Remaining TUF 1.0 tasks #326

vladimir-v-diaz · 2016-04-06T00:35:44Z

Implementation of remaining TUF 1.0 tasks:

redesign of repository tool
support role delegations that resemble a graph
store all delegations in one directory
update documentation to follow the new behaviour of the repository tool
Prevent freeze attacks where a client if left with stale, local metadata
Update repository data (used in tests) following all of the changes
WIP (Minor refactor of developer tool)

…rents names)

…_metadata_one_directory

…op-level targets role)

…roles

…ol.py

…ining-1.0-tasks

… Delegated Role'

… changes to repo tools

Add all encountered delegated roles to the top-level targets object. For example: 'django' role delegated by 'unclaimed' (which in turn was delgated by 'targets') is available at repository.targets('unclaimed')

…e outdated test condition

…bin()

A delegated rolename is no longer required to start with 'targets'

…_attack.py and fixes in repository_tool.py

When loading roles from disk, ensure these roles are not marked as dirty. Add a boolean to relevant functions to provide the option to update the roledb without marking roles as dirty

…n snapshot.json

….json

…add_role()) We shouldn't remove delegated roles if the repository can resemble a graph of delegations, since the delegations of one role are independent of another

…ite_freeze_attack.py

…efault' argument to clear_roledb()

…wn() calls of unit tests

…_lib.py

trishankkarthik · 2016-07-27T15:13:22Z

@JustinCappos I don't mean to make life more difficult, but could we flesh out Section 5.1 (The client application) a bit more?

Right now, there are not enough details for an independent programmer to implement a TUF client using that section. The programmer has to refer to the Python reference implementation.

I think it'd be a good idea to flesh out more details, because the UPTANE RFC will have skip over the TUF bits for brevity.

I'd love to contribute as I find the space and time, but I can't commit to it right now.

vladimir-v-diaz · 2016-07-27T15:33:55Z

I think this is something Sebastien and I can work on, since it overlaps with changes he's making to support the Director role for Uptane (just finished discussing it in person). We can work on a more detailed client workflow for TUF 1.0, and then Sebastien can expand it for the changes needed for Uptane.

JustinCappos · 2016-07-27T18:45:45Z

Okay, I think this is a good plan.

On Wed, Jul 27, 2016 at 11:33 AM, Vladimir Diaz [email protected]
wrote:

I think this is something Sebastien and I can work on, since it overlaps
with changes he's making to support the Director role for Uptane (just
finished discussing it in person). We can work on a more detailed client
workflow for TUF 1.0, and then Sebastien can expand it for the changes
needed for Uptane.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#326 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/AA0XD_vkBU02LU3HWLzrKaP5Y5WWWBLQks5qZ3pjgaJpZM4IAobU
.

To simplify the addition of keys to keydb, add all of the valid keyids to keydb in the for loop instead of adding the default keyid separately

…ining-1.0-tasks Conflicts: tuf/download.py

vladimir-v-diaz · 2016-07-27T20:58:23Z

Note: I created a "master" branch and we'll edit the "develop" branch (containing the latest 1.0 changes) directly.

trishankkarthik and others added 30 commits February 19, 2016 17:27

Skip visited roles in preorder DFS.

03fbe32

By default, limit visited number of delegations in preorder DFS.

da0a9aa

Re-add initial WIP

079bf98

Remove notion of a full rolename (roles will no longer prepend its pa…

1b54991

…rents names)

Mostly changes from PR theupdateframework#321

30f5d39

Merge branch 'develop' of github.com:theupdateframework/tuf into role…

cab7d5f

…_metadata_one_directory

More changes for 1.0 tasks

1cbae5a

Fix issues with repository tool design (specifically, accessing the t…

7fcbf02

…op-level targets role)

Add the new delegation structure to repository_data

6611efb

Remove print() statement and add comment for generation of delegated …

47265b3

…roles

Fix roledb.get_delegated_roles() and test cases in test_repository_to…

a111661

…ol.py

Add whitespace between two functions

c0dcc51

Merge branch 'develop' of github.com:theupdateframework/tuf into rema…

b4626f1

…ining-1.0-tasks

Latest WIP

b982c06

Correct more bugs when loading delegated roles

9aa8c8a

Review and update repository tool documentation up to section 'Revoke…

37bdfd6

… Delegated Role'

