Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package in-toto for openSUSE:Factory checked in at 2022-03-24 22:58:17 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/in-toto (Old) and /work/SRC/openSUSE:Factory/.in-toto.new.1900 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "in-toto" Thu Mar 24 22:58:17 2022 rev:2 rq:964508 version:1.2.0 Changes: -------- --- /work/SRC/openSUSE:Factory/in-toto/in-toto.changes 2022-01-04 19:38:33.546014010 +0100 +++ /work/SRC/openSUSE:Factory/.in-toto.new.1900/in-toto.changes 2022-03-24 23:00:27.564392961 +0100 @@ -1,0 +2,7 @@ +Wed Mar 23 13:48:27 UTC 2022 - Adrian Schr??ter <[email protected]> + +- update to version 1.2.0 + * python 3.10 compability + * python module dependency upgrades + +------------------------------------------------------------------- Old: ---- in-toto-1.1.1.tar.gz New: ---- in-toto-1.2.0.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ in-toto.spec ++++++ --- /var/tmp/diff_new_pack.gwMiru/_old 2022-03-24 23:00:28.040393420 +0100 +++ /var/tmp/diff_new_pack.gwMiru/_new 2022-03-24 23:00:28.052393432 +0100 @@ -1,7 +1,7 @@ # # spec file for package in-toto # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,7 +19,7 @@ # we just build the application, not the modules %define pythons python3 Name: in-toto -Version: 1.1.1 +Version: 1.2.0 Release: 0 Summary: in-toto is a framework to protect supply chain integrity. License: Apache-2.0 ++++++ in-toto-1.1.1.tar.gz -> in-toto-1.2.0.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/in-toto-1.1.1/PKG-INFO new/in-toto-1.2.0/PKG-INFO --- old/in-toto-1.1.1/PKG-INFO 2021-07-27 18:36:15.543089400 +0200 +++ new/in-toto-1.2.0/PKG-INFO 2022-02-08 12:26:23.350661800 +0100 @@ -1,6 +1,6 @@ Metadata-Version: 2.1 Name: in-toto -Version: 1.1.1 +Version: 1.2.0 Summary: A framework to define and secure the integrity of software supply chains Home-page: https://in-toto.io Author: New York University: Secure Systems Lab @@ -19,14 +19,14 @@ Classifier: Operating System :: MacOS :: MacOS X Classifier: Programming Language :: Python Classifier: Programming Language :: Python :: 3 -Classifier: Programming Language :: Python :: 3.6 Classifier: Programming Language :: Python :: 3.7 Classifier: Programming Language :: Python :: 3.8 Classifier: Programming Language :: Python :: 3.9 +Classifier: Programming Language :: Python :: 3.10 Classifier: Programming Language :: Python :: Implementation :: CPython Classifier: Topic :: Security Classifier: Topic :: Software Development -Requires-Python: ~=3.6 +Requires-Python: ~=3.7 Description-Content-Type: text/markdown Provides-Extra: pynacl License-File: LICENSE @@ -210,15 +210,17 @@ ## Acknowledgments -This project is managed by Prof. Justin Cappos and other members of the -[Secure Systems Lab](https://ssl.engineering.nyu.edu/) at NYU and the +This project is managed by Prof. Santiago Torres-Arias at Purdue University. +It is worked on by many folks in academia and industry, including members of +the [Secure Systems Lab](https://ssl.engineering.nyu.edu/) at NYU and the [NJIT Cybersecurity Research Center](https://centers.njit.edu/cybersecurity). This research was supported by the Defense Advanced Research Projects Agency -(DARPA) and the Air Force Research Laboratory (AFRL). Any opinions, findings, -and conclusions or recommendations expressed in this material are those of the -authors and do not necessarily reflect the views of DARPA and AFRL. The United -States Government is authorized to reproduce and distribute reprints -notwithstanding any copyright notice herein. +(DARPA), the Air Force Research Laboratory (AFRL), and the US National Science +Foundation (NSF). Any opinions, findings, and conclusions or recommendations +expressed in this material are those of the authors and do not necessarily +reflect the views of DARPA, AFRL, and NSF. The United States Government is +authorized to reproduce and distribute reprints notwithstanding any copyright +notice herein. