rust-tuf
rust-tuf copied to clipboard
theupdateframework
Rust implementation of The Update Framework (TUF)
When `tuf::Client::update_root` downloads root metadata from a server, it's currently not checking that that metadata's version matches the expected version. So this means if we are currently on version 5.root.json,...
We need to do a lot of manual work to creating TUF metadata, and generating new versions if we rotate keys or add/remove targets. In comparison, go-tuf has a [repo](https://fuchsia.googlesource.com/third_party/go-tuf/+/refs/heads/master/repo.go)...
`tuf::client::PathTranslator` allows clients to use an alternative path separator, but according to https://github.com/theupdateframework/specification/issues/63#issuecomment-556995907, the targets metadata path separators should always be `/`. So it makes more sense that the `PathTranslator`...
Because we trust data once its in the local repo, and we don't need to reverify it on every fetch.
This would allow us to pass back a real structure and not be pinned to JSON.
According to the [spec] section 4.2, "rsa" and "ecdsa" keys, as defined by: ``` { "keytype" : "rsa", "scheme" : "rsassa-pss-sha256", "keyval" : {"public" : PUBLIC} } { "keytype" :...
As part of addressing https://github.com/theupdateframework/specification/issues/42, we should switch over to hex encoding ed25519 public keys, and the role hashes in order to be compatible with go-tuf and python-tuf's implementation.
This was removed in #170 to support fuscia.
I am not confident enough my engineering skillz to ensure that all edge cases are covered, and this ticket is a notice for anyone looking at the 0.3.0 release that...
Copying from #157. `Client::new` right now starts with the first metadata, but that could be years out of date for a long-lived repository. Should it instead try to download the...
Metadata
Owner
Metadata
Rust implementation of The Update Framework (TUF)