Add TUF version number, and user agent

trishankatdatadog · trishankatdatadog · commit c3a01bd4373f · 2018-08-31T15:03:11.000-04:00
Merge branch 'trishankatdatadog/fix-for-https-proxies' of github.com:trishankatdatadog/tuf into trishankatdatadog/fix-for-https-proxies

Signed-off-by: Trishank K Kuppusamy &lt;trishank.kuppusamy@datadoghq.com&gt;
diff --git a/ci-requirements.txt b/ci-requirements.txt
@@ -1,7 +1,7 @@
+securesystemslib[crypto,pynacl]
+six
+iso8601
 coverage
 coveralls
-iso8601
 pylint
 requests
-securesystemslib[crypto,pynacl]
-six
diff --git a/dev-requirements.txt b/dev-requirements.txt
@@ -6,14 +6,14 @@
 #
 -e .
 asn1crypto==0.24.0
-astroid==1.6.5 ; python_version < "3.0"
+astroid==1.6.5 ; python_version < "3.0" # pyup: ignore
 astroid==2.0.4 ; python_version >= "3.0"
 backports.functools-lru-cache==1.5
-bandit==1.4.0
+bandit==1.5.0
 cffi==1.11.5
 colorama==0.3.9
 configparser==3.5.0
-cryptography==2.3
+cryptography==2.3.1
 enum34==1.1.6
 gitdb2==2.0.4
 gitpython==2.1.11
@@ -28,7 +28,7 @@ pluggy==0.7.1
 py==1.5.4
 pycparser==2.18
 pylint==2.1.1 ; python_version >= "3.0"
-pylint==1.9.3 ; python_version < "3.0"
+pylint==1.9.3 ; python_version < "3.0" # pyup: ignore
 pynacl==1.2.1
 pyyaml==3.13
 requests==2.19.1
diff --git a/requirements.in b/requirements.in
@@ -1,9 +1,9 @@
 # requirements.in for pip-compile.
 
