address review feedback: remove redundant root.json writes, rename docs section

1seal · 1seal · commit d5fa0b05943f · 2026-02-19T14:46:40.000+01:00
Signed-off-by: 1seal &lt;security@1seal.org&gt;
diff --git a/.github/scripts/conformance-client.py b/.github/scripts/conformance-client.py
@@ -27,6 +27,7 @@ def refresh(metadata_url: str, metadata_dir: str) -> None:
     updater = Updater(
         metadata_dir,
         metadata_url,
+        bootstrap=None,
     )
     updater.refresh()
     print(f"python-tuf test client: Refreshed metadata in {metadata_dir}")
@@ -46,6 +47,7 @@ def download_target(
         metadata_url,
         download_dir,
         target_base_url,
+        bootstrap=None,
     )
     target_info = updater.get_targetinfo(target_name)
     if not target_info:
diff --git a/docs/INSTALLATION.rst b/docs/INSTALLATION.rst
@@ -53,8 +53,8 @@ from GitHub, change into the project root directory, and install with pip
    python3 -m pip install -r requirements/dev.txt
 
 
-Bootstrap root metadata
------------------------
+Application deployment
+----------------------
 
 The initial trusted root metadata (``root.json``) is the trust anchor for all
 subsequent metadata verification. Applications should deploy a trusted root
diff --git a/tests/test_updater_consistent_snapshot.py b/tests/test_updater_consistent_snapshot.py
@@ -74,10 +74,6 @@ def _init_repo(
         sim.publish_root()
         sim.prefix_targets_with_hash = prefix_targets
 
-        # Init trusted root with the latest consistent_snapshot
-        with open(os.path.join(self.metadata_dir, "root.json"), "bw") as f:
-            f.write(sim.signed_roots[-1])
-
         return sim
 
     def _init_updater(self) -> Updater:
diff --git a/tests/test_updater_delegation_graphs.py b/tests/test_updater_delegation_graphs.py
@@ -120,10 +120,6 @@ def _init_repo(self, test_case: DelegationsTestCase) -> None:
 
     def _init_updater(self) -> Updater:
         """Create a new Updater instance"""
-        # Init trusted root for Updater
-        with open(os.path.join(self.metadata_dir, "root.json"), "bw") as f:
-            f.write(self.sim.signed_roots[0])
-
         return Updater(
             self.metadata_dir,
             "https://example.com/metadata/",
diff --git a/tests/test_updater_fetch_target.py b/tests/test_updater_fetch_target.py
@@ -40,10 +40,8 @@ def setUp(self) -> None:
         os.mkdir(self.metadata_dir)
         os.mkdir(self.targets_dir)
 
-        # Setup the repository, bootstrap client root.json
+        # Setup the repository
         self.sim = RepositorySimulator()
-        with open(os.path.join(self.metadata_dir, "root.json"), "bw") as f:
-            f.write(self.sim.signed_roots[0])
 
         if self.dump_dir is not None:
             # create test specific dump directory
diff --git a/tests/test_updater_key_rotations.py b/tests/test_updater_key_rotations.py
@@ -72,8 +72,6 @@ def _run_refresh(self) -> None:
 
         # bootstrap with initial root
         self.metadata_dir = tempfile.mkdtemp(dir=self.temp_dir.name)
-        with open(os.path.join(self.metadata_dir, "root.json"), "bw") as f:
-            f.write(self.sim.signed_roots[0])
 
         updater = Updater(
             self.metadata_dir,
diff --git a/tests/test_updater_ng.py b/tests/test_updater_ng.py
@@ -249,15 +249,20 @@ def test_implicit_refresh_with_only_local_root(self) -> None:
     def test_both_target_urls_not_set(self) -> None:
         # target_base_url = None and Updater._target_base_url = None
         updater = Updater(
-            self.client_directory, self.metadata_url, self.dl_dir, bootstrap=None
+            self.client_directory,
+            self.metadata_url,
+            self.dl_dir,
+            bootstrap=None,
         )
         info = TargetFile(1, {"sha256": ""}, "targetpath")
         with self.assertRaises(ValueError):
             updater.download_target(info)
 
     def test_no_target_dir_no_filepath(self) -> None:
         # filepath = None and Updater.target_dir = None
-        updater = Updater(self.client_directory, self.metadata_url, bootstrap=None)
+        updater = Updater(
+            self.client_directory, self.metadata_url, bootstrap=None
+        )
         info = TargetFile(1, {"sha256": ""}, "targetpath")
         with self.assertRaises(ValueError):
             updater.find_cached_target(info)
diff --git a/tests/test_updater_validation.py b/tests/test_updater_validation.py
@@ -23,10 +23,8 @@ def setUp(self) -> None:
         os.mkdir(self.metadata_dir)
         os.mkdir(self.targets_dir)
 
-        # Setup the repository, bootstrap client root.json
+        # Setup the repository
         self.sim = RepositorySimulator()
-        with open(os.path.join(self.metadata_dir, "root.json"), "bw") as f:
-            f.write(self.sim.signed_roots[0])
 
     def tearDown(self) -> None:
         self.temp_dir.cleanup()
@@ -47,7 +45,7 @@ def test_bootstrap_argument_required(self) -> None:
                 self.metadata_dir,
                 "https://example.com/metadata/",
                 fetcher=self.sim,
-            )
+            )  # type: ignore[call-arg]
         self.assertIn("bootstrap", str(ctx.exception))
 
     def test_local_target_storage_fail(self) -> None:
