diff --git a/.pyup.yml b/.pyup.yml deleted file mode 100644 index 5197fd9810..0000000000 --- a/.pyup.yml +++ /dev/null @@ -1,45 +0,0 @@ -# configure updates globally -# default: all -# allowed: all, insecure, False -update: all - -# set the default branch -# default: empty, the default branch on GitHub -branch: develop - -# update schedule -# default: empty -# allowed: "every day", "every week", .. -schedule: "every week" - -# configure dependency pinning globally -# default: True -# allowed: True, False -pin: True - -# search for requirement files -# default: True -# allowed: True, False -search: False - -# Specify requirement files by hand, default is empty -# default: empty -# allowed: list -requirements: - - dev-requirements.txt: - # update all dependencies and pin them - update: all - pin: True - - - requirements.txt: - # update all dependencies and pin them - update: all - pin: True - -# configure the branch prefix the bot is using -# default: pyup- -branch_prefix: pyup- - -# allow to close stale PRs -# default: True -close_prs: True diff --git a/README.md b/README.md index b915b6ec4b..b50475bf65 100644 --- a/README.md +++ b/README.md @@ -2,8 +2,7 @@ [![Travis-CI](https://travis-ci.org/theupdateframework/tuf.svg?branch=develop)](https://travis-ci.org/theupdateframework/tuf) [![Coveralls](https://coveralls.io/repos/theupdateframework/tuf/badge.svg?branch=develop)](https://coveralls.io/r/theupdateframework/tuf?branch=develop) -[![PyUp](https://pyup.io/repos/github/theupdateframework/tuf/shield.svg)](https://pyup.io/repos/github/theupdateframework/tuf/) -[![Python 3](https://pyup.io/repos/github/theupdateframework/tuf/python-3-shield.svg)](https://pyup.io/repos/github/theupdateframework/tuf/) +![Dependabot Status](https://api.dependabot.com/badges/status?host=github&repo=theupdateframework/tuf) [![FOSSA Status](https://app.fossa.com/api/projects/custom%2B162%2Fgithub.com%2Ftheupdateframework%2Ftuf.svg?type=shield)](https://app.fossa.com/projects/custom%2B162%2Fgithub.com%2Ftheupdateframework%2Ftuf?ref=badge_shield) [![CII](https://bestpractices.coreinfrastructure.org/projects/1351/badge)](https://bestpractices.coreinfrastructure.org/projects/1351) [![PyPI](https://img.shields.io/pypi/v/tuf)](https://pypi.org/project/tuf/) diff --git a/ci-requirements.txt b/ci-requirements.txt deleted file mode 100644 index 2be62d0e88..0000000000 --- a/ci-requirements.txt +++ /dev/null @@ -1,10 +0,0 @@ -securesystemslib[crypto,pynacl] -six -iso8601 -requests -pylint -bandit -# Pin to versions supported by `coveralls` (see .travis.yml) -# https://github.com/coveralls-clients/coveralls-python/releases/tag/1.8.1 -coverage<5.0 -mock; python_version < "3.3" diff --git a/dev-requirements.txt b/dev-requirements.txt deleted file mode 100644 index d929eb8ba5..0000000000 --- a/dev-requirements.txt +++ /dev/null @@ -1,72 +0,0 @@ -# -# This file is (mostly) autogenerated by pip-compile. -# To update, run: -# -# pip-compile --output-file dev-requirements.txt dev-requirements.txt -# -# Run pip-compile in both Python2 and Python3, and combine the dependencies, -# adding the following as necessary: -# - Add version directives like ' ; python_version >= "3.0"' based on which -# dependencies are required for Python2 vs Python3 (or other version -# constraints). -# - Add ' # pyup: ignore' for any dependency that must remain outdated -# because later