diff --git a/CHANGELOG.md b/CHANGELOG.md index 240c0e4b..3be3770e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,7 @@ and this project adheres to [Semantic Versioning][semver]. ### Added +- Git method to create orphan branch ([129]) - Added updater check which verifies that metadata corresponding to the last commit has not yet expired ([124]) - Additional updater tests ([124]) - Added command for validating repositories without updating them ([124]) @@ -29,13 +30,15 @@ and this project adheres to [Semantic Versioning][semver]. ### Fixed -- Fixed addition of new signing key so that this functionality works in case of delegated roles [128] +- Import errors (ykman) inside tests ([129]) +- Fixed addition of new signing key so that this functionality works in case of delegated roles ([128]) - Fixed synced_with_remote ([121]) - Signing fixes with keystore keys ([120]) - Load signing keys minor fixes ([120] [117]) - Normalize target files when creating a new repository ([117]) +[129]: https://github.com/openlawlibrary/taf/pull/129 [128]: https://github.com/openlawlibrary/taf/pull/128 [126]: https://github.com/openlawlibrary/taf/pull/126 [125]: https://github.com/openlawlibrary/taf/pull/125 diff --git a/taf/git.py b/taf/git.py index 795e9a82..b618dd03 100644 --- a/taf/git.py +++ b/taf/git.py @@ -293,6 +293,14 @@ def checkout_paths(self, commit, *args): for file_path in args: self._git(f"checkout {commit} {file_path}") + def checkout_orphan_branch(self, branch_name): + """Creates orphan branch""" + self._git(f"checkout --orphan {branch_name}") + try: + self._git("rm -rf .") + except subprocess.CalledProcessError: # If repository is empty + pass + def clean(self): self._git("clean -fd") diff --git a/taf/tests/test_yubikey.py b/taf/tests/test_yubikey.py index 7a0eebe4..181887b0 100644 --- a/taf/tests/test_yubikey.py +++ b/taf/tests/test_yubikey.py @@ -1,31 +1,30 @@ import pytest + +from taf import YubikeyMissingLibrary from taf.tests import TEST_WITH_REAL_YK -from taf.yubikey import ( - DEFAULT_PIN, - export_piv_pub_key, - export_piv_x509, - get_serial_num, - is_inserted, - sign_piv_rsa_pkcs1v15, -) + +try: + import taf.yubikey as yk +except ImportError: + yk = YubikeyMissingLibrary() @pytest.mark.skipif(not TEST_WITH_REAL_YK, reason="list_devices() is not mocked.") def test_is_inserted(): - assert is_inserted() is True + assert yk.is_inserted() is True def test_serial_num(): - assert get_serial_num() is not None + assert yk.get_serial_num() is not None def test_export_piv_x509(): - x509_pem = export_piv_x509() + x509_pem = yk.export_piv_x509() assert isinstance(x509_pem, bytes) def test_export_piv_pub_key(): - pub_key_pem = export_piv_pub_key() + pub_key_pem = yk.export_piv_pub_key() assert isinstance(pub_key_pem, bytes) @@ -41,7 +40,7 @@ def test_sign_piv_rsa_pkcs1v15(targets_yk): message = b"Message to be signed." scheme = "rsa-pkcs1v15-sha256" - pub_key_pem = export_piv_pub_key().decode("utf-8") - signature = sign_piv_rsa_pkcs1v15(message, DEFAULT_PIN) + pub_key_pem = yk.export_piv_pub_key().decode("utf-8") + signature = yk.sign_piv_rsa_pkcs1v15(message, yk.DEFAULT_PIN) assert verify_rsa_signature(signature, scheme, pub_key_pem, message) is True diff --git a/taf/tests/yubikey_utils.py b/taf/tests/yubikey_utils.py index 0136d502..2b909023 100644 --- a/taf/tests/yubikey_utils.py +++ b/taf/tests/yubikey_utils.py @@ -7,8 +7,6 @@ from cryptography.hazmat.primitives import hashes, serialization from securesystemslib.pyca_crypto_keys import create_rsa_signature from tuf.repository_tool import import_rsakey_from_pem -from ykman.descriptor import FailedOpeningDeviceException -from ykman.piv import WrongPin VALID_PIN = "123456" WRONG_PIN = "111111" @@ -118,6 +116,8 @@ def sign(self, slot, algorithm, data): def verify(self, pin): if self._driver.pin != pin: + from ykman.piv import WrongPin + raise WrongPin("", "") @@ -148,6 +148,8 @@ def _yk_piv_ctrl_mock(serial=None, pub_key_pem=None): global INSERTED_YUBIKEY if INSERTED_YUBIKEY is None: + from ykman.descriptor import FailedOpeningDeviceException + raise FailedOpeningDeviceException() yield FakePivController(INSERTED_YUBIKEY), INSERTED_YUBIKEY.serial