+securesystemslib
 cryptography
 colorama
-iso8601
 pynacl
-requests
-securesystemslib
 six
+iso8601
+requests
diff --git a/requirements.txt b/requirements.txt
@@ -17,9 +17,12 @@ cffi==1.11.5 \
     --hash=sha256:1553d1e99f035ace1c0544050622b7bc963374a00c467edafac50ad7bd276aef \
     --hash=sha256:1b0493c091a1898f1136e3f4f991a784437fac3673780ff9de3bcf46c80b6b50 \
     --hash=sha256:2ba8a45822b7aee805ab49abfe7eec16b90587f7f26df20c71dd89e45a97076f \
+    --hash=sha256:3bb6bd7266598f318063e584378b8e27c67de998a43362e8fce664c54ee52d30 \
     --hash=sha256:3c85641778460581c42924384f5e68076d724ceac0f267d66c757f7535069c93 \
     --hash=sha256:3eb6434197633b7748cea30bf0ba9f66727cdce45117a712b29a443943733257 \
+    --hash=sha256:495c5c2d43bf6cebe0178eb3e88f9c4aa48d8934aa6e3cddb865c058da76756b \
     --hash=sha256:4c91af6e967c2015729d3e69c2e51d92f9898c330d6a851bf8f121236f3defd3 \
+    --hash=sha256:57b2533356cb2d8fac1555815929f7f5f14d68ac77b085d2326b571310f34f6e \
     --hash=sha256:770f3782b31f50b68627e22f91cb182c48c47c02eb405fd689472aa7b7aa16dc \
     --hash=sha256:79f9b6f7c46ae1f8ded75f68cf8ad50e5729ed4d590c74840471fc2823457d04 \
     --hash=sha256:7a33145e04d44ce95bcd71e522b478d282ad0eafaf34fe1ec5bbd73e662f22b6 \
@@ -28,11 +31,13 @@ cffi==1.11.5 \
     --hash=sha256:95d5251e4b5ca00061f9d9f3d6fe537247e145a8524ae9fd30a2f8fbce993b5b \
     --hash=sha256:9d1d3e63a4afdc29bd76ce6aa9d58c771cd1599fbba8cf5057e7860b203710dd \
     --hash=sha256:a36c5c154f9d42ec176e6e620cb0dd275744aa1d804786a71ac37dc3661a5e95 \
+    --hash=sha256:a6a5cb8809091ec9ac03edde9304b3ad82ad4466333432b16d78ef40e0cce0d5 \
     --hash=sha256:ae5e35a2c189d397b91034642cb0eab0e346f776ec2eb44a49a459e6615d6e2e \
     --hash=sha256:b0f7d4a3df8f06cf49f9f121bead236e328074de6449866515cea4907bbc63d6 \
     --hash=sha256:b75110fb114fa366b29a027d0c9be3709579602ae111ff61674d28c93606acca \
     --hash=sha256:ba5e697569f84b13640c9e193170e89c13c6244c24400fc57e88724ef610cd31 \
     --hash=sha256:be2a9b390f77fd7676d80bc3cdc4f8edb940d8c198ed2d8c0be1319018c778e1 \
+    --hash=sha256:ca1bd81f40adc59011f58159e4aa6445fc585a32bb8ac9badf7a2c1aa23822f2 \
     --hash=sha256:d5d8555d9bfc3f02385c1c37e9f998e2011f0db4f90e250e5bc0c0a85a813085 \
     --hash=sha256:e55e22ac0a30023426564b1059b035973ec82186ddddbac867078435801c7801 \
     --hash=sha256:e90f17980e6ab0f3c2f3730e56d1fe9bcba1891eeea58966e89d352492cc74f4 \
@@ -48,26 +53,26 @@ chardet==3.0.4 \
 colorama==0.3.9 \
     --hash=sha256:463f8483208e921368c9f306094eb6f725c6ca42b0f97e313cb5d5512459feda \
     --hash=sha256:48eb22f4f8461b1df5734a074b57042430fb06e1d61bd1e11b078c0fe6d7a1f1
-cryptography==2.3 \
-    --hash=sha256:21af753934f2f6d1a10fe8f4c0a64315af209ef6adeaee63ca349797d747d687 \
-    --hash=sha256:27bb401a20a838d6d0ea380f08c6ead3ccd8c9d8a0232dc9adcc0e4994576a66 \
-    --hash=sha256:29720c4253263cff9aea64585adbbe85013ba647f6e98367efff9db2d7193ded \
-    --hash=sha256:2a35b7570d8f247889784010aac8b384fd2e4a47b33e15c4a60b45a7c1944120 \
-    --hash=sha256:42c531a6a354407f42ee07fda5c2c0dc822cf6d52744949c182f2b295fbd4183 \
-    --hash=sha256:5eb86f03f9c4f0ac2336ac5431271072ddf7ecc76b338e26366732cfac58aa19 \
-    --hash=sha256:67f7f57eae8dede577f3f7775957f5bec93edd6bdb6ce597bb5b28e1bdf3d4fb \
-    --hash=sha256:6ec84edcbc966ae460560a51a90046503ff0b5b66157a9efc61515c68059f6c8 \
-    --hash=sha256:7ba834564daef87557e7fcd35c3c3183a4147b0b3a57314e53317360b9b201b3 \
-    --hash=sha256:7d7f084cbe1fdb82be5a0545062b59b1ad3637bc5a48612ac2eb428ff31b31ea \
-    --hash=sha256:82409f5150e529d699e5c33fa8fd85e965104db03bc564f5f4b6a9199e591f7c \
-    --hash=sha256:87d092a7c2a44e5f7414ab02fb4145723ebba411425e1a99773531dd4c0e9b8d \
-    --hash=sha256:8c56ef989342e42b9fcaba7c74b446f0cc9bed546dd00034fa7ad66fc00307ef \
-    --hash=sha256:9449f5d4d7c516a6118fa9210c4a00f34384cb1d2028672100ee0c6cce49d7f6 \
-    --hash=sha256:bc2301170986ad82d9349a91eb8884e0e191209c45f5541b16aa7c0cfb135978 \
-    --hash=sha256:c132bab45d4bd0fff1d3fe294d92b0a6eb8404e93337b3127bdec9f21de117e6 \
-    --hash=sha256:c3d945b7b577f07a477700f618f46cbc287af3a9222cd73035c6ef527ef2c363 \
-    --hash=sha256:cee18beb4c807b5c0b178f4fa2fae03cef9d51821a358c6890f8b23465b7e5d2 \
-    --hash=sha256:d01dfc5c2b3495184f683574e03c70022674ca9a7be88589c5aba130d835ea90
+cryptography==2.3.1 \
