tuf

package module
v0.0.0-...-8e84384 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 10, 2019 License: BSD-3-Clause Imports: 17 Imported by: 0

README

go-tuf Build Status

This is a Go implementation of The Update Framework (TUF), a framework for securing software update systems.

Directory layout

A TUF repository has the following directory layout:

.
├── keys
├── repository
│   └── targets
└── staged
    └── targets

The directories contain the following files:

  • keys/ - signing keys (optionally encrypted) with filename pattern ROLE.json
  • repository/ - signed manifests
  • repository/targets/ - hashed target files
  • staged/ - either signed, unsigned or partially signed manifests
  • staged/targets/ - unhashed target files

CLI

go-tuf provides a CLI for managing a local TUF repository.

Install
go get github.com/flynn/go-tuf/cmd/tuf
Commands
tuf init [--consistent-snapshot=false]

Initializes a new repository.

This is only required if the repository should not generate consistent snapshots (i.e. by passing --consistent-snapshot=false). If consistent snapshots should be generated, the repository will be implicitly initialized to do so when generating keys.

tuf gen-key [--expires=<days>] <role>

Prompts the user for an encryption passphrase (unless the --insecure-plaintext flag is set), then generates a new signing key and writes it to the relevant key file in the keys directory. It also stages the addition of the new key to the root manifest.

tuf add [<path>...]

Hashes files in the staged/targets directory at the given path(s), then updates and stages the targets manifest. Specifying no paths hashes all files in the staged/targets directory.

tuf remove [<path>...]

Stages the removal of files with the given path(s) from the targets manifest (they get removed from the filesystem when the change is committed). Specifying no paths removes all files from the targets manifest.

tuf snapshot [--compression=<format>]

Expects a staged, fully signed targets manifest and stages an appropriate snapshot manifest. It optionally compresses the staged targets manifest.

tuf timestamp

Stages an appropriate timestamp manifest. If a snapshot manifest is staged, it must be fully signed.

tuf sign ROLE

Signs the given role's staged manifest with all keys present in the keys directory for that role.

tuf commit

Verifies that all staged changes contain the correct information and are signed to the correct threshold, then moves the staged files into the repository directory. It also removes any target files which are not in the targets manifest.

tuf regenerate [--consistent-snapshot=false]

Recreates the targets manifest based on the files in repository/targets.

tuf clean

Removes all staged manifests and targets.

tuf root-keys

Outputs a JSON serialized array of root keys to STDOUT. The resulting JSON should be distributed to clients for performing initial updates.

For a list of supported commands, run tuf help from the command line.

Examples

The following are example workflows for managing a TUF repository with the CLI.

The tree commands do not need to be run, but their output serve as an illustration of what files should exist after performing certain commands.

Although only two machines are referenced (i.e. the "root" and "repo" boxes), the workflows can be trivially extended to many signing machines by copying staged changes and signing on each machine in turn before finally committing.

Some key IDs are truncated for illustrative purposes.

Create signed root manifest

Generate a root key on the root box:

$ tuf gen-key root
Enter root keys passphrase:
Repeat root keys passphrase:
Generated root key with ID 184b133f

$ tree .
.
├── keys
│   └── root.json
├── repository
└── staged
    ├── root.json
    └── targets

Copy staged/root.json from the root box to the repo box and generate targets, snapshot and timestamp keys:

$ tree .
.
├── keys
├── repository
└── staged
    ├── root.json
    └── targets

$ tuf gen-key targets
Enter targets keys passphrase:
Repeat targets keys passphrase:
Generated targets key with ID 8cf4810c

$ tuf gen-key snapshot
Enter snapshot keys passphrase:
Repeat snapshot keys passphrase:
Generated snapshot key with ID 3e070e53

$ tuf gen-key timestamp
Enter timestamp keys passphrase:
Repeat timestamp keys passphrase:
Generated timestamp key with ID a3768063

$ tree .
.
├── keys
│   ├── snapshot.json
│   ├── targets.json
│   └── timestamp.json
├── repository
└── staged
    ├── root.json
    └── targets

Copy staged/root.json from the repo box back to the root box and sign it:

$ tree .
.
├── keys
│   ├── root.json
├── repository
└── staged
    ├── root.json
    └── targets

$ tuf sign root.json
Enter root keys passphrase:

The staged root.json can now be copied back to the repo box ready to be committed alongside other manifests.

