Separate TUF and trusted root management code #844
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jku
force-pushed
the
trust-root-refactor
branch
2 times, most recently
from
0fbfb0f to
2c23aa8
Compare
This was referenced Dec 19, 2023
woodruffw
reviewed
Dec 19, 2023
woodruffw
added
component:tuf
The purpose of this is to later enable both "--trust-root <FILE>" and some sort of offline functionality. * Trusted root can now be initialized from tuf, offline tuf or from a file * _internal.tuf module is now used only from the new trustroot module * Tests are modified to use the CustomTrustRoot API now but they still (also) test the internal TUF implementation details * The new functionality (offline & from_file) is tested but is not exposed to UI * TrustUpdater now updates metadata when it is created (if not offline): This does not change application functionality as a online TrustUpdater is only created if a TUF update is needed Signed-off-by: Jussi Kukkonen <[email protected]>
All other modules should be using our customized version so the rename should be ok: only trustroot module needs a single "import as" shenanigan. Signed-off-by: Jussi Kukkonen <[email protected]>
jku
force-pushed
the
trust-root-refactor
branch
from
2c23aa8 to
a314bbc
Compare
|
Reviewing now! @jku: mind doing an update/rebase? I'd do it myself, but that then causes problems with the number of required approvers. |
jku
commented
Jan 3, 2024
woodruffw
approved these changes
Jan 3, 2024
There was a problem hiding this comment.
LGTM!
@jku feel free to merge unless you'd like to address #844 (comment) in this PR; I'm fine either way 🙂
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
The purpose of this is to later enable both "--trust-root " and some sort of "--offline" functionality.
_internal.tufmodule is now used only from the new_internal.trustrootmodule_internal.tufto_internal.trustrootSome details
The main functional change as I see it is in TrustedRoot/TrustUpdater initialization. There are three possible scenarios (once this is exposed through UI):
This leads to some minor test changes but nothing too bad.
Release Note
No release notes, I think: This should not change API or cli at this point