+    --hash=sha256:02602e1672b62e803e08617ec286041cc453e8d43f093a5f4162095506bc0beb \
+    --hash=sha256:10b48e848e1edb93c1d3b797c83c72b4c387ab0eb4330aaa26da8049a6cbede0 \
+    --hash=sha256:17db09db9d7c5de130023657be42689d1a5f60502a14f6f745f6f65a6b8195c0 \
+    --hash=sha256:227da3a896df1106b1a69b1e319dce218fa04395e8cc78be7e31ca94c21254bc \
+    --hash=sha256:2cbaa03ac677db6c821dac3f4cdfd1461a32d0615847eedbb0df54bb7802e1f7 \
+    --hash=sha256:31db8febfc768e4b4bd826750a70c79c99ea423f4697d1dab764eb9f9f849519 \
+    --hash=sha256:4a510d268e55e2e067715d728e4ca6cd26a8e9f1f3d174faf88e6f2cb6b6c395 \
+    --hash=sha256:6a88d9004310a198c474d8a822ee96a6dd6c01efe66facdf17cb692512ae5bc0 \
+    --hash=sha256:76936ec70a9b72eb8c58314c38c55a0336a2b36de0c7ee8fb874a4547cadbd39 \
+    --hash=sha256:7e3b4aecc4040928efa8a7cdaf074e868af32c58ffc9bb77e7bf2c1a16783286 \
+    --hash=sha256:8168bcb08403ef144ff1fb880d416f49e2728101d02aaadfe9645883222c0aa5 \
+    --hash=sha256:8229ceb79a1792823d87779959184a1bf95768e9248c93ae9f97c7a2f60376a1 \
+    --hash=sha256:8a19e9f2fe69f6a44a5c156968d9fc8df56d09798d0c6a34ccc373bb186cee86 \
+    --hash=sha256:8d10113ca826a4c29d5b85b2c4e045ffa8bad74fb525ee0eceb1d38d4c70dfd6 \
+    --hash=sha256:be495b8ec5a939a7605274b6e59fbc35e76f5ad814ae010eb679529671c9e119 \
+    --hash=sha256:dc2d3f3b1548f4d11786616cf0f4415e25b0fbecb8a1d2cd8c07568f13fdde38 \
+    --hash=sha256:e4aecdd9d5a3d06c337894c9a6e2961898d3f64fe54ca920a72234a3de0f9cb3 \
+    --hash=sha256:e79ab4485b99eacb2166f3212218dd858258f374855e1568f728462b0e6ee0d9 \
+    --hash=sha256:f995d3667301e1754c57b04e0bae6f0fa9d710697a9f8d6712e8cca02550910f
 idna==2.7 \
     --hash=sha256:156a6814fb5ac1fc6850fb002e0852d56c0c8d2531923a51032d1b70760e186e \
     --hash=sha256:684a38a6f903c1d71d6d5fac066b58d7768af4de2b832e426ec79c30daa94a16 \
@@ -88,19 +93,27 @@ pynacl==1.2.1 \
     --hash=sha256:1d33e775fab3f383167afb20b9927aaf4961b953d76eeb271a5703a6d756b65b \
     --hash=sha256:2a42b2399d0428619e58dac7734838102d35f6dcdee149e0088823629bf99fbb \
     --hash=sha256:2dce05ac8b3c37b9e2f65eab56c544885607394753e9613fd159d5e2045c2d98 \
+    --hash=sha256:63cfccdc6217edcaa48369191ae4dca0c390af3c74f23c619e954973035948cd \
     --hash=sha256:6453b0dae593163ffc6db6f9c9c1597d35c650598e2c39c0590d1757207a1ac2 \
     --hash=sha256:73a5a96fb5fbf2215beee2353a128d382dbca83f5341f0d3c750877a236569ef \
     --hash=sha256:8abb4ef79161a5f58848b30ab6fb98d8c466da21fdd65558ce1d7afc02c70b5f \
     --hash=sha256:8ac1167195b32a8755de06efd5b2d2fe76fc864517dab66aaf65662cc59e1988 \
     --hash=sha256:8f505f42f659012794414fa57c498404e64db78f1d98dfd40e318c569f3c783b \
+    --hash=sha256:9c8a06556918ee8e3ab48c65574f318f5a0a4d31437fc135da7ee9d4f9080415 \
+    --hash=sha256:a1e25fc5650cf64f01c9e435033e53a4aca9de30eb9929d099f3bb078e18f8f2 \
     --hash=sha256:be71cd5fce04061e1f3d39597f93619c80cdd3558a6c9ba99a546f144a8d8101 \
+    --hash=sha256:c5b1a7a680218dee9da0f1b5e24072c46b3c275d35712bc1d505b85bb03441c0 \
+    --hash=sha256:cb785db1a9468841a1265c9215c60fe5d7af2fb1b209e3316a152704607fc582 \
     --hash=sha256:cf6877124ae6a0698404e169b3ba534542cfbc43f939d46b927d956daf0a373a \
     --hash=sha256:d0eb5b2795b7ee2cbcfcadacbe95a13afbda048a262bd369da9904fecb568975 \
+    --hash=sha256:d3a934e2b9f20abac009d5b6951067cfb5486889cb913192b4d8288b216842f1 \
     --hash=sha256:d795f506bcc9463efb5ebb0f65ed77921dcc9e0a50499dedd89f208445de9ecb \
     --hash=sha256:d8aaf7e5d6b0e0ef7d6dbf7abeb75085713d0100b4eb1a4e4e857de76d77ac45 \
+    --hash=sha256:de2aaca8386cf4d70f1796352f2346f48ddb0bed61dc43a3ce773ba12e064031 \
     --hash=sha256:e0d38fa0a75f65f556fb912f2c6790d1fa29b7dd27a1d9cc5591b281321eaaa9 \
     --hash=sha256:eb2acabbd487a46b38540a819ef67e477a674481f84a82a7ba2234b9ba46f752 \
     --hash=sha256:eeee629828d0eb4f6d98ac41e9a3a6461d114d1d0aa111a8931c049359298da0 \
+    --hash=sha256:f5836463a3c0cca300295b229b6c7003c415a9d11f8f9288ddbd728e2746524c \
     --hash=sha256:f5ce9e26d25eb0b2d96f3ef0ad70e1d3ae89b5d60255c462252a3e456a48c053 \
     --hash=sha256:fabf73d5d0286f9e078774f3435601d2735c94ce9e514ac4fb945701edead7e4
 requests==2.19.1 \
diff --git a/tuf/developer_tool.py b/tuf/developer_tool.py
@@ -296,11 +296,7 @@ def add_verification_key(self, key, expires=None):
     if len(self.keys) > 0:
       raise securesystemslib.exceptions.Error("This project already contains a key.")
 
