Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add repository initialization #1

Open
wants to merge 1 commit into
base: master
from

Conversation

@radu-matei
Copy link
Member

radu-matei commented Oct 25, 2019

  • initialize repository
Signed-off-by: Radu M <root@radu.sh>
@@ -0,0 +1,78 @@

This comment has been minimized.

Copy link
@radu-matei

radu-matei Oct 25, 2019

Author Member

nit: empty line.

@@ -0,0 +1,9 @@
.PHONY: bootstrap

This comment has been minimized.

Copy link
@radu-matei

radu-matei Oct 25, 2019

Author Member

Is there a more robust way of ensuring a clean virtual environment and Python3?
(And in general, what would be the best practice for ensuring the desired environment?)

os.path.join(trustdir, name, keystore_dir, k) + '.pub')

repository.root.add_verification_key(keys[root_key_name].public)
repository.targets.add_verification_key(keys[targets_key_name].public)

This comment has been minimized.

Copy link
@radu-matei

radu-matei Oct 25, 2019

Author Member

@trishankatdatadog - this generates 3 warnings for the targets, snapshot, and timestamp public keys:

Adding a verification key that has already been used.

While using the same key here is not an error:

# Keys may be shared, so do not raise an exception if 'key' has already been loaded.

I am wondering though why the keys appear to be shared, since they are generated every time for now (they do share the same passphrase in all my tests so far).

This comment has been minimized.

Copy link
@trishankatdatadog

trishankatdatadog Oct 25, 2019

The pyTUF repo tool has some spurious messages like that. Will look into this.

keys[k].passphrase = p

repo_tool.generate_and_write_ecdsa_keypair(os.path.join(
trustdir, name, keystore_dir, k), password=keys[k].passphrase)

This comment has been minimized.

Copy link
@radu-matei

radu-matei Oct 25, 2019

Author Member

The example repository tool generates the keys for all repositories in the same directory (I assume for reusing the root key?)

I am still evaluating whether to:

  • keep the convention from the TUF reference implementation
  • mimic the behaviour of Notary and offer to create a new root key per repository.

I think it is still early in this tool to take this decision, but we should have this conversation.

This comment has been minimized.

Copy link
@trishankatdatadog

trishankatdatadog Oct 25, 2019

Sharing the same root key by default per repo makes sense, considering that most people are likely to have a separate repo per bundle, following the DCT model. However, we should give an option to override this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.