Changes to support toradex uptane/tuf schema #1
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
simao
force-pushed
the
rac
branch
2 times, most recently
from
dc16cf3 to
f2fc80d
Compare
This takes care of a few spelling errors or typos seen by running codespell on the repo. Signed-off-by: Sean McGinnis <[email protected]>
Fix a few minor spelling errors
More updates to rust dependencies (and clippy lints)
A new repo is created by calling `tuftool root init <path>`. It is a common pattern when renewing an expiring root to then have to call `tuftool root bump-version` multiple times or `tuftool root set-version`. Since this is so common, this change makes it possible to provide an option initial version to `root init` to avoid needing to run multiple commmands. This adds an optional `--version` or `-v` argument that can take a positive integer to set as the initial root version. Signed-off-by: Sean McGinnis <[email protected]>
Addresses a warning from `cargo clippy --test` where a check being used in the unit tests could be simplified. Signed-off-by: Sean McGinnis <[email protected]>
This command is often used to add multiple keys to a role. That currently means calling the command multiple times, once for each key. Since this is a common scenario, this changes the subcommand to allow providing multiple keys are part of one invocation. Signed-off-by: Sean McGinnis <[email protected]>
tuftool: Allow providing multiple keys to `root add-key`
tuftool: Allow specifying version in `root init`
tuftool: trivial unit test cleanup
This adds a new `transfer-metadata` command to support migrating target and metadata info to a new root. This would previously need to be done by downloading all contents of a previous root and recreating and recalculating SHAs for all targets. With many large targets, this becomes an expensive operation. Since the previous root metadata already contains this information, we can leverage that to just transfer the metadata over to the new root. Signed-off-by: Sean McGinnis <[email protected]>
tuftool: Add transfer-metadata command
The `tough-ssm` and `tuftool` Cargo.toml files contained indirect dependencies. This cleans them up to allow the normal dependency resolution to determine what to pull in. Signed-off-by: Sean McGinnis <[email protected]>
This raises the rust toolchain versions used to be the latest current stable release. Signed-off-by: Sean McGinnis <[email protected]>
Fix up path prefix check for windows
Raise rustup version to 1.71.1
Remove indirect deps from Cargo.toml
- tough v0.14.0 - tuftool v0.10.0 - tough-ssm v0.9.0 - tough-kms v0.6.0
Bump `cargo-deny` in Makefile
Prepare crate releases
This also disables Rust incremental builds in the CI for a few reasons: * Incremental builds need a lot of disk space, which we need to protect for Windows builds. * Only the first invocation for each cache key is stored, so the delta between incremental builds grows larger over time. See dtolnay/rust-toolchain#26 for more details.
Bumps [clap](https://github.com/clap-rs/clap) from 4.4.7 to 4.4.8. - [Release notes](https://github.com/clap-rs/clap/releases) - [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md) - [Commits](clap-rs/clap@v4.4.7...v4.4.8) --- updated-dependencies: - dependency-name: clap dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
…th-0.7.0 build(deps): bump typed-path from 0.6.0 to 0.7.0
Bumps [http](https://github.com/hyperium/http) from 0.2.10 to 0.2.11. - [Release notes](https://github.com/hyperium/http/releases) - [Changelog](https://github.com/hyperium/http/blob/v0.2.11/CHANGELOG.md) - [Commits](hyperium/http@v0.2.10...v0.2.11) --- updated-dependencies: - dependency-name: http dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
build(deps): bump http from 0.2.10 to 0.2.11
This updates the ring dependency to the 0.17.x releases. This also required updating untrusted to 0.9 due to some public interface usage in ring. These updates also change some other function signatures, so minor tweaks were needed in calling code. Signed-off-by: Sean McGinnis <[email protected]>
We now have a matrix job to ensure test coverage on all supported OS platforms. This also causes the `check-license` job to run on each OS. The license check isn't platform specific, so this ends up being a little wasteful. This adds an exclude block to skip macOS and Windows since they are not needed and those particular OS's take longer to run than Linux. Signed-off-by: Sean McGinnis <[email protected]>
This adds a `--version` to the `tuftool` command to print out the tool's version number. Signed-off-by: Sean McGinnis <[email protected]>
build(deps): bump clap from 4.4.7 to 4.4.8
Update ring to 0.17
This bumps the aws-sdk libs to the latest version. This required pulling in a few other dependencies and some minor code changes. Signed-off-by: Sean McGinnis <[email protected]>
tuftool: Add --version option
Add tuftool dockerfile
Bump AWS dependencies
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.192 to 1.0.193. - [Release notes](https://github.com/serde-rs/serde/releases) - [Commits](serde-rs/serde@v1.0.192...v1.0.193) --- updated-dependencies: - dependency-name: serde dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
…0.193 build(deps): bump serde from 1.0.192 to 1.0.193
Bumps [clap](https://github.com/clap-rs/clap) from 4.4.8 to 4.4.10. - [Release notes](https://github.com/clap-rs/clap/releases) - [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md) - [Commits](clap-rs/clap@v4.4.8...v4.4.10) --- updated-dependencies: - dependency-name: clap dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.59 to 0.10.60. - [Release notes](https://github.com/sfackler/rust-openssl/releases) - [Commits](sfackler/rust-openssl@openssl-v0.10.59...openssl-v0.10.60) --- updated-dependencies: - dependency-name: openssl dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>
A bug introduced in 55a40cc caused the tuftool tuftool root gen-rsa command to be unusable because it caused file paths to be parsed with Url::parse. This commit only uses URL for parsing if the SSM or KMS schemes are found. Otherwise it is assumed to be a file path and parsed with PathBuf.
Exclude check-license workflows for non-Linux
…0.10.60 build(deps): bump openssl from 0.10.59 to 0.10.60
build(deps): bump clap from 4.4.8 to 4.4.10
Release tough-v0.16.0 tuftool-v0.10.2
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.