Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support custom metadata objects. #100

Merged
merged 11 commits into from
Feb 6, 2024
Merged

Support custom metadata objects. #100

merged 11 commits into from
Feb 6, 2024

Conversation

dennisvang
Copy link
Owner

Custom metadata as described in the TUF spec can be specified when adding a new bundle to a repository, for example:

...
repo.add_bundle(
    new_version='2.3.4',
    new_bundle_dir='dist/myapp',
    custom_metadata_for_archive=None,  # optional
    custom_metadata_for_patch=dict(foo='bar', ...),  # optional
)
...

The custom metadata ends up in the targets.json file as follows:

{
  "signatures": [
    "..."
  ],
  "signed": {
    "...": "...",
    "targets": {
      "...": {},
      "myapp-2.3.4.patch": {
        "custom": {
          "foo": "bar"
        },
        "hashes": {
          "sha256": "..."
        },
        "length": 18709
      },
      "...": {}
    }
  }
}

On the client side, this metadata is made available via the TargetMeta class. For example,

...
new_target_meta = client.check_for_updates()
if new_target_meta:
    ...
    if new_target_meta.custom:
        ...

fixes #99

and assign data from the targets in Client.trusted_target_metas
Introduces an _immutable() function that handles the basic mutable sequence types.
This is necessary because the new TargetMeta.custom attribute contains a dict, possibly with other nested mutable items.
@dennisvang dennisvang merged commit ef3fbad into master Feb 6, 2024
17 checks passed
@dennisvang dennisvang deleted the issue99 branch February 6, 2024 13:28
@dennisvang
Copy link
Owner Author

Note the CLI does not support custom metadata yet.

We could introduce an extra CLI option that allows the user to specify a summary message, for example.

Although possible, I think anything more complex, like writing json on the command line, would become cumbersome and error prone.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

add support for custom object in tuf targets metadata
1 participant