Use future annotations

examples/manual_repo/basic_repo.py

@@ -21,6 +21,8 @@
 
 """
 
+from __future__ import annotations
+
 import os
 import tempfile
 from datetime import datetime, timedelta, timezone

examples/manual_repo/hashed_bin_delegation.py

@@ -16,12 +16,14 @@
 
 """
 
+from __future__ import annotations
+
 import hashlib
 import os
 import tempfile
-from collections.abc import Iterator
 from datetime import datetime, timedelta, timezone
 from pathlib import Path
+from typing import TYPE_CHECKING
 
 from securesystemslib.signer import CryptoSigner, Signer
 
@@ -34,6 +36,9 @@
 )
 from tuf.api.serialization.json import JSONSerializer
 
+if TYPE_CHECKING:
+    from collections.abc import Iterator
+
 
 def _in(days: float) -> datetime:
     """Adds 'days' to now and returns datetime object w/o microseconds."""

examples/manual_repo/succinct_hash_bin_delegations.py

@@ -18,6 +18,8 @@
 NOTE: Metadata files will be written to a 'tmp*'-directory in CWD.
 """
 
+from __future__ import annotations
+
 import math
 import os
 import tempfile

examples/repository/_simplerepo.py

@@ -3,12 +3,13 @@
 
 """Simple example of using the repository library to build a repository"""
 
+from __future__ import annotations
+
 import copy
 import json
 import logging
 from collections import defaultdict
 from datetime import datetime, timedelta, timezone
-from typing import Union
 
 from securesystemslib.signer import CryptoSigner, Key, Signer
 
@@ -93,7 +94,7 @@ def snapshot_info(self) -> MetaFile:
 
     def _get_verification_result(
         self, role: str, md: Metadata
-    ) -> Union[VerificationResult, RootVerificationResult]:
+    ) -> VerificationResult | RootVerificationResult:
         """Verify roles metadata using the existing repository metadata"""
         if role == Root.type:
             assert isinstance(md.signed, Root)

examples/uploader/_localrepo.py

@@ -3,6 +3,8 @@
 
 """A Repository implementation for maintainer and developer tools"""
 
+from __future__ import annotations
+
 import contextlib
 import copy
 import json

pyproject.toml

@@ -10,7 +10,7 @@ name = "tuf"
 description = "A secure updater framework for Python"
 readme = "README.md"
 license = { text = "MIT OR Apache-2.0" }
-requires-python = ">=3.9"
+requires-python = ">=3.8"
 authors = [
   { email = "[email protected]" },
 ]
@@ -96,7 +96,6 @@ ignore = [
     "TRY",
 
     # Individual rules that have been disabled
-    "ANN101", "ANN102", # nonsense, deprecated in ruff
     "D400", "D415", "D213", "D205", "D202", "D107", "D407", "D413", "D212", "D104", "D406", "D105", "D411", "D401", "D200", "D203",
     "ISC001", # incompatible with ruff formatter
     "PLR0913", "PLR2004",
@@ -150,3 +149,13 @@ module = [
   "securesystemslib.*",
 ]
 ignore_missing_imports = "True"
+
+[tool.coverage.report]
+exclude_also = [
+    # abstract class method definition
+    "raise NotImplementedError",
+    # defensive programming: these cannot happen
+    "raise AssertionError",
+    # imports for mypy only
+    "if TYPE_CHECKING",
+]

requirements/test.txt

@@ -4,5 +4,5 @@
 -r pinned.txt
 
 # coverage measurement
-coverage==7.6.8
+coverage[toml]==7.6.8
 freezegun==1.5.1

tests/generated_data/generate_md.py

@@ -3,10 +3,11 @@
 # Copyright New York University and the TUF contributors
 # SPDX-License-Identifier: MIT OR Apache-2.0
 
+from __future__ import annotations
+
 import os
 import sys
 from datetime import datetime, timezone
-from typing import Optional
 
 from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey
 from securesystemslib.signer import CryptoSigner, Signer, SSlibKey
@@ -80,7 +81,7 @@ def verify_generation(md: Metadata, path: str) -> None:
 
 
 def generate_all_files(
-    dump: Optional[bool] = False, verify: Optional[bool] = False
+    dump: bool | None = False, verify: bool | None = False
 ) -> None:
     """Generate a new repository and optionally verify it.
 

tests/repository_simulator.py

@@ -42,13 +42,14 @@
     updater.refresh()
 """
 
+from __future__ import annotations
+
 import datetime
 import logging
 import os
 import tempfile
-from collections.abc import Iterator
 from dataclasses import dataclass, field
-from typing import Optional
+from typing import TYPE_CHECKING
 from urllib import parse
 
 import securesystemslib.hash as sslib_hash
@@ -72,6 +73,9 @@
 from tuf.api.serialization.json import JSONSerializer
 from tuf.ngclient.fetcher import FetcherInterface
 
+if TYPE_CHECKING:
+    from collections.abc import Iterator
+
 logger = logging.getLogger(__name__)
 
 SPEC_VER = ".".join(SPECIFICATION_VERSION)
@@ -81,8 +85,8 @@
 class FetchTracker:
     """Fetcher counter for metadata and targets."""
 