Add a target file

Assuming a staged, signed root manifest and the file to add exists at staged/targets/foo/bar/baz.txt:

$ tree .
.
├── keys
│   ├── snapshot.json
│   ├── targets.json
│   └── timestamp.json
├── repository
└── staged
    ├── root.json
    └── targets
        └── foo
            └── bar
                └── baz.txt

$ tuf add foo/bar/baz.txt
Enter targets keys passphrase:

$ tree .
.
├── keys
│   ├── snapshot.json
│   ├── targets.json
│   └── timestamp.json
├── repository
└── staged
    ├── root.json
    ├── targets
    │   └── foo
    │       └── bar
    │           └── baz.txt
    └── targets.json

$ tuf snapshot
Enter snapshot keys passphrase:

$ tuf timestamp
Enter timestamp keys passphrase:

$ tree .
.
├── keys
│   ├── snapshot.json
│   ├── targets.json
│   └── timestamp.json
├── repository
└── staged
    ├── root.json
    ├── snapshot.json
    ├── targets
    │   └── foo
    │       └── bar
    │           └── baz.txt
    ├── targets.json
    └── timestamp.json

$ tuf commit

$ tree .
.
├── keys
│   ├── snapshot.json
│   ├── targets.json
│   └── timestamp.json
├── repository
│   ├── root.json
│   ├── snapshot.json
│   ├── targets
│   │   └── foo
│   │       └── bar
│   │           └── baz.txt
│   ├── targets.json
│   └── timestamp.json
└── staged
Remove a target file

Assuming the file to remove is at repository/targets/foo/bar/baz.txt:

$ tree .
.
├── keys
│   ├── snapshot.json
│   ├── targets.json
│   └── timestamp.json
├── repository
│   ├── root.json
│   ├── snapshot.json
│   ├── targets
│   │   └── foo
│   │       └── bar
│   │           └── baz.txt
│   ├── targets.json
│   └── timestamp.json
└── staged

$ tuf remove foo/bar/baz.txt
Enter targets keys passphrase:

$ tree .
.
├── keys
│   ├── snapshot.json
│   ├── targets.json
│   └── timestamp.json
├── repository
│   ├── root.json
│   ├── snapshot.json
│   ├── targets
│   │   └── foo
│   │       └── bar
│   │           └── baz.txt
│   ├── targets.json
│   └── timestamp.json
└── staged
    └── targets.json

$ tuf snapshot
Enter snapshot keys passphrase:

$ tuf timestamp
Enter timestamp keys passphrase:

$ tree .
.
├── keys
│   ├── snapshot.json
│   ├── targets.json
│   └── timestamp.json
├── repository
│   ├── root.json
│   ├── snapshot.json
│   ├── targets
│   │   └── foo
│   │       └── bar
│   │           └── baz.txt
│   ├── targets.json
│   └── timestamp.json
└── staged
    ├── snapshot.json
    ├── targets.json
    └── timestamp.json

$ tuf commit

$ tree .
.
├── keys
│   ├── snapshot.json
│   ├── targets.json
│   └── timestamp.json
├── repository
│   ├── root.json
│   ├── snapshot.json
│   ├── targets.json
│   └── timestamp.json
└── staged
Regenerate manifests based on targets tree
$ tree .
.
├── keys
│   ├── snapshot.json
│   ├── targets.json
│   └── timestamp.json
├── repository
│   ├── root.json
│   ├── snapshot.json
│   ├── targets
│   │   └── foo
│   │       └── bar
│   │           └── baz.txt
│   ├── targets.json
│   └── timestamp.json
└── staged

$ tuf regenerate
Enter targets keys passphrase:

$ tree .
.
├── keys
│   ├── snapshot.json
│   ├── targets.json
│   └── timestamp.json
├── repository
│   ├── root.json
│   ├── snapshot.json
│   ├── targets
│   │   └── foo
│   │       └── bar
│   │           └── baz.txt
│   ├── targets.json
│   └── timestamp.json
└── staged
    └── targets.json

$ tuf snapshot
Enter snapshot keys passphrase:

$ tuf timestamp
Enter timestamp keys passphrase:

$ tree .
.
├── keys
│   ├── snapshot.json
│   ├── targets.json
│   └── timestamp.json
├── repository
│   ├── root.json
│   ├── snapshot.json
│   ├── targets
│   │   └── foo
│   │       └── bar
│   │           └── baz.txt
│   ├── targets.json
│   └── timestamp.json
└── staged
    ├── snapshot.json
    ├── targets.json
    └── timestamp.json

$ tuf commit

$ tree .
.
├── keys
│   ├── snapshot.json
│   ├── targets.json
│   └── timestamp.json
├── repository
│   ├── root.json
│   ├── snapshot.json
│   ├── targets
│   │   └── foo
│   │       └── bar
│   │           └── baz.txt
│   ├── targets.json
│   └── timestamp.json
└── staged
Update timestamp.json
$ tree .
.
├── keys
│   └── timestamp.json
├── repository
│   ├── root.json
│   ├── snapshot.json
│   ├── targets
│   │   └── foo
│   │       └── bar
│   │           └── baz.txt
│   ├── targets.json
│   └── timestamp.json
└── staged

$ tuf timestamp
Enter timestamp keys passphrase:

$ tree .
.
├── keys
│   └── timestamp.json
├── repository
│   ├── root.json
│   ├── snapshot.json
│   ├── targets
│   │   └── foo
│   │       └── bar
│   │           └── baz.txt
│   ├── targets.json
│   └── timestamp.json
└── staged
    └── timestamp.json

$ tuf commit

$ tree .
.
├── keys
│   └── timestamp.json
├── repository
│   ├── root.json
│   ├── snapshot.json
│   ├── targets
│   │   └── foo
│   │       └── bar
│   │           └── baz.txt
│   ├── targets.json
│   └── timestamp.json
└── staged
Modify key thresholds

TODO

Client

For the client package, see https://godoc.org/github.com/flynn/go-tuf/client.

For the client CLI, see https://github.com/flynn/go-tuf/tree/master/cmd/tuf-client.

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrInitNotAllowed = errors.New("tuf: repository already initialized")
	ErrNewRepository  = errors.New("tuf: repository not yet committed")
)

Functions

This section is empty.

Types

type CompressionType 

type CompressionType uint8
const (
	CompressionTypeNone CompressionType = iota
	CompressionTypeGzip
)

type ErrFileNotFound 

type ErrFileNotFound struct {
	Path string
}

func (ErrFileNotFound) Error 

func (e ErrFileNotFound) Error() string

type ErrInsufficientKeys 

type ErrInsufficientKeys struct {
	Name string
}

func (ErrInsufficientKeys) Error 

func (e ErrInsufficientKeys) Error() string

type ErrInsufficientSignatures 

type ErrInsufficientSignatures struct {
	Name string
	Err  error
}

func (ErrInsufficientSignatures) Error 

func (e ErrInsufficientSignatures) Error() string

type ErrInvalidExpires 

type ErrInvalidExpires struct {
	Expires time.Time
}

func (ErrInvalidExpires) Error 

func (e ErrInvalidExpires) Error() string

type ErrInvalidRole 

type ErrInvalidRole struct {
	Role string
}

func (ErrInvalidRole) Error 

func (e ErrInvalidRole) Error() string

type ErrKeyNotFound 

type ErrKeyNotFound struct {
	Role  string
	KeyID string
}

func (ErrKeyNotFound) Error 

func (e ErrKeyNotFound) Error() string

type ErrMissingMetadata 

type ErrMissingMetadata struct {
	Name string
}

func (ErrMissingMetadata) Error 

func (e ErrMissingMetadata) Error() string

type ErrNotEnoughKeys 

type ErrNotEnoughKeys struct {
	Role      string
	Keys      int
	Threshold int
}

func (ErrNotEnoughKeys) Error 

func (e ErrNotEnoughKeys) Error() string

type ErrPassphraseRequired 

type ErrPassphraseRequired struct {
	Role string
}

func (ErrPassphraseRequired) Error 

func (e ErrPassphraseRequired) Error() string

type LocalStore 

type LocalStore interface {
	GetMeta() (map[string]json.RawMessage, error)
	SetMeta(string, json.RawMessage) error

	// WalkStagedTargets calls targetsFn for each staged target file in paths.
	//
	// If paths is empty, all staged target files will be walked.
	WalkStagedTargets(paths []string, targetsFn targetsWalkFunc) error

