AttributeError: 'Root' object has no attribute 'revoke_key'. Did you mean: 'remove_key'?

[its-monotype]

"To get started, create a local example repository by running the

repo_workflow_example.py script."

I run repo_workflow_example and this error appeared

[dennisvang]

@its-monotype Looks like you're running an old version of python-tuf.

remove_key was renamed to revoke_key in python-tuf 2.0.0

[its-monotype]

@dennisvang I manually updated tuf but you have some kind of dependency problem...

[dennisvang]

@its-monotype Not sure where that comes from, but your error message says

tufup 0.4.2 requires tuf==1.1.* ...

However, clearly, that's not true:

https://github.com/dennisvang/tufup/blob/0cfa708334e7df6f122d60d67c819ad030bfdb91/requirements.txt#L8

I think the best approach is:

• make sure you have the latest version of the tufup source code
• create a new venv from scratch
• install dependencies from the latest requirements.txt and requirements-dev.txt

[dennisvang]

@its-monotype By the way, I see your prompt now says tufup-example.

Is this a tufup issue or a tufup-example issue?

[its-monotype]

The same problem is there and there, when I install tufup, it installs tuf 1.x.x as a dependency and not the 2.x.x.

[dennisvang]

But is this an issue with tufup or tufup-example?

Your first screenshot is from tufup. The second one is from tufup-example...

[its-monotype]

Yep, I understand, I want to say that I think it's tufup package related issue that when you do pip install tufup install as dependency tuf 1.x.x version and not the 2.x.x

[dennisvang]

The fact that tufup CI tests on Github all pass indicates that there is no dependency issue there (edit: in the requirements.txt).

I also verified tufup-example dependencies can be installed without issue in a fresh venv.

Are you sure you are running the latest version of the original repo, not some fork, and that you've created an all new venv, without any customized installation steps?

[its-monotype]

I mean now, for example, I don't clone repo I just do pip install tufup and it installs tuf-1.1.0 as its dependency. Although I'm looking at the tuf repository in requirements.txt, everything is correctly indicated tuf==2.*. But why then does this happen?

[dennisvang]

@its-monotype Now I understand, and you're absolutely right.

This is quite embarassing: I forgot to update the tuf version in setup.cfg.

This slipped through the cracks somehow...

Sorry for this. I'll fix it a.s.a.p.

[dennisvang]

@its-monotype A new release is now available which should fix this issue: 0.4.3