Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added TAP for TUF Version Management #107

Merged
merged 41 commits into from
Aug 18, 2020
Merged
Changes from 1 commit
Commits
Show all changes
41 commits
Select commit Hold shift + click to select a range
950dc60
added TAP 12 draft
mnm678 Dec 20, 2018
cc9f318
clarified client update
mnm678 Jan 7, 2019
1622a14
removed tap number for draft tap
mnm678 Mar 19, 2019
b348546
added clarifications about location of version numbers and semantic v…
mnm678 May 2, 2019
a80ab21
add intermediate root metadata for root metadata format changes
mnm678 May 22, 2019
03f7e59
added details and clarifications
mnm678 Jun 5, 2019
8c4c1a3
minor edits
mnm678 Jun 6, 2019
6de5c5d
fix link
mnm678 Jun 6, 2019
0b71af6
Added detail and reorganized sections
mnm678 Jun 10, 2019
2c3fcd9
clarifications and link to implementation
mnm678 Jul 4, 2019
1375ce5
added clarifications and example about how spec-version updates are h…
mnm678 Jul 5, 2019
156897b
minor edits
mnm678 Jul 5, 2019
0c178cf
Changes to address special cases.
mnm678 Jul 15, 2019
4bb95ee
Added use cases and description of directory structure
mnm678 Jul 22, 2019
87d57c2
clarifications and minor edits
mnm678 Aug 20, 2019
48cc83a
added some description
mnm678 Aug 22, 2019
986b3e3
added clarifications and grammar fixes
mnm678 Aug 26, 2019
f5999be
fix backward compatibility description
mnm678 Aug 27, 2019
3055189
add more rationale
mnm678 Oct 3, 2019
124e82f
add clarifications and security analysis
mnm678 Oct 8, 2019
468c6b8
Formatting changes
mnm678 Oct 10, 2019
2b7e8d7
clarifications to the multiple repositories case
mnm678 Oct 18, 2019
c9912d5
rework intro sections
mnm678 Oct 31, 2019
c1921b7
minor edits and fixes to abstract and rationale
mnm678 Nov 6, 2019
5ba968f
Apply suggestions from code review
mnm678 Jan 3, 2020
30202de
Added clarification based on review.
mnm678 Jan 3, 2020
9790a0c
Apply suggestions from code review
mnm678 Jan 14, 2020
4cee0bd
Added clarifications based on review. Especially:
mnm678 Jan 23, 2020
e927183
Add clarifications, especially:
mnm678 Feb 10, 2020
3f78127
Apply suggestions from code review
mnm678 Jul 9, 2020
cb81016
Update example as TUF is on version 1.0.x
mnm678 Jul 16, 2020
817e993
spec to specification and other minor edits for consistency and accuracy
mnm678 Jul 20, 2020
161db51
update with semantic versioning implementation link
mnm678 Jul 20, 2020
f218b82
add deprecation_timestamp field for targets metadata
mnm678 Jul 20, 2020
94183f9
Apply suggestions from code review
mnm678 Jul 21, 2020
d75e5c9
replace deprecation_timestamp with becomes_obsolete
mnm678 Jul 21, 2020
3fe4e52
additionally add becomes_obsolete to the timestamp metadata
mnm678 Jul 21, 2020
a6b3105
move becomes_obsolete to root
mnm678 Jul 24, 2020
b5d3bd9
Add clarifications from review
mnm678 Aug 6, 2020
b6b04e9
Add TAP number 14 to the version management TAP
mnm678 Aug 7, 2020
c933d87
Merge branch 'master' into tuf-versions
mnm678 Aug 7, 2020
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
added clarifications and example about how spec-version updates are h…
…andled by a repository
mnm678 committed Jul 5, 2019
commit 1375ce5bb98a47ee0d5b66da81cc763e28a9e611
16 changes: 15 additions & 1 deletion candidate-tuf-versions.md
Original file line number Diff line number Diff line change
@@ -47,7 +47,21 @@ If a minor version or patch of the spec-version does not match, the client shoul

## How a Repository updates to a new spec-version

If there are no changes to the root metadata format or metadata encoding, the repository simply creates and signs a new root metadata file that includes the new spec-version. If the root metadata format changes in any way, the repository must create two root metadata files. The first is formatted using the old specification, but includes the new spec-version. The second Is formatted using the new specification and the new spec-version. All other metadata files and images are handled as described in the specification.
The repository handles updating to a new spec-version in one of two ways, depending on whether there are any changes to the format of root metadata.

For minor or fix version updates, or for any major version updates that do not affect root metadata, the repository simply creates and signs a new root metadata file that includes the new spec-version. To do this, the repository manager would create a new root metadata file and fill out all of the information, including the new spec-version. This file would then be signed by the root role and uploaded to the repository. Clients performing and update will download this root file and update to a new version as described in [Procedure](#procedure) before performing an update.

For major changes in which the root metadata format changes in any way, the repository must create two root metadata files. The first is formatted using the old specification, but includes the new spec-version. The second is formatted using the new specification and the new spec-version. More specifically if a repository is updating from version 2.5.1 to version 3.0.0 and the current root file is named 10.root.json (using consistent snapshots), the following steps must be performed:

* Create a new root metadata file, 11.root.json, that includes all required fields and formatting for version 2.5.1, except that the spec-version field lists version 3.0.0. This file will not be used to perform updates.
* Sign 11.root.json with the root key.
* Create a new root metadata file, 12.root.json, that includes all required fields and formatting for version 3.0.0, including a spec-version of 3.0.0.
* Sign 12.root.json with the root key.
* Upload the signed 11.root.json and 12.root.json to the repository at the same time.

After these steps are performed, a client performing an update will download 11.root.json and update to spec-version 3.0 as described in [Procedure](#procedure). The client will then download 12.root.json, and seeing that this is the last available root file, the client will proceed with the update.

For both of these cases, all other metadata files and images are handled as described in the specification.

## Changes to TAPs
TAPs shall be tied to a version of the TUF specification. Once a TAP is accepted the header should be updated to include the first TUF version that will include the TAP. The Preamble Header description in TAP 1 shall be updated to include this field.