Elgato_dark/python-tuf
1
0
Fork 0
mirror of https://github.com/theupdateframework/python-tuf synced 2026-05-24 10:08:28 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
3274 commits 28 branches 35 tags 23 MiB
Commit graph

261 commits

Author SHA1 Message Date
Vladimir Diaz
a2bc692260
Edit format of QUICKSTART.md 
Signed-off-by: Vladimir Diaz <vladimir.v.diaz@gmail.com>
 2018-01-26 11:23:59 -05:00
Vladimir Diaz
075dc3de28
Add CLI.md 
Signed-off-by: Vladimir Diaz <vladimir.v.diaz@gmail.com>
 2018-01-26 11:16:48 -05:00
Vladimir Diaz
d39870ca8f
Relocate extra examples to CLI.md, and link to CLI and Tutorial 
Signed-off-by: Vladimir Diaz <vladimir.v.diaz@gmail.com>
 2018-01-26 11:16:21 -05:00
Vladimir Diaz
f4e2436ef5
Label steps in QUICKSTART.md 
Signed-off-by: Vladimir Diaz <vladimir.v.diaz@gmail.com>
 2018-01-25 17:34:39 -05:00
Vladimir Diaz
4f52b7f70c
Add tentative full working example 
Signed-off-by: Vladimir Diaz <vladimir.v.diaz@gmail.com>
 2018-01-25 17:33:14 -05:00
Vladimir Diaz
930949dc9b
Add QUICKSTART.md 
Signed-off-by: Vladimir Diaz <vladimir.v.diaz@gmail.com>
 2018-01-25 17:11:32 -05:00
Vladimir Diaz
7f8ea0ac63
Edit link to QUICKSTART doc 
Signed-off-by: Vladimir Diaz <vladimir.v.diaz@gmail.com>
 2018-01-25 17:10:50 -05:00
Vladimir Diaz
5bf4ed68b6
Rename tutorial doc 
Signed-off-by: Vladimir Diaz <vladimir.v.diaz@gmail.com>
 2018-01-24 15:23:45 -05:00
Vladimir Diaz
1212594a57
More organizational changes 
Modified documentation links in README.
Added a Getting Started doc

Signed-off-by: Vladimir Diaz <vladimir.v.diaz@gmail.com>
 2018-01-24 14:09:48 -05:00
Vladimir Diaz
5aecea70b9
Move docs to the docs/ directory 
Signed-off-by: Vladimir Diaz <vladimir.v.diaz@gmail.com>
 2018-01-24 10:57:01 -05:00
Vladimir Diaz
3f404dd886
Add banner_readme.png 
Signed-off-by: Vladimir Diaz <vladimir.v.diaz@gmail.com>
 2018-01-23 16:36:51 -05:00
Vladimir Diaz
56896b97c9
Add SVG banner 
Signed-off-by: Vladimir Diaz <vladimir.v.diaz@gmail.com>
 2018-01-23 11:10:57 -05:00
Vladimir Diaz
ed63201289
Remove obsolete proposals director (which now lives in the taps repo) 2017-10-11 15:50:59 -04:00
Vladimir Diaz
57c8862ee9
Edit specifiation files to point to their new location 2017-10-11 15:49:47 -04:00
Vladimir Diaz
c2f9d63f12 Update Last Modified 2017-10-11 12:20:12 -04:00
Vladimir Diaz
1014f1b104
Add ecdsa-sha2-nistp256 to specification 2017-10-11 12:05:11 -04:00
Vladimir Diaz
6e2344d46d Fix 'schdemes' typo 2017-10-10 15:24:23 -04:00
Vladimir Diaz
8824ec87a1 Remove references to 'method' as proposed by TAP 9 
TAP 9 removed the `method` attribute from metadata.
https://github.com/theupdateframework/taps/blob/master/tap9.md
 2017-10-10 15:22:42 -04:00
goldenMetteyya
d8b477b360 Update tuf-spec.md 
minor fixes
 2017-10-09 20:46:07 -04:00
Vladimir Diaz
be38eec5a2 Merge branch 'develop' into add_mercury_paper 2017-08-31 10:16:18 -04:00
Vladimir Diaz
fb9aa3e5fd
Add Mercury paper and entry in README.rst 2017-08-31 10:13:05 -04:00
Vladimir Diaz
cabc2d0886 Update tuf-spec.md 
Fix link to section "Future directions and open questions."
