rust-tuf icon indicating copy to clipboard operation
rust-tuf copied to clipboard

verified publisher icon theupdateframework

Metadata

Rust implementation of The Update Framework (TUF)

Results 69 rust-tuf issues
Sort by recently updated
recently updated
newest added

TUF specification has a new version - v1.0.30

Hey, it seems there's a newer version of the TUF specification - [v1.0.30](https://github.com/theupdateframework/specification/blob/v1.0.30/tuf-spec.md) The version which [theupdateframework/rust-tuf](https://github.com/theupdateframework/rust-tuf) states it supports is - [v1.0.29](https://github.com/theupdateframework/specification/blob/v1.0.29/tuf-spec.md) The following is a comparison of what...

github-actions[bot] avatar github-actions[bot]

Cleaning up API surface before releasing 0.3.0

1 comment

We're getting close to releasing 0.3.0. Are there any other papercuts on the API surface we want to clean up before release? Here are some ideas: - [ ] `MetadataPath`...

erickt avatar erickt

ECDSA keys do not conform to the spec

Tracking the work necessary to get ECDSA to conform to the spec: - [ ] https://github.com/heartsucker/rust-tuf/issues/204 - ECDSA keys should be encoded as a PEM string

erickt avatar erickt

RSA key support does not conform to the spec

Tracking issue to get RSA keys to conform to the spec [ ] https://github.com/heartsucker/rust-tuf/issues/204 - RSA keys should be encoded as a PEM string

erickt avatar erickt

recovering from Client::update failing to write root metadata

In #304, I'm changing `Client::update()` to error out if we fail to write metadata to the local `FileSystemRepository`. Consider: * The trusted root metadata is version 4. * We fetch...

erickt avatar erickt

Consider adding an upper bound on the number of root metadata we'll fetch in Client::update_root

TUF-1.0.9 §5.1.2 states: Try downloading version N+1 of the root metadata file, up to some W number of bytes (because the size is unknown). The value for W is set...

erickt avatar erickt

Resolve why rust-tuf diverges in a few places from the TUF spec

There are a few places where rust-tuf diverges from the TUF-1.0.5 spec, like #113. This is a tracking ticket to label all these locations in code, and resolve why we've...

erickt avatar erickt

Implement checking for snapshot rollback of targets and delegations

TUF-1.0.5 section 5.3.3.2 states: > 3.3.2. The version number of the targets metadata file, and all delegated targets metadata files (if any), in the trusted snapshot metadata file, if any,...

erickt avatar erickt

Implement checking for timestamp rollback of snapshot

TUF-1.0.5 added section 5.2.2.2: > 2.2.2. The version number of the snapshot metadata file in the trusted timestamp metadata file, if any, MUST be less than or equal to its...

erickt avatar erickt

Client::update_root should update from N+1, not fetch the latest root metadata

The TUF spec states that the root metadata should be updated by continuing to try to update to version N+1 metadata until we get a not-found error. However, rust-tuf doesn't...

erickt avatar erickt

Metadata

172
Stars
34
Forks
Watchers

Owner

verified publisher icon theupdateframework

Metadata

Rust implementation of The Update Framework (TUF)

Back