Commits on Mar 5, 2020

1. Add new setting for file hashing algorithms …

   Using securesystemslib.settings.HASH_ALGORITHMS is undersirable, because
   it binds tuf to an implementation detail of the underlying library.
   In this specific instance of file hashing algorithms it's even more
   undesirable because it's overloading the intended use of the setting
   which is "algorithm(s) [...] used to generate key IDs".
   
   Add a new setting tuf.settings.FILE_HASH_ALGORITHMS, with a default
   value of ['sha256', 'sha512'] (that matches the current value of
   securesystemslib.settings.HASH_ALGORITHMS), to be used for file
   hashing operations in tuf.
   
   Signed-off-by: Joshua Lock <[email protected]>

   

   joshuagl committed Mar 5, 2020
   Configuration menu

   • View commit details
   • Copy full SHA for 1f0cb9c
   • Browse repository at this point

   Copy the full SHA

   1f0cb9c View commit details

   Browse the repository at this point in the history

2. Don't hard-code hash algo used in timestamp for snapshot …

   Timestamp.json includes a METAFILES entry for snapshot.json. METAFILES
   includes HASHES:
   "HASHES is the dictionary that specifies one or more hashes, including the
   cryptographic hash function. For example: { "sha256": HASH, ... }."
   
   We've been hard-coding this to a single sha256 hash, as that's the default
   algorithms argument of securesystemlib.util.get_file_details() -- this
   feels wrong. Change to using the new tuf.settings.FILE_HASH_ALGORITHMS
   setting.
   
   Signed-off-by: Joshua Lock <[email protected]>

   

   joshuagl committed Mar 5, 2020
   Configuration menu

   • View commit details
   • Copy full SHA for 930d832
   • Browse repository at this point

   Copy the full SHA

   930d832 View commit details

   Browse the repository at this point in the history