New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Key.from_securesystemslib_key #1520
Conversation
As someone who didn't read the issue solved by this pr, it was a little unclear why we need to remove
Not sure if this will help, but a use case like this can highlight the issue without looking at the GitHub issue. PS: I tried the steps from 1 to 5 and they produce the expected result. |
The securesystemslib key dictionary representation includes the private key in keyval. TUF key doesn't handle it in any way, but considering that we allow unrecognized symbols in the format, we should exclude the private key otherwise this could lead to misuse. A call to securesystemslib.keys.format_keyval_to_metadata with the default private=False would do exactly that. Signed-off-by: Velichka Atanasova <avelichka@vmware.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, LGTM. I think this makes sense so all of our example code and repository code can easily create new keys and use them without added code just to handle this issue.
The thing that makes me wonder about this is adding more and more functionality into Metadata API that the client does not need. We'll need to be careful not to overdo this (or figure out some RepositoryMixin classes or something ...)
💯 Agree with this train of thought, metadata.py is very large. |
The securesystemslib key dictionary representation includes
the private key in keyval. TUF key doesn't handle it in any way,
but considering that we allow unrecognized symbols in the format,
we should exclude the private key.
A call to securesystemslib.keys.format_keyval_to_metadata
with the default private=False would do exactly that.
Signed-off-by: Velichka Atanasova avelichka@vmware.com
Please fill in the fields below to submit a pull request. The more information
that is provided, the better.
Fixes #1458
Description of the changes being introduced by the pull request:
Please verify and check that the pull request fulfills the following
requirements: