Transition to the newest version of TUF #561
Conversation
Remove unused pyopenssl Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Implements basic primitives, defined by the python-tuf Repository abstraction, to read and edit metadata on disk, handling version and expiry bumps, and signature creation, and facilitating snapshot and timestamp creation. And adds exemplary API methods that use these primitives while preserving consistent repo states: - create - add_target_files - add_keys Can be tested with: ``` PYTEST_DISABLE_PLUGIN_AUTOLOAD=1 pytest --noconftest taf/tests/tuf/ ``` More detailed usage docs + migration path TBD... Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
The original design aimed at separating the concepts of delegation (adding public keys) and signing (using private keys). Since the MetadataRepository assumes that metadata can be signed rightaway after edit (e.g. after having added a delegation), which in turn requires private keys to be available, we might as well conflate these two concepts. The advantage is that the signer cache does not have to be managed independently and is more likely to stay in sync with the delegations. Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
This should really happen upstream (see linked issue) Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
YkSigner provides a minimal compatibility layer over `taf.yubikey`
module functions for use with MetadataRepository.
Even though a yubikey signer implementation (HSMSigner) based on
pykcs11 is available in securesystemslib, YkSigner was added for the
following reasons:
- TAF requires rsa support for yubikeys, but HSMSigner only supports
ecdsa. Adding rsa support to HSMSigner, or providing a custom
pykcs11-based RSAHSMSigner is feasible, and seems desirable, but
requires more effort than this YkSigner did.
- TAF provides a few additional features, like setting up a Yubikey,
changing pins, etc., which will not be added to securesystemslib.
This means the current Yubikey infrastructure based on yubikey-manager
needs to be preserved for the time being. Thus it made sense to
re-use the existing implementation for YkSigner.
- YkSigner show-cases the new Signer API and might be used as blue print
for future Signer implementations in TAF.
This commit adds basic tests with fake and real Yubikey:
```
REAL_YK=1 PYTEST_DISABLE_PLUGIN_AUTOLOAD=1 \
pytest --noconftest taf/tests/tuf/ taf/tests/tuf/test_yk.py -s
```
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
This allows running previously added YkSigner tests, but breaks other things, which need change anyway in the course of upgrading to latest tuf/securesystemslib. Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Add alternative TUF metadata repo implementation (WIP)
…gated role lookup
…n dates to the new repository class
…ort for delegations
…ass and added tests
renatav
force-pushed
the
feature/tuf-repositoty
branch
from
ebd033a to
3000095
Compare
renatav
force-pushed
the
feature/tuf-repositoty
branch
from
61919f0 to
385a0be
Compare
renatav
force-pushed
the
feature/tuf-repositoty
branch
from
385a0be to
ff146df
Compare
renatav
changed the title
renatav
force-pushed
the
feature/tuf-repositoty
branch
2 times, most recently
from
6ee2279 to
ada9ead
Compare
renatav
force-pushed
the
feature/tuf-repositoty
branch
from
ada9ead to
6410f52
Compare
There was a problem hiding this comment.
You've done a really great job with this PR. The amount of organization and work are impressive!
As for next steps, I'll be reviewing the tests and testing framework in more depth with @sale3. For now, I've left a handful of mostly non-substantial comments that you can take a look at.
| are many delegations. | ||
| Returns: | ||
| Defined delegated paths of delegate target role or * in case of targets |
There was a problem hiding this comment.
question: why is '*' is returned in case of targets? adding a sentence here would be useful
There was a problem hiding this comment.
The main targets role is simply a catch-all. This is an old string, but I can update it
taf/tuf/keys.py
Outdated
| def create_signer(priv, pub): | ||
| return CryptoSigner(priv, _from_crypto(pub)) |
There was a problem hiding this comment.
suggestion: adding a docstring would be useful here
There was a problem hiding this comment.
This is not even used, I'll remove it
taf/tuf/repository.py
Outdated
| def get_keyids_of_role(self, role_name): | ||
| role_obj = self._role_obj(role_name) | ||
| return role_obj.keyids | ||
|
|
||
| def get_delegations_of_role(self, role_name): | ||
| signed_obj = self._signed_obj(role_name) | ||
| return signed_obj.delegations.roles |
There was a problem hiding this comment.
suggestion: adding docstrings for all methods in MetadataRepository class that don't already have it would be useful
| # Convert to string if necessary, or use it as a Path object | ||
| return full_path |
There was a problem hiding this comment.
question(nitpick): Is this inline comment correct? it doesn't seem to convert as the comment says it should?
| custom1 = {"custom_attr1": "custom_val1"} | ||
| custom2 = {"custom_attr2": "custom_val2"} | ||
|
|
||
| "delegated role's targets" |
There was a problem hiding this comment.
suggestion: are these strings supposed to be comments?
| commit = None | ||
|
|
||
| @contextmanager | ||
| def get(self, filepath: str): |
There was a problem hiding this comment.
suggestion: docstring for GitStorageBackend methods would be helpful
taf/tuf/storage.py
Outdated
| def __new__(cls, *args, **kwargs): | ||
| return super(FilesystemBackend, cls).__new__(cls, *args, **kwargs) # Bypass singleton | ||
|
|
There was a problem hiding this comment.
suggestion: expanding on the reason why we needed to bypass the singleton as a docstring would be very much useful
| @contextmanager | ||
| def transactional_execution(auth_repo): | ||
| initial_commit = auth_repo.head_commit_sha() | ||
| try: | ||
| yield | ||
| except PushFailedError: | ||
| pass | ||
| except Exception: | ||
| auth_repo.reset_to_commit(initial_commit, hard=True) | ||
| raise |
There was a problem hiding this comment.
this function makes a lot of sense!
question: would moving it to auth_repo.py be a better place for it? I could see us wanting to use it in platform at some point
There was a problem hiding this comment.
There is not reason why we wouldn't want to import anything from the api package imo
| files are read and written. To instantiate a `MetadataRepository` class with a custom storage interface, use the | ||
| `storage` keyword argument. If not specified, TUF's default `FilesystemBackend` will be used. | ||
|
|
||
| This class is used extensively to implement API functions. | ||
|
|
There was a problem hiding this comment.
suggestion: adding an overview of GitStorageBackend here seems like it would be useful as well.
| inside the `targets` folder are tracked and secured by TUF. | ||
| This class is derived from `GitRepository`, and indirectly from `MetadataRepository`. Authentication repositories are | ||
| expected to contain TUF metadata and target files, but are also Git repositories. It is important to note that only | ||
| files inside the `targets` folder are tracked and secured by TUF. |
There was a problem hiding this comment.
nitpick: secured by TUF -> secured by both TAF and TUF?
There was a problem hiding this comment.
To me, just TUF makes more sense. Storing hashes and lengths of target files in signed metadata files is what TUF does.
Description (e.g. "Related to ...", etc.)
Closes #274
Also implemented/addressed:
Closes #501
Closes #555
Closes #560
Code review checklist (for code reviewer to complete)