diff --git a/Dockerfile b/Dockerfile index 0566b0145..f2ead3c14 100644 --- a/Dockerfile +++ b/Dockerfile @@ -42,6 +42,7 @@ RUN apt-get install -y \ nginx \ nodejs \ optipng \ + openssl \ python-dbg \ python-dev \ python-pip \ diff --git a/endpoints/api/repository.py b/endpoints/api/repository.py index 6fb661e72..eb740ef44 100644 --- a/endpoints/api/repository.py +++ b/endpoints/api/repository.py @@ -498,10 +498,11 @@ class RepositoryTrust(RepositoryParamResource): repo = model.repository.get_repository(namespace, repository) if not repo: raise NotFound() - - if not tuf_metadata_api.delete_metadata(namespace, repository): - raise DownstreamIssue({'message': 'Unable to delete downstream trust metadata'}) - + + tags, _ = tuf_metadata_api.get_default_tags_with_expiration(namespace, repository) + if tags and not tuf_metadata_api.delete_metadata(namespace, repository): + raise DownstreamIssue({'message': 'Unable to delete downstream trust metadata'}) + values = request.get_json() model.repository.set_trust(repo, values['trust_enabled']) diff --git a/endpoints/api/test/test_repository.py b/endpoints/api/test/test_repository.py index 8d48233c3..536473876 100644 --- a/endpoints/api/test/test_repository.py +++ b/endpoints/api/test/test_repository.py @@ -36,9 +36,10 @@ NOT_FOUND_RESPONSE = { ('invalid_req', False, INVALID_RESPONSE , 400), ]) def test_post_changetrust(trust_enabled, repo_found, expected_body, expected_status, client): - with patch('endpoints.api.repository.tuf_metadata_api'): + with patch('endpoints.api.repository.tuf_metadata_api') as mock_tuf: with patch('endpoints.api.repository.model') as mock_model: mock_model.repository.get_repository.return_value = MagicMock() if repo_found else None + mock_tuf.get_default_tags_with_expiration.return_value = ['tags', 'expiration'] with client_with_identity('devtable', client) as cl: params = {'repository': 'devtable/repo'} request_body = {'trust_enabled': trust_enabled} diff --git a/requirements.txt b/requirements.txt index 75d16b8ec..96ef9a3c6 100644 --- a/requirements.txt +++ b/requirements.txt @@ -24,6 +24,7 @@ bitmath==1.3.1.2 blinker==1.4 boto==2.46.1 cachetools==1.1.6 +certifi==2017.4.17 cffi==1.10.0 click==6.7 contextlib2==0.5.4 @@ -113,7 +114,7 @@ redis==2.10.5 redlock==1.2.0 reportlab==2.7 requests-oauthlib==0.8.0 -requests==2.13.0 +requests[security]==2.13.0 rfc3986==0.4.1 semantic-version==2.6.0 six==1.10.0 diff --git a/static/js/directives/ui/repository-signing-config/repository-signing-config.component.ts b/static/js/directives/ui/repository-signing-config/repository-signing-config.component.ts index 4c68fd0ef..fc9b15e22 100644 --- a/static/js/directives/ui/repository-signing-config/repository-signing-config.component.ts +++ b/static/js/directives/ui/repository-signing-config/repository-signing-config.component.ts @@ -35,7 +35,7 @@ export class RepositorySigningConfigComponent { 'trust_enabled': newState, }; - var errorDisplay = this.ApiService.errorDisplay('Could not just change trust', callback); + var errorDisplay = this.ApiService.errorDisplay('Could not change trust', callback); this.ApiService.changeRepoTrust(data, params).then((resp) => { this.repository.trust_enabled = newState; callback(true); diff --git a/util/tufmetadata/api.py b/util/tufmetadata/api.py index e3ee34147..983a7c187 100644 --- a/util/tufmetadata/api.py +++ b/util/tufmetadata/api.py @@ -199,7 +199,7 @@ class ImplementedTUFMetadataAPI(TUFMetadataAPIInterface): headers.update(DEFAULT_HTTP_HEADERS) resp = self._client.request(method, url, json=body, params=params, timeout=timeout, - verify=MITM_CERT_PATH, headers=headers) + verify=True, headers=headers) if resp.status_code // 100 != 2: raise Non200ResponseException(resp) return resp