automatic import of python-tafopeneuler20.03

3 files changed, 467 insertions, 0 deletions

diff --git a/.gitignore b/.gitignore
index e69de29..58ecfd5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1 @@
+/taf-0.25.0.tar.gz
diff --git a/python-taf.spec b/python-taf.spec
new file mode 100644
index 0000000..b0b24b4
--- /dev/null
+++ b/python-taf.spec
@@ -0,0 +1,465 @@
+%global _empty_manifest_terminate_build 0
+Name:		python-taf
+Version:	0.25.0
+Release:	1
+Summary:	Implementation of archival authentication
+License:	GNU Affero General Public License v3 or later (AGPLv3+)
+URL:		https://github.com/openlawlibrary/taf/tree/master
+Source0:	https://mirrors.nju.edu.cn/pypi/web/packages/7b/2e/90aaa13e541ef7b5e534fc93cb4e8a24abc4a8a5e24cc643ba9284323094/taf-0.25.0.tar.gz
+
+Requires:	python3-click
+Requires:	python3-colorama
+Requires:	python3-oll-tuf
+Requires:	python3-cryptography
+Requires:	python3-securesystemslib
+Requires:	python3-loguru
+Requires:	python3-pygit2
+Requires:	python3-pyOpenSSL
+Requires:	python3-cattrs
+Requires:	python3-bandit
+Requires:	python3-black
+Requires:	python3-coverage
+Requires:	python3-pre-commit
+Requires:	python3-pytest-cov
+Requires:	python3-freezegun
+Requires:	python3-bandit
+Requires:	python3-black
+Requires:	python3-pre-commit
+Requires:	python3-pytest
+Requires:	python3-freezegun
+Requires:	python3-jsonschema
+Requires:	python3-yubikey-manager
+
+%description
+# TAF

+

+TAF (The Archive Framework) is an implementation of archival authentication. In other words, TAF ensures that a git repository can be securely cloned/updated and authenticated. In our case, a git repository is a collection of thousands of XML documents and represents a Library of official legal material, but TAF can be used to secure any git repository, regardless of its content.

+

+A git repository can be compromised in a number of ways:

+

+- an attacker could hack a user's account on a code hosting platform, like GitHub or GitLab,

+- an attacker could hack the hosting platform,

+- an attacker could gain access to a developer's personal computer.

+

+This attacker could then:

+

+- upload a new GPG key to GitHub,

+- push new commits to any repository,

+- add another authorized user with write access,

+- unprotected the master branch of any of the repositories and force push to it.

+

+TAF's goal is not to prevent any of the attacks listed above from happening, but to detect that an attack took place and cancel an update if that is the case. So, TAF should be used instead of directly calling `git pull` and `git clone`.

+

+TAF's implementation strongly relies on [The Update Framework (TUF)](https://theupdateframework.github.io), which helps developers maintain the security of a software update system and provides a flexible framework and specification that developers can adopt into any software update system.

+

+Further reading:

+

+1. [UELMA whitepaper](whitepapers/UELMA-Open-Law-White-Paper.pdf)

+1. [TAF implementation and integration with TUF](docs/TUF/tuf-specification.md)

+

+## Installation Steps

+

+From _PyPI_

+

+```bash

+pip install taf

+```

+

+From source:

+

+```bash

+pip install -e .

+```

+

+Install extra dependencies when using _Yubikey_:

+

+```bash

+pip install taf[yubikey]

+```

+

+Add bash completion:

+

+1. copy `taf-complete.sh` to user's directory

+1. add `source ./taf-complete.sh` to `~/.bash_profile` or `~/.bashrc`

+1. source `~/.bash_profile`

+

+## Development Setup

+

+We are using [pre-commit](https://pre-commit.com/) to run _black_ code formatter, _flake8_ and _bandit_ code quality checks.

