line length change to 88 chars (ruff default) (#841)

* ruff linter line length set to default (88 chars), code changes to comply

Co-authored-by: l77h <>

Author: L77H

pyproject.toml

@@ -81,16 +81,12 @@ lint.select = [
   "N",      # pep8-naming: all
   "RUF100"  # ruff: find unused noqa
 ]
-lint.ignore = [
-  "E501"    # ignore line-too-long
-]
 exclude = ["_vendor"]
 
-# Same as Black.
-line-length = 80
 indent-width = 4
 
 [tool.ruff.lint.per-file-ignores]
 "tests/*" = [
     "S",      # bandit: Not running bandit on tests
+    "E501"    # line-too-long
 ]

securesystemslib/_gpg/common.py

@@ -266,7 +266,8 @@ def parse_pubkey_bundle(data):
                     PACKET_TYPE_USER_ID,
                 ]:
                     if key_bundle[_type]:
-                        # Add to most recently added packet's signatures of matching type
+                        # Add to most recently added packet's
+                        # signatures of matching type
                         key_bundle[_type][next(reversed(key_bundle[_type]))][
                             "signatures"
                         ].append(packet)
@@ -275,9 +276,7 @@ def parse_pubkey_bundle(data):
                 else:
                     # If no packets are available for any of above types (yet), the
                     # signature belongs to the primary key
-                    key_bundle[PACKET_TYPE_PRIMARY_KEY]["signatures"].append(
-                        packet
-                    )
+                    key_bundle[PACKET_TYPE_PRIMARY_KEY]["signatures"].append(packet)
 
             else:
                 packets_list = [
@@ -358,9 +357,7 @@ def _assign_certified_key_info(bundle):
                 )
                 # verify_signature requires a "keyid" even if it is short.
                 # (see parse_signature_packet for more information about keyids)
-                signature["keyid"] = (
-                    signature["keyid"] or signature["short_keyid"]
-                )
+                signature["keyid"] = signature["keyid"] or signature["short_keyid"]
 
             # TODO: Revise exception taxonomy:
             # It's okay to ignore some exceptions (unsupported algorithms etc.) but
@@ -430,10 +427,7 @@ def _assign_certified_key_info(bundle):
             if is_primary_user and not tmp_is_primary_user:
                 continue
 
-            if (
-                not sig_creation_time
-                or sig_creation_time < tmp_sig_creation_time
-            ):
+            if not sig_creation_time or sig_creation_time < tmp_sig_creation_time:
                 # This is the most recent certificate that has a validity_period and
                 # doesn't have lower priority in regard to the primary user id flag. We
                 # accept it the keys validty_period, until we get a newer value from
@@ -445,9 +439,7 @@ def _assign_certified_key_info(bundle):
                 sig_creation_time = tmp_sig_creation_time
 
     if validity_period is not None:
-        bundle[PACKET_TYPE_PRIMARY_KEY]["key"]["validity_period"] = (
-            validity_period
-        )
+        bundle[PACKET_TYPE_PRIMARY_KEY]["key"]["validity_period"] = validity_period
 
     return bundle[PACKET_TYPE_PRIMARY_KEY]["key"]
 
@@ -495,9 +487,7 @@ def _get_verified_subkeys(bundle):
 
         # Construct signed content (see RFC4880 section 5.2.4. paragraph 3)
         signed_content = (
-            bundle[PACKET_TYPE_PRIMARY_KEY]["packet"]
-            + b"\x99"
-            + subkey_packet[1:]
+            bundle[PACKET_TYPE_PRIMARY_KEY]["packet"] + b"\x99" + subkey_packet[1:]
         )
 
         # Filter sub key binding signature from other signatures, e.g. subkey
@@ -513,9 +503,7 @@ def _get_verified_subkeys(bundle):
                 )
                 # verify_signature requires a "keyid" even if it is short.
                 # (see parse_signature_packet for more information about keyids)
-                signature["keyid"] = (
-                    signature["keyid"] or signature["short_keyid"]
-                )
+                signature["keyid"] = signature["keyid"] or signature["short_keyid"]
                 key_binding_signatures.append(signature)
 
             # TODO: Revise exception taxonomy
@@ -555,9 +543,7 @@ def _get_verified_subkeys(bundle):
         # If the signature is valid, we may also extract relevant information from
         # its "info" field (e.g. subkey expiration date) and assign to it to the
         # subkey here
-        validity_period = signature["info"]["subpackets"].get(
-            KEY_EXPIRATION_SUBPACKET
-        )
+        validity_period = signature["info"]["subpackets"].get(KEY_EXPIRATION_SUBPACKET)
         if validity_period is not None:
             subkey["validity_period"] = struct.unpack(">I", validity_period)[0]
 
@@ -878,9 +864,7 @@ def parse_signature_packet(
 
     signature_data = {
         "keyid": keyid,
-        "other_headers": binascii.hexlify(data[:other_headers_ptr]).decode(
-            "ascii"
-        ),
+        "other_headers": binascii.hexlify(data[:other_headers_ptr]).decode("ascii"),
         "signature": binascii.hexlify(signature).decode("ascii"),
     }
 

securesystemslib/_gpg/eddsa.py

@@ -227,9 +227,7 @@ def verify_signature(signature_object, pubkey_info, content, hash_algorithm_id):
     )
 
     try:
-        pubkey_object.verify(
-            binascii.unhexlify(signature_object["signature"]), digest
-        )
+        pubkey_object.verify(binascii.unhexlify(signature_object["signature"]), digest)
         return True
 
     except InvalidSignature:

securesystemslib/_gpg/exceptions.py

@@ -44,9 +44,7 @@ def __init__(self, key):
         self.key = key
 
     def __str__(self):
-        creation_time = datetime.datetime.utcfromtimestamp(
-            self.key["creation_time"]
-        )
+        creation_time = datetime.datetime.utcfromtimestamp(self.key["creation_time"])
         expiration_time = datetime.datetime.utcfromtimestamp(
             self.key["creation_time"] + self.key["validity_period"]
         )

securesystemslib/_gpg/functions.py

@@ -161,9 +161,7 @@ def create_signature(content, keyid=None, homedir=None, timeout=GPG_TIMEOUT):
 
         # ... or one of the subkeys, and add the full keyid to the signature dict.
         else:
-            for sub_key_full_keyid in list(
-                public_key_bundle.get("subkeys", {}).keys()
-            ):
+            for sub_key_full_keyid in list(public_key_bundle.get("subkeys", {}).keys()):
                 if sub_key_full_keyid.endswith(short_keyid.lower()):
                     signature["keyid"] = sub_key_full_keyid
                     break
@@ -237,9 +235,7 @@ def verify_signature(signature_object, pubkey_info, content):
     ):
         raise KeyExpirationError(verification_key)
 
-    return handler.verify_signature(
-        signature_object, verification_key, content, SHA256
-    )
+    return handler.verify_signature(signature_object, verification_key, content, SHA256)
 
 
 def export_pubkey(keyid, homedir=None, timeout=GPG_TIMEOUT):

securesystemslib/_gpg/util.py

@@ -159,8 +159,7 @@ def parse_packet_header(data, expected_type=None):  # noqa: PLR0912
 
         elif data[1] >= 224 and data[1] < 255:
             raise PacketParsingError(
-                "New length "
-                "format packets of partial body lengths are not supported"
+                "New length format packets of partial body lengths are not supported"
             )
 
         elif data[1] == 255:
@@ -193,8 +192,7 @@ def parse_packet_header(data, expected_type=None):  # noqa: PLR0912
 
         elif length_type == 3:
             raise PacketParsingError(
-                "Old length "
-                "format packets of indeterminate length are not supported"
+                "Old length " "format packets of indeterminate length are not supported"
             )
 
         else:  # pragma: no cover (unreachable)

securesystemslib/signer/_aws_signer.py

@@ -128,7 +128,7 @@ def import_(
 
         Arguments:
             aws_key_id (str): AWS KMS key ID.
-            local_scheme (Optional[str]): The Secure Systems Library RSA or ECDSA scheme.
+            local_scheme (Optional[str]): The Secure Systems Library RSA/ECDSA scheme.
             Defaults to 'rsassa-pss-sha256' if not provided and RSA.
 
         Returns:

securesystemslib/signer/_azure_signer.py

@@ -28,7 +28,10 @@
         PublicFormat,
     )
 except ImportError:
-    AZURE_IMPORT_ERROR = "Signing with Azure Key Vault requires azure-identity, azure-keyvault-keys and cryptography."
+    AZURE_IMPORT_ERROR = (
+        "Signing with Azure Key Vault requires azure-identity, "
+        "azure-keyvault-keys and cryptography."
+    )
 
 logger = logging.getLogger(__name__)
 
@@ -77,9 +80,7 @@ def __init__(self, az_key_uri: str, public_key: Key):
             )
             self.hash_algorithm = self._get_hash_algorithm(public_key)
         except UnsupportedKeyType as e:
-            logger.info(
-                "Key %s has unsupported key type or unsupported elliptic curve"
-            )
+            logger.info("Key %s has unsupported key type or unsupported elliptic curve")
             raise e
         self._public_key = public_key
 