versions drop support for (e.g.) Python2. -# -# Be sure to leave these comments at the top of the new file. -# --e . - -astroid==2.3.3; python_version >= "3.0" -astroid==1.6.5 ; python_version < "3.0" # pyup: ignore -backports.functools-lru-cache==1.6.1 -bandit==1.6.2 -certifi==2019.9.11 # via requests -cffi==1.13.2 -chardet==3.0.4 # via requests -colorama==0.4.1 -configparser==4.0.2 -contextlib2==0.6.0.post1 ; python_version < "3.0" # via importlib-metadata -cryptography==2.8 -enum34==1.1.6 -filelock==3.0.12 # via tox -futures==3.3.0 ; python_version < "3.0" # via isort -gitdb2==2.0.6 # via gitpython -gitpython==3.0.4; python_version >= "3.0" # via bandit -gitpython==2.1.14 ; python_version < "3.0" # pyup: ignore -idna==2.8 -importlib-metadata==0.23 # via pluggy, tox -ipaddress==1.0.23; python_version < "3.0" -iso8601==0.1.12 -isort==4.3.21 -lazy-object-proxy==1.4.3 -mccabe==0.6.1 -mock==3.0.5; python_version < "3.3" -more-itertools==7.2.0 ; python_version >= "3.0" # via zipp -more-itertools==5.0.0 ; python_version < "3.0" # pyup: ignore -packaging==19.2 # via tox -pathlib2==2.3.5 ; python_version < "3.0" # via importlib-metadata -pbr==5.4.3 -pluggy==0.13.0 -py==1.8.0 -pycparser==2.19 -pylint==2.4.3; python_version >= "3.0" -pylint==1.9.3 ; python_version < "3.0" # pyup: ignore -pynacl==1.3.0 -pyparsing==2.4.2 # via packaging -python-dateutil==2.8.1 # via securesystemslib -pyyaml==5.1.2 -requests==2.22.0 -scandir==1.10.0 ; python_version < "3.0" # via pathlib2 -securesystemslib[crypto,pynacl]==0.12.2 -singledispatch==3.4.0.3 -six==1.13.0 -smmap2==2.0.5 -stevedore==1.31.0 -subprocess32==3.5.4 ; python_version < "3.0" # via securesystemslib -toml==0.10.0 # via tox -tox==3.14.0 -typed-ast==1.4.0 ; python_version >= "3.0" # via astroid -urllib3==1.25.6 # via requests -virtualenv==16.7.7 -wrapt==1.11.2 -zipp==0.6.0 # via importlib-metadata diff --git a/docs/CONTRIBUTORS.rst b/docs/CONTRIBUTORS.rst index e7423c2e2b..3be2b607b6 100644 --- a/docs/CONTRIBUTORS.rst +++ b/docs/CONTRIBUTORS.rst @@ -102,7 +102,7 @@ To work on the TUF project, it's best to perform a development install. :: - $ pip install -r dev-requirements.txt + $ pip install -r requirements-dev.txt Testing @@ -132,9 +132,9 @@ a *venv*), and then install ``tuf`` in editable mode too (in the same *venv*). :: $ cd path/to/securesystemslib - $ pip install -r dev-requirements.txt + $ pip install -r requirements-dev.txt $ cd path/to/tuf - $ pip install -r dev-requirements.txt + $ pip install -r requirements-dev.txt With `tox `_ the test suite can be executed in a diff --git a/requirements-dev.txt b/requirements-dev.txt new file mode 100644 index 0000000000..2501c49cf8 --- /dev/null +++ b/requirements-dev.txt @@ -0,0 +1,5 @@ +# Install tuf in editable mode and requirements for local testing with tox, +# and also for running test suite or individual tests manually +tox +-r requirements-tox.txt +-e . diff --git a/requirements-pinned.txt b/requirements-pinned.txt new file mode 100644 index 0000000000..2668ea25b2 --- /dev/null +++ b/requirements-pinned.txt @@ -0,0 +1,18 @@ +# Auto-generated (see requirements.in) +certifi==2019.11.28 # via requests +cffi==1.13.2 # via cryptography, pynacl +chardet==3.0.4 # via requests +colorama==0.4.3 +cryptography==2.8 +enum34==1.1.6 # via cryptography +idna==2.8 # via requests +ipaddress==1.0.23 # via cryptography +iso8601==0.1.12 +pycparser==2.19 # via cffi +pynacl==1.3.0 +python-dateutil==2.8.1 # via securesystemslib +requests==2.22.0 +securesystemslib==0.14.0 +six==1.14.0 +subprocess32==3.5.4 # via securesystemslib +urllib3==1.25.8 # via requests diff --git a/requirements-test.txt b/requirements-test.txt new file mode 100644 index 0000000000..e05724b5eb --- /dev/null +++ b/requirements-test.txt @@ -0,0 +1,2 @@ +# Install test requirements (see 'tests_require' field in setup.py) +mock; python_version < "3.3" diff --git a/requirements-tox.txt b/requirements-tox.txt new file mode 100644 index 0000000000..34d4dd9cf5 --- /dev/null +++ b/requirements-tox.txt @@ -0,0 +1,12 @@ +# Install requirements needed in each tox environment + +# pinned tuf runtime dependencies (should auto-update and -trigger ci/cd) +-r requirements-pinned.txt + +# test runtime dependencies +-r requirements-test.txt + +# additional test tools for linting and coverage measurement +coverage +pylint +bandit diff --git a/requirements.in b/requirements.in index 1781b03278..9ad2487875 100644 --- a/requirements.in +++ b/requirements.in @@ -1,5 +1,42 @@ -# requirements.in for pip-compile. - +# Template for tuf runtime requirements files including optional dependencies +# +# Copy-paste script below (without leading '#') to bash when requirements are +# added or removed to generate: +# +# - 'requirements.txt': lists pinned dependencies with hashes, used for +# client-side integrity checks +# +# - 'requirements-pinned.txt': lists pinned dependencies without hashes, used +# for ci/cd builds, where 'requirements.txt' can't be used together with +# other (non-runtime) requirements that don't list hashes (see pypa/pip#4995) +# +# Both files are automatically updated on GitHub with Dependabot. +# +# ----------------------------------------------------------------------------- +# # Gather pip-compile results for each supported Python version +# for v in 2.7 3.5 3.6 3.7 3.8; do +# mkvirtualenv tuf-env-${v} -p python${v}; +# pip install pip-tools; +# pip-compile requirements.in -n 2>&1 | grep -v "^#" >> requirements.combined; +# # Keep one venv as we need it below to add hashes +# if [ $v != 3.8 ]; then +# deactivate; +# rmvirtualenv tuf-env-${v}; +# fi +# done; +# +# # Create requirements-pinned.txt +# echo "# Auto-generated (see requirements.in)" > requirements-pinned.txt +# cat requirements.combined | grep -v "^Dry-run," | sort -u >> requirements-pinned.txt +# rm requirements.combined +# +# # Create requirements.txt with hashes +# pip-compile --generate-hashes -o requirements.txt requirements-pinned.txt +# +# # Remove remaining venv +# deactivate +# rmvirtualenv tuf-env-3.8 +# ----------------------------------------------------------------------------- securesystemslib cryptography colorama diff --git a/requirements.txt b/requirements.txt index 082cf9a40d..1f0227cd9e 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,26 +1,12 @@ # -# This file is (mostly) autogenerated by pip-compile. +# This file is autogenerated by pip-compile # To update, run: # -# pip-compile --generate-hashes --output-file requirements.txt requirements.in +# pip-compile --generate-hashes --output-file=requirements.txt requirements-pinned.txt # -# Run pip-compile in both Python2 and Python3, and combine the dependencies, -# adding the following as necessary: -# - Add version directives like ' ; python_version >= "3.0"' based on