+

+```bash

+pip install -e .[dev]

+pip install -e .[test]

+

+pre-commit install # registers git pre-commit hook

+

+pre-commit run --all-files # runs code formatting and quality checks for all files

+```

+

+NOTE: For _Windows_ users: Open [settings.json](.vscode/settings.json) and replace paths.

+

+## Running Tests

+

+To run tests with mocked Yubikey:

+

+```bash

+pytest

+```

+

+To run tests with real Yubikey:

+

+1. Insert **test** Yubikey

+2. Run `taf setup_test_key`

+   WARNING: This command will import targets private key to signature slot of your Yubikey, as well as new self-signed x509 certificate!

+3. Run `REAL_YK=True pytest` or `set REAL_YK=True pytest` depending on platform.

+

+## Platform-specific Wheels

+

+1. Open https://dev.azure.com/openlawlibrary/TAF/_build

+2. Click on latest build

+3. Open _Summary_ tab

+4. Under _Build artifacts published_, click on \*wheels to download zip

+

+More info in [devops document](./docs/devops.md).

+

+## Building Wheels on Ubuntu 16.04 and 18.04

+

+**Binary wheels exists only for macOS, windows-32bit and windows-64bit platforms for python 3.10!**

+

+- Install dependencies

+

+```bash

+sudo add-apt-repository ppa:jonathonf/python-3.10

+sudo apt-get update

+sudo apt-get install python3.10

+sudo apt-get install python3.10-venv

+sudo apt-get install python3.10-dev

+sudo apt-get install swig

+sudo apt-get install libpcsclite-dev

+sudo apt-get install libssl-dev

+sudo apt-get install libykpers-1-dev

+```

+

+- Create virtual environment

+

+```bash

+python3.6 -m venv env

+pip install --upgrade pip

+pip install wheel

+pip install taf

+```

+

+- Test CLI

+

+```bash

+taf

+```

+
+
+%package -n python3-taf
+Summary:	Implementation of archival authentication
+Provides:	python-taf
+BuildRequires:	python3-devel
+BuildRequires:	python3-setuptools
+BuildRequires:	python3-pip
+BuildRequires:	python3-cffi
+BuildRequires:	gcc
+BuildRequires:	gdb
+%description -n python3-taf
+# TAF

+

+TAF (The Archive Framework) is an implementation of archival authentication. In other words, TAF ensures that a git repository can be securely cloned/updated and authenticated. In our case, a git repository is a collection of thousands of XML documents and represents a Library of official legal material, but TAF can be used to secure any git repository, regardless of its content.

+

+A git repository can be compromised in a number of ways:

+

+- an attacker could hack a user's account on a code hosting platform, like GitHub or GitLab,

+- an attacker could hack the hosting platform,

+- an attacker could gain access to a developer's personal computer.

+

+This attacker could then:

+

+- upload a new GPG key to GitHub,

+- push new commits to any repository,

+- add another authorized user with write access,

+- unprotected the master branch of any of the repositories and force push to it.

+

+TAF's goal is not to prevent any of the attacks listed above from happening, but to detect that an attack took place and cancel an update if that is the case. So, TAF should be used instead of directly calling `git pull` and `git clone`.

+

+TAF's implementation strongly relies on [The Update Framework (TUF)](https://theupdateframework.github.io), which helps developers maintain the security of a software update system and provides a flexible framework and specification that developers can adopt into any software update system.

+

+Further reading:

+

+1. [UELMA whitepaper](whitepapers/UELMA-Open-Law-White-Paper.pdf)

+1. [TAF implementation and integration with TUF](docs/TUF/tuf-specification.md)

+

+## Installation Steps

+

+From _PyPI_

+

+```bash

+pip install taf

+```

+

+From source:

+

+```bash

+pip install -e .

+```

+

+Install extra dependencies when using _Yubikey_:

+

+```bash

+pip install taf[yubikey]

+```

+

+Add bash completion:

+

+1. copy `taf-complete.sh` to user's directory

+1. add `source ./taf-complete.sh` to `~/.bash_profile` or `~/.bashrc`

+1. source `~/.bash_profile`

+

+## Development Setup

+

+We are using [pre-commit](https://pre-commit.com/) to run _black_ code formatter, _flake8_ and _bandit_ code quality checks.

