mirror of
https://github.com/theupdateframework/python-tuf
synced 2026-05-24 10:08:28 +00:00
76cf36eb86
The definition of consistent targets in the spec is ambiguous:
"consistent target files should be written to non-volatile storage
as digest.filename.ext"
Additionally, the specification describes consistent targets when the
client builds the download URL as follows:
"The filename is of the form HASH.FILENAME.EXT".
The issue is about how we interpreted those quotes.
The legacy updater has decided this means a target path "a/b" will
translate to a download url path "a/{HASH}.b".
The ngclient however translates the target path "a/b" to a download url
path "{HASH}.a/b".
We decided we want to follow the same approach taken from the legacy
updater and thus change how we construct the consistent targets.
Additionally, we want to make sure we test for cases when the TARGETPATH
is an empty string or points to a directory.
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
|
||
|---|---|---|
| .. | ||
| api | ||
| client | ||
| ngclient | ||
| scripts | ||
| __init__.py | ||
| ATTACKS.md | ||
| developer_tool.py | ||
| download.py | ||
| exceptions.py | ||
| formats.py | ||
| keydb.py | ||
| log.py | ||
| mirrors.py | ||
| README-developer-tools.md | ||
| README.md | ||
| repository_lib.py | ||
| repository_tool.py | ||
| requests_fetcher.py | ||
| roledb.py | ||
| settings.py | ||
| sig.py | ||
| unittest_toolbox.py | ||