	Commit(bool, map[string]int, map[string]data.Hashes) error
	GetSigningKeys(string) ([]sign.Signer, error)
	SavePrivateKey(string, *sign.PrivateKey) error
	Clean() error
}

func FileSystemStore 

func FileSystemStore(dir string, p util.PassphraseFunc) LocalStore

func MemoryStore 

func MemoryStore(meta map[string]json.RawMessage, files map[string][]byte) LocalStore

type Repo 

type Repo struct {
	// contains filtered or unexported fields
}

func NewRepo 

func NewRepo(local LocalStore, hashAlgorithms ...string) (*Repo, error)

func NewRepoIndent 

func NewRepoIndent(local LocalStore, prefix string, indent string, hashAlgorithms ...string) (*Repo, error)

func (*Repo) AddPrivateKey 

func (r *Repo) AddPrivateKey(role string, key *sign.PrivateKey) error

func (*Repo) AddPrivateKeyWithExpires 

func (r *Repo) AddPrivateKeyWithExpires(keyRole string, key *sign.PrivateKey, expires time.Time) error

func (*Repo) AddTarget 

func (r *Repo) AddTarget(path string, custom json.RawMessage) error

func (*Repo) AddTargetWithExpires 

func (r *Repo) AddTargetWithExpires(path string, custom json.RawMessage, expires time.Time) error

func (*Repo) AddTargets 

func (r *Repo) AddTargets(paths []string, custom json.RawMessage) error

func (*Repo) AddTargetsWithExpires 

func (r *Repo) AddTargetsWithExpires(paths []string, custom json.RawMessage, expires time.Time) error

func (*Repo) Clean 

func (r *Repo) Clean() error

func (*Repo) Commit 

func (r *Repo) Commit() error

func (*Repo) GenKey 

func (r *Repo) GenKey(role string) ([]string, error)

func (*Repo) GenKeyWithExpires 

func (r *Repo) GenKeyWithExpires(keyRole string, expires time.Time) ([]string, error)

func (*Repo) Init 

func (r *Repo) Init(consistentSnapshot bool) error

func (*Repo) RemoveTarget 

func (r *Repo) RemoveTarget(path string) error

func (*Repo) RemoveTargetWithExpires 

func (r *Repo) RemoveTargetWithExpires(path string, expires time.Time) error

func (*Repo) RemoveTargets 

func (r *Repo) RemoveTargets(paths []string) error

func (*Repo) RemoveTargetsWithExpires 

func (r *Repo) RemoveTargetsWithExpires(paths []string, expires time.Time) error

If paths is empty, all targets will be removed.

func (*Repo) RevokeKey 

func (r *Repo) RevokeKey(role, id string) error

func (*Repo) RevokeKeyWithExpires 

func (r *Repo) RevokeKeyWithExpires(keyRole, id string, expires time.Time) error

func (*Repo) RootKeys 

func (r *Repo) RootKeys() ([]*data.Key, error)

func (*Repo) RootVersion 

func (r *Repo) RootVersion() (int, error)

func (*Repo) SetSnapshotVersion 

func (r *Repo) SetSnapshotVersion(v int) error

func (*Repo) SetTargetsVersion 

func (r *Repo) SetTargetsVersion(v int) error

func (*Repo) SetTimestampVersion 

func (r *Repo) SetTimestampVersion(v int) error

func (*Repo) Sign 

func (r *Repo) Sign(name string) error

func (*Repo) Snapshot 

func (r *Repo) Snapshot(t CompressionType) error

func (*Repo) SnapshotVersion 

func (r *Repo) SnapshotVersion() (int, error)

func (*Repo) SnapshotWithExpires 

func (r *Repo) SnapshotWithExpires(t CompressionType, expires time.Time) error

func (*Repo) Targets 

func (r *Repo) Targets() (data.TargetFiles, error)

func (*Repo) TargetsVersion 

func (r *Repo) TargetsVersion() (int, error)

func (*Repo) Timestamp 

func (r *Repo) Timestamp() error

func (*Repo) TimestampVersion 

func (r *Repo) TimestampVersion() (int, error)

func (*Repo) TimestampWithExpires 

func (r *Repo) TimestampWithExpires(expires time.Time) error

Source Files

View all Source files

Directories

Path Synopsis
leveldbstore
cmd
tuf
tuf-client
Package encrypted provides a simple, secure system for encrypting data symmetrically with a passphrase.
 Package encrypted provides a simple, secure system for encrypting data symmetrically with a passphrase.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.