Merge pull request #1094 from joshuagl/joshuagl/v0.13.0

Prepare for a 0.13.0 release
theupdateframework · Aug 4, 2020 · 7a418a2 · 7a418a2
2 parents f4eb001 + eb1c8d0
commit 7a418a2
Show file tree

Hide file tree

Showing 4 changed files with 62 additions and 2 deletions.
diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md
@@ -1,5 +1,32 @@
 # Changelog
 
+## v0.13.0
+### Added
+* Add support for BLAKE hash functions (#993)
+* Don't list root metadata in snapshot metadata, per latest spec (#988)
+* Enable targets metadata to be generated without access to the target files (#1007, #1020)
+* Implement support for abstract files and directories (#1024, #1034)
+* Make lengths and hashes optional for timestamp and snapshot roles (#1031)
+
+### Changed
+* Revise requirements files to have layered requirements (#978, #982)
+* Update tutorial instructions (#981, #992) and documentation (#1054, #1001)
+* Replace hard-coded logger names (#989)
+* Fix target file path hashing to ensure paths are hashed as they appear in targets metadata (#1007)
+* Refactor code handling hashed bins (#1007, #1013, #1040, #1058)
+* Improve performance when delegating to a large number of hashed bins (#1012)
+* Improve path handling consistency when adding targets and paths (#1008)
+* Clarify error message and docstring for custom parameter of add_target() (#1027)
+* Ensure each key applies to signature threshold only once (#1091)
+
+## Fixed
+* Fix broken CI (#985)
+* Fix tests (#1029, #1064, #1067)
+* Fix loading of delegated targets during repository load (#1049, #1052, #1071)
+* Fix key loading in repo.py (#1066)
+* Remove redundant code in downloader (#1073)
+* Fix alarming logging in updater (#1092)
+
 ## v0.12.2
 * Fix incorrect threshold signature computation (#974)
 * Drop support for python 3.4 (#966)

diff --git a/docs/RELEASE.md b/docs/RELEASE.md
@@ -0,0 +1,29 @@
+# Release process
+
+* Ensure docs/CHANGELOG.md contains a one-line summary of each [notable
+ change](https://keepachangelog.com/) since the prior release
+* Update setup.py and `tuf/__init__.py` to the new version number vA.B.C
+* Test packaging, uploading to Test PyPI and installing from a virtual environment
+ * Remove existing dist build dirs
+ * Create source dist `python setup.py sdist`
+ * Create wheel (with 2 and 3 support) `python setup.py bdist_wheel --universal`
+ * Sign the dists `gpg --detach-sign -a dist/tuf-vA.B.C.tar.gz`
+ * Upload to test PyPI `twine upload --repository testpypi dist/*`
+ * Verify the uploaded package https://testpypi.python.org/pypi/tuf/
+* Create a PR with updated CHANGELOG.md and version bumps
+* Once the PR is merged, pull the updated `develop` branch locally
+* Create a signed tag matching the updated version number on the merge commit
+ `git tag --sign vA.B.C`
+* Create a new release on GitHub, copying the CHANGELOG.md entries for the release
+* Create a package for the formal release
+ * Remove existing dist build dirs
+ * Create source dist `python setup.py sdist`
+ * Create wheel (with 2 and 3 support) `python setup.py bdist_wheel --universal`
+ * Sign source dist `gpg --detach-sign -a dist/tuf-vA.B.C.tar.gz`
+ * Sign wheel `gpg --detach-sign -a dist/tuf-vA.B.C-py2.py3-none-any.whl`
+ * Upload to test PyPI `twine upload --repository testpypi dist/*`
+ * Verify the uploaded package https://testpypi.python.org/pypi/tuf/
+ * Upload to PyPI `twine upload dist/*`
+* Attach the signed dists to the release on GitHub
+* Announce the release on [#tuf on CNCF Slack](https://cloud-native.slack.com/archives/C8NMD3QJ3)
+* Ensure [POUF 1](https://github.com/theupdateframework/taps/blob/master/POUFs/reference-POUF/pouf1.md), for the reference implementation, is up-to-date
diff --git a/setup.py b/setup.py
@@ -78,7 +78,7 @@
 
 setup(
  name = 'tuf',
- version = '0.12.2', # If updating version, also update it in tuf/__init__.py
+ version = '0.13.0', # If updating version, also update it in tuf/__init__.py
  description = 'A secure updater framework for Python',
  long_description = long_description,
  long_description_content_type='text/markdown',
@@ -108,6 +108,10 @@
  'Topic :: Security',
  'Topic :: Software Development'
  ],
+ project_urls={
+ 'Source': 'https://github.com/theupdateframework/tuf',
+ 'Issues': 'https://github.com/theupdateframework/tuf/issues'
+ },
  python_requires=">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, <4",
  install_requires = [
  'iso8601>=0.1.12',

diff --git a/tuf/__init__.py b/tuf/__init__.py
@@ -2,7 +2,7 @@
 # setup.py has it hard-coded separately.
 # Currently, when the version is changed, it must be set in both locations.
 # TODO: Single-source the version number.
-__version__ = "0.12.2"
+__version__ = "0.13.0"
 
 # This reference implementation produces metadata intended to conform to
 # version 1.0.0 of the TUF specification, and is expected to consume metadata