mirror of
https://github.com/theupdateframework/python-tuf
synced 2026-05-24 10:08:28 +00:00
Add a more complicated repo example with the CLI
Signed-off-by: Vladimir Diaz <vladimir.v.diaz@gmail.com>
This commit is contained in:
parent
c302bf6c36
commit
416c0d75cc
1 changed files with 86 additions and 8 deletions
|
|
@ -51,6 +51,9 @@ $ tree .
|
|||
|
||||
|
||||
## Replace a top-level key ##
|
||||
Note: The top-level keys should be named "root_key," "targets_key," "snapshot_key,"
|
||||
and "root_key." Additional top-level keys may be named anything, and must
|
||||
be used with --sign.
|
||||
|
||||
```Bash
|
||||
$ repo.py --init
|
||||
|
|
@ -63,16 +66,91 @@ Enter a password for the encrypted key (tufkeystore/root_key):
|
|||
|
||||
|
||||
## A more complicated example ##
|
||||
(1) create a bare repo (2) add keys to the top-level roles (3) delegate
|
||||
trust of particular target files to another role X, where role X has a
|
||||
signature threshold >1 and is marked as a terminating delegation (4) create a
|
||||
subdelegation Y (5) have role X sign for a file also trusted and signed by role Y, to
|
||||
demonstrate the expected file that should be downloaded by clients (6)
|
||||
perform an update (7) revoke Y (8) show update behavior after Y's revocation.
|
||||
(1) create a bare repo (2) add keys to the top-level roles (3) delegate trust
|
||||
of particular target files to another role X, where role X has a signature
|
||||
threshold 2 and is marked as a terminating delegation (4) Delegate from role X
|
||||
to role Y. (5) have role X sign for a file also signed by the Targets role, to
|
||||
demonstrate the expected file that should be downloaded by the client (6)
|
||||
perform an update (7) halt the server, add README.txt to the Targets role,
|
||||
restart server, and fetch the Target's role README.txt (8) Add LICENSE to
|
||||
yrole and demonstate that the client must not fetch it because xrole is
|
||||
a terminating delegation (and hasn't signed for it).
|
||||
|
||||
(1) and (2)
|
||||
```Bash
|
||||
$ repo.py --init --consistent --bare
|
||||
$ repo.py --key ed25519 --filename root_key
|
||||
$ repo.py --trust --pubkeys tufkeystore/root_key.pub --role root
|
||||
$ repo.py --key ecdsa --filename targets_key
|
||||
$ repo.py --trust --pubkeys tufkeystore/targets_key.pub --role targets
|
||||
$ repo.py --key rsa --filename snapshot_key
|
||||
$ repo.py --trust --pubkeys tufkeystore/snapshot_key.pub --role snapshot
|
||||
$ repo.py --key ecdsa --filename timestamp_key
|
||||
$ repo.py --trust --pubkeys tufkeystore/timestamp_key.pub --role timestamp
|
||||
$ repo.py --sign tufkeystore/root_key --role root
|
||||
Enter a password for the encrypted key (tufkeystore/root_key):
|
||||
$ repo.py --sign tufkeystore/targets_key --role targets
|
||||
Enter a password for the encrypted key (tufkeystore/targets_key):
|
||||
```
|
||||
|
||||
(3) and (4)
|
||||
```Bash
|
||||
$ repo.py --delegate "README.*" "LICENSE" --delegatee xrole --pubkeys
|
||||
tufkeystore/xkey.pub tufkeystore/xkey2.pub --threshold 2 --terminating
|
||||
$ repo.py --sign tufkeystore/xkey tufkeystore/xkey2 --role xrole
|
||||
$ repo.py --key ed25519 --filename ykey
|
||||
$ repo.py --delegate "README.*" "LICENSE" --delegatee yrole --role xrole
|
||||
--pubkeys tufkeystore/ykey.pub --sign tufkeystore/xkey tufkeystore/xkey2
|
||||
$ repo.py --sign tufkeystore/ykey --role yrole
|
||||
```
|
||||
|
||||
(5) and (6)
|
||||
```Bash
|
||||
$ echo "xrole's readme" > README.txt
|
||||
$ repo.py --add README.txt --role xrole --sign tufkeystore/xkey tufkeystore/xkey2
|
||||
```
|
||||
|
||||
Serve the repo
|
||||
```Bash
|
||||
$ cd tufrepo/
|
||||
$ python -m SimpleHTTPServer 8001
|
||||
```
|
||||
|
||||
Fetch the xrole's README.txt
|
||||
```Bash
|
||||
$ client.py --repo http://localhost:8001 README.txt
|
||||
$ cat tuftargets/README.txt
|
||||
xrole's readme
|
||||
```
|
||||
|
||||
(7)
|
||||
|
||||
```Bash
|
||||
$ repo.py --init --bare
|
||||
|
||||
halt server...
|
||||
|
||||
$ echo "Target role's readme" > README.txt
|
||||
$ repo.py --add README.txt
|
||||
|
||||
restart server...
|
||||
```
|
||||
|
||||
```Bash
|
||||
$ rm -rf tuftargets/ tuf.log
|
||||
$ client.py --repo http://localhost:8001 README.txt
|
||||
$ cat tuftargets/README.txt
|
||||
Target role's readme
|
||||
```
|
||||
|
||||
(8)
|
||||
```Bash
|
||||
$ echo "yrole's license" > LICENSE
|
||||
$ repo.py --add LICENSE --role yrole --sign tufkeystore/ykey
|
||||
```
|
||||
|
||||
```Bash
|
||||
$ rm -rf tuftargets/ tuf.log
|
||||
$ client.py --repo http://localhost:8001 LICENSE
|
||||
Traceback (most recent call last):
|
||||
...
|
||||
tuf.exceptions.UnknownTargetError: 'LICENSE' not found.
|
||||
```
|
||||
|
|
|
|||
Loading…
Reference in a new issue