 2017-08-30 10:19:14 -04:00
Andrew Meyer
100c5a7f3b Fix links in table of contents 2017-08-30 08:32:47 -05:00
Vladimir Diaz
0ff07186a9
Add spec_version to tuf-spec.md 2017-08-28 17:31:25 -04:00
Vladimir Diaz
d2f85ec2b4
Remove mention of compression from specification 2017-08-28 11:16:43 -04:00
Vladimir Diaz
e4d2d50558 Update tuf-spec.md 
Incorporate TAP 9 changes.
 2017-08-23 15:05:35 -04:00
Vladimir Diaz
645a5670ec
Add disclaimer that tuf-spec.txt has been moved 2017-08-03 13:24:05 -04:00
Vladimir Diaz
bb50bee58c
re-add tuf-spec.txt, otherwise it breaks existing links to this file 2017-08-03 12:52:24 -04:00
Vladimir Diaz
2bbaade39e
Add symlink (tuf-spec.txt) to tuf-spec.md 2017-08-03 11:56:52 -04:00
Vladimir Diaz
3312f306e5
Remove tuf-spec.txt 
tuf-spec.md is the only specification that we should edit, not two.
 2017-08-03 10:33:39 -04:00
Vladimir Diaz
e121dbf595
Bold the version and last modified entries 2017-08-02 15:31:38 -04:00
Vladimir Diaz
9a77a35a46
Fix links in TOC 2017-08-02 15:25:59 -04:00
Vladimir Diaz
95e1e6e1b7
Add table of contents 2017-08-02 15:22:04 -04:00
Vladimir Diaz
1d677521fd
Edit more lists 2017-08-02 15:10:57 -04:00
Vladimir Diaz
da864ecb90
Format code block and rename markdown file 2017-08-02 14:55:56 -04:00
Vladimir Diaz
a2581dc193 Update TUF-spec.md 2017-08-02 14:34:34 -04:00
Vladimir Diaz
a9341260b1 Edit the lists in the Goals sections 2017-08-02 12:54:03 -04:00
Lois Anne DeLong
293989ce52 coverted spec to MD 
Move text to Markdown format and did my best to add the correct formatting
 2017-07-28 15:50:31 -04:00
Vladimir Diaz
2b5faf4a67 Merge branch 'develop' into _type_role_lowercase 2017-07-12 15:13:17 -04:00
Vladimir Diaz
d13a401678
Update specification 2017-07-12 15:09:15 -04:00
Vladimir Diaz
ca6a0422c3 Update tuf-spec.txt 
Further edits to client workflow to replace instances of "this metadata file" with the specific metadata file.
 2017-07-12 10:45:44 -04:00
Vladimir Diaz
7e71080156 Use consistent wording in the client workflow 
Fixes issue #458.
 2017-07-11 17:01:09 -04:00
Vladimir Diaz
84713f366b Fix for issue #465 
Addresses issue #465, where the hash and length of Root are no longer listed in Snapshot.
 2017-07-06 16:55:19 -04:00
Vladimir Diaz
9025b90bac Justify why a compromise of Root keys should be avoided 2017-06-20 11:27:06 -04:00
Vladimir Diaz
78c81c43a5 Merge branch 'develop' into vladimir-v-diaz-patch-4 2017-06-19 16:46:25 -04:00
Vladimir Diaz
5b2407b04e Address what should happen when Root keys are compromised 2017-06-19 15:29:24 -04:00
Vladimir Diaz
a44551b77b Merge branch 'develop' into add-detailed-workflow 2017-06-19 12:17:18 -04:00
Trishank Karthik Kuppusamy
207a0a0bb6 Remove an extraneous step (thanks @heartsucker). 2017-06-03 14:21:15 -04:00
Vladimir Diaz
dae2b7a349 Merge branch 'develop' into update_specification 2017-06-02 11:14:43 -04:00
Trishank Karthik Kuppusamy
13cfa2ee6f Clarify checking for freeze attacks on the root metadata file. 2017-05-31 11:49:07 -04:00
Vladimir Diaz
c1e72e0fdd "latest time" --> "latest known time" 2017-05-24 12:37:43 -04:00
Vladimir Diaz
b7f893dd62 Edit instances of "downloaded time" to just "time" 2017-05-24 12:37:43 -04:00
Vladimir Diaz
836ebe59cb Fix section 3, where the hash is specified rather than the version number 2017-05-24 12:14:36 -04:00
Trishank Karthik Kuppusamy
c5e8c079bb Fix bloopers. 2017-05-23 21:41:31 -04:00
Trishank Karthik Kuppusamy
558fb43dec Merge branch 'add-detailed-workflow' of github.com:trishankkarthik/tuf into add-detailed-workflow 2017-05-23 17:12:20 -04:00
Trishank Karthik Kuppusamy
98de3c490f Worked with @vladimir-v-diaz to add root migration workflow. 