which -# dependencies are required for Python2 vs Python3 (or other version -# constraints). -# - Add ' # pyup: ignore' for any dependency that must remain outdated -# because later versions drop support for (e.g.) Python2. -# -# Be sure to leave these comments at the top of the new file. -# -asn1crypto==1.2.0 \ - --hash=sha256:7bb1cc02a5620b3d72da4ba070bda2f44f0e61b44dee910a302eddff802b6fb5 \ - --hash=sha256:87620880a477123e01177a1f73d0f327210b43a3cdbd714efcd2fa49a8d7b384 # via cryptography -certifi==2019.9.11 \ - --hash=sha256:e4f3620cfea4f83eedc95b24abd9cd56f3c4b146dd0177e83a21b4eb49e21e50 \ - --hash=sha256:fd7c7c74727ddcf00e9acd26bba8da604ffec95bf1c2144e67aff7a8b50e6cef \ - # via requests +certifi==2019.11.28 \ + --hash=sha256:017c25db2a153ce562900032d5bc68e9f191e44e9a0f762f373977de9df1fbb3 \ + --hash=sha256:25b64c7da4cd7479594d035c08c2d809eb4aab3a26e5a990ea98cc450c320f1f cffi==1.13.2 \ --hash=sha256:0b49274afc941c626b605fb59b59c3485c17dc776dc3cc7cc14aca74cc19cc42 \ --hash=sha256:0e3ea92942cb1168e38c05c1d56b0527ce31f1a370f6117f1d490b8dcd6b3a04 \ @@ -33,6 +19,7 @@ cffi==1.13.2 \ --hash=sha256:32a262e2b90ffcfdd97c7a5e24a6012a43c61f1f5a57789ad80af1d26c6acd97 \ --hash=sha256:3c9fff570f13480b201e9ab69453108f6d98244a7f495e91b6c654a47486ba43 \ --hash=sha256:415bdc7ca8c1c634a6d7163d43fb0ea885a07e9618a64bda407e04b04333b7db \ + --hash=sha256:42194f54c11abc8583417a7cf4eaff544ce0de8187abaf5d29029c91b1725ad3 \ --hash=sha256:4424e42199e86b21fc4db83bd76909a6fc2a2aefb352cb5414833c030f6ed71b \ --hash=sha256:4a43c91840bda5f55249413037b7a9b79c90b1184ed504883b72c4df70778579 \ --hash=sha256:599a1e8ff057ac530c9ad1778293c665cb81a791421f46922d80a86473c13346 \ @@ -53,14 +40,13 @@ cffi==1.13.2 \ --hash=sha256:d75c461e20e29afc0aee7172a0950157c704ff0dd51613506bd7d82b718e7410 \ --hash=sha256:dcd65317dd15bc0451f3e01c80da2216a31916bdcffd6221ca1202d96584aa25 \ --hash=sha256:e570d3ab32e2c2861c4ebe6ffcad6a8abf9347432a37608fe1fbd157b3f0036b \ - --hash=sha256:fd43a88e045cf992ed09fa724b5315b790525f2676883a6ea64e3263bae6549d # via cryptography, pynacl + --hash=sha256:fd43a88e045cf992ed09fa724b5315b790525f2676883a6ea64e3263bae6549d chardet==3.0.4 \ --hash=sha256:84ab92ed1c4d4f16916e05906b6b75a6c0fb5db821cc65e70cbd64a3e2a5eaae \ - --hash=sha256:fc323ffcaeaed0e0a02bf4d117757b98aed530d9ed4531e3e15460124c106691 \ - # via requests -colorama==0.4.1 \ - --hash=sha256:05eed71e2e327246ad6b38c540c4a3117230b19679b875190486ddd2d721422d \ - --hash=sha256:f8ac84de7840f5b9c4e3347b3c1eaa50f7e49c2b07596221daec5edaabbd7c48 + --hash=sha256:fc323ffcaeaed0e0a02bf4d117757b98aed530d9ed4531e3e15460124c106691 +colorama==0.4.3 \ + --hash=sha256:7d73d2a99753107a36ac6b455ee49046802e59d9d076ef8e47b61499fa29afff \ + --hash=sha256:e96da0d330793e2cb9485e9ddfd918d456036c7149416295932478192f4436a1 cryptography==2.8 \ --hash=sha256:02079a6addc7b5140ba0825f542c0869ff4df9a69c360e339ecead5baefa843c \ --hash=sha256:1df22371fbf2004c6f64e927668734070a8953362cd8370ddd336774d6743595 \ @@ -87,25 +73,19 @@ enum34==1.1.6 \ --hash=sha256:2d81cbbe0e73112bdfe6ef8576f2238f2ba27dd0d55752a776c41d38b7da2850 \ --hash=sha256:644837f692e5f550741432dd3f223bbb9852018674981b1664e5dc339387588a \ --hash=sha256:6bd0f6ad48ec2aa117d3d141940d484deccda84d4fcd884f5c3d93c23ecd8c79 \ - --hash=sha256:8ad8c4783bf61ded74527bffb48ed9b54166685e4230386a9ed9b1279e2df5b1 \ - ; python_version < "3.0" - # via cryptography + --hash=sha256:8ad8c4783bf61ded74527bffb48ed9b54166685e4230386a9ed9b1279e2df5b1 idna==2.8 \ --hash=sha256:c357b3f628cf53ae2c4c05627ecc484553142ca23264e593d327bcde5e9c3407 \ - --hash=sha256:ea8b7f6188e6fa117537c3df7da9fc686d485087abf6ac197f9c46432f7e4a3c \ - # via requests -ipaddress==1.0.22 \ - --hash=sha256:64b28eec5e78e7510698f6d4da08800a5c575caa4a286c93d651c5d3ff7b6794 \ - --hash=sha256:b146c751ea45cad6188dd6cf2d9b757f6f4f8d6ffb96a023e6f2e26eea02a72c \ - ; python_version < "3.0" # pyup: ignore - # via cryptography + --hash=sha256:ea8b7f6188e6fa117537c3df7da9fc686d485087abf6ac197f9c46432f7e4a3c +ipaddress==1.0.23 \ + --hash=sha256:6e0f4a39e66cb5bb9a137b00276a2eff74f93b71dcbdad6f10ff7df9d3557fcc \ + --hash=sha256:b7f8e0369580bb4a24d5ba1d7cc29660a4a6987763faf1d8a8046830e020e7e2 iso8601==0.1.12 \ --hash=sha256:210e0134677cc0d02f6028087fee1df1e1d76d372ee1db0bf30bf66c5c1c89a3 \ --hash=sha256:49c4b20e1f38aa5cf109ddcd39647ac419f928512c869dc01d5c7098eddede82 \ --hash=sha256:bbbae5fb4a7abfe71d4688fd64bff70b91bbd74ef6a99d964bab18f7fdf286dd pycparser==2.19 \ - --hash=sha256:a988718abfad80b6b157acce7bf130a30876d27603738ac39f140993246b25b3 \ - # via cffi + --hash=sha256:a988718abfad80b6b157acce7bf130a30876d27603738ac39f140993246b25b3 pynacl==1.3.0 \ --hash=sha256:05c26f93964373fc0abe332676cb6735f0ecad27711035b9472751faa8521255 \ --hash=sha256:0c6100edd16fefd1557da078c7a31e7b7d7a52ce39fdca2bec29d4f7b6e7600c \ @@ -116,6 +96,7 @@ pynacl==1.3.0 \ --hash=sha256:30f36a9c70450c7878053fa1344aca0145fd47d845270b43a7ee9192a051bf39 \ --hash=sha256:37aa336a317209f1bb099ad177fef0da45be36a2aa664507c5d72015f956c310 \ --hash=sha256:4943decfc5b905748f0756fdd99d4f9498d7064815c4cf3643820c9028b711d1 \ + --hash=sha256:53126cd91356342dcae7e209f840212a58dcf1177ad52c1d938d428eebc9fee5 \ --hash=sha256:57ef38a65056e7800859e5ba9e6091053cd06e1038983016effaffe0efcd594a \ --hash=sha256:5bd61e9b44c543016ce1f6aef48606280e45f892a928ca7068fba30021e9b786 \ --hash=sha256:6482d3017a0c0327a49dddc8bd1074cc730d45db2ccb09c3bac1f8f32d1eb61b \ @@ -124,26 +105,24 @@ pynacl==1.3.0 \ --hash=sha256:a39f54ccbcd2757d1d63b0ec00a00980c0b382c62865b61a505163943624ab20 \ --hash=sha256:aabb0c5232910a20eec8563503c153a8e78bbf5459490c49ab31f6adf3f3a415 \ --hash=sha256:bd4ecb473a96ad0f90c20acba4f0bf0df91a4e03a1f4dd6a4bdc9ca75aa3a715 \ + --hash=sha256:bf459128feb543cfca16a95f8da31e2e65e4c5257d2f3dfa8c0c1031139c9c92 \ --hash=sha256:e2da3c13307eac601f3de04887624939aca8ee3c9488a0bb0eca4fb9401fc6b1 \ --hash=sha256:f67814c38162f4deb31f68d590771a29d5ae3b1bd64b75cf232308e5c74777e0 python-dateutil==2.8.1 \ --hash=sha256:73ebfe9dbf22e832286dafa60473e4cd239f8592f699aa5adaf10050e6e1823c \ - --hash=sha256:75bb3f31ea686f1197762692a9ee6a7550b59fc6ca3a1f4b5d7e32fb98e2da2a # via securesystemslib + --hash=sha256:75bb3f31ea686f1197762692a9ee6a7550b59fc6ca3a1f4b5d7e32fb98e2da2a requests==2.22.0 \ --hash=sha256:11e007a8a2aa0323f5a921e9e6a2d7e4e67d9877e85773fba9ba6419025cbeb4 \ --hash=sha256:9cf5292fcd0f598c671cfc1e0d7d1a7f13bb8085e9a590f48c010551dc6c4b31 -securesystemslib==0.12.2 \ - --hash=sha256:39acbb3db6c3caa94d95a3369ffcc9d5563a04540c89874cc2f158706dbad6c1 \ - --hash=sha256:f25541fc7226c3e9b830bb285598c6bbdc00d02eea1935575abffd03a45becbf -six==1.13.0 \ - --hash=sha256:1f1b7d42e254082a9db6279deae68afb421ceba6158efa6131de7b3003ee93fd \ - --hash=sha256:30f610279e8b2578cab6db20741130331735c781b56053c59c4076da27f06b66 +securesystemslib==0.14.0 \ + --hash=sha256:414a722547876294764813f7a3579bba273db6969de81bda2f46f60519e14e3e \ + --hash=sha256:6cbd5ad0b2ae160a2de0800950757d6beea33a8aad15b41d6cff788b0a2ba926 +six==1.14.0 \ + --hash=sha256:236bdbdce46e6e6a3d61a337c0f8b763ca1e8717c03b369e87a7ec7ce1319c0a \ + --hash=sha256:8f3cd2e254d8f793e7f3d6d9df77b92252b52637291d0f0da013c76ea2724b6c subprocess32==3.5.4 \ --hash=sha256:88e37c1aac5388df41cc8a8456bb49ebffd321a3ad4d70358e3518176de3a56b \ - --hash=sha256:eb2937c80497978d181efa1b839ec2d9622cf9600a039a79d0e108d1f9aec79d \ - ; python_version < "3.0" - # via securesystemslib -urllib3==1.25.6 \ - --hash=sha256:3de946ffbed6e6746608990594d08faac602528ac7015ac28d33cee6a45b7398 \ - --hash=sha256:9a107b99a5393caf59c7aa3c1249c16e6879447533d0887f4336dde834c7be86 \ - # via requests + --hash=sha256:eb2937c80497978d181efa1b839ec2d9622cf9600a039a79d0e108d1f9aec79d +urllib3==1.25.8 \ + --hash=sha256:2f3db8b19923a873b3e5256dc9c2dedfa883e33d87c690d9c7913e1f40673cdc \ + --hash=sha256:87716c2d2a7121198ebcb7ce7cccf6ce5e9ba539041cfbaeecfb641dc0bf6acc diff --git a/setup.cfg b/setup.cfg index 9a0cb18bfc..1ffc5648ee 100644 --- a/setup.cfg +++ b/setup.cfg @@ -3,6 +3,6 @@ universal = 1 [check-manifest] ignore = - dev-requirements.txt + requirements-dev.txt .travis.yml .coveragerc diff --git a/tests/test_repository_lib.py b/tests/test_repository_lib.py index 557427edf7..e80f2954d2 100755 --- a/tests/test_repository_lib.py +++ b/tests/test_repository_lib.py @@ -52,6 +52,7 @@ import tuf.repository_tool as repo_tool import securesystemslib +import securesystemslib.rsa_keys import securesystemslib.interface import six @@ -173,10 +174,10 @@ def test_import_ed25519_privatekey_from_file(self): # Invalid private key imported (contains unexpected keytype.) imported_ed25519_key['keytype'] = 'invalid_keytype' - # Use 'pyca_crypto_keys.py' to bypass the key format validation performed by + # Use 'rsa_keys.py' to bypass the key format validation performed by # 'keys.py'. salt, iterations, derived_key = \ - securesystemslib.pyca_crypto_keys._generate_derived_key('pw') + securesystemslib.rsa_keys._generate_derived_key('pw') # Store the derived key info in a dictionary, the object expected # by the non-public _encrypt() routine. @@ -185,8 +186,7 @@ def test_import_ed25519_privatekey_from_file(self): # Convert the key object to json string format and encrypt it with the # derived key. - encrypted_key = \ - securesystemslib.pyca_crypto_keys._encrypt( + encrypted_key = securesystemslib.rsa_keys._encrypt( json.dumps(imported_ed25519_key), derived_key_information) with open(ed25519_keypath, 'wb') as file_object: diff --git a/tox.ini b/tox.ini index 2e03026868..d874efc99b 100644 --- a/tox.ini +++ b/tox.ini @@ -20,7 +20,7 @@ commands = coverage report -m --fail-under 97 deps = - -r{toxinidir}/ci-requirements.txt + -r{toxinidir}/requirements-tox.txt # Install TUF in editable mode, instead of tox default virtual environment # installation (see `skipsdist`), to get relative paths in coverage reports --editable {toxinidir} @@ -33,7 +33,7 @@ install_command = pip install --pre {opts} {packages} [testenv:with-sslib-master] deps = --editable git+http://github.com/secure-systems-lab/securesystemslib.git@master#egg=securesystemslib[crypto,pynacl] - -r{toxinidir}/ci-requirements.txt + -r{toxinidir}/requirements-tox.txt --editable {toxinidir} commands =