blocks on next tuf release (theupdateframework/python-tuf#2617)
Updates securesystemslib 1.0.0 in requirements*.txt files -> requires pinning a dev version of tuf
TODO: adopt in Pipfile (I tried, but pipenv lock was taking way too long for my taste)
TODO: remove pinned tuf revision
Removes local keyvault service, which makes heavy use of legacy securesystemslib interfaces, which are no longer available in 1.0.0.
fixes part of #465
TODO: adopt in docs, config, etc
TODO: consider removing obsolete IKeyVault
Removes keyvault initialisation in MetadatRepository, which would try to load local key vault in tests, given the current configs
Adopts removal in tests, just enough, so that they pass.
TODO: check if the tests still make sense
Drops registration of CryptoSigner and use sits new uri scheme "file2" in SignerStore. "file2" can be used like "file", but only for non-encrypted key files, which is all we care for in the worker. "file2" can also be used like "fn" from the custom "FileNameSigner", i.e. with a directory specified via envvar.
TODO: consider only using "file2" and dropping the custom "FileNameSigner" (or only using it to ovverride the scheme name and the envvar name)
blocks on next tuf release (theupdateframework/python-tuf#2617)
Updates securesystemslib 1.0.0 in requirements*.txt files -> requires pinning a dev version of tuf
pipenv lockwas taking way too long for my taste)Removes local keyvault service, which makes heavy use of legacy securesystemslib interfaces, which are no longer available in 1.0.0.
Removes keyvault initialisation in MetadatRepository, which would try to load local key vault in tests, given the current configs
Adopts removal in tests, just enough, so that they pass.
Drops registration of CryptoSigner and use sits new uri scheme "file2" in
SignerStore. "file2" can be used like "file", but only for non-encrypted key files, which is all we care for in the worker. "file2" can also be used like "fn" from the custom "FileNameSigner", i.e. with a directory specified via envvar.