CLI missbehaving: option '--pw' doesn't work for '--sign'

[Silvanoc]

Description of issue or feature request:

According the usage message, the --pw argument can be combined with the --sign option. But it's being ignored.

Current behavior:

Something like

repo.py --filename private --pw 1234
repo.py --sign tufkeystore/private --pw 1234

doesn't work because the argument --pw is not being used to unlock the private key tufkeystore/private on the call to import_privatekey_from_file for each private key found here in sign_role.

Expected behavior:

One of following (sorted from personal favorite first):

1. The above mentioned repo.py --sign private --pw 1234 call works and the same password gets used for all the specified private keys.
2. A list a passwords can be provided corresponding to the list of private keys like repo.py --sign private1 private2 --pw 1234 5678
3. The parameter --pw gets rejected and a message is reported to the user.

[jku]

Closing this issue as it was filed against (what is now known as) the legacy codebase: issue seems to not be relevant anymore. Please re-open or file a new issue if you feel that the issue is revelant to current python-tuf.

On CLI tooling specifically: python-tuf currently provides no CLI respository tool. The Metadata API makes it far easier to achieve the same results in a script than what was possible before, see examples/repo_example/.

For experiments and testing I can also suggest https://github.com/vmware-labs/repository-editor-for-tuf (that is built on top of python-tuf) but please don't rely on it in a production setting.

More details

Current source code (and upcoming 1.0 release) only contains the modern components

• a low-level Metadata API (tuf.api) and
• tuf.ngclient that implements the client workflow,

Legacy components (e.g. tuf.client, tuf.repository_tool, tuf.repository_lib as well as the repo and client scripts) are no longer included. See announcement and API reference for more details.