Update embedded TUF root #1515
Update embedded TUF root #1515
Conversation
* Include the new signingconfig file * Add a rule for updating staging Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
The mock was useful to ensure we don't e.g. end up downloading files multiple times but maintaining it is a bit of a hassle: the mock files have to be kept in sync with actual staging tuf (alternatively we'd have to create our own local tuf repository which would be another kind of hassle). Remove the uses of mock_staging_tuf (except for test_trust_root_tuf_offline that ensures we do not call tuf repo when offline). Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
|
I'm removing the TUF mocking from our tests: it was useful to really verify that every request is expected but maintenance is a bit of a hassle. If other maintainers would rather keep it, I can update the test assets instead (need to copy some more files from the tuf repo and update some expected test results). |
Huge +1 to removing -- I found updating these mocks to be really brittle, so I'm happy to have them gone 🙂 |
| @@ -248,59 +245,6 @@ def test_bad_media_type(self, asset): | |||
| # TODO(ww): Move these into appropriate class-scoped tests. | |||
|
|
|||
|
|
|||
| def test_trust_root_tuf_caches_and_requests(mock_staging_tuf, tuf_dirs): | |||
There was a problem hiding this comment.
Out of curiosity, can we now remove mock_staging_tuf and tuf_dirs entirely?
There was a problem hiding this comment.
there's one user: the test that verifies that we don't make requests when offline. That one likely could be refactored so it does not need the mock (should just work with a non-existing repo) but I left it as is for now.
The files can be verified by running
make update-embedded-root update-embedded-root-staging-- if there's no change to the files in git, they are correct.