bd40d4d29b5c1a2a95c2777f10f9c63a503c7f777": { + "keytype": "ecdsa", + "keyval": { + "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEu+ebm3VUg6U2b0IIeR6NFZU7uxkL\nR1sVLxV8SEW7G+AMXMasEQf5daxfwVMP1kuEkhGs3mBYLkYXlWDh9BNSxg==\n-----END PUBLIC KEY-----\n" + }, + "scheme": "ecdsa-sha2-nistp256", + "x-tuf-on-ci-online-uri": "gcpkms:projects/python-tuf-kms/locations/global/keyRings/git-repo-demo/cryptoKeys/online/cryptoKeyVersions/1" + }, + "aa61e09f6af7662ac686cf0c6364079f63d3e7a86836684eeced93eace3acd81": { + "keytype": "ecdsa", + "keyval": { + "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEohqIdE+yTl4OxpX8ZxNUPrg3SL9H\nBDnhZuceKkxy2oMhUOxhWweZeG3bfM1T4ZLnJimC6CAYVU5+F5jZCoftRw==\n-----END PUBLIC KEY-----\n" + }, + "scheme": "ecdsa-sha2-nistp256", + "x-tuf-on-ci-keyowner": "@jku" + } + }, + "roles": { + "root": { + "keyids": [ + "aa61e09f6af7662ac686cf0c6364079f63d3e7a86836684eeced93eace3acd81" + ], + "threshold": 1 + }, + "snapshot": { + "keyids": [ + "a54e905f3e03bb0cccdc954bd40d4d29b5c1a2a95c2777f10f9c63a503c7f777" + ], + "threshold": 1, + "x-tuf-on-ci-expiry-period": 7300, + "x-tuf-on-ci-signing-period": 60 + }, + "targets": { + "keyids": [ + "aa61e09f6af7662ac686cf0c6364079f63d3e7a86836684eeced93eace3acd81" + ], + "threshold": 1 + }, + "timestamp": { + "keyids": [ + "a54e905f3e03bb0cccdc954bd40d4d29b5c1a2a95c2777f10f9c63a503c7f777" + ], + "threshold": 1, + "x-tuf-on-ci-expiry-period": 7300, + "x-tuf-on-ci-signing-period": 1 + } + }, + "spec_version": "1.0.31", + "version": 1, + "x-tuf-on-ci-expiry-period": 7300, + "x-tuf-on-ci-signing-period": 60 + } +} \ No newline at end of file diff --git a/tuf_conformance/static_data/tuf-on-ci-0.11/metadata/1.targets.json b/tuf_conformance/static_data/tuf-on-ci-0.11/metadata/1.targets.json new file mode 100644 index 0000000..60e890b --- /dev/null +++ b/tuf_conformance/static_data/tuf-on-ci-0.11/metadata/1.targets.json @@ -0,0 +1,54 @@ +{ + "signatures": [ + { + "keyid": "aa61e09f6af7662ac686cf0c6364079f63d3e7a86836684eeced93eace3acd81", + "sig": "3044022027258898a89d38218fce7212c24659ec771105a3532d38ea4ef0d2fb84d9e7ff02206e086d154e3cba72e9c55941d85c61f74eb425e2e90e308636bb1883287290c0" + } + ], + "signed": { + "_type": "targets", + "delegations": { + "keys": { + "01104111d18f559cd1ca33a2dd91a2100f2812ffe02c9f70a0e5c4d915b453ac": { + "keytype": "ecdsa", + "keyval": { + "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE1wgTb0BVTvCiDlaPmnUfXOLubQMj\nUxjiafwKLMgiRD0fK+XLSKK6fJjrzNkZCIYG78AUmhbRskgJgOatWD+Z9w==\n-----END PUBLIC KEY-----\n" + }, + "scheme": "ecdsa-sha2-nistp256", + "x-tuf-on-ci-keyowner": "@-test-user-" + }, + "aa61e09f6af7662ac686cf0c6364079f63d3e7a86836684eeced93eace3acd81": { + "keytype": "ecdsa", + "keyval": { + "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEohqIdE+yTl4OxpX8ZxNUPrg3SL9H\nBDnhZuceKkxy2oMhUOxhWweZeG3bfM1T4ZLnJimC6CAYVU5+F5jZCoftRw==\n-----END PUBLIC