Also corrected how files are fetched.
 2017-05-23 17:09:57 -04:00
Vladimir Diaz
06665c0bdc Merge branch 'develop' into add-detailed-workflow 2017-05-23 12:20:25 -04:00
Trishank Karthik Kuppusamy
d80ea0b145 Add a note about the expiration of the previous root metadata file. 2017-05-19 16:32:48 -04:00
Trishank Karthik Kuppusamy
3935141b85 Remove what seems like an unnecessary note. 2017-05-19 16:31:18 -04:00
Trishank Karthik Kuppusamy
a2a5931883 Merge reading consistent snapshots with the client update workflow. 2017-05-19 00:45:28 -04:00
Trishank Karthik Kuppusamy
5666cbcfc0 Remove what seems like unnecessary, obsolete text. 2017-05-19 00:10:50 -04:00
Trishank Karthik Kuppusamy
487d27a654 Add subtleties to preorder DFS for targets. 2017-05-19 00:10:29 -04:00
Trishank Karthik Kuppusamy
30536cfb1a Edit Section 7.2 to reflect Section 5.1. 
Ideally, the former should be merged with the latter.
 2017-05-18 21:09:35 -04:00
Trishank Karthik Kuppusamy
c5deaa340f Explain why download targets up to the # of bytes in the targets metadata. 2017-05-18 20:59:00 -04:00
Trishank Karthik Kuppusamy
8b1f85363a Explain how to obtain and load the previous root metadata file. 2017-05-18 20:58:37 -04:00
Trishank Karthik Kuppusamy
947e366557 Use "MUST" with regard to RFC 2119. 2017-05-18 20:44:46 -04:00
Vladimir Diaz
70cf57ad85 Slight edit to fix incorrect version of root file 2017-05-18 16:04:44 -04:00
Vladimir Diaz
1269ed9678 Fix whitespace issue in previous commit 2017-05-18 16:04:44 -04:00
Vladimir Diaz
4a1791d125 Incorporate @awwad and @heartsucker suggestions 2017-05-18 16:04:44 -04:00
Vladimir Diaz
be7a7ffd6f Clarify procedure for updating to new root.json 
Client's should validate new root.json according to the threshold and keys set by its previous version.

See @heartsucker comment [here](https://github.com/heartsucker/rust-tuf/issues/42#issuecomment-302436972)
 2017-05-18 16:04:44 -04:00
Trishank Karthik Kuppusamy
afa804f093 Clarify that the previous snapshot metadata file may be safely expired. 2017-05-18 12:36:01 -04:00
Trishank Karthik Kuppusamy
6236878eb1 Address comments by @JustinCappos. 2017-04-26 15:07:56 -04:00
Trishank Karthik Kuppusamy
f092d2a87b Expand on the TUF client update workflow, per popular demand. 2017-04-26 14:02:01 -04:00
Vladimir Diaz
7eae7e38b0 Explain that section 7 covers consistent snapshots 2017-04-24 16:10:16 -04:00
Vladimir Diaz
3532fb8005 Remove alternative schemes for overlapping targets 2017-04-24 14:59:18 -04:00
Vladimir Diaz
116cb39039 Add matching example of shell-style wildcard 
One more matching example here would help. Right now, it looks as if "?" matches only "numbers".
 2017-04-24 12:55:51 -04:00
Vladimir Diaz
adf48f90ce Remove parenthetical note 
in text for terminating delegations.
 2017-04-24 12:25:12 -04:00
Vladimir Diaz
6665d25b9e Remove notion of a full rolename 
We previously used a full rolename when delegations resembled a tree
 2017-02-27 16:22:10 -05:00
Vladimir Diaz
6cca34b6f1 Add 'terminating' attribute and text explaining its use 2017-02-27 16:19:25 -05:00
Vladimir Diaz
bbd3288245 Update text for handling overlapping targets between delegations. 
Remove note about priority tag schemes and our investigation of several of these schemes
 2017-02-27 15:29:51 -05:00
Vladimir Diaz
1a00c4cd8f Update text describing format of PATHPATTERN 2017-02-27 15:11:37 -05:00
Vladimir Diaz
c105077d05 Add compression_algorithms and consistent_snapshot attributes to root.json 2017-02-27 14:48:37 -05:00
Vladimir Diaz
76435bfdb5 Update tuf-spec.txt 
Add improved definition of the fast-forward attack in the specification.
 2017-02-07 11:29:43 -05:00
Vladimir Diaz
70fc8dce36 Resolve merge conflicts with upstream and ecordell-root-versioning 2016-10-18 10:28:04 -04:00
Vladimir Diaz
8882dc5b7b Merge branch 'root-versioning' of https://github.com/ecordell/tuf into ecordell-root-versioning 
Conflicts:
	tests/test_key_revocation.py
	tests/test_replay_attack.py
	tests/test_repository_tool.py
	tests/test_updater.py
	tuf/formats.py
	tuf/repository_lib.py
 2016-10-17 15:57:48 -04:00
Vladimir Diaz
3ab08e52f6 Update tuf-spec.txt 
Distinguish the "signed" portion of a metadata file from the entire file itself.  Addressing comment provided by @HuKeping
 2016-10-07 10:57:19 -04:00
Evan Cordell
a11709000d Add root versioning for root key rotation 2016-09-19 15:18:20 -04:00
Vladimir Diaz
5d2c8fdc76 Update tuf-spec.txt 
Remove mention of a "private" dictionary key in metadata.  Public TUF metadata consumed by clients would never include a "private" field, so it shouldn't be specified here in the specification.
 2016-09-15 14:23:44 -04:00
Vladimir Diaz
f8e56d29e6 Add favicons 
Add two favicons that are easier to see in the browser.
 2016-09-02 10:22:58 -04:00
Vladimir Diaz
158f452b1b Create new folder 
Add a `proposals` folder to keep track of changes made to specification.
 2016-08-25 14:09:31 -04:00
Vladimir Diaz
fbd901422f Update tuf-spec.txt 
Address issue #364.  The specification includes examples of metadata with version numbers listed, but the description of snapshot.json does not.  The `custom` field is listed only in targets metadata.
 2016-08-25 07:02:00 -04:00
Vladimir Diaz
0dac8e7b19 Update tuf-spec.txt 
Move text explaining where delegated roles live on the repository
 2016-08-22 15:23:19 -04:00
Vladimir Diaz
53b16aefd1 Update tuf-spec.txt 
All delegated metadata is stored in one flat directory.
 2016-08-09 15:02:14 -04:00
Jonathan Rudenberg
03a5cc4b36 Use HTTPS links in spec 2016-08-08 11:32:00 -04:00
Jonathan Rudenberg
eac88eb3e8 Fix Thandy link 2016-08-08 11:19:38 -04:00
Vladimir Diaz
15bbbb7b53 List fast-forward attack in the specification, including those missing. Alphabetize the attacks. 2016-07-28 16:06:59 -04:00
Vladimir Diaz
ece53b413d Mark the version 1.0 specification as a draft 2016-07-28 13:12:58 -04:00
Vladimir Diaz
f57a0bb1a9 Save version 0.9 of specification 2016-07-26 12:21:49 -04:00
Vladimir Diaz
2f909f695f Add Spec 1.0 2016-07-26 12:17:31 -04:00
Vladimir Diaz
e3a1544070 Begin implementation changes to address issue with a global role and key database 2016-05-06 12:13:57 -04:00
Vladimir Diaz
1bed3e09a4 Update tuf-spec.txt 2016-02-25 17:29:36 -05:00
Vladimir Diaz
b008edd7cd Update tuf-spec.txt 
Begin section 5.1 (The Client Application) with a concise overview of the update procedure followed by client applications.  Follow the overview text with the more detailed explanation of the update procedure.
