Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

support updating individual metadata upon addition of target file #1048

Closed
Tracked by #10672
lukpueh opened this issue Jun 8, 2020 · 6 comments
Closed
Tracked by #10672

support updating individual metadata upon addition of target file #1048

lukpueh opened this issue Jun 8, 2020 · 6 comments
Assignees
@lukpueh
Labels
enhancement
Milestone
PEP 458 integration

Comments

@lukpueh
Copy link
Member

lukpueh commented Jun 8, 2020

The repository_tool and the underlying repository_lib and roledb modules seem to live on the assumption that all roles (top-level roles and delegated targets roles) are required in memory.

In large repositories, and this is the case for the implementation of PEP 458, it might not be feasible nor necessary to load and/or have the entire repository metadata in memory at all times.

To be more specific, during ongoing operations, when adding a new target file the following operations are required:

  1. find and update relevant targets metadata, e.g. "bin-n" (i.e. target file hashes and size + version number + signature)
  2. update snapshot (i.e. targets metadata version number + own version number + signature)
  3. update timestamp (i.e. snapshot version number + own version number + signature)

The repository tool should provide API function to support above activities without requiring any other TUF metadata on disk or in memory.
@woodruffw woodruffw mentioned this issue Jun 8, 2020
Closed
@trishankatdatadog
Copy link
Member

Hopefully, this is not too hard to do. Happy to help on weeknights and weekends.

@lukpueh
Copy link
Member Author

lukpueh commented Jun 19, 2020

We have to decide if we make this a stand-alone tool, or integrate it with the current repo_tool + repo_lib + roledb + keydb stack, or if we do a combination of both.

That latter seems the most feasible for PEP 485 work. I am thinking of something like a "detached head mode" (apologies for the subpar analogy), where we use some of the existing infrastructure, but don't interfere with functions like load_repository or writeall.

If we go for a stand-alone tool, we should make use of the thoughts @joshuagl, @sechkova and I have jotted down with the goal to clean up above mentioned stack: https://docs.google.com/document/d/13cY0MD3uzwFYGnj_GkPS_rwvDEzzNpDu6cteyeYP6fY

@trishankatdatadog
Copy link
Member

@woodruffw @lukpueh @joshuagl @sechkova @MVrachev @mnm678 @SantiagoTorres

Will and I sketched what we hope is a super-simple API for a TUF repo... WDYT?

@trishankatdatadog
Copy link
Member

I will start hacking on this

@brainwane brainwane mentioned this issue Jun 25, 2020
Closed
joshuagl added a commit to joshuagl/tuf that referenced this issue Jun 26, 2020
@joshuagl
Move find_bin_for_hash() to repository_lib
7f1c790 
Move repository_tool._find_bin_for_hash() and helper functions it uses to
non-protected functions in repository_lib. These functions will be useful
to adopters using the WIP low-level API for updating metadata files
(see theupdateframework#1048)

Signed-off-by: Joshua Lock <jlock@vmware.com>
@joshuagl joshuagl mentioned this issue Jun 26, 2020
Merged
3 tasks
@trishankatdatadog trishankatdatadog mentioned this issue Jun 26, 2020
Closed
3 tasks
joshuagl added a commit to joshuagl/tuf that referenced this issue Jun 29, 2020
@joshuagl
Move find_bin_for_hash() to repository_lib
ed45fb2 
Move repository_tool._find_bin_for_hash() and helper functions it uses to
non-protected functions in repository_lib.
_find_bin_for_hash() becomes find_bin_for_target_hash()

These functions will be useful to adopters using the WIP low-level API for
updating metadata files (see theupdateframework#1048)

Signed-off-by: Joshua Lock <jlock@vmware.com>
@joshuagl
Copy link
Member

joshuagl commented Sep 8, 2020

WIP in #1112

@joshuagl joshuagl removed the refactor label Sep 10, 2020
@joshuagl
Copy link
Member

For the purposes of the PEP 458 integration this has been resolved by the merging of #1112.

@di di mentioned this issue Feb 1, 2022
Open
52 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lukpueh lukpueh

Labels
enhancement
Projects
None yet
Milestone
PEP 458 integration
Development

No branches or pull requests
3 participants
@lukpueh @joshuagl @trishankatdatadog