Edit remaining changes required to the documentation following design…

b9c0851

… changes to repo tools

Remove call to roledb.get_parent_rolename() in load_repository

4cb34c4

Add all encountered delegated roles to the top-level targets object. For example: 'django' role delegated by 'unclaimed' (which in turn was delgated by 'targets') is available at repository.targets('unclaimed')

wrap line

f844d1e

Use correct metadata name for hashed bin delegation

debf619

Remove full name for hashed bin delegation, update comment, and remov…

251bbaa

…e outdated test condition

Fix remaining issues with add_target_to_bin() and remove_target_from_…

9c0064e

…bin()

More unit test fixes

283c62a

A delegated rolename is no longer required to start with 'targets'

Convert list of dirty roles to set to avoid duplicates

8ccdff5

Remove 'targets' directory from path in 'test_extraneous_dependencies…

f47cdb0

…_attack.py and fixes in repository_tool.py

More bug fixes

51adc77

When loading roles from disk, ensure these roles are not marked as dirty. Add a boolean to relevant functions to provide the option to update the roledb without marking roles as dirty

Repository data that contains the correct number of delegated roles i…

28e738e

…n snapshot.json

Fix bug where the snapshot and timestamp roles are listed in snapshot…

9536cac

….json

Remove parent 'targets' directory from role1.json paths

c20c83b

Delete remove_delegated_roles() and modify affected lines (including …

aaf755e

…add_role()) We shouldn't remove delegated roles if the repository can resemble a graph of delegations, since the delegations of one role are independent of another

vladimir-v-diaz added 20 commits June 28, 2016 16:54

Remove repository.status() (used for testing) from generate.py

bd5b398

Use correct key import statements from rest_replay_attack.py

5a3f515

Use correct key import function to load non-root keys in test_indefin…

872ff7c

…ite_freeze_attack.py

Fix unit tests for developer_tool.py

5c7333b

Verify non-None role name supplied to tuf.sig.get_signature_status()

e072cd9

Fix mismatched key objects in test_keydb.py

80c3022

Clear roledb and keydb of 'test_repository' entries after each test case

70cc1b8

Reference all metadata in <version>.rolename.json format

65d23fa

Reference global values in roledb

000e77a

Update unit test for roledb following addition of 'clear_all_except_d…

1474dd8

…efault' argument to clear_roledb()

Rename 'clear_all_except_default' to 'clear_all' in roledb.py

11ae261

Add 'clear_all' argument to clear_keydb() in keydb.py

1c72cb2

Clear keydb and roledb (using the 'clear_all' argument) in the teardo…

9c659b6

…wn() calls of unit tests

Use the 'clear_all' argument with clear_roledb.py and clear_keydb.py

a59008c

Improve code coverage of keydb.py and util.py

596969a

Improve code coverage

e0a4f18

Improve code coverage for __init__.py pyca_crypto_keys.py, repository…

fae1fb6

…_lib.py

Add Spec 1.0

2f909f6

Save version 0.9 of specification

f57a0bb

Remove invalid test case (hmm, only py35 caught this mistake)

876ced3

vladimir-v-diaz added 3 commits July 27, 2016 16:33

Remove tuf.Error exception raised in create_keydb_from_root_metadata()

ae4bbfd

To simplify the addition of keys to keydb, add all of the valid keyids to keydb in the for loop instead of adding the default keyid separately

Expand a comment for the change made in the previous commit

02d2bf1

Merge branch 'develop' of github.com:theupdateframework/tuf into rema…

6ec2f8a

…ining-1.0-tasks Conflicts: tuf/download.py

vladimir-v-diaz merged commit 4d2c302 into theupdateframework:develop Jul 27, 2016

vladimir-v-diaz deleted the remaining-1.0-tasks branch July 11, 2017 15:03

trishankatdatadog mentioned this pull request Dec 17, 2019

Verify / Fix Potential Cycles in updater.target() #280

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Remaining TUF 1.0 tasks #326

Remaining TUF 1.0 tasks #326

vladimir-v-diaz commented Apr 6, 2016

trishankkarthik commented Jul 27, 2016

vladimir-v-diaz commented Jul 27, 2016

JustinCappos commented Jul 27, 2016

vladimir-v-diaz commented Jul 27, 2016

Remaining TUF 1.0 tasks #326

Remaining TUF 1.0 tasks #326

Conversation

vladimir-v-diaz commented Apr 6, 2016

trishankkarthik commented Jul 27, 2016

vladimir-v-diaz commented Jul 27, 2016

JustinCappos commented Jul 27, 2016

vladimir-v-diaz commented Jul 27, 2016