+

+```bash

+pip install -e .[dev]

+pip install -e .[test]

+

+pre-commit install # registers git pre-commit hook

+

+pre-commit run --all-files # runs code formatting and quality checks for all files

+```

+

+NOTE: For _Windows_ users: Open [settings.json](.vscode/settings.json) and replace paths.

+

+## Running Tests

+

+To run tests with mocked Yubikey:

+

+```bash

+pytest

+```

+

+To run tests with real Yubikey:

+

+1. Insert **test** Yubikey

+2. Run `taf setup_test_key`

+   WARNING: This command will import targets private key to signature slot of your Yubikey, as well as new self-signed x509 certificate!

+3. Run `REAL_YK=True pytest` or `set REAL_YK=True pytest` depending on platform.

+

+## Platform-specific Wheels

+

+1. Open https://dev.azure.com/openlawlibrary/TAF/_build

+2. Click on latest build

+3. Open _Summary_ tab

+4. Under _Build artifacts published_, click on \*wheels to download zip

+

+More info in [devops document](./docs/devops.md).

+

+## Building Wheels on Ubuntu 16.04 and 18.04

+

+**Binary wheels exists only for macOS, windows-32bit and windows-64bit platforms for python 3.10!**

+

+- Install dependencies

+

+```bash

+sudo add-apt-repository ppa:jonathonf/python-3.10

+sudo apt-get update

+sudo apt-get install python3.10

+sudo apt-get install python3.10-venv

+sudo apt-get install python3.10-dev

+sudo apt-get install swig

+sudo apt-get install libpcsclite-dev

+sudo apt-get install libssl-dev

+sudo apt-get install libykpers-1-dev

+```

+

+- Create virtual environment

+

+```bash

+python3.6 -m venv env

+pip install --upgrade pip

+pip install wheel

+pip install taf

+```

+

+- Test CLI

+

+```bash

+taf

+```

+
+
+%package help
+Summary:	Development documents and examples for taf
+Provides:	python3-taf-doc
+%description help
+# TAF

+

+TAF (The Archive Framework) is an implementation of archival authentication. In other words, TAF ensures that a git repository can be securely cloned/updated and authenticated. In our case, a git repository is a collection of thousands of XML documents and represents a Library of official legal material, but TAF can be used to secure any git repository, regardless of its content.

+

+A git repository can be compromised in a number of ways:

+

+- an attacker could hack a user's account on a code hosting platform, like GitHub or GitLab,

+- an attacker could hack the hosting platform,

+- an attacker could gain access to a developer's personal computer.

+

+This attacker could then:

+

+- upload a new GPG key to GitHub,

+- push new commits to any repository,

+- add another authorized user with write access,

+- unprotected the master branch of any of the repositories and force push to it.

+

+TAF's goal is not to prevent any of the attacks listed above from happening, but to detect that an attack took place and cancel an update if that is the case. So, TAF should be used instead of directly calling `git pull` and `git clone`.

+

+TAF's implementation strongly relies on [The Update Framework (TUF)](https://theupdateframework.github.io), which helps developers maintain the security of a software update system and provides a flexible framework and specification that developers can adopt into any software update system.

+

+Further reading:

+

+1. [UELMA whitepaper](whitepapers/UELMA-Open-Law-White-Paper.pdf)

+1. [TAF implementation and integration with TUF](docs/TUF/tuf-specification.md)

+

+## Installation Steps

+

+From _PyPI_

+

+```bash

+pip install taf

+```

+

+From source:

+

+```bash

+pip install -e .