@@ -101,7 +102,8 @@ def _get_key_vault_key(
             return key_client.get_key(key_name)
         except (HttpResponseError,) as e:
             logger.info(
-                "Key %s/%s failed to create key client from credentials, key ID, and Vault URL: %s",
+                "Key %s/%s failed to create key client from credentials, "
+                "key ID, and Vault URL: %s",
                 vault_name,
                 key_name,
                 str(e),
@@ -118,7 +120,8 @@ def _create_crypto_client(
             return CryptographyClient(kv_key, credential=cred)
         except (HttpResponseError,) as e:
             logger.info(
-                "Key %s failed to create crypto client from credentials and KeyVaultKey: %s",
+                "Key %s failed to create crypto client from "
+                "credentials and KeyVaultKey: %s",
                 kv_key,
                 str(e),
             )
@@ -198,14 +201,10 @@ def import_(cls, az_vault_name: str, az_key_name: str) -> Tuple[str, Key]:
             raise UnsupportedLibraryError(AZURE_IMPORT_ERROR)
 
         credential = DefaultAzureCredential()
-        key_vault_key = cls._get_key_vault_key(
-            credential, az_vault_name, az_key_name
-        )
+        key_vault_key = cls._get_key_vault_key(credential, az_vault_name, az_key_name)
 
         if not key_vault_key.key.kty.startswith("EC"):
-            raise UnsupportedKeyType(
-                f"Unsupported key type {key_vault_key.key.kty}"
-            )
+            raise UnsupportedKeyType(f"Unsupported key type {key_vault_key.key.kty}")
 
         if key_vault_key.key.crv == KeyCurveName.p_256:
             crv: ec.EllipticCurve = ec.SECP256R1()
@@ -214,19 +213,15 @@ def import_(cls, az_vault_name: str, az_key_name: str) -> Tuple[str, Key]:
         elif key_vault_key.key.crv == KeyCurveName.p_521:
             crv = ec.SECP521R1()
         else:
-            raise UnsupportedKeyType(
-                f"Unsupported curve type {key_vault_key.key.crv}"
-            )
+            raise UnsupportedKeyType(f"Unsupported curve type {key_vault_key.key.crv}")
 
         # Key is in JWK format, create a curve from it with the parameters
         x = int.from_bytes(key_vault_key.key.x, byteorder="big")
         y = int.from_bytes(key_vault_key.key.y, byteorder="big")
 
         cpub = ec.EllipticCurvePublicNumbers(x, y, crv)
         pub_key = cpub.public_key()
-        pem = pub_key.public_bytes(
-            Encoding.PEM, PublicFormat.SubjectPublicKeyInfo
-        )
+        pem = pub_key.public_bytes(Encoding.PEM, PublicFormat.SubjectPublicKeyInfo)
 
         keytype, scheme = cls._get_keytype_and_scheme(key_vault_key.key.crv)
         keyval = {"public": pem.decode("utf-8")}

securesystemslib/signer/_crypto_signer.py

@@ -92,9 +92,7 @@ def _get_hash_algorithm(name: str) -> "HashAlgorithm":
     return algorithm
 
 
-def _get_rsa_padding(
-    name: str, hash_algorithm: "HashAlgorithm"
-) -> "AsymmetricPadding":
+def _get_rsa_padding(name: str, hash_algorithm: "HashAlgorithm") -> "AsymmetricPadding":
     """Helper to return rsa signature padding for name."""
     padding: AsymmetricPadding
     if name == "pss":
@@ -279,9 +277,7 @@ def generate_ed25519(
             raise UnsupportedLibraryError(CRYPTO_IMPORT_ERROR)
 
         private_key = Ed25519PrivateKey.generate()
-        public_key = SSlibKey.from_crypto(
-            private_key.public_key(), keyid, "ed25519"
-        )
+        public_key = SSlibKey.from_crypto(private_key.public_key(), keyid, "ed25519")
         return CryptoSigner(private_key, public_key)
 
     @staticmethod
@@ -310,9 +306,7 @@ def generate_rsa(
             public_exponent=65537,
             key_size=size,
         )
-        public_key = SSlibKey.from_crypto(
-            private_key.public_key(), keyid, scheme
-        )
+        public_key = SSlibKey.from_crypto(private_key.public_key(), keyid, scheme)
         return CryptoSigner(private_key, public_key)
 
     @staticmethod

securesystemslib/signer/_gpg_signer.py

@@ -147,9 +147,7 @@ def _key_from_legacy_dict(key_dict: Dict[str, Any]) -> GPGKey:
         return GPGKey(keyid, keytype, scheme, keyval)
 
     @classmethod
-    def import_(
-        cls, keyid: str, homedir: Optional[str] = None
-    ) -> Tuple[str, Key]:
+    def import_(cls, keyid: str, homedir: Optional[str] = None) -> Tuple[str, Key]:
         """Load key and signer details from GnuPG keyring.
 
         NOTE: Information about the key validity (expiration, revocation, etc.)
@@ -189,8 +187,7 @@ def import_(
 
         else:
             raise ValueError(
-                f"No exact match found for passed keyid"
-                f" {keyid}, found: {keyids}."
+                f"No exact match found for passed keyid {keyid}, found: {keyids}."
             )
 
         return (uri, public_key)
@@ -214,9 +211,7 @@ def sign(self, payload: bytes) -> Signature:
 
         """
         try:
-            raw_sig = gpg.create_signature(
-                payload, self.public_key.keyid, self.homedir
-            )
+            raw_sig = gpg.create_signature(payload, self.public_key.keyid, self.homedir)
         except gpg_exceptions.KeyNotFoundError as e:
             raise ValueError(e) from e