Oolaaf integration changes (#129)

* Fix import errors in tests

* git create orphan branch

* Update changelog

CHANGELOG.md

@@ -9,6 +9,7 @@ and this project adheres to [Semantic Versioning][semver].
 
 ### Added
 
+- Git method to create orphan branch ([129])
 - Added updater check which verifies that metadata corresponding to the last commit has not yet expired ([124])
 - Additional updater tests ([124])
 - Added command for validating repositories without updating them ([124])
@@ -29,13 +30,15 @@ and this project adheres to [Semantic Versioning][semver].
 
 ### Fixed
 
-- Fixed addition of new signing key so that this functionality works in case of delegated roles [128]
+- Import errors (ykman) inside tests ([129])
+- Fixed addition of new signing key so that this functionality works in case of delegated roles ([128])
 - Fixed synced_with_remote ([121])
 - Signing fixes with keystore keys ([120])
 - Load signing keys minor fixes ([120] [117])
 - Normalize target files when creating a new repository ([117])
 
 
+[129]: https://github.com/openlawlibrary/taf/pull/129
 [128]: https://github.com/openlawlibrary/taf/pull/128
 [126]: https://github.com/openlawlibrary/taf/pull/126
 [125]: https://github.com/openlawlibrary/taf/pull/125

taf/git.py

@@ -293,6 +293,14 @@ def checkout_paths(self, commit, *args):
         for file_path in args:
             self._git(f"checkout {commit} {file_path}")
 
+    def checkout_orphan_branch(self, branch_name):
+        """Creates orphan branch"""
+        self._git(f"checkout --orphan {branch_name}")
+        try:
+            self._git("rm -rf .")
+        except subprocess.CalledProcessError:  # If repository is empty
+            pass
+
     def clean(self):
         self._git("clean -fd")
 

taf/tests/test_yubikey.py

@@ -1,31 +1,30 @@
 import pytest
+
+from taf import YubikeyMissingLibrary
 from taf.tests import TEST_WITH_REAL_YK
-from taf.yubikey import (
-    DEFAULT_PIN,
-    export_piv_pub_key,
-    export_piv_x509,
-    get_serial_num,
-    is_inserted,
-    sign_piv_rsa_pkcs1v15,
-)
+
+try:
+    import taf.yubikey as yk
+except ImportError:
+    yk = YubikeyMissingLibrary()
 
 
 @pytest.mark.skipif(not TEST_WITH_REAL_YK, reason="list_devices() is not mocked.")
 def test_is_inserted():
-    assert is_inserted() is True
+    assert yk.is_inserted() is True
 
 
 def test_serial_num():
-    assert get_serial_num() is not None
+    assert yk.get_serial_num() is not None
 
 
 def test_export_piv_x509():
-    x509_pem = export_piv_x509()
+    x509_pem = yk.export_piv_x509()
     assert isinstance(x509_pem, bytes)
 
 
 def test_export_piv_pub_key():
-    pub_key_pem = export_piv_pub_key()
+    pub_key_pem = yk.export_piv_pub_key()
     assert isinstance(pub_key_pem, bytes)
 
 
@@ -41,7 +40,7 @@ def test_sign_piv_rsa_pkcs1v15(targets_yk):
     message = b"Message to be signed."
     scheme = "rsa-pkcs1v15-sha256"
 
-    pub_key_pem = export_piv_pub_key().decode("utf-8")
-    signature = sign_piv_rsa_pkcs1v15(message, DEFAULT_PIN)
+    pub_key_pem = yk.export_piv_pub_key().decode("utf-8")
+    signature = yk.sign_piv_rsa_pkcs1v15(message, yk.DEFAULT_PIN)
 
     assert verify_rsa_signature(signature, scheme, pub_key_pem, message) is True

taf/tests/yubikey_utils.py

@@ -7,8 +7,6 @@
 from cryptography.hazmat.primitives import hashes, serialization
 from securesystemslib.pyca_crypto_keys import create_rsa_signature
 from tuf.repository_tool import import_rsakey_from_pem
-from ykman.descriptor import FailedOpeningDeviceException
-from ykman.piv import WrongPin
 
 VALID_PIN = "123456"
 WRONG_PIN = "111111"
@@ -118,6 +116,8 @@ def sign(self, slot, algorithm, data):
 
     def verify(self, pin):
         if self._driver.pin != pin:
+            from ykman.piv import WrongPin
+
             raise WrongPin("", "")
 
 
@@ -148,6 +148,8 @@ def _yk_piv_ctrl_mock(serial=None, pub_key_pem=None):
     global INSERTED_YUBIKEY
 
     if INSERTED_YUBIKEY is None:
+        from ykman.descriptor import FailedOpeningDeviceException
+
         raise FailedOpeningDeviceException()
 
     yield FakePivController(INSERTED_YUBIKEY), INSERTED_YUBIKEY.serial