f8cd53cf2f
the repo if signing was successful. This way, we don't mutate the existing root in a failed attempt to sign it. Signed-off-by: Ying Li <ying.li@docker.com> |
||
|---|---|---|
| .. | ||
| client | ||
| data | ||
| encrypted | ||
| signed | ||
| store | ||
| testutils | ||
| utils | ||
| validation | ||
| LICENSE | ||
| README.md | ||
| tuf.go | ||
| tuf_test.go | ||
README.md
GOTUF
This is still a work in progress but will shortly be a fully compliant Go implementation of The Update Framework (TUF).
Where's the CLI
This repository provides a library only. The Notary project from Docker should be considered the official CLI to be used with this implementation of TUF.
TODOs:
- Add Targets to existing repo
- Sign metadata files
- Refactor TufRepo to take care of signing
and verification - Ensure consistent capitalization in naming (TUF___ vs Tuf___)
- Make caching of metadata files smarter - PR #5
Add configuration for CLI commands. Order of configuration priority from most to least: flags, config file, defaultsNotary should be the official CLI- Reasses organization of data types. Possibly consolidate a few things into the data package but break up package into a few more distinct files
- Comprehensive test cases
- Delete files no longer in use
- Fix up errors. Some have to be instantiated, others don't, the inconsistency is annoying.
- Bump version numbers in meta files (could probably be done better)
Credits
This implementation was originally forked from flynn/go-tuf, however in attempting to add delegations I found I was making such significant changes that I could not maintain backwards compatibility without the code becoming overly convoluted.
Some features such as pluggable verifiers have already been merged upstream to flynn/go-tuf and we are in discussion with titanous about working to merge the 2 implementations.
This implementation retains the same 3 Clause BSD license present on the original flynn implementation.