Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Rework python scripts structure #4

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Rework python scripts structure #4

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
139 changes: 66 additions & 73 deletions Pipfile.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

25 changes: 24 additions & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1,24 @@
# example-repository-offline
# Example Repository

This repository is a first python3-based proof-of-concept to
set up a server-side repository as an example.


## Setup for Python 3.9

pipenv install

## Usage

Setting up a new repo: './init.py'

Adding a target to a repo: './add_target.py /path/to/my-file.tar.gz project-name/my-file.tar.gz'

Removing an existing target from the repo: './remove_target.py project-name/my-file.tar.gz'

## Next steps

* Make the basic folders and paths configurable via argv
* Set up the keys outside of the folders
* Add commands for removing / invalidating keys
* Consider hashed bins
55 changes: 23 additions & 32 deletions add_target.py
100644 → 100755
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,37 +1,28 @@
# Set up new repository
#!/usr/bin/env python3

from tuf import repository_tool as rt
import os
import shutil
# Load a target file into an existing Repository

# import our own "utils" module
from utils import *
import sys
from os import *

def loadkey(filename):
pathpriv = 'tufkeystore/{}_key'.format(filename)
pathpub = '{}.pub'.format(pathpriv)
public_key = rt.import_ed25519_publickey_from_file(pathpub)
private_key = rt.import_ed25519_privatekey_from_file(password='pw', filepath=pathpriv)
return (public_key, private_key)
# base variables,
# @todo should be configurable via argv
basefolder = 'tuf-testrepo'
keystore = 'tufkeystore'
reponame = 'tufrepo'

def add_target(repo_dir, target):
os.chdir(repo_dir)
repository = rt.load_repository('tufrepo')
(public_root_key, private_root_key) = loadkey('root')
(public_targets_key, private_targets_key) = loadkey('targets')
(public_snapshots_key, private_snapshots_key) = loadkey('snapshot')
(public_timestamps_key, private_timestamps_key) = loadkey('timestamp')
#repository.root.add_verification_key(public_root_key)
repository.root.load_signing_key(private_root_key)
# Add additional roles
#repository.targets.add_verification_key(public_targets_key)
repository.targets.load_signing_key(private_targets_key)
#repository.snapshot.add_verification_key(public_snapshots_key)
repository.snapshot.load_signing_key(private_snapshots_key)
#repository.timestamp.add_verification_key(public_timestamps_key)
repository.timestamp.load_signing_key(private_timestamps_key)
repository.status()
repository.targets.add_targets([target])
# Make it so (consistently)
repository.mark_dirty(['root', 'snapshot', 'targets', 'timestamp'])
repository.writeall(consistent_snapshot=True)
absolute_source = sys.argv[1]
absolute_source = os.path.abspath(absolute_source)
target_location = sys.argv[2]
absolute_target = os.path.abspath(os.path.join(basefolder, reponame, 'targets', target_location));

add_target('tuf-testrepo', 'my-file.txt')
print('Load existing TUF repository')
repository = tuf.load_repo(basefolder, reponame)

print('Load signing keys into repo')
tuf.load_signing_keys_into_repo(repository, keystore)

print('Adding target ', target_location, ' to repo')
tuf.add_target(repository, target_location, absolute_source, absolute_target)
48 changes: 12 additions & 36 deletions init.py
100644 → 100755
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,40 +1,16 @@
# Set up new repository
#!/usr/bin/env python3

from tuf import repository_tool as rt
import os
import shutil
# Set up new repository
# should only be called once

# shorthand to create keypairs
def write_and_import_keypair(filename):
pathpriv = 'tufkeystore/{}_key'.format(filename)
pathpub = '{}.pub'.format(pathpriv)
rt.generate_and_write_ed25519_keypair(password='pw', filepath=pathpriv)
public_key = rt.import_ed25519_publickey_from_file(pathpub)
private_key = rt.import_ed25519_privatekey_from_file(password='pw', filepath=pathpriv)
return (public_key, private_key)
# import our own "utils" module
from utils import *
import sys

# shorthand to create full repo with all keys, only do this once
def create_repo(repo_dir):
os.mkdir(repo_dir)
os.chdir(repo_dir)
(public_root_key, private_root_key) = write_and_import_keypair('root')
(public_targets_key, private_targets_key) = write_and_import_keypair('targets')
(public_snapshots_key, private_snapshots_key) = write_and_import_keypair('snapshot')
(public_timestamps_key, private_timestamps_key) = write_and_import_keypair('timestamp')
# Bootstrap Repository
repository = rt.create_new_repository("tufrepo", repo_dir)
repository.root.add_verification_key(public_root_key)
repository.root.load_signing_key(private_root_key)
# Add additional roles
repository.targets.add_verification_key(public_targets_key)
repository.targets.load_signing_key(private_targets_key)
repository.snapshot.add_verification_key(public_snapshots_key)
repository.snapshot.load_signing_key(private_snapshots_key)
repository.timestamp.add_verification_key(public_timestamps_key)
repository.timestamp.load_signing_key(private_timestamps_key)
repository.status()
# Make it so (consistently)
repository.mark_dirty(['root', 'snapshot', 'targets', 'timestamp'])
repository.writeall(consistent_snapshot=True)
# base variables, should be configurable via argv
basefolder = 'tuf-testrepo'
# keystore folder is expected to be put inside the repo folder
keystore = 'tufkeystore'
reponame = 'tufrepo'

create_repo('tuf-testrepo')
create_repo(basefolder, keystore, reponame)
26 changes: 26 additions & 0 deletions remove_target.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
#!/usr/bin/env python3

# Removes an existing target file from a repository

# import our own "utils" module
from utils import *
import sys
from os import *

# base variables,
# @todo should be configurable via argv
basefolder = 'tuf-testrepo'
keystore = 'tufkeystore'
reponame = 'tufrepo'

target_location = sys.argv[1]
absolute_target = os.path.abspath(os.path.join(basefolder, reponame, 'targets', target_location));

print('Load existing TUF repository')
repository = load_repo(basefolder, reponame)

print('Load signing keys into repo')
load_signing_keys_into_repo(repository, keystore)

print('Removing target ', target_location, ' from repo')
remove_target(repository, target_location, absolute_target)
Loading