KEY-----\n" + }, + "scheme": "ecdsa-sha2-nistp256", + "x-tuf-on-ci-keyowner": "@jku" + } + }, + "roles": [ + { + "keyids": [ + "aa61e09f6af7662ac686cf0c6364079f63d3e7a86836684eeced93eace3acd81", + "01104111d18f559cd1ca33a2dd91a2100f2812ffe02c9f70a0e5c4d915b453ac" + ], + "name": "delegatedrole", + "paths": [ + "delegatedrole/*", + "delegatedrole/*/*", + "delegatedrole/*/*/*", + "delegatedrole/*/*/*/*" + ], + "terminating": true, + "threshold": 1 + } + ] + }, + "expires": "2044-08-10T10:09:31Z", + "spec_version": "1.0.31", + "targets": {}, + "version": 1, + "x-tuf-on-ci-expiry-period": 7300, + "x-tuf-on-ci-signing-period": 60 + } +} \ No newline at end of file diff --git a/tuf_conformance/static_data/tuf-on-ci-0.11/metadata/2.delegatedrole.json b/tuf_conformance/static_data/tuf-on-ci-0.11/metadata/2.delegatedrole.json new file mode 100644 index 0000000..939ef98 --- /dev/null +++ b/tuf_conformance/static_data/tuf-on-ci-0.11/metadata/2.delegatedrole.json @@ -0,0 +1,28 @@ +{ + "signatures": [ + { + "keyid": "aa61e09f6af7662ac686cf0c6364079f63d3e7a86836684eeced93eace3acd81", + "sig": "30440220396123e307132efdc6910ab3a82a1106d98f8720be7bd4c86ac9481c622d531f02207467ef8d27c9f7bae24c09c7392dfde1b0ad818c96fac1f413f290327611a07d" + }, + { + "keyid": "01104111d18f559cd1ca33a2dd91a2100f2812ffe02c9f70a0e5c4d915b453ac", + "sig": "" + } + ], + "signed": { + "_type": "targets", + "expires": "2044-08-10T10:18:49Z", + "spec_version": "1.0.31", + "targets": { + "delegatedrole/artifact": { + "hashes": { + "sha256": "45f337ee451b4c098d121d09cc224bacc7794503ac58a47a78cfe7ebefb7fab3" + }, + "length": 34 + } + }, + "version": 2, + "x-tuf-on-ci-expiry-period": 7300, + "x-tuf-on-ci-signing-period": 60 + } +} \ No newline at end of file diff --git a/tuf_conformance/static_data/tuf-on-ci-0.11/metadata/2.snapshot.json b/tuf_conformance/static_data/tuf-on-ci-0.11/metadata/2.snapshot.json new file mode 100644 index 0000000..9705037 --- /dev/null +++ b/tuf_conformance/static_data/tuf-on-ci-0.11/metadata/2.snapshot.json @@ -0,0 +1,22 @@ +{ + "signatures": [ + { + "keyid": "a54e905f3e03bb0cccdc954bd40d4d29b5c1a2a95c2777f10f9c63a503c7f777", + "sig": "304502202009fa4afd2f4fbad523ebafcc5d22deb3428753c384395147f88265d6ec6f900221009298a6361fcdc1f3226b2f7e8aa056eccd4697ad8077d633f1c17b09f724dd8a" + } + ], + "signed": { + "_type": "snapshot", + "expires": "2044-08-10T10:21:51Z", + "meta": { + "delegatedrole.json": { + "version": 2 + }, + "targets.json": { + "version": 1 + } + }, + "spec_version": "1.0.31", + "version": 2 + } +} \ No newline at end of file diff --git a/tuf_conformance/static_data/tuf-on-ci-0.11/metadata/index.html b/tuf_conformance/static_data/tuf-on-ci-0.11/metadata/index.html new file mode 100644 index 0000000..b106205 --- /dev/null +++ b/tuf_conformance/static_data/tuf-on-ci-0.11/metadata/index.html @@ -0,0 +1,91 @@ + + + + + + + + +TUF Repository state | test-data-for-tuf-conformance + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +

test-data-for-tuf-conformance

+ + +

TUF Repository state

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
RoleNext signingSigners
root (json)Starts 2044-06-11@jku (1 of 1 required)
timestamp (json)Starts 2044-08-09online key (1 of 1 required)
snapshot (json)Starts 2044-06-11online key (1 of 1 required)
targets (json)Starts 2044-06-11@jku (1 of 1 required)
delegatedrole (json)Starts 2044-06-11@jku, @-test-user- (1 of 2 required)
+ +

Generated 2024-08-15T10:22+00:00 from +test-data-for-tuf-conformance commit b35b723 +by TUF-on-CI v0.11.0.

+ + + +
+ + + + diff --git a/tuf_conformance/static_data/tuf-on-ci-0.11/metadata/index.md b/tuf_conformance/static_data/tuf-on-ci-0.11/metadata/index.md new file mode 100644 index 0000000..5ed4579 --- /dev/null +++ b/tuf_conformance/static_data/tuf-on-ci-0.11/metadata/index.md @@ -0,0 +1,13 @@ +## TUF Repository state + +| Role | Next signing | Signers | +| - | - | - | +| root (json) | [Starts 2044-06-11](## '2044-06-11 10:05:04 - 2044-08-10 10:05:04') | @jku (1 of 1 required) | +| timestamp (json) | [Starts 2044-08-09](## '2044-08-09 10:21:51 - 2044-08-10 10:21:51') | _online key_ (1 of 1 required) | +| snapshot (json) | [Starts 2044-06-11](## '2044-06-11 10:21:51 - 2044-08-10 10:21:51') | _online key_ (1 of 1 required) | +| targets (json) | [Starts 2044-06-11](## '2044-06-11 10:09:31 - 2044-08-10 10:09:31') | @jku (1 of 1 required) | +| delegatedrole (json) | [Starts 2044-06-11](## '2044-06-11 10:18:49 - 2044-08-10 10:18:49') | @jku, @-test-user- (1 of 2 required) | + +_Generated 2024-08-15T10:22+00:00 from +[test-data-for-tuf-conformance](https://github.com/jku/test-data-for-tuf-conformance) commit [b35b723](https://github.com/jku/test-data-for-tuf-conformance/tree/b35b723fb8e5602d056c3f99da586b3341f6fbd0) +by [TUF-on-CI](https://github.com/theupdateframework/tuf-on-ci) v0.11.0._ \ No newline at end of file diff --git a/tuf_conformance/static_data/tuf-on-ci-0.11/metadata/timestamp.json b/tuf_conformance/static_data/tuf-on-ci-0.11/metadata/timestamp.json new file mode 100644 index 0000000..5cfba76 --- /dev/null +++ b/tuf_conformance/static_data/tuf-on-ci-0.11/metadata/timestamp.json @@ -0,0 +1,19 @@ +{ + "signatures": [ + { + "keyid": "a54e905f3e03bb0cccdc954bd40d4d29b5c1a2a95c2777f10f9c63a503c7f777", + "sig": "304402200168ff4eda848db6b7719b721279c9fe1c2573a2dbc2bfcd49e8cfe73033dfd40220782d2445c6d5ab914f7d4bca14ae6016bbb0b76ef7ba571343decff172c65df6" + } + ], + "signed": { + "_type": "timestamp", + "expires": "2044-08-10T10:21:51Z", + "meta": { + "snapshot.json": { + "version": 2 + } + }, + "spec_version": "1.0.31", + "version": 2 + } +} \ No newline at end of file diff --git a/tuf_conformance/static_data/tuf-on-ci-0.11/targetpath b/tuf_conformance/static_data/tuf-on-ci-0.11/targetpath new file mode 100644 index 0000000..081a696 --- /dev/null +++ b/tuf_conformance/static_data/tuf-on-ci-0.11/targetpath @@ -0,0 +1 @@ +delegatedrole/artifact diff --git a/tuf_conformance/static_data/tuf-on-ci-0.11/targets/delegatedrole/45f337ee451b4c098d121d09cc224bacc7794503ac58a47a78cfe7ebefb7fab3.artifact b/tuf_conformance/static_data/tuf-on-ci-0.11/targets/delegatedrole/45f337ee451b4c098d121d09cc224bacc7794503ac58a47a78cfe7ebefb7fab3.artifact new file mode 100644 index 0000000..2e41653 --- /dev/null +++ b/tuf_conformance/static_data/tuf-on-ci-0.11/targets/delegatedrole/45f337ee451b4c098d121d09cc224bacc7794503ac58a47a78cfe7ebefb7fab3.artifact @@ -0,0 +1 @@ +artifact for tuf-on-ci repository From c3996624a69240403c5653228b95366306876bd4 Mon Sep 17 00:00:00 2001 From: Jussi Kukkonen Date: Thu, 15 Aug 2024 17:24:40 +0300 Subject: [PATCH 3/3] static_data: Add some docs * README for the tuf-on-ci data set * docstring for the test itself Signed-off-by: Jussi Kukkonen --- tuf_conformance/static_data/tuf-on-ci-0.11/README.md | 10 ++++++++++ tuf_conformance/test_static_repositories.py | 7 ++++++- 2 files changed, 16 insertions(+), 1 deletion(-) create mode 100644 tuf_conformance/static_data/tuf-on-ci-0.11/README.md diff --git a/tuf_conformance/static_data/tuf-on-ci-0.11/README.md b/tuf_conformance/static_data/tuf-on-ci-0.11/README.md new file mode 100644 index 0000000..ec091e7 --- /dev/null +++ b/tuf_conformance/static_data/tuf-on-ci-0.11/README.md @@ -0,0 +1,10 @@ +This is a repository created with tuf-on-ci 0.11 in +https://github.com/jku/test-data-for-tuf-conformance. + +Notes: +* Contains Yubikey and Google Cloud KMS keys (both in practice ecdsa keys) +* There's one delegated targets role with one artifact +* "Unsigned" keys have an empty signature string in signatures +* The metadata contains custom fields in keys and roles +* Should stay valid until 2044 +* There are a few additional files in the metadata dir (index.html, index.md) diff --git a/tuf_conformance/test_static_repositories.py b/tuf_conformance/test_static_repositories.py index a064b48..a1d75e8 100644 --- a/tuf_conformance/test_static_repositories.py +++ b/tuf_conformance/test_static_repositories.py @@ -12,9 +12,14 @@ @pytest.mark.parametrize("static_repo", static_repos) -def test_static_repo( +def test_static_repository( static_client: ClientRunner, static_server: StaticServer, static_repo: str ) -> None: + """Test static repositories stored in tuf_conformance/static_data/ + + This test is not a specification compliance test: It tests client compatibility + with the repository format that a specific repository implementation produces. + """ init_data, targetpath = static_server.new_test(static_repo) assert static_client.init_client(init_data) == 0