+```

+

+Install extra dependencies when using _Yubikey_:

+

+```bash

+pip install taf[yubikey]

+```

+

+Add bash completion:

+

+1. copy `taf-complete.sh` to user's directory

+1. add `source ./taf-complete.sh` to `~/.bash_profile` or `~/.bashrc`

+1. source `~/.bash_profile`

+

+## Development Setup

+

+We are using [pre-commit](https://pre-commit.com/) to run _black_ code formatter, _flake8_ and _bandit_ code quality checks.

+

+```bash

+pip install -e .[dev]

+pip install -e .[test]

+

+pre-commit install # registers git pre-commit hook

+

+pre-commit run --all-files # runs code formatting and quality checks for all files

+```

+

+NOTE: For _Windows_ users: Open [settings.json](.vscode/settings.json) and replace paths.

+

+## Running Tests

+

+To run tests with mocked Yubikey:

+

+```bash

+pytest

+```

+

+To run tests with real Yubikey:

+

+1. Insert **test** Yubikey

+2. Run `taf setup_test_key`

+   WARNING: This command will import targets private key to signature slot of your Yubikey, as well as new self-signed x509 certificate!

+3. Run `REAL_YK=True pytest` or `set REAL_YK=True pytest` depending on platform.

+

+## Platform-specific Wheels

+

+1. Open https://dev.azure.com/openlawlibrary/TAF/_build

+2. Click on latest build

+3. Open _Summary_ tab

+4. Under _Build artifacts published_, click on \*wheels to download zip

+

+More info in [devops document](./docs/devops.md).

+

+## Building Wheels on Ubuntu 16.04 and 18.04

+

+**Binary wheels exists only for macOS, windows-32bit and windows-64bit platforms for python 3.10!**

+

+- Install dependencies

+

+```bash

+sudo add-apt-repository ppa:jonathonf/python-3.10

+sudo apt-get update

+sudo apt-get install python3.10

+sudo apt-get install python3.10-venv

+sudo apt-get install python3.10-dev

+sudo apt-get install swig

+sudo apt-get install libpcsclite-dev

+sudo apt-get install libssl-dev

+sudo apt-get install libykpers-1-dev

+```

+

+- Create virtual environment

+

+```bash

+python3.6 -m venv env

+pip install --upgrade pip

+pip install wheel

+pip install taf

+```

+

+- Test CLI

+

+```bash

+taf

+```

+
+
+%prep
+%autosetup -n taf-0.25.0
+
+%build
+%py3_build
+
+%install
+%py3_install
+install -d -m755 %{buildroot}/%{_pkgdocdir}
+if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi
+if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi
+if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi
+if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi
+pushd %{buildroot}
+if [ -d usr/lib ]; then
+	find usr/lib -type f -printf "/%h/%f\n" >> filelist.lst
+fi
+if [ -d usr/lib64 ]; then
+	find usr/lib64 -type f -printf "/%h/%f\n" >> filelist.lst
+fi
+if [ -d usr/bin ]; then
+	find usr/bin -type f -printf "/%h/%f\n" >> filelist.lst
+fi
+if [ -d usr/sbin ]; then
+	find usr/sbin -type f -printf "/%h/%f\n" >> filelist.lst
+fi
+touch doclist.lst
+if [ -d usr/share/man ]; then
+	find usr/share/man -type f -printf "/%h/%f.gz\n" >> doclist.lst
+fi
+popd
+mv %{buildroot}/filelist.lst .
+mv %{buildroot}/doclist.lst .
+
+%files -n python3-taf -f filelist.lst
+%dir %{python3_sitearch}/*
+
+%files help -f doclist.lst
+%{_docdir}/*
+
+%changelog
+* Fri May 05 2023 Python_Bot <Python_Bot@openeuler.org> - 0.25.0-1
+- Package Spec generated
diff --git a/sources b/sources
new file mode 100644
index 0000000..888b790
--- /dev/null
+++ b/sources
@@ -0,0 +1 @@
+3a884562a90092b46c4de4dc9e151125  taf-0.25.0.tar.gz