Elgato_dark/python-tuf
1
0
Fork 0
mirror of https://github.com/theupdateframework/python-tuf synced 2026-05-24 10:08:28 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
python-tuf/examples/uploader
History
Jussi Kukkonen 38f309bbbf WIP: Update to new securesystemslib API 
* API changes covered:
  * keys and interface modules removed
  * SSlibSigner removed
  * CryptoSigner added: this replaces the removed functionality
  * DSSE "signatures" container type changed
* Currently pins a securesystemslib main branch commit:
  this shoudl be reverted before merging, when securesystemslib
  has made a release
* tests/generated_data/generate_md.py was simplified
* Encrypted test keys in tests/repository_data/keystore were replaced
  with the unencrypted PEM versions of the same keys
* The public test keys in tests/repository_data/keystore were removed
  as they were not used anymore

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-04-25 14:27:54 +03:00
..
_localrepo.py WIP: Update to new securesystemslib API 2024-04-25 14:27:54 +03:00
README.md examples: More tweaks to uploader README 2023-02-08 11:01:07 +02:00
uploader examples: Improve uploader docs/messages 2023-02-08 10:47:34 +02:00

README.md

TUF Uploader Tool Example

⚠️ This example uses the repository module which is not considered part of the python-tuf stable API quite yet.

This is an example maintainer tool: It makes it possible to add delegations to a remote repository, and then to upload delegated metadata to the repository.

Features:

  • Initialization (much like the client example)
  • Claim delegation: this uses "unsafe repository API" in the sense that the uploader sends repository unsigned data. This operation can be compared to claiming a project name on PyPI.org
  • Add targetfile: Here uploader uses signing keys that were added to the delegation in the previous step to create a new version of the delegated metadata. The repository will verify signatures on this metadata.

The used TUF repository can be set with --url (default repository is "http://127.0.0.1:8001" which is also the default for the repository example). In practice the uploader tool is only useful with the repository example.

Usage with the repository example

In one terminal, run the repository example and leave it running:

examples/repository/repo

In another terminal, run uploader:

# Initialize with Trust-On-First-Use
./uploader tofu

# Then claim a delegation for yourself (this also creates a new signing key):
./uploader add-delegation myrole

# Then add a new downloadable target file to your delegated role (to keep the
# example simple, the target file content is always the targetpath):
./uploader add-target myrole myrole/mytargetfile

At this point "myrole/mytargetfile" is downloadable from the repository with the client example.