-    try:
-      super(Project, self).add_verification_key(key, expires)
-
-    except securesystemslib.exceptions.FormatError:
-      raise
+    super(Project, self).add_verification_key(key, expires)
 
 
 
@@ -791,12 +787,8 @@ def load_project(project_directory, prefix='', new_targets_location=None,
   # Load the cfg file and the project.
   config_filename = os.path.join(project_directory, PROJECT_FILENAME)
 
-  try:
-    project_configuration = securesystemslib.util.load_json_file(config_filename)
-    tuf.formats.PROJECT_CFG_SCHEMA.check_match(project_configuration)
-
-  except (OSError, IOError, securesystemslib.exceptions.FormatError):
-    raise
+  project_configuration = securesystemslib.util.load_json_file(config_filename)
+  tuf.formats.PROJECT_CFG_SCHEMA.check_match(project_configuration)
 
   targets_directory = os.path.join(project_directory,
       project_configuration['targets_location'])
@@ -906,11 +898,7 @@ def load_project(project_directory, prefix='', new_targets_location=None,
         continue
 
       signable = None
-      try:
-        signable = securesystemslib.util.load_json_file(metadata_path)
-
-      except (ValueError, IOError, securesystemslib.exceptions.Error):
-        raise
+      signable = securesystemslib.util.load_json_file(metadata_path)
 
