Update README.md

"Overview" revision.
This commit is contained in:
Vladimir Diaz 2014-07-12 19:28:44 -04:00
parent 57867cbb3e
commit ca3d73b764

View file

@ -24,15 +24,14 @@
### Overview ###
A software update system must complete two main tasks to integrate TUF (The Update
Framework.) First, it must add the framework to the client side of the system.
A software update system must complete two main tasks to integrate The Update
Framework (TUF.) First, it must add the framework to the client side of the system.
The [tuf.client.updater](client/README.md) module and
[tuf.interposition](interposition/README.md) package assist in integrating
TUF on the client side. Second, the repository on the server side must
be modified to include a minimum of four metadata files. No additional software
is required to convert a repository to a TUF one on the server side. The tool to
assist in generating the required metadata files of the repository is the focus
of this document.
is required to convert a repository to a TUF one. The tool to assist in generating
the required metadata files of the repository is the focus of this document.
The [repository tool](repository_tool.py) contains functions to generate all the
@ -56,27 +55,27 @@ $ pip install tuf[tools]
```
A repository object that encapsulates the metadata files of the repository
can be either created or loaded by the repository tool. Repository maintainers
can be created or loaded by the repository tool. Repository maintainers
modify the repository object to update metadata files stored on the
repository. TUF uses the metadata files to validate files requested and
downloaded by clients. In addition to the repository object, where the majority
of changes are made, the repository tool provides functions to generate and
persist cryptographic keys. The framework utilizes cryptographic keys to
sign and verify metadata files. For a comprehensive list of available repository
tool functions and classes, a [diagram](../docs/images/repository_tool-diagram.png)
sign and verify metadata files. For a comprehensive list of repository tool
functions and classes, a [diagram](../docs/images/repository_tool-diagram.png)
is available. Documentation for setting up a TUF client and performing an update is
provided [here](client_setup_and_repository_example.md).
To begin, cryptographic keys are generated. Before metadata files can be validated
by clients and target files fetched in a secure manner, public keys must be created to
pin to particular metadata roles and private keys to generate signatures. After
by clients and target files fetched in a secure manner, public keys must be pinned to
particular metadata roles and signatures generated by the private keys. After
covering keys, the four required top-level roles are introduced. Examples are
given demonstrating the expected work flow, where the metadata roles are created
in a specific order, keys imported and loaded, and the metadata objects signed and
written to disk. Next, target files are added to the repository and included
in metadata. Lastly, custom delegations are added to extend the default
roles in the repository. By the end, a fully populated TUF repository is generated
that can be tested.
written to disk. Lastly, target files are added to the repository, included in
metadata, and custom delegations performed to extend the default roles in the
repository. By the end, a fully populated TUF repository is generated that can be
tested.
### Keys ###
The repository tool supports multiple public-key algorithms, such as