Roadmap for cli tools: repo.py, client.py #881
Labels
client
Related to the client (updater) implementation
discussion
Discussions related to the design, implementation and operation of the project
repository
Related to the repository implementation
Milestone
Comments
|
I think we should just remove these old document and code altogether. I think it confuses people more than it does help them. What do others think? |
|
On Tue, May 28, 2019 at 07:32:34PM +0000, Trishank K Kuppusamy wrote:
I think we should just remove these old document and code altogether. I think it confuses people more than it does help them. What do the others think/
I would disagree strongly.
The client code was useful as a reference. It's not terribly useful on
it's own, but it could be used for some basic testing.
The repo code is useful in a lot of ways:
* The level of abstraction in TUF currently is fairly low. This has a
couple of bad side effects:
- Everyone will re-create the same code over and over again.
- People will get things wrong.
- People won't use it because it's too hard to use.
If you have a good level of abstraction, it makes things a lot easier.
For instance, there is no "add this set of files to the repository as
this role" function. But that is something that everyone who uses it
will do. And it really doesn't vary much between users.
The repo code kind of has that, but it's not exactly intended for
that purpose.
* As I mentioned before, what people will be doing on the repo side
won't vary much. It would be nice if all TUF users could have a
single UI for basic repository functions.
* Users are going to want to wrap things with shell scripts. Not everyone
want's to dig into python, and it's not necessary when you have a tool
with a good UI.
* It's useful as example code, of course.
IMHO, the higher level of API abstraction should be split out of the repo
code, cleaned up, and extended. Then a repo tool that is thought through
well should be created on top of it in a way that it can be extended by
others. The current repo interface isn't too bad, but it could be
improved.
I agree that the current situation is not ideal, but I don't think just
deleting the code is the right direction.
…-corey
|
|
@cminyard I don't disagree with you, but I think as a compromise we could move this code and documentation elsewhere. Does that sound agreeable to you? |
|
On Tue, May 28, 2019 at 02:14:44PM -0700, Trishank K Kuppusamy wrote:
@cminyard I don't disagree with you, but I think as a compromise we could move this code and documentation elsewhere. Does that sound agreeable to you?
I am using the repo code, it means that I will have to basically have to
duplicate it until something comes along that I can use. It's not an
ideal situation, but I'm ok with it.
You could move it down one level into the tuf directory. It could be
used, but not directly as a script. I'm not sure that would accomplish
what you want, though, as it would mean it would become a more formal
part of the API. Yeah, that's probably not a good idea.
BTW, I didn't find it confusing. It's really nice to be able to play with
a repo without having to write any code, just to get a feel of how it's
supposed to work. I was confused that it didn't have a timestamp update
function as an example and thought I was missing something, but that's
about it.
…-corey
|
|
Thanks for chiming in, @trishankatdatadog and @cminyard! Here are my 2 cents.
yes! Let's try to identify what parts, currently in
yes. The cli script(s) could live in a separate repo, e.g. |
|
@lukpueh |
|
Consider re-visiting related stale PRs, when addressing this issue:
Same goes for CLI-related issues:
|
|
@Silvanoc kindly provided the following bug reports related to
|
This was referenced Jun 11, 2020
Merged
Closed
2 tasks
|
More issues with the the cli tools, kindly reported by @Jakeler:
|
|
Maybe we should add a disclaimer to the cli tool docs that references this collection of issues. And maybe we should create an issue label instead of listing the issues here. :) |
How is the current state, has someone already looked at this? |
Not directly missing, but we are in the process of planning a larger refactor of repository_tool and repository_lib, which should also make it a lot easier to build a command line interface. We will update about the status of the planned work here too. |
joshuagl
added
client
3 tasks
lukpueh
added a commit
to lukpueh/tuf
that referenced
this issue
Nov 6, 2020
secure-systems-lab/securesystemslib#288 changes the key generation interface functions in such a way that it is clear if a call opens a blocking prompt, or writes the key unencrypted. To do this two functions are added per key type: - `generate_and_write_*_keypair_with_prompt` - `generate_and_write_unencrypted_*_keypair` The default `generate_and_write_*_keypair` function now only allows encrypted keys and only using a passed password. This respects the principle of secure defaults and least surprise. sslib#288 furthermore adds a protected `_generate_and_write_*_keypair`, which is not exposed publicly because it does not encrypt by default, but is more flexible and thus convenient e.g. to consume all arguments from a key generation command line tool such as 'repo.py'. This commit adds the new public functions to the tuf namespace and adopts their usage accordingly. NOTE regarding repo.py: This commit does not fix any problematic password behavior of 'repo.py' like default passwords, etc. (see theupdateframework#881). It only adopts the sslib#288 changes to maintain the current behvior, plus removing one glaringly obsolete password prompt. NOTE regarding key import: The securesystemslib private key import functions were also changed to no longer auto-prompt for decryption passwords , TUF, however, only exposes custom wrappers (see repository_lib) that do auto-prompt. sslib#288 changes to the prompt texts are nevertheless propagated to tuf and reflected in this commit. Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