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/in-toto-1.1.1/README.md new/in-toto-1.2.0/README.md --- old/in-toto-1.1.1/README.md 2021-07-06 16:49:30.000000000 +0200 +++ new/in-toto-1.2.0/README.md 2021-10-21 10:05:24.000000000 +0200 @@ -177,13 +177,15 @@ ## Acknowledgments -This project is managed by Prof. Justin Cappos and other members of the -[Secure Systems Lab](https://ssl.engineering.nyu.edu/) at NYU and the +This project is managed by Prof. Santiago Torres-Arias at Purdue University. +It is worked on by many folks in academia and industry, including members of +the [Secure Systems Lab](https://ssl.engineering.nyu.edu/) at NYU and the [NJIT Cybersecurity Research Center](https://centers.njit.edu/cybersecurity). This research was supported by the Defense Advanced Research Projects Agency -(DARPA) and the Air Force Research Laboratory (AFRL). Any opinions, findings, -and conclusions or recommendations expressed in this material are those of the -authors and do not necessarily reflect the views of DARPA and AFRL. The United -States Government is authorized to reproduce and distribute reprints -notwithstanding any copyright notice herein. +(DARPA), the Air Force Research Laboratory (AFRL), and the US National Science +Foundation (NSF). Any opinions, findings, and conclusions or recommendations +expressed in this material are those of the authors and do not necessarily +reflect the views of DARPA, AFRL, and NSF. The United States Government is +authorized to reproduce and distribute reprints notwithstanding any copyright +notice herein. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/in-toto-1.1.1/in_toto/__init__.py new/in-toto-1.2.0/in_toto/__init__.py --- old/in-toto-1.1.1/in_toto/__init__.py 2021-07-27 18:31:03.000000000 +0200 +++ new/in-toto-1.2.0/in_toto/__init__.py 2022-02-08 12:14:21.000000000 +0100 @@ -12,4 +12,4 @@ # in-toto version -__version__ = "1.1.1" +__version__ = "1.2.0" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/in-toto-1.1.1/in_toto/common_args.py new/in-toto-1.2.0/in_toto/common_args.py --- old/in-toto-1.1.1/in_toto/common_args.py 2021-07-06 16:49:30.000000000 +0200 +++ new/in-toto-1.2.0/in_toto/common_args.py 2022-02-04 10:53:43.000000000 +0100 @@ -28,6 +28,8 @@ ``` """ +import sys + from in_toto import SUPPORTED_KEY_TYPES, KEY_TYPE_RSA, KEY_TYPE_ED25519 EXCLUDE_ARGS = ["--exclude"] @@ -98,6 +100,7 @@ " entered on the prompt, the key is treated as unencrypted. (Do " " not confuse with '-p/--products'!)") } +OPTS_TITLE = "Optional Arguments" if sys.version_info < (3, 10) else "Options" def parse_password_and_prompt_args(args): """Parse -P/--password optional arg (nargs=?, const=True). """ # --P was provided without argument (True) @@ -176,7 +179,7 @@ """ if title_order is None: title_order = ["Required Named Arguments", "Positional Arguments", - "Optional Arguments"] + OPTS_TITLE] action_group_dict = {} for action_group in parser._action_groups: # pylint: disable=protected-access diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/in-toto-1.1.1/in_toto/in_toto_record.py new/in-toto-1.2.0/in_toto/in_toto_record.py --- old/in-toto-1.1.1/in_toto/in_toto_record.py 2021-07-06 16:49:30.000000000 +0200 +++ new/in-toto-1.2.0/in_toto/in_toto_record.py 2022-02-04 10:53:43.000000000 +0100 @@ -39,7 +39,7 @@ GPG_HOME_ARGS, GPG_HOME_KWARGS, VERBOSE_ARGS, VERBOSE_KWARGS, QUIET_ARGS, QUIET_KWARGS, METADATA_DIRECTORY_ARGS, METADATA_DIRECTORY_KWARGS, KEY_PASSWORD_ARGS, KEY_PASSWORD_KWARGS, parse_password_and_prompt_args, - sort_action_groups, title_case_action_groups) + sort_action_groups, title_case_action_groups, OPTS_TITLE) from securesystemslib import interface @@ -151,8 +151,8 @@ version='{} {}'.format(parser.prog, __version__)) for _parser, _order in [ - (parser, ["Positional Arguments", "Optional Arguments"]), - (subparser_start, None), (subparser_stop, None)]: + (parser, ["Positional Arguments", OPTS_TITLE]), + (subparser_start, None), (subparser_stop, None)]: title_case_action_groups(_parser) sort_action_groups(_parser, _order) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/in-toto-1.1.1/in_toto/in_toto_run.py new/in-toto-1.2.0/in_toto/in_toto_run.py --- old/in-toto-1.1.1/in_toto/in_toto_run.py 2021-07-06 16:49:30.000000000 +0200 +++ new/in-toto-1.2.0/in_toto/in_toto_run.py 2022-02-04 10:53:43.000000000 +0100 @@ -38,7 +38,7 @@ GPG_HOME_ARGS, GPG_HOME_KWARGS, VERBOSE_ARGS, VERBOSE_KWARGS, QUIET_ARGS, QUIET_KWARGS, METADATA_DIRECTORY_ARGS, METADATA_DIRECTORY_KWARGS, KEY_PASSWORD_ARGS, KEY_PASSWORD_KWARGS, parse_password_and_prompt_args, - sort_action_groups, title_case_action_groups) + sort_action_groups, title_case_action_groups, OPTS_TITLE) from securesystemslib import interface @@ -60,8 +60,9 @@ stdout and stderr) to a link metadata file, which is signed with the passed key. It returns a non-zero value on failure and zero otherwise.""") - parser.usage = ("%(prog)s <named arguments> [optional arguments] \\\n\t" - " -- <command> [args]") + parser.usage = ( + "%(prog)s <named arguments> [{}] \\\n\t -- <command> [args]".format( + OPTS_TITLE.lower())) parser.epilog = """EXAMPLE USAGE diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/in-toto-1.1.1/in_toto/in_toto_verify.py new/in-toto-1.2.0/in_toto/in_toto_verify.py --- old/in-toto-1.1.1/in_toto/in_toto_verify.py 2021-07-06 16:49:30.000000000 +0200 +++ new/in-toto-1.2.0/in_toto/in_toto_verify.py 2022-02-04 10:53:43.000000000 +0100 @@ -32,7 +32,7 @@ from in_toto import verifylib from in_toto.common_args import (GPG_HOME_ARGS, GPG_HOME_KWARGS, VERBOSE_ARGS, VERBOSE_KWARGS, QUIET_ARGS, QUIET_KWARGS, title_case_action_groups, - sort_action_groups) + sort_action_groups, OPTS_TITLE) from in_toto.models.metadata import Metablock from in_toto import ( __version__, SUPPORTED_KEY_TYPES, KEY_TYPE_RSA, KEY_TYPE_ED25519) @@ -77,7 +77,7 @@ The command returns 2 if it is called with wrong arguments, 1 if in-toto verification fails and 0 if verification passes. """) - parser.usage = "%(prog)s <named arguments> [optional arguments]" + parser.usage = "%(prog)s <named arguments> [{}]".format(OPTS_TITLE.lower()) parser.epilog = """EXAMPLE USAGE diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/in-toto-1.1.1/in_toto/models/metadata.py new/in-toto-1.2.0/in_toto/models/metadata.py --- old/in-toto-1.1.1/in_toto/models/metadata.py 2021-07-06 16:49:30.000000000 +0200 +++ new/in-toto-1.2.0/in_toto/models/metadata.py 2021-10-21 10:05:24.000000000 +0200 @@ -109,7 +109,7 @@ object. """ - with open(path, "r") as fp: + with open(path, "r", encoding="utf8") as fp: data = json.load(fp) signatures = data.get("signatures", []) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/in-toto-1.1.1/in_toto.egg-info/PKG-INFO new/in-toto-1.2.0/in_toto.egg-info/PKG-INFO --- old/in-toto-1.1.1/in_toto.egg-info/PKG-INFO 2021-07-27 18:36:15.000000000 +0200 +++ new/in-toto-1.2.0/in_toto.egg-info/PKG-INFO 2022-02-08 12:26:23.000000000 +0100 @@ -1,6 +1,6 @@ Metadata-Version: 2.1 Name: in-toto -Version: 1.1.1 +Version: 1.2.0 Summary: A framework to define and secure the integrity of software supply chains Home-page: https://in-toto.io Author: New York University: Secure Systems Lab @@ -19,14 +19,14 @@ Classifier: Operating System :: MacOS :: MacOS X Classifier: Programming Language :: Python Classifier: Programming Language :: Python :: 3 -Classifier: Programming Language :: Python :: 3.6 Classifier: Programming Language :: Python :: 3.7 Classifier: Programming Language :: Python :: 3.8 Classifier: Programming Language :: Python :: 3.9 +Classifier: Programming Language :: Python :: 3.10 Classifier: Programming Language :: Python :: Implementation :: CPython Classifier: Topic :: Security Classifier: Topic :: Software Development -Requires-Python: ~=3.6 +Requires-Python: ~=3.7 Description-Content-Type: text/markdown Provides-Extra: pynacl License-File: LICENSE @@ -210,15 +210,17 @@ ## Acknowledgments -This project is managed by Prof. Justin Cappos and other members of the -[Secure Systems Lab](https://ssl.engineering.nyu.edu/) at NYU and the +This project is managed by Prof. Santiago Torres-Arias at Purdue University. +It is worked on by many folks in academia and industry, including members of +the [Secure Systems Lab](https://ssl.engineering.nyu.edu/) at NYU and the [NJIT Cybersecurity Research Center](https://centers.njit.edu/cybersecurity). This research was supported by the Defense Advanced Research Projects Agency -(DARPA) and the Air Force Research Laboratory (AFRL). Any opinions, findings, -and conclusions or recommendations expressed in this material are those of the -authors and do not necessarily reflect the views of DARPA and AFRL. The United -States Government is authorized to reproduce and distribute reprints -notwithstanding any copyright notice herein. +(DARPA), the Air Force Research Laboratory (AFRL), and the US National Science +Foundation (NSF). Any opinions, findings, and conclusions or recommendations +expressed in this material are those of the authors and do not necessarily +reflect the views of DARPA, AFRL, and NSF. The United States Government is +authorized to reproduce and distribute reprints notwithstanding any copyright +notice herein. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/in-toto-1.1.1/requirements-pinned.txt new/in-toto-1.2.0/requirements-pinned.txt --- old/in-toto-1.1.1/requirements-pinned.txt 2021-07-27 18:04:41.000000000 +0200 +++ new/in-toto-1.2.0/requirements-pinned.txt 2022-02-04 10:53:43.000000000 +0100 @@ -4,25 +4,25 @@ # # pip-compile --output-file=requirements-pinned.txt requirements.txt # -attrs==21.2.0 +attrs==21.4.0 # via -r requirements.txt -cffi==1.14.6 +cffi==1.15.0 # via # cryptography # pynacl -cryptography==3.4.7 +cryptography==36.0.1 # via securesystemslib -iso8601==0.1.16 +iso8601==1.0.2 # via -r requirements.txt pathspec==0.9.0 # via -r requirements.txt -pycparser==2.20 +pycparser==2.21 # via cffi -pynacl==1.4.0 +pynacl==1.5.0 # via securesystemslib python-dateutil==2.8.2 # via -r requirements.txt -securesystemslib[crypto,pynacl]==0.20.1 +securesystemslib[crypto,pynacl]==0.21.0 # via -r requirements.txt six==1.16.0 # via diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/in-toto-1.1.1/setup.py new/in-toto-1.2.0/setup.py --- old/in-toto-1.1.1/setup.py 2021-07-25 18:20:38.000000000 +0200 +++ new/in-toto-1.2.0/setup.py 2022-02-04 10:53:43.000000000 +0100 @@ -68,15 +68,15 @@ 'Operating System :: MacOS :: MacOS X', 'Programming Language :: Python', 'Programming Language :: Python :: 3', - 'Programming Language :: Python :: 3.6', 'Programming Language :: Python :: 3.7', 'Programming Language :: Python :: 3.8', 'Programming Language :: Python :: 3.9', + 'Programming Language :: Python :: 3.10', 'Programming Language :: Python :: Implementation :: CPython', 'Topic :: Security', 'Topic :: Software Development' ], - python_requires="~=3.6", + python_requires="~=3.7", packages=find_packages(exclude=["*.tests", "*.tests.*", "tests.*", "tests", "debian"]), install_requires=["securesystemslib[crypto]>=0.18.0", "attrs", diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/in-toto-1.1.1/tests/test_common_args.py new/in-toto-1.2.0/tests/test_common_args.py --- old/in-toto-1.1.1/tests/test_common_args.py 2021-07-06 16:49:30.000000000 +0200 +++ new/in-toto-1.2.0/tests/test_common_args.py 2022-02-04 10:53:43.000000000 +0100 @@ -25,7 +25,8 @@ title_case_action_groups, KEY_PASSWORD_ARGS, KEY_PASSWORD_KWARGS, - parse_password_and_prompt_args) + parse_password_and_prompt_args, + OPTS_TITLE) class TestCommonArgs(unittest.TestCase): @@ -63,7 +64,7 @@ # Assert default action groups with default titles' case and default order self.assertListEqual([group.title for group in self.parser._action_groups], - ["positional arguments", "optional arguments"]) + ["positional arguments", OPTS_TITLE.lower()]) def test_title_case_action_groups(self): @@ -73,13 +74,13 @@ # Assert successful title-casing self.assertListEqual([group.title for group in self.parser._action_groups], - ["Positional Arguments", "Optional Arguments"]) + ["Positional Arguments", OPTS_TITLE]) def test_sort_action_groups(self): """Test sort_action_groups sorts action groups by custom title order. """ # Create custom order for titles (default is asserted in setUp) - custom_order = ["optional arguments", "positional arguments"] + custom_order = [OPTS_TITLE.lower(), "positional arguments"] sort_action_groups(self.parser, title_order=custom_order) # Assert successful re-ordering self.assertListEqual([group.title for group in self.parser._action_groups], @@ -93,7 +94,7 @@ title_case_action_groups(self.parser) sort_action_groups(self.parser) default_custom_order = ["Required Named Arguments", "Positional Arguments", - "Optional Arguments"] + OPTS_TITLE] # Assert successful(title-casing) re-ordering self.assertListEqual([group.title for group in self.parser._action_groups], diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/in-toto-1.1.1/tests/test_runlib.py new/in-toto-1.2.0/tests/test_runlib.py --- old/in-toto-1.1.1/tests/test_runlib.py 2021-07-27 18:04:41.000000000 +0200 +++ new/in-toto-1.2.0/tests/test_runlib.py 2022-02-04 10:53:43.000000000 +0100 @@ -125,7 +125,7 @@ "subdir/foosub2", "subdir/subsubdir/foosubsub"] for path in self.full_file_path_list: - with open(path, "w") as fp: + with open(path, "w", encoding="utf8") as fp: fp.write(path) @@ -448,7 +448,7 @@ def test_hash_artifact_passing_algorithm(self): """Test _hash_artifact passing hash algorithm. """ - self.assertTrue("sha256" in list(_hash_artifact("foo", ["sha256"]).keys())) + self.assertTrue("sha256" in list(_hash_artifact("foo", ["sha256"]))) class TestLinkCmdExecTimeoutSetting(unittest.TestCase): @@ -789,7 +789,8 @@ in_toto_record_start(self.step_name, [], self.key) in_toto_record_stop(self.step_name, [], self.key) with self.assertRaises(IOError): - open(self.link_name_unfinished, "r") # pylint: disable=consider-using-with + # pylint: disable-next=consider-using-with + open(self.link_name_unfinished, "r", encoding="utf8") self.assertTrue(os.path.isfile(self.link_name)) os.remove(self.link_name) @@ -798,7 +799,8 @@ with self.assertRaises(IOError): in_toto_record_stop(self.step_name, [], self.key) with self.assertRaises(IOError): - open(self.link_name, "r") # pylint: disable=consider-using-with + # pylint: disable-next=consider-using-with + open(self.link_name, "r", encoding="utf8") def test_wrong_signature_in_unfinished_metadata(self): """Test record stop exits on wrong signature, no link recorded. """ @@ -811,7 +813,8 @@ with self.assertRaises(SignatureVerificationError): in_toto_record_stop(self.step_name, [], self.key2) with self.assertRaises(IOError): - open(self.link_name, "r") # pylint: disable=consider-using-with + # pylint: disable-next=consider-using-with + open(self.link_name, "r", encoding="utf8") os.rename(changed_link_name, link_name) os.remove(self.link_name_unfinished) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/in-toto-1.1.1/tests/test_verifylib.py new/in-toto-1.2.0/tests/test_verifylib.py --- old/in-toto-1.1.1/tests/test_verifylib.py 2021-07-25 18:20:38.000000000 +0200 +++ new/in-toto-1.2.0/tests/test_verifylib.py 2021-10-21 10:05:24.000000000 +0200 @@ -112,7 +112,7 @@ # Create directory where the verification will take place self.set_up_test_dir() - with open("foo", "w") as f: + with open("foo", "w", encoding="utf8") as f: f.write("foo") @classmethod @@ -123,7 +123,7 @@ """Create new dummy test dir and set as base path, must ignore. """ ignore_dir = os.path.realpath(tempfile.mkdtemp()) ignore_foo = os.path.join(ignore_dir, "ignore_foo") - with open(ignore_foo, "w") as f: + with open(ignore_foo, "w", encoding="utf8") as f: f.write("ignore foo") in_toto.settings.ARTIFACT_BASE_PATH = ignore_dir diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/in-toto-1.1.1/tox.ini new/in-toto-1.2.0/tox.ini --- old/in-toto-1.1.1/tox.ini 2021-07-06 16:49:30.000000000 +0200 +++ new/in-toto-1.2.0/tox.ini 2022-02-04 10:53:43.000000000 +0100 @@ -3,9 +3,9 @@ # test suite on all supported python versions. To use it, "pip install tox" # and then run "tox" from this directory. -# To run an individual test environment run e.g. tox -e py36 +# To run an individual test environment run e.g. tox -e py38 [tox] -envlist = lint,py{36,37,38,39} +envlist = lint,py{37,38,39,310} skipsdist=True