 2016-02-25 17:24:23 -05:00
Vladimir Diaz
e943048757 Add Diplomat paper 2016-02-19 14:13:03 -05:00
Vladimir Diaz
801c4ced2f Remove logo of dolly 2016-02-19 11:15:51 -05:00
Vladimir Diaz
30bd90810d Rename the banner images 2016-02-19 11:14:28 -05:00
Vladimir Diaz
2c0ef0c94a Merge branch 'logo' of github.com:vladimir-v-diaz/tuf into logo 2016-02-19 11:10:05 -05:00
Vladimir Diaz
1b378a2f80 Add avatar, banner, and favicon 2016-02-19 11:07:43 -05:00
Vladimir Diaz
b60b741261 Update tuf-spec.txt 
* @jawi recommended that the specification say that it is up to implementers to decide how keys should be securely stored.

* Python implementation -> reference implementation: for clarity and to be consistent with other documents.
 2015-11-17 15:19:24 -05:00
Vladimir Diaz
cb1591e63d Update tuf-spec.txt 
Fix for issue #296.  We should document which underlying hash function is used with PKCS #1 RSA PSS signatures to maintain compatibility with different clients, or integrators that wish to verify/test our metadata.
 2015-11-11 12:55:30 -05:00
Benno Fünfstück
6ae6a0cda0 tuf-spec.txt: fix duplicate 'the' 2015-10-03 15:40:24 +02:00
Vladimir Diaz
bd757d6738 Update tuf-spec.txt 
Add date and version number.
 2015-05-14 18:02:26 -04:00
Vladimir Diaz
d1d4b3cc56 Add examples of top-level role files to tuf-spec.txt. Fix for issue #273 2015-05-03 15:28:38 -04:00
Vladimir Diaz
91b2405ab4 Update tuf-spec.txt 
Fix for issue #271.
 2015-05-01 10:42:04 -04:00
Vladimir Diaz
e370553d62 Update tuf-spec.txt. Fix for issue #269. 
Specify format of HASHES.
 2015-04-29 11:33:35 -04:00
Arturo Filastò
db0ba6d0f1 Minor typo fixes 2015-01-02 14:42:33 +01:00
Vladimir Diaz
53baf44c65 Add logo. 
Preview logo (dolly).
 2014-12-23 15:49:15 -05:00
Vladimir Diaz
66f4b88ef2 Update repository tool diagram and coverage. 
Fix text box alignment in diagram.
Omit coverage of repository tool prompt and getpass.
Minor coverage update.
 2014-06-03 14:59:56 -04:00
vladdd
5f94d5be0d Support ISO 8601, vendor iso8601, clean codebase. 2014-04-19 14:27:53 -04:00
Vladimir Diaz
0f86447eac Update tuf-spec.txt 
Update time format.
 2014-04-15 13:23:41 -04:00
Vladimir Diaz
4ddd5a417c Update repository tool diagram. 
Add missing 'repository_tool.Metadata.signatures' to the diagram.
 2014-04-09 12:52:20 -04:00
vladdd
e9da58328b Update repository_tool-diagram.png and comments. 
Minor updates to comments of the previous repository_tool.py commit.
Update repository_tool-diagram.png to list disable_console_log_messages().
Rename disable_console_messages().
 2014-03-05 19:40:05 -05:00
Vladimir Diaz
d92b78b971 Update tuf-spec.txt 
Update section on supported cryptographic signatures.
Add some whitespace to improve readability.
 2014-03-05 12:20:44 -05:00
Vladimir Diaz
416d39bfc8 Update tuf-spec.txt 
Address issue #179
Lines 800, 803: (root|timestamp).digest.json -> digest.(root|timestamp).json
 2014-02-26 09:33:09 -05:00
Vladimir Diaz
a6c3b447d4 Update tuf-spec.txt 2014-02-13 12:10:08 -05:00
vladdd
cdaacb9da3 Update tuf-spec.txt. 
