targets_infos() and snapshot_info() are helpers used by snapshot and
timestamp. Some Repository implementations do not need
snapshot/timestamp (think e.g. a signing tool that never modifies online
roles), so the helpers should not be required.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
This is useful for those who want to use the default fetcher
but modify some attributes
The file itself could be moved to tuf/ngclient/ but this is not done yet
as sigstore-python is using this internal module. Move can be done once
sigstore-python 1.0 is no longer relevant.
Fixes#2268
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
Simplify the lookup of delegated keys and roles by moving it to
Targets and Root: this follows the examples set by add_key() and
remove_key().
Most of the methods are trivial but they make sense because this way
the calling code does not have to care if the object is a Targets or a
Root: the same methods work on both.
The new methods are public since they are useful to applications as
well.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
verify_delegate() unfortunately needs an almost complete rewrite
as the Key.verify_signature() API change affects it quite a bit.
Refactoring the role and key lookup into a separate method makes the
code readable again.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
Key has been moved to Securesystemslib: use it from there.
This still fails tests as Key API has changed a bit: issues are fixed
in followup commits.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
The properties in TrustedMetadataSet are a bit difficult to use
with static typing since they return Optional but in many cases
we know the "None"-case is impossible.
Remove None from annotation: the idea is that calling the property
getter too early is a programming error: it will result in KeyError
which is consistent:
* trusted_set["timestamp"] raises KeyError if timestamp is not set
* trusted_set.timestamp raises KeyError if timestamp is not set
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
This is only needed for threshold signing and not even used in the
example: leave it to the implementations to handle for now.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
This no longer seems needed: if the metadata store does not contain
a single version of role, then open() can assume it is initializing.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
This makes sense to me: if you create a new MetaFile, logically it
is version 1). This does not change serialization in any way.
Practical code becomes slightly nicer as
metafiles = defaultdict(MetaFile)
now works without lambdas.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
This is a collection of comment, documentation and logging fixes.
The noteworthy part is making it clear that repository is not stable
API yet: I think this is a good idea.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
This is not required for the demo but is more realistic: we keep
a cache of targets versions so that we can produce a new snapshot
whenever one is needed, without accessing all of the targets metadata
to do so.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
Otherwise the metafile cache and the metadata object end up
pointing to same instances which starts breaking later.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
This does not make the examples simpler now, but it will when
there are multiple locations where snapshot/timestamp are called.
* This way the snapshot/timestamp input material is an internal detail
of Repository and the call sites will be simpler.
* Both methods now have a "force" argument that can be used to create a
new version regardless of meta info changes
* but implementations are now required to implement snapshot_info
and targets_infos properties that represent the current snapshot and
targets versions in the repository
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
Plan for tuf.repository is:
* provides useful functionality for TUF repository-side implementations
(repository applications, developer tools, etc)
* is minimalistic: only features that most implementations will use
should be icluded
* Only example implementations will be provided in python-tuf
* As more repository implementations are built using tuf.repository
we can evaluate what extended functionality is useful
In this PR, a single abstract class is added that provides a framework
for building repository-modifying tools. In subsequent commits
some examples will be added that demonstrate how to use the class.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
If role is delegated but missing from snapshot, we currently raise a
undocumented KeyError: a generic RepositoryError seems better as callers
are expected to handle it (and adding a more specific error seems
useless as this is a repository software bug, not just expired metadata or
something).
The same check is also done later in TrustedMetadataSet but I think
keeping the check in both is clearest.
Fixes#2195
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
There may be ways to unsafely use the client library but situation
should be significantly better now with ngclient:
* metadata writing is safer, more atomic
* non-root cached metadata is never trusted (so inconsistent
cached repository is not a security issue)
* the cache locations are now clearly application
decisions (they are required Updater constructor args)
Move the notice to Updater module documentation.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
The typeshed annotations for requests say that the hostname could be None:
I think this is untrue but let's keep mypy happy.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
Bump the supported specification version to 1.0.31 and additionally
update the generated test metadata as it has to be up to date with the
latest changes.
The new changes in the specification version 1.0.31 clarify the
requirement for the new root version as compared to the old root version
in step 5.3.5:
https://theupdateframework.github.io/specification/latest/#update-root
We already do what the specification suggests in the new changes, so
no other changes are required.
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
