Contains tasks mainly for testing purposes
Here's the document I mentioned that you should read: https://github.com/theupdateframework/tuf/tree/develop/tuf#repository-management
It will be helpful if you install TUF and try out the examples listed in the "Repository Management" document.
I have two tasks you can try after you've read the documentation. Task one involves generating a repository and performing a client update. The client update is performed by a client module that you write. The second task requests that you add code and modify two or more modules to support a feature. The expected content of the repository, and information about the feature to support is provided below.
Task I.
(a) Create a repository.
Create a repository that contains four top-level roles (required), three delegated roles named "targets/unclaimed", "targets/claimed", and "targets/claimed/foo". In addition, create sixteen hashed bins, where the parent role is "targets/unclaimed/". See the repository tool documentation for how this may be accomplished: https://github.com/theupdateframework/tuf/tree/develop/tuf#repository-management
Here is a list of the roles that should exist in the repository that you create.
root.json snapshot.json timestamp.json targets.json
targets/claimed.json targets/claimed/foo.json targets/unclaimed.json
targets/unclaimed/0.json targets/unclaimed/1.json targets/unclaimed/2.json targets/unclaimed/3.json targets/unclaimed/4.json targets/unclaimed/5.json targets/unclaimed/6.json targets/unclaimed/7.json targets/unclaimed/8.json targets/unclaimed/9.json targets/unclaimed/a.json targets/unclaimed/b.json targets/unclaimed/c.json targets/unclaimed/d.json targets/unclaimed/e.json targets/unclaimed/f.json
You should add target files (may contain anything) to the following roles:
targets.json: README.txt
targets/claimed/foo.json: foo.tar.gz
targets/unclaimed.json: Does not provide any target files.
targets/unclaimed/X.json: bar.tar.gz
(b) Perform a client update.
Write a client update module that imports tuf.client.updater.py and downloads target files from the repository generated in Task I (a). Here is an outline of the update process
- Ensure the client begins with only a "root.json" file before the update process is requested.
- Refresh top-level metadata.
- Fetch the target files of each role role separately.
- Send me (or make it available on Github) the "tuf.log" generated by the update process, the repository data, and the client update module that you write.
Task II.
"tuf.client.updater.py" imports the keydb.py and roledb.py modules to keep track of keys and roles loaded by an updater object that a software updater integrating TUF instantiates. Recognizing keys and roles belonging to multiple updater objects does not work, however, because they assume any role and key was performed by a single updater object. In other words, the following might not work as expected:
updater1 = tuf.client.updater.Updater('updater1', repository_mirrors) updater2 = tuf.client.updater.Updater('updater2', repository_mirrrors_2)
Modify the "roledb.py" and "keydb.py" modules so that they keep track of the keys and roles belonging to one or more updater objects that may be defined by the software update system.