Releases: secure-systems-lab/securesystemslib
Releases · secure-systems-lab/securesystemslib
v0.24.0
v0.24.0
This tag was signed with the committer’s verified signature.
The key has expired.
lukpueh
Lukas Pühringer
Added
Changed
- Use max salt lengths in RSA PSS signature creation & automatically verify previous/new
sigs (#422) - Speed up canonical json encoding (#410)
- Bumped dependencies: cffi (#415), colorama (#413), cryptography (#405, #406, #414,
#417, #424, #425), ed25519 (#412) - Changed Debian packaging metadata (#392)
Fixed
v0.23.0
v0.22.0
v0.22.0
This tag was signed with the committer’s verified signature.
The key has expired.
lukpueh
Lukas Pühringer
Fixed
- Removed broken Dependabot badge in README (#377)
Added
- Python 3.10 support (#380)
__eq__method for Signature objects (#383)unrecognized_fieldsattribute for Signature objects (#387)
Changed
- Bumped dependencies: cffi (#373), cryptography (#376, #379), ed25519 (#378,
#390), pycparser (#375), pynacl (#382) - Misc docstring improvements (#380, #381, #384)
Removed
- Python 3.6 support (#385)
v0.21.0
NOTE: This is the first release of securesystemslib to require Python 3.6
or newer.
Fixed
- Clarified licensing and copyright notices with regards to code that is
derived from Thandy (#366)
Added
- Added machinery for static type checking with mypy, including type annotation
of the util module (#361) - Added type annotations to storage module (#362)
Changed
Removed
v0.20.1
NOTE: this will be the final release of securesystemslib that supports Python 2.7.
This is because Python 2.7 was marked end-of-life in January of 2020, and since then several of securesystemslib's direct and transitive dependencies have stopped supporting Python 2.7. securesystemslib's major users, the Python implementations of tuf (v0.167.0) and in-toto (v1.1.0), have already dropped support for Python 2.7.
Changed
- Switched to GitHub-native Dependabot (#349)
- Updated Debian packaging metadata (#343)
- Bump cryptography dependency (#346)
Fixed
- Fix the Signer abstract base class's method signature to include self (#348)
v0.20.0
v0.20.0
This tag was signed with the committer’s verified signature.
The key has expired.
lukpueh
Lukas Pühringer
Added
- Add signing abstraction to facilitate custom implementations (#319)
Changed
- Refactor imports to allow vendoring for pip (#316)
- Limit GitHub Actions to avoid duplicate Dependabot builds (#335)
- Enhance GitHub Action reporting for ed25519 upstream check (#338)
- Bump dependencies: cryptography (#336)
Fixed
- Pad OpenPGP EdDSA signatures to avoid sporadic verification failures (#340)
v0.19.0
Added
- Enable setting which GPG client to use through an environment variable (#315)
Changed
- Dropped support for EOL Python 3.5 and add support for Python 3.9 (#314)
- Converted the default local storage backend, FilesystemBackend, to be a
singleton (#302) - Migrated CI from travis-ci.org to travis-ci.com (#303) then later to GitHub
Actions (#324) - Bump dependencies: cffi (#306, #329), cryptography (#322, #333). NOTE: the
latest version of cryptography is no longer used on Python 2, as that is not
supported. - Updated Debian packaging metadata (#313 & #318)
- Improved messaging for issues automatically filed on upstream changes to our
vendored ed25519 dependency (#317) - Updated the ed25519 tracking script for upstream's branch name change (#331)
Fixed
- Empty lists should not be used as the default argument for a function (#304)
v0.18.0
v0.18.0
This tag was signed with the committer’s verified signature.
The key has expired.
lukpueh
Lukas Pühringer
Added
interface.generate_and_write_unencrypted_{rsa,ed25519,ecdsa}_keypair(#288)interface.generate_and_write_{rsa,ed25519,ecdsa}_keypair_with_prompt(#288)interface.import_privatekey_from_file(#288)- GitHub Action to auto-check upstream changes for vendored ed25519 (#294)
Changed
interface.generate_and_write_{rsa,ed25519,ecdsa}_keypairrequire a password
as first positional argument (#288)interface.import_{rsa,ed25519,ecdsa}_privatekey_from_filedo not error on
empty password, but pass it on to lower level decryption routines (#288)interface.import_ecdsa_privatekey_from_filesupports loading unencrypted
private keys (#288)- Revise
interfaceandgpg.functionsdocstrings, and example snippets, and
use Sphinx compatible Google Style docstring format (#288, #300) - Linter-flagged cosmetic changes (#292, #295, #296)
- Bump dependencies: cryptography (#291, #293)
- Bump vendor copy of ed25519 (#299)
v0.17.0
Added
- Add
interface.import_publickeys_from_file()convenience function (#278, #285) - Add
gpg.export_pubkeys()convenience function (#277) - Add support to
hashmodule for blake2b-256 algorithm (#283)
Changed
- Use ecdsa as keytype for ECDSA keys to better distinguish between keytype
and scheme (#267) - Bump dependencies: cffi (#266, #273), cryptography (#269, #274),
and colorama (#284) - Removed python-dateutil dependency (#268)
- Prepare Debian downstream releases (#198)
- Remove unused helper (
_prompt) and global (SUPPORTED_KEY_TYPES) from
interface module (#276) - Refactored and extended interface tests (#279, #287)
v0.16.0
Added
- Added new, self-explanatory, AnyNonEmptyString schema (#244)
- Separate functions for getting a file's length,
util.get_file_length(), and
a file's hashes,util.get_file_hashes()(#259)
Changed
- Improved documentation for abstract storage interface (#240)
- Change PATHS_SCHEMA to be any non-empty string (#244)
- Updated
keys.format_metadata_to_key()to take an optional list of hashing
algorithms rather than requiring users modifysettings.HASH_ALGORITHMSto
change this behaviour (#227) - Rather than silently ignoring empty paths, throw an exception on empty file
path instorage.FileSystemBackend.create_folder(#252)