mirror of
https://github.com/theupdateframework/python-tuf
synced 2026-05-24 10:08:28 +00:00
Update README.md
"Overview" revision.
This commit is contained in:
parent
57867cbb3e
commit
ca3d73b764
1 changed files with 13 additions and 14 deletions
|
|
@ -24,15 +24,14 @@
|
|||
|
||||
|
||||
### Overview ###
|
||||
A software update system must complete two main tasks to integrate TUF (The Update
|
||||
Framework.) First, it must add the framework to the client side of the system.
|
||||
A software update system must complete two main tasks to integrate The Update
|
||||
Framework (TUF.) First, it must add the framework to the client side of the system.
|
||||
The [tuf.client.updater](client/README.md) module and
|
||||
[tuf.interposition](interposition/README.md) package assist in integrating
|
||||
TUF on the client side. Second, the repository on the server side must
|
||||
be modified to include a minimum of four metadata files. No additional software
|
||||
is required to convert a repository to a TUF one on the server side. The tool to
|
||||
assist in generating the required metadata files of the repository is the focus
|
||||
of this document.
|
||||
is required to convert a repository to a TUF one. The tool to assist in generating
|
||||
the required metadata files of the repository is the focus of this document.
|
||||
|
||||
|
||||
The [repository tool](repository_tool.py) contains functions to generate all the
|
||||
|
|
@ -56,27 +55,27 @@ $ pip install tuf[tools]
|
|||
```
|
||||
|
||||
A repository object that encapsulates the metadata files of the repository
|
||||
can be either created or loaded by the repository tool. Repository maintainers
|
||||
can be created or loaded by the repository tool. Repository maintainers
|
||||
modify the repository object to update metadata files stored on the
|
||||
repository. TUF uses the metadata files to validate files requested and
|
||||
downloaded by clients. In addition to the repository object, where the majority
|
||||
of changes are made, the repository tool provides functions to generate and
|
||||
persist cryptographic keys. The framework utilizes cryptographic keys to
|
||||
sign and verify metadata files. For a comprehensive list of available repository
|
||||
tool functions and classes, a [diagram](../docs/images/repository_tool-diagram.png)
|
||||
sign and verify metadata files. For a comprehensive list of repository tool
|
||||
functions and classes, a [diagram](../docs/images/repository_tool-diagram.png)
|
||||
is available. Documentation for setting up a TUF client and performing an update is
|
||||
provided [here](client_setup_and_repository_example.md).
|
||||
|
||||
To begin, cryptographic keys are generated. Before metadata files can be validated
|
||||
by clients and target files fetched in a secure manner, public keys must be created to
|
||||
pin to particular metadata roles and private keys to generate signatures. After
|
||||
by clients and target files fetched in a secure manner, public keys must be pinned to
|
||||
particular metadata roles and signatures generated by the private keys. After
|
||||
covering keys, the four required top-level roles are introduced. Examples are
|
||||
given demonstrating the expected work flow, where the metadata roles are created
|
||||
in a specific order, keys imported and loaded, and the metadata objects signed and
|
||||
written to disk. Next, target files are added to the repository and included
|
||||
in metadata. Lastly, custom delegations are added to extend the default
|
||||
roles in the repository. By the end, a fully populated TUF repository is generated
|
||||
that can be tested.
|
||||
written to disk. Lastly, target files are added to the repository, included in
|
||||
metadata, and custom delegations performed to extend the default roles in the
|
||||
repository. By the end, a fully populated TUF repository is generated that can be
|
||||
tested.
|
||||
|
||||
### Keys ###
|
||||
The repository tool supports multiple public-key algorithms, such as
|
||||
|
|
|
|||
Loading…
Reference in a new issue