This is a collection of comment, documentation and logging fixes.
The noteworthy part is making it clear that repository is not stable
API yet: I think this is a good idea.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
This is not required for the demo but is more realistic: we keep
a cache of targets versions so that we can produce a new snapshot
whenever one is needed, without accessing all of the targets metadata
to do so.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
Otherwise the metafile cache and the metadata object end up
pointing to same instances which starts breaking later.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
This does not make the examples simpler now, but it will when
there are multiple locations where snapshot/timestamp are called.
* This way the snapshot/timestamp input material is an internal detail
of Repository and the call sites will be simpler.
* Both methods now have a "force" argument that can be used to create a
new version regardless of meta info changes
* but implementations are now required to implement snapshot_info
and targets_infos properties that represent the current snapshot and
targets versions in the repository
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
* Support any repository (that serves /targets/ and /metadata/)
with --url
* Support multiple repositories by aking the local cache
repository-specific
* Add "tofu" command to initialize with Trust-On-First-Use
* Update README so it uses the new repository application example
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
This uses the repository module to create an app that
* generates everything from scratch
* serves metadata and targets from memory
* simulates a live repository by adding new targets every few seconds
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
Plan for tuf.repository is:
* provides useful functionality for TUF repository-side implementations
(repository applications, developer tools, etc)
* is minimalistic: only features that most implementations will use
should be icluded
* Only example implementations will be provided in python-tuf
* As more repository implementations are built using tuf.repository
we can evaluate what extended functionality is useful
In this PR, a single abstract class is added that provides a framework
for building repository-modifying tools. In subsequent commits
some examples will be added that demonstrate how to use the class.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
This is a modifed version of the workflow from the project itself:
* Not using personal access tokens because I believe they are a
security issue (this means Branch-Protection check will be incorrect)
* Not uploading results to actions cache: Maybe there's a point but I
don't see it as the SARIF files are not very human readable
This should give us some code scanning alerts in the security tab on Github.
This is not really what I'm interested in though so I've enabled the upload
to https://api.securityscorecards.dev/. The results json on there is not
exactly readable but it is good enough to check what the current results
are -- and deps.dev should use those results after some delay I believe.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
Double reasoning for this one:
* urllib3 now does have annotations
* since we don't import requests annotations (to avoid depending on typeshed)
urllib3 annotations are never needed: we don't use urllib3 directly
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
Since v1.0.0 python-tuf is no longer beta software.
See https://pypi.org/classifiers/ for available classifiers.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
There may be ways to unsafely use the client library but situation
should be significantly better now with ngclient:
* metadata writing is safer, more atomic
* non-root cached metadata is never trusted (so inconsistent
cached repository is not a security issue)
* the cache locations are now clearly application
decisions (they are required Updater constructor args)
Move the notice to Updater module documentation.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
The typeshed annotations for requests say that the hostname could be None:
I think this is untrue but let's keep mypy happy.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