       # Strip the prefix from the local working copy, it will be added again
       # when the targets metadata is written to disk.
diff --git a/tuf/download.py b/tuf/download.py
@@ -39,12 +39,12 @@
 import time
 import timeit
 
+import tuf
 import requests
 import six
 
 import securesystemslib
 import securesystemslib.util
-import tuf
 import tuf.exceptions
 
 # See 'log.py' to learn how logging is handled in TUF.
@@ -379,17 +379,12 @@ def _download_fixed_amount_of_data(response, temp_file, required_length):
         break
 
   except:
-    raise
-
-  else:
-    # This else block returns and skips closing the response in the finally
-    # block, so close the response here.
+    # Whatever happens, make sure that we always close the connection.
     response.close()
-    return number_of_bytes_received, average_download_speed
+    raise
 
-  finally:
-    # Whatever happens, make sure that we always close the response.
-    response.close()
+  response.close()
+  return number_of_bytes_received, average_download_speed
 
 
 
diff --git a/tuf/formats.py b/tuf/formats.py
@@ -952,14 +952,10 @@ def make_versioninfo(version_number):
 
   # Raise 'securesystemslib.exceptions.FormatError' if 'versioninfo' is
   # improperly formatted.
-  try:
-    securesystemslib.formats.VERSIONINFO_SCHEMA.check_match(versioninfo)
+  securesystemslib.formats.VERSIONINFO_SCHEMA.check_match(versioninfo)
 
-  except:
-    raise
+  return versioninfo
 
-  else:
-    return versioninfo
 
 
 
diff --git a/tuf/roledb.py b/tuf/roledb.py
@@ -569,12 +569,11 @@ def role_exists(rolename, repository_name='default'):
 
   # Raise securesystemslib.exceptions.FormatError,
   # securesystemslib.exceptions.InvalidNameError if the arguments are invalid.
+  # We do not intercept securesystemslib.exceptions.FormatError
+  # or securesystemslib.exceptions.InvalidNameError exceptions.
   try:
     _check_rolename(rolename, repository_name)
 
-  except (securesystemslib.exceptions.FormatError, securesystemslib.exceptions.InvalidNameError):
-    raise
-
   except tuf.exceptions.UnknownRoleError:
     return False
 
diff --git a/tuf/sig.py b/tuf/sig.py
@@ -185,18 +185,15 @@ def get_signature_status(signable, role=None, repository_name='default',
     if valid_sig:
       if role is not None:
 
-        try:
-          # Is this an unauthorized key? (a keyid associated with 'role')
-          if keyids is None:
-            keyids = tuf.roledb.get_role_keyids(role, repository_name)
+        # Is this an unauthorized key? (a keyid associated with 'role')
+        # Note that if the role is not known, tuf.exceptions.UnknownRoleError
+        # is raised here.
+        if keyids is None:
+          keyids = tuf.roledb.get_role_keyids(role, repository_name)
 
-          if keyid not in keyids:
-            untrusted_sigs.append(keyid)
-            continue
-
-        # Unknown role, re-raise exception.
-        except tuf.exceptions.UnknownRoleError:
-          raise
+        if keyid not in keyids:
+          untrusted_sigs.append(keyid)
+          continue
 
       # This is an unset role, thus an unknown signature.
       else:
@@ -215,12 +212,10 @@ def get_signature_status(signable, role=None, repository_name='default',
   # role.
   if role is not None:
     if threshold is None:
-      try:
-        threshold = \
-          tuf.roledb.get_role_threshold(role, repository_name=repository_name)
-
-      except tuf.exceptions.UnknownRoleError:
-        raise
+      # Note that if the role is not known, tuf.exceptions.UnknownRoleError is
+      # raised here.
+      threshold = tuf.roledb.get_role_threshold(
+          role, repository_name=repository_name)
 
     else:
       logger.debug('Not using roledb.py\'s threshold for ' + repr(role))
