Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PEP 458: RSTUF Integration #2

Closed
wants to merge 4 commits into from
Closed

PEP 458: RSTUF Integration #2

wants to merge 4 commits into from

Commits on Jul 29, 2023

  1. PyPI/Warehouse using RSTUF 

    Adds the RSTUF in the Warehouse infrastructure

* Include the RSTUF Ceremony payload file
  - It is generated using `rstuf admin ceremony`, and the keys
* Add the development dependencies
  - RSTUF CLI and dependencies
* Include RSTUF components to the `docker-compose.yml`
 - RSTUF uses the same Redis Server but uses unique Redis DB ids `1` and `2`
 - RSTUF uses the same PostgreSQL, but a specific database rstuf
* Add the RSTUF environment configuration for development
* Define the Makefile commands for RSTUF
  - `make tufinit` to bootstrap the RSTUF service
  - `make tufimport` to import all project packages to the RSTUF service
* Define the basic commands for RSTUF within Warehouse
  - Command to import all existent packages and indexes to TUF
    metadata (`warehouse tuf dev import-all`)
* Add TUF development documentation

Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
    Kairo de Araujo committed Jul 29, 2023
    Configuration menu
    Copy the full SHA
    fec0ac6 View commit details
    Browse the repository at this point in the history

  2. Manage packages/project and simple details to TUF 

    * Adding packages

After adding a package to the Warehouse database, it generates and
stores the Simple Index with a request to the RSTUF backend to
include the package and its simple index in TUF Metadata.

* Removing package or Project Release

On PyPI Management, when a user removes a file or a project release
it also removes it from TUF metadata and updates the simple details index.

Co-authored-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>

simplify code in warehouse.tuf.targets

Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
    Kairo de Araujo committed Jul 29, 2023
    Configuration menu
    Copy the full SHA
    c3a651d View commit details
    Browse the repository at this point in the history

  3. Reduce the number of delegated hash-bin dev 

    Reduce the number of delegated hash-bin roles for the development
enviroment.

Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
    Kairo de Araujo committed Jul 29, 2023
    Configuration menu
    Copy the full SHA
    1f31fb7 View commit details
    Browse the repository at this point in the history

  4. Rename the TUF_API_URL to RSTUF_API_URL 

    Rename the environment variable setting `TUF_API_URL` to `RSTUF_API_URL`
as this API is provided by Repository Service for TUF (RSTUF).

Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
    Kairo de Araujo committed Jul 29, 2023
    Configuration menu
    Copy the full SHA
    5751be8 View commit details
    Browse the repository at this point in the history