Usage of deprecated securesystemslib exception

[wickeat]

Describe the bug The current requirement on securesystemslib of >= 0.26.0 will automatically use the latest version of the package. In the latest 1.0.0 version, the CryptoError exception used here in the code base has been removed from the securesystemslib’s latest commit.

To Reproduce Steps to reproduce the behavior:

1. Import tufup
2. Observe the error on securesystemslib, eg. from tufup.client import Client b142df1c\Lib\site-packages\tufup\__init__.py:4: in <module> from tufup.repo import cli b142df1c\Lib\site-packages\tufup\repo\__init__.py:17: in <module> from securesystemslib.exceptions import CryptoError E ImportError: cannot import name 'CryptoError' from 'securesystemslib.exceptions'

Expected behavior No error on import.

[dennisvang]

@wickeat I guess this is related to #133 and should be fixed with the latest version of tufup (v0.8.0).

Could you try that and let us know the result?

EDIT:

This should not be an problem in tufup 0.8.0, because we also pin python-tuf to 4.0.*, which, in turn, pins securesystemslib to 0.32.0, according to the changelog:

...

• Constrain securesystemslib dependency to <0.32.0 in preparation for future securesystemslib API changes

This was verified by installing tufup 0.8.0 in a fresh venv.

The problem will become relevant when we upgrade to tuf 5.0, see #141.

[wickeat]

Yes, latest version of tufup (v0.8.0) works. Thanks for the new info on tuf 5.0!

[dennisvang]

@wickeat Thanks for the feedback. :)