mirror of https://github.com/theupdateframework/python-tuf synced 2026-05-24 10:08:28 +00:00

History

Lukas Puehringer 15dd931609 Metadata API: make new verify_delegate unaware of Metadata Change new _Delegator.verify_delegate to take payload bytes and signatures instead of a Metadata object and a payload serializer. This allows using verify_delegate for payloads that do not come in a Metadata container, but e.g. in a DSSE envelope (see #2385). Usage becomes a bit more cumbersome, but still feels reasonable with the recently added shortcut for default canonical bytes representation of Metadata.signed. Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>		2023-08-01 15:31:59 +02:00
..
_simplerepo.py	Metadata API: make new verify_delegate unaware of Metadata	2023-08-01 15:31:59 +02:00
README.md	examples: Add missing link in repository README	2023-02-08 10:53:59 +02:00
repo	examples: Implement the upload API	2023-02-02 16:25:43 +02:00

TUF Repository Application Example

⚠️ This example uses the repository module which is not considered part of the python-tuf stable API quite yet.

This TUF Repository Application Example has the following features:

Initializes a completely new repository on startup
Stores everything (metadata, targets, signing keys) in-memory
Serves metadata and targets on localhost (default port 8001)
Simulates a live repository by automatically adding a new target file every 10 seconds.
Exposes a small API for the uploader tool example. API POST endpoints are:
- /api/role/<ROLE>: For uploading new delegated targets metadata. Payload is new version of ROLEs metadata
- /api/delegation/<ROLE>: For modifying or creating a delegation for ROLE. Payload is a dict with one keyid:Key pair

./repo

Your repository is now running and is accessible on localhost, See e.g. http://127.0.0.1:8001/metadata/1.root.json. The client example uses this address by default.