rust-tuf

rust-tuf copied to clipboard

From the [TUF spec](https://theupdateframework.github.io/specification/latest/#document-formats): > All of the formats described below include the ability to add more attribute-value fields to objects for backwards-compatible format changes. Implementers who encounter undefined attribute-value...

lukesteensen

Tweaks to better interop with go-tuf

11

👋 I've been working on integrating the [Vector](https://github.com/vectordotdev/vector) project with Datadog's TUF/Uptane implementation, and this PR contains the handful of tweaks I've had to make to get everything interoperating happily:...

lukesteensen

The TUF spec says delegation [pathpattern](https://theupdateframework.github.io/specification/latest/#pathpattern)s support unix shell-style pattern matching, but that's not supported in rust-tuf yet.

erickt

While writing a delegation builder, I noticed that while we have a test for [diamond delegations](https://github.com/theupdateframework/rust-tuf/blob/3961b36e195a18189459ee2513d52aeb5ec27576/tuf/tests/integration.rs#L306), it doesn't actually work. Consider this delegation tree: ``` targets / \ A B...

erickt

Create a security policy

3

**Description of issue or feature request**: Similar to [go-tuf](https://github.com/theupdateframework/go-tuf/issues/371), we should create a [security policy](https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository) so that researchers can properly disclose security issues.

trishankatdatadog

Beginning with rust-lang/rust [42752cbe](https://github.com/rust-lang/rust/commit/42752cbe095b9ad9941f20f22f80788d95f4ab06), `tuf` fails to build with the following error message: ``` error[E0733]: recursion in an async fn requires boxing --> ../../third_party/rust_crates/vendor/tuf-0.3.0-beta11/src/client.rs:955:5 | 955 | / async fn...

amanda-tait

Update *ring* to 0.17 and untrusted to 0.9.

1

Intentionally use "0.17" as the version spec instead of the latest version "0.17.7" to help projects depending on rust-tuf who want to go through a two step ring 0.16.20 ->...

briansmith

ECDSA key support

2

Hey! Thanks for maintaining `rust-tuf` :) I'm [trying this library out] with the Sigstore TUF instance, evaluating if we can replace [`tough`](https://github.com/awslabs/tough) in our Sigstore client. One thing that I...

tnytown

We've written a client conformance test suite: https://github.com/theupdateframework/tuf-conformance/ I made a quick-and-dirty attempt at integrating it in this project. There are likely some other issues remaining but these two are...

jku