{
    "info": {
        "author": "Corey Minyard",
        "author_email": "cminyard@mvista.com",
        "bugtrack_url": null,
        "classifiers": [
            "License :: OSI Approved :: MIT License",
            "Operating System :: OS Independent"
        ],
        "description": "# tuf_manifest\n\nThis package provided authenticated delivery of files using manifest\nfiles for specifying what to deliver.\n\nEach manifest file version is numbered sequentially from 1.  The\ntarget will keep track of the last manifest file transferred (using 1\nfor the initial version).  When it checks the repository, it will\nattempt to transfer new manifest files by version number until it\nfinds the last one.  The target will then compare it to it's last\nmanifest file.  It will transfer any new or updated files, create\na list of new, updated, and deleted files, and transfer that to\nanother tool to do the actual updating.\n\nThe manifest file will be a file that is list of names and versions\nand filenames, one set on each line.\n\n## How to use this\n\nThis code should make it easier to handle delivery of update content\nusing tuf.  tuf itself is not an updater, it is an authenticated file\ntransfer mechanism.  This code takes it a step closer to being an\nupdate mechanism by automatically transferring files required for an\nupdate and calling a program with those file names and whether they\nare new or need to be updated.  It also supplies names that have been\ndeleted.\n\n### Delivery types\n\nThree possible ways this can be used: package delivery, update deltas,\nand full update delivery.\n\n#### Package delivery\n\nFor updates involving a package management system like RPM or dpkg,\neach manifest file will contain all the packages to be installed on\nthe target for that version.  When a new manifest file comes out, the\nupdate handler program will be called by tuf-manifest will packages to\nbe added, updated, and deleted.  These files will already be\ndownloaded and ready, it's just a matter of applying them.\n\nThe difficulty here comes in the manifest management.  But build\nsystems like yocto can automatically generate these types of manifests\nfrom the build.\n\nFor atomicity, something like rpm-ostree can make the updates install\natomically to avoid issues with reboots or shutdowns during an update.\n\n#### Update deltas\n\nFor updates that involve a blob being applied to be appended to an\nexisting install, like an ostree binary or clear linux update, each\nmanifest will have all the previous installs plus the new update\nappended to the end.  tuf-manifest will call the update handler with\nall the new updates to be installed, already downloaded and ready.\n\n#### Full updates\n\nFor full image updates, each manifest will have one file (or a set of\nfiles if multiple images are involved) in it: the update file(s) with\nthe same name(s) and a new version.  tuf-manifest will deliver the\nupdate to the update handler.\n\n### Setting up the repo host\n\nThe first thing you need to do is create a TUF repo.  This is not\ncovered here, it is a complex task whose steps depend on your security\nrequirements.  See the TUF documentation for that.\n\nAfter you have an initial repo created, you need the tufrepo and keys\n(without the root keys, of course, for best security).\n\nYou also need to create a manifest file in the form:\n\n  <packagename> <version> <filename>\n\nOne line per package.  The filename is not the full path to the file,\njust the name.  You need to have all the files someplace, too.\n\nThe manifest file put into the repository, too, so it's name is\nimportant.  It must match what the client has set in its configuration\nfile, and it must end in a .<num> that is sequentially increasing from 1.\nThe client looks for the filename.<num> sequentially from it's current\nsetting, so this is important.\n\nOnce you have everything ready, run:\n\n  gitm-repo --load-manifest --manifest <manifest file> \\\n      --manifest-dir <directories where the files are>\n\nThe files are loaded into the manifest.\n\nSo, for a simple example, lets say we have the following manifest file:\n\n  a 1.0 a-1.0.pack\n  a-info 1.0 a-info-1.0.txt\n\nin $HOME/builda/manifest.1, and we have $HOME/builda/files/a-1.0.pack\nand $HOME/builda/info/a-info-1.0.txt.  You would cd to the repository\nand run:\n\n  tufm-repo --load-manifest --manifest $HOME/builda/manifest.1 \\\n      --manifest-dir $HOME/builda/files $HOME/builda/info\n\nand a-1.0.pack and a-info-1.0.txt will be put into the repository.\n\nIf you come out with a new version, you need to create the next\nmanifest file version for it, lets say:\n\n  a 1.0 a-1.0.pack\n  b 2.0 b-2.0.pack\n  b-info 2.0 b-info-2.0.txt\n\nand name it $HOME/builda/manifest.2.  Then run:\n\n  tufm-repo --load-manifest --manifest $HOME/builda/manifest.1 \\\n      --manifest-dir $HOME/builda/files $HOME/builda/info\n\nand b-2.0.pack and b-info-2.0.txt will be added.  Note that\na-info-1.0.txt will not be deleted from the repository, it's just not\nin the second manifest.  When the client fetches manifest.2, it will\nsee that a-info is gone and b and b.info are added.\n\n#### Maintaining timestamps in the repo\n\nThe file timestamps for the timestamp and snapshot file expire often\nby default, 1 day for timestamp and 7 days for snapshots.  The\nstandard repo command from tuf does not have a method to update this,\nso tufm-repo has added one.  Do:\n\n  tufm-repo --update-timestamp --role <role> --expires <time>\n\nto get a new timestamp for the given role.  --expires takes either\n+<n>[dwy] for a relative day/week/year or seconds if no suffix, or an\niso8601 date.\n\n### Setting up the target\n\nOn the client side you need some files on the filesystem for\nconfiguration and current states.  These are the default name, the\nconfig file can be overridden on the command line and the other\nfilenames can be overridden in the config file.\n\n#### /etc/tuf-manifest.conf\n\nThe format of this file is:\n\n    [Manifest]\n    vardir=/var/tuf-manifest\n    numfile=<vardir>/num\n    repodir=<vardir>\n    filedir=<vardir>/files\n    url=<user must set this>\n    filebase=manifest\n    handler=<user must set this>\n\nThe only things required in the configuration file are the url of the\ntuf server and the handler, which is the program that gets executed\nwith the new, updated, and deleted files.\n\nFor the non-required items, the default are shown above.\n\nvardir is the base location for the tuf-manifest files.\n\nThe numfile is a file holding the current manifest number.  If\nthis class successfully does an update, the new manifest number will\nbe written into this file.\n\nThe repodir is the directory where tufrepo resides (which holds\nthe metadata).\n\nThe filedir is where the files (inlcuding the manifests) are\ndownloaded to.  Note that after the handler finishes its execution,\nit is free to delete all the files in this directory, though leaving\nthe manifests around will speed things up a little bit.\n\nfilebase sets the manifest filename (without the \".<number>\"\nappended).  You can change the manifest filename for clarity, and to\nallow multiple release streams for different things to be held in the\nsame repository.\n\nThe handler is a program that will receive the list of files.  The\nfirst argument is a space-seperated list of new files (full path), the\nsecond is a space-separated list of updated files (full path), and the\nthird is a space-separated list of package names (no filename or path)\nthat were deleted.  If the handler returns success, this class will\nassume the update is successful and update to the new manifest number.\nIf it returns failure, it will leave the manifest number alone.\n\n#### /var/tuf-manifest/num\n\nHolds the current manifest number installed.  It is a python config\nfile format, like:\n\n    [Manifest]\n    curr_manifest=<n>\n\nIt is updated when new manifests are installed.\n\n#### /var/tuf-manifest/tufrepo\n\nThis is the tufrepo dir from the tufclient directory where the repo is\ncreated.  It holds the client metadata and is updated with new\nmetadata as that becomes available.\n\n#### /var/tuf-manifest/files\n\nThis is where the files are downloeded to.\n\n### Target operation\n\nOn the target, just periodically run \"tufm-client\" and it will do the\nrest.  You should log the output of this command and any subcommands\nand report an issue if it return an error.",
        "description_content_type": "",
        "docs_url": null,
        "download_url": "",
        "downloads": {
            "last_day": -1,
            "last_month": -1,
            "last_week": -1
        },
        "home_page": "https://github.com/MontaVista-OpenSourceTechnology/tuf_manifest",
        "keywords": "",
        "license": "",
        "maintainer": "",
        "maintainer_email": "",
        "name": "tuf_manifest",
        "package_url": "https://pypi.org/project/tuf_manifest/",
        "platform": "",
        "project_url": "https://pypi.org/project/tuf_manifest/",
        "project_urls": {
            "Homepage": "https://github.com/MontaVista-OpenSourceTechnology/tuf_manifest"
        },
        "release_url": "https://pypi.org/project/tuf_manifest/0.0.3/",
        "requires_dist": null,
        "requires_python": "",
        "summary": "A layer on top of tuf to provide file delivery with manifests",
        "version": "0.0.3"
    },
    "last_serial": 5309343,
    "releases": {
        "0.0.3": [
            {
                "comment_text": "",
                "digests": {
                    "md5": "874bdcf202b54a2742db7023b8fddc16",
                    "sha256": "b62234aca76ba4d84558b0ed5b6498c79287780611e54378488b3e84407a8905"
                },
                "downloads": -1,
                "filename": "tuf_manifest-0.0.3.tar.gz",
                "has_sig": false,
                "md5_digest": "874bdcf202b54a2742db7023b8fddc16",
                "packagetype": "sdist",
                "python_version": "source",
                "requires_python": null,
                "size": 10375,
                "upload_time": "2019-05-23T20:23:42",
                "url": "https://files.pythonhosted.org/packages/58/7f/8f6fd92a438b44cd16eddf735cfafb723c72cbfad5f240bf7072c2b66e96/tuf_manifest-0.0.3.tar.gz"
            }
        ]
    },
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "md5": "874bdcf202b54a2742db7023b8fddc16",
                "sha256": "b62234aca76ba4d84558b0ed5b6498c79287780611e54378488b3e84407a8905"
            },
            "downloads": -1,
            "filename": "tuf_manifest-0.0.3.tar.gz",
            "has_sig": false,
            "md5_digest": "874bdcf202b54a2742db7023b8fddc16",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": null,
            "size": 10375,
            "upload_time": "2019-05-23T20:23:42",
            "url": "https://files.pythonhosted.org/packages/58/7f/8f6fd92a438b44cd16eddf735cfafb723c72cbfad5f240bf7072c2b66e96/tuf_manifest-0.0.3.tar.gz"
        }
    ]
}