Incorporate recent design changes, such as a role name change, supported signature schemes, and expected metadata extension.
Fix for issue #171.
 2014-02-07 22:39:41 -05:00
Vladimir Diaz
b84225f3e7 Add disclaimer for deprecated latex documents. 2014-02-04 08:37:33 -05:00
Vladimir Diaz
36b59f922e Continue updating unit tests and modify ROOT_SCHEMA. 2014-01-30 08:11:35 -05:00
Vladimir Diaz
009ddd9f37 Rename top-level role and functions of repository_tool.py. Update documentation and diagram. 
add_key() -> add_verification_key()
remove_key() -> remove_verification_key()
release.json -> snapshot.json
Update repository_tool-diagram.png
Update README following the renamed functions and release role changes.
Minor edits, such as removing lint left over from a previous merge conflict.
 2014-01-29 11:26:56 -05:00
Vladimir Diaz
3b5e0c0814 Merge 'develop' and resolve conflicts. 2014-01-27 13:35:11 -05:00
Vladimir Diaz
761c83f717 Remove outdated module name from repository_tool.py diagram. 2014-01-24 07:26:57 -05:00
Vladimir Diaz
570640898d Update repository tool diagram and README. 2014-01-23 12:34:59 -05:00
dachshund
a0a51d6f5e Slightly change filename modification. 2014-01-17 15:31:42 -05:00
dachshund
9dbb3a7815 A few clarifications to the spec on consistent snapshots. 2014-01-14 20:11:35 -05:00
Vladimir Diaz
cd60d6dfb6 Address issue #164. 
Backup client and server spec pdfs
Add missing .sh code to tex document
Change code listing formatting
Fix minor issues
 2014-01-09 10:55:05 -05:00
Vladimir Diaz
1e69c9583a Remove linked+outdated client and server specs 2014-01-09 10:26:52 -05:00
dachshund
e645ff69d7 Adjust spec to carefully rename downloaded files. 2014-01-08 16:06:31 -05:00
dachshund
3cee44ec6f First cut of specification for consistent snapshots. 2014-01-06 19:40:54 -05:00
Vladimir Diaz
0399e5ace8 Update tuf-spec.txt 
Update specification following the changed behavior outlined in Issue #158.
 2014-01-06 10:34:27 -05:00
dachshund
a6aba55605 WIP on spec. 2014-01-05 18:08:39 -05:00
dachshund
3fa84d7a58 WIP on spec. 2014-01-05 18:07:32 -05:00
vladdd
d5ca811eda Update libtuf-diagram. 
Update the libtuf.py diagram following Issue #165 changes.
 2014-01-02 13:57:52 -05:00
Vladimir Diaz
45c65c9178 Merge branch 'develop' into repository-tools 2013-12-16 14:22:31 -05:00
Vladimir Diaz
d27543258e Update libtuf.py documentation and address issues #143 and #144 
Add support for encrypted (and public ed25519 keys) TUF key files.
Add support for ed25519 keys, signatures, and key files in libtuf.py.
Update libtuf.py diagram.
Move canonical encoding operations to the create and verify key functions.
 2013-12-16 08:45:40 -05:00
Vladimir Diaz
56a4a44785 Update tuf-spec.txt 2013-11-20 21:15:43 -05:00
vladdd
9f75253d0a Add libtuf-diagram.png 2013-11-15 18:04:29 -05:00
dachshund
b082f7af19 Read from and write to a list of path hash prefixes. 2013-08-12 00:47:08 -04:00
dachshund
77a868c58d Read from and write to a list of path hash prefixes. 2013-08-12 00:47:08 -04:00
dachshund
4d66ea3fee Fixed a few bugs and refactored the target workflow. 2013-08-09 14:10:21 -04:00
dachshund
5c1290611f Fixed a few bugs and refactored the target workflow. 2013-08-09 14:10:21 -04:00
vladdd
45203d25d1 Update tuf-spec.txt and implement "lazy bin walk" 
tuf-spec.txt was updated to include the latest metadata changes, such as version numbers, and the "lazy bin walk" scheme was implemented in updater.py.
 2013-08-09 08:29:57 -04:00