Merge pull request #1183 from joshuagl/joshuagl/tuf-0.15.0

Prepare 0.15.0 release

appveyor.yml

@@ -27,7 +27,7 @@ install:
   - set PATH=%PYTHON%;%PYTHON%\\Scripts;%PATH%
   - python -m pip install -U pip setuptools
   - pip install -e .
-  - pip install securesystemslib[crypto,pynacl]
+  - pip install securesystemslib[crypto,pynacl] python-dateutil
   - if %PYTHON_VERSION%==2.7 pip install mock
 
 build: false

docs/CHANGELOG.md

@@ -1,5 +1,38 @@
 # Changelog
 
+## v0.15.0
+### Added
+* Simple TUF role metadata model in the `tuf.api` package for interacting with
+  metadata files directly, per-file without the overheads of reading and
+  writing the entire repository at once (#1112, #1177, #1183)
+* Raise `MissingLocalRepositoryError` in updater when local repository can not
+  be found (#1173)
+* Tests for targets metadata generation with existing `fileinfo` (#1078)
+* Test-verbosity documentation (#1151)
+
+### Changed
+* Raise an error in `tuf.client.updater` when metadata is loaded without a
+  signature (#1100)
+* Print a warning in `tuf.repository_tool` when metadata is written without a
+  signature (#1100)
+* Remove iso8661 dependency (#1176)
+* Bump dependencies: cffi (#1146), cryptography (#1149), urllib (#1179),
+  securesystemslib (#1183)
+* Overhauled logging to be less verbose and less alarming, by removing logging
+  in the library when an exception is raised (including the same information
+  that was logged) and using more appropriate log levels (#1145)
+* Make test output more useful by reducing and improving logging (#1145, #1104, #1170)
+* Make the `targets_path`, `metadata_path` and `confined_target_dirs` fields in
+  `tuf.client.updater`s mirror configuration optional (#1153, #1166)
+* Include LICENSE files with source distributions (#1162)
+* Update Python version to be used in release instructions (#1163)
+* Remove direct use of `colorama` and dependency (#1180)
+
+### Fixed
+* Ensure file objects and `requests.Responses` are closed during tests (#1147)
+* Auto-test against `securesystemslib` head of development (#1185)
+* Fix parameter name in `tuf.repository_lib` error message (#1078)
+
 ## v0.14.0
 ### Added
 * Added a mechanism to the Updater to disable the hash prefix for target files

requirements-pinned.txt

@@ -7,9 +7,8 @@ idna==2.10                 # via requests
 ipaddress==1.0.23         ; python_version < '3' # via cryptography
 pycparser==2.20           # via cffi
 pynacl==1.4.0             # via securesystemslib
-python-dateutil==2.8.1    # via securesystemslib
 requests==2.24.0
-securesystemslib[crypto,pynacl]==0.16.0
+securesystemslib[crypto,pynacl]==0.17.0
 six==1.15.0
 subprocess32==3.5.4       ; python_version < '3' # via securesystemslib
 urllib3==1.25.11           # via requests

requirements-test.txt

@@ -6,6 +6,9 @@
 # test runtime dependencies  (see 'tests_require' field in setup.py)
 mock; python_version < "3.3"
 
+# tuf.api tests use python-dateutil
+python-dateutil
+
 # additional test tools for linting and coverage measurement
 coverage
 pylint

setup.py

@@ -78,7 +78,7 @@
 
 setup(
   name = 'tuf',
-  version = '0.14.0', # If updating version, also update it in tuf/__init__.py
+  version = '0.15.0', # If updating version, also update it in tuf/__init__.py
   description = 'A secure updater framework for Python',
   long_description = long_description,
   long_description_content_type='text/markdown',

tuf/__init__.py

@@ -2,7 +2,7 @@
 # setup.py has it hard-coded separately.
 # Currently, when the version is changed, it must be set in both locations.
 # TODO: Single-source the version number.
-__version__ = "0.14.0"
+__version__ = "0.15.0"
 
 # This reference implementation produces metadata intended to conform to
 # version 1.0.0 of the TUF specification, and is expected to consume metadata