lukpueh
added a commit
to lukpueh/tuf
that referenced
this issue
Nov 9, 2020
secure-systems-lab/securesystemslib#288 changes the key generation interface functions in such a way that it is clear if a call opens a blocking prompt, or writes the key unencrypted. To do this two functions are added per key type: - `generate_and_write_*_keypair_with_prompt` - `generate_and_write_unencrypted_*_keypair` The default `generate_and_write_*_keypair` function now only allows encrypted keys and only using a passed password. This respects the principle of secure defaults and least surprise. sslib#288 furthermore adds a protected `_generate_and_write_*_keypair`, which is not exposed publicly because it does not encrypt by default, but is more flexible and thus convenient e.g. to consume all arguments from a key generation command line tool such as 'repo.py'. This commit adds the new public functions to the tuf namespace and adopts their usage accordingly. NOTE regarding repo.py: This commit does not fix any problematic password behavior of 'repo.py' like default passwords, etc. (see theupdateframework#881). It only adopts the sslib#288 changes to maintain the current behvior, plus removing one glaringly obsolete password prompt. NOTE regarding key import: The securesystemslib private key import functions were also changed to no longer auto-prompt for decryption passwords , TUF, however, only exposes custom wrappers (see repository_lib) that do auto-prompt. sslib#288 changes to the prompt texts are nevertheless propagated to tuf and reflected in this commit. Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
lukpueh
added a commit
to lukpueh/tuf
that referenced
this issue
Nov 11, 2020
secure-systems-lab/securesystemslib#288 changes the key generation interface functions in such a way that it is clear if a call opens a blocking prompt, or writes the key unencrypted. To do this two functions are added per key type: - `generate_and_write_*_keypair_with_prompt` - `generate_and_write_unencrypted_*_keypair` The default `generate_and_write_*_keypair` function now only allows encrypted keys and only using a passed password. This respects the principle of secure defaults and least surprise. sslib#288 furthermore adds a protected `_generate_and_write_*_keypair`, which is not exposed publicly because it does not encrypt by default, but is more flexible and thus convenient e.g. to consume all arguments from a key generation command line tool such as 'repo.py'. This commit adds the new public functions to the tuf namespace and adopts their usage accordingly. NOTE regarding repo.py: This commit does not fix any problematic password behavior of 'repo.py' like default passwords, etc. (see theupdateframework#881). It only adopts the sslib#288 changes to maintain the current behvior, plus removing one glaringly obsolete password prompt. NOTE regarding key import: The securesystemslib private key import functions were also changed to no longer auto-prompt for decryption passwords , TUF, however, only exposes custom wrappers (see repository_lib) that do auto-prompt. sslib#288 changes to the prompt texts are nevertheless propagated to tuf and reflected in this commit. Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
lukpueh
added a commit
to lukpueh/tuf
that referenced
this issue
Nov 11, 2020
secure-systems-lab/securesystemslib#288 changes the key generation interface functions in such a way that it is clear if a call opens a blocking prompt, or writes the key unencrypted. To do this two functions are added per key type: - `generate_and_write_*_keypair_with_prompt` - `generate_and_write_unencrypted_*_keypair` The default `generate_and_write_*_keypair` function now only allows encrypted keys and only using a passed password. This respects the principle of secure defaults and least surprise. sslib#288 furthermore adds a protected `_generate_and_write_*_keypair`, which is not exposed publicly because it does not encrypt by default, but is more flexible and thus convenient e.g. to consume all arguments from a key generation command line tool such as 'repo.py'. This commit adds the new public functions to the tuf namespace and adopts their usage accordingly. NOTE regarding repo.py: This commit does not fix any problematic password behavior of 'repo.py' like default passwords, etc. (see theupdateframework#881). It only adopts the sslib#288 changes to maintain the current behvior, plus removing one glaringly obsolete password prompt. NOTE regarding key import: The securesystemslib private key import functions were also changed to no longer auto-prompt for decryption passwords , TUF, however, only exposes custom wrappers (see repository_lib) that do auto-prompt. sslib#288 changes to the prompt texts are nevertheless propagated to tuf and reflected in this commit. Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