-    metadata: list[tuple[str, Optional[int]]] = field(default_factory=list)
-    targets: list[tuple[str, Optional[str]]] = field(default_factory=list)
+    metadata: list[tuple[str, int | None]] = field(default_factory=list)
+    targets: list[tuple[str, str | None]] = field(default_factory=list)
 
 
 @dataclass
@@ -116,7 +120,7 @@ def __init__(self) -> None:
         # Enable hash-prefixed target file names
         self.prefix_targets_with_hash = True
 
-        self.dump_dir: Optional[str] = None
+        self.dump_dir: str | None = None
         self.dump_version = 0
 
         self.fetch_tracker = FetchTracker()
@@ -201,7 +205,7 @@ def _fetch(self, url: str) -> Iterator[bytes]:
             if role == Root.type or (
                 self.root.consistent_snapshot and ver_and_name != Timestamp.type
             ):
-                version: Optional[int] = int(version_str)
+                version: int | None = int(version_str)
             else:
                 # the file is not version-prefixed
                 role = ver_and_name
@@ -213,7 +217,7 @@ def _fetch(self, url: str) -> Iterator[bytes]:
             target_path = path[len("/targets/") :]
             dir_parts, sep, prefixed_filename = target_path.rpartition("/")
             # extract the hash prefix, if any
-            prefix: Optional[str] = None
+            prefix: str | None = None
             filename = prefixed_filename
             if self.root.consistent_snapshot and self.prefix_targets_with_hash:
                 prefix, _, filename = prefixed_filename.partition(".")
@@ -223,9 +227,7 @@ def _fetch(self, url: str) -> Iterator[bytes]:
         else:
             raise DownloadHTTPError(f"Unknown path '{path}'", 404)
 
-    def fetch_target(
-        self, target_path: str, target_hash: Optional[str]
-    ) -> bytes:
+    def fetch_target(self, target_path: str, target_hash: str | None) -> bytes:
         """Return data for 'target_path', checking 'target_hash' if it is given.
 
         If hash is None, then consistent_snapshot is not used.
@@ -244,7 +246,7 @@ def fetch_target(
         logger.debug("fetched target %s", target_path)
         return repo_target.data
 
-    def fetch_metadata(self, role: str, version: Optional[int] = None) -> bytes:
+    def fetch_metadata(self, role: str, version: int | None = None) -> bytes:
         """Return signed metadata for 'role', using 'version' if it is given.
 
         If version is None, non-versioned metadata is being requested.
@@ -261,7 +263,7 @@ def fetch_metadata(self, role: str, version: Optional[int] = None) -> bytes:
             return self.signed_roots[version - 1]
 
         # sign and serialize the requested metadata
-        md: Optional[Metadata]
+        md: Metadata | None
         if role == Timestamp.type:
             md = self.md_timestamp
         elif role == Snapshot.type:

tests/test_api.py

@@ -2,6 +2,8 @@
 # SPDX-License-Identifier: MIT OR Apache-2.0
 """Unit tests for api/metadata.py"""
 
+from __future__ import annotations
+
 import json
 import logging
 import os
@@ -12,7 +14,7 @@
 from copy import copy, deepcopy
 from datetime import datetime, timedelta, timezone
 from pathlib import Path
-from typing import ClassVar, Optional
+from typing import ClassVar
 
 from securesystemslib import exceptions as sslib_exceptions
 from securesystemslib import hash as sslib_hash
@@ -245,8 +247,8 @@ def from_priv_key_uri(
                 cls,
                 priv_key_uri: str,
                 public_key: Key,
-                secrets_handler: Optional[SecretsHandler] = None,
-            ) -> "Signer":
+                secrets_handler: SecretsHandler | None = None,
+            ) -> Signer:
                 pass
 
             @property

tests/test_examples.py

@@ -2,6 +2,8 @@
 # SPDX-License-Identifier: MIT OR Apache-2.0
 """Unit tests for 'examples' scripts."""
 
+from __future__ import annotations
+
 import glob
 import os
 import shutil

tests/test_metadata_eq_.py

@@ -3,6 +3,8 @@
 
 """Test __eq__ implementations of classes inside tuf/api/metadata.py."""
 
+from __future__ import annotations
+
 import copy
 import os
 import sys
@@ -63,7 +65,7 @@ def setUpClass(cls) -> None:
 
     # Keys are class names.
     # Values are dictionaries containing attribute names and their new values.
-    classes_attributes_modifications: utils.DataSet = {
+    classes_attributes_modifications = {
         "Metadata": {"signed": None, "signatures": None},
         "Signed": {"version": -1, "spec_version": "0.0.0"},
         "Key": {"keyid": "a", "keytype": "foo", "scheme": "b", "keyval": "b"},