Home

Awesome


Deprecation notice:

The code base of this project got donated to https://github.com/theupdateframework/go-tuf where it replaced the existing implementation and is now being distributed under the v2 version.

That said take into account that I'll be archiving this repository in a few weeks so feel free to switch to https://github.com/theupdateframework/go-tuf/v2

I'm happy to see how something that started as a PoC while being sick with COVID progressed to replacing the existing go-tuf code a year later.

Thanks to everyone that helped.


GitHub Workflow Status (with branch) codecov Go Reference Go Report Card License

<img src="https://cdn.rawgit.com/theupdateframework/artwork/3a649fa6/tuf-logo.svg" height="100" valign="middle" alt="TUF"/> A Framework for Securing Software Update Systems


The Update Framework (TUF) is a framework for secure content delivery and updates. It protects against various types of supply chain attacks and provides resilience to compromise.

go-tuf-metadata started from the idea of providing a Go implementation of TUF that is heavily influenced by the design decisions made in python-tuf.

About The Update Framework


The Update Framework (TUF) design helps developers maintain the security of a software update system, even against attackers that compromise the repository or signing keys. TUF provides a flexible specification defining functionality that developers can use in any software update system or re-implement to fit their needs.

TUF is hosted by the Linux Foundation as part of the Cloud Native Computing Foundation (CNCF) and its design is used in production by various tech companies and open-source organizations.

Please see TUF's website for more information about TUF!

Overview


The go-tuf-metadata project provides the following functionality:

Examples


To try it - run make example-repository (the artifacts will be located at examples/repository/).

To try it - run make example-client (the artifacts will be located at examples/client/)

To try it - run make example-tuf-client-cli

To try it - run make example-multirepo

Package details


The metadata package

The trustedmetadata package

The config package

The fetcher package

The updater package

The multirepo package

Documentation


Contact


Questions, feedback, and suggestions are welcomed on the #tuf channel on CNCF Slack.

We strive to make the specification easy to implement, so if you come across any inconsistencies or experience any difficulty, do let us know by sending an email, or by reporting an issue in the GitHub specification repo.