MVrachev
pushed a commit
to MVrachev/tuf
that referenced
this issue
Nov 11, 2020
secure-systems-lab/securesystemslib#288 changes the key generation interface functions in such a way that it is clear if a call opens a blocking prompt, or writes the key unencrypted. To do this two functions are added per key type: - `generate_and_write_*_keypair_with_prompt` - `generate_and_write_unencrypted_*_keypair` The default `generate_and_write_*_keypair` function now only allows encrypted keys and only using a passed password. This respects the principle of secure defaults and least surprise. sslib#288 furthermore adds a protected `_generate_and_write_*_keypair`, which is not exposed publicly because it does not encrypt by default, but is more flexible and thus convenient e.g. to consume all arguments from a key generation command line tool such as 'repo.py'. This commit adds the new public functions to the tuf namespace and adopts their usage accordingly. NOTE regarding repo.py: This commit does not fix any problematic password behavior of 'repo.py' like default passwords, etc. (see theupdateframework#881). It only adopts the sslib#288 changes to maintain the current behvior, plus removing one glaringly obsolete password prompt. NOTE regarding key import: The securesystemslib private key import functions were also changed to no longer auto-prompt for decryption passwords , TUF, however, only exposes custom wrappers (see repository_lib) that do auto-prompt. sslib#288 changes to the prompt texts are nevertheless propagated to tuf and reflected in this commit. Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
MVrachev
pushed a commit
to MVrachev/tuf
that referenced
this issue
Nov 13, 2020
secure-systems-lab/securesystemslib#288 changes the key generation interface functions in such a way that it is clear if a call opens a blocking prompt, or writes the key unencrypted. To do this two functions are added per key type: - `generate_and_write_*_keypair_with_prompt` - `generate_and_write_unencrypted_*_keypair` The default `generate_and_write_*_keypair` function now only allows encrypted keys and only using a passed password. This respects the principle of secure defaults and least surprise. sslib#288 furthermore adds a protected `_generate_and_write_*_keypair`, which is not exposed publicly because it does not encrypt by default, but is more flexible and thus convenient e.g. to consume all arguments from a key generation command line tool such as 'repo.py'. This commit adds the new public functions to the tuf namespace and adopts their usage accordingly. NOTE regarding repo.py: This commit does not fix any problematic password behavior of 'repo.py' like default passwords, etc. (see theupdateframework#881). It only adopts the sslib#288 changes to maintain the current behvior, plus removing one glaringly obsolete password prompt. NOTE regarding key import: The securesystemslib private key import functions were also changed to no longer auto-prompt for decryption passwords , TUF, however, only exposes custom wrappers (see repository_lib) that do auto-prompt. sslib#288 changes to the prompt texts are nevertheless propagated to tuf and reflected in this commit. Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
lukpueh
added a commit
to lukpueh/tuf
that referenced
this issue
Jan 25, 2022
TODO: polish commit message
-----
- Remove outdated ATTACKS.md
requires basic_client.py which was renamed to client.py in 2018
and is removed in theupdateframework#1790 (host of problems with client.py described in theupdateframework#881)
--> reference ticket TODO: create ticket
- QUICKSTART.md also based on cli tools (see above)
--> reference ticket TODO: create ticket
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
|
Since the release of v1.0.0, python-tuf no longer provides |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description of issue or feature request:
Recently, several issues and some fixes related to the TUF command line tools
repo.pyandscript.pyhave been brought forward: #873, #874, #876, #877, #878, #879, #880 and "Some comments on TUF..." on the mailinglist. These include concerns about the script names, unexpected behavior, missing TUF features, etc.@awwad has pointed out that
repo.pyandclient.pyare mostly tutorial tools, useful to get familiar with TUF (seeQUICKSTART.md). Whereas an actual TUF integration will require direct use of the underlying librariestuf.repository_toolandtuf.client.updater.Given the recent GitHub and mailing list activity around these tool, we need to either clarify that these tools are purely for educational purpose, or develop them more actively so that they can actually used by an integrator.
Thanks, @cminyard and @lixuefeng2 for bringing this to our attention!
Current behavior:
The use of and plans for
repo.pyandclient.pyare unclear.Expected behavior:
Decide to what extent
repo.pyandclient.pyshould be enhanced, maintained, etc.The text was updated successfully, but these errors were encountered: