Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add example for downloading foo/bar/baz target files #66

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add example for downloading foo/bar/baz target files #66

wants to merge 1 commit into from

Conversation

erickt
Copy link
Contributor

@erickt erickt commented Nov 26, 2019

This extends section 5.5.2 to include examples on how a client should download artifacts from a subdirectory. It uses the approach that python-tuf and go-tuf use, where downloading a target path like path/to/file.ext when consistent snapshots are enabled are fetched from path/to/$HASH.file.ext.

@erickt
Add example for downloading foo/bar/baz target files
89203c0 
This extends section 5.5.2 to include examples on how a client should download artifacts from a subdirectory. It uses the approach that python-tuf and go-tuf use, where downloading a target path like `path/to/file.ext` when consistent snapshots are enabled are fetched from `path/to/$HASH.file.ext`.
lukpueh
lukpueh reviewed Nov 28, 2019
View reviewed changes
Copy link
Member

@lukpueh lukpueh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR, @erickt! TBH I'm not quite sure about this addition.

The paragraph specifically talks about filenames, and how consistent snapshots affect them. I don't think it needs to talk about the full TARGETPATH. (It doesn't talk about the base URL of the repository either.)

If we do decide to accept this addition, we should change occurrences of filename (case-sensitive) with path or relative path, because e.g. PATH/TO/FILENAME.EXT is not a filename.

Maybe others can weigh in? (cc @mnm678, @trishankatdatadog, @JustinCappos)

Independently, I agree with your request in #63 to clarify/standardize TARGETPATH, and I have proposed a fix in #67.

@mnm678
Copy link
Collaborator

mnm678 commented Dec 2, 2019

I agree with @lukpueh. This paragraph is referring just to the file, not the base url and path used to find the file. There might be a place to clarify how to download target files from a subdirectory elsewhere in the spec (maybe 3.1.1 or 4.5).

@lukpueh
Copy link
Member

lukpueh commented Dec 10, 2019

@trishankatdatadog, do you disagree with the concerns I and @mnm678 raised? Do you think we should merge the PR as is?

trishankatdatadog
trishankatdatadog approved these changes Dec 10, 2019
View reviewed changes
Copy link
Member

@trishankatdatadog trishankatdatadog left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, I already approved last week

lukpueh
lukpueh requested changes Dec 11, 2019
View reviewed changes
Copy link
Member

@lukpueh lukpueh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As discussed in the meeting yesterday, this section in the spec is not the right place for this example. I agree with @mnm678 that sections 3.1.1 or 4.5 are better suited.

@lukpueh
Copy link
Member

lukpueh commented Dec 11, 2019

As per tuf-spec.md#L408-L413

3.1.1 Target files
The filenames and the directory structure of target files available from
a repository are not specified by the framework. The names of these files
and directories are completely at the discretion of the application using
the framework.

I wonder if that paragraph deliberately ignores the fact that TUF does indeed specify filenames of target files, albeit only if "consistent snapshots" are used.

If we add @erickt's example to 3.1.1, we have to briefly mention consistent snapshots. I think it's worth it. What do others think?

@trishankatdatadog
Copy link
Member

We should resolve this PR, but someone needs to take over ownership

Cc @joshuagl @mnm678

@joshuagl
Copy link
Member

joshuagl commented Sep 7, 2021

I'll take a stab at this next week.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lukpueh lukpueh lukpueh requested changes

@trishankatdatadog trishankatdatadog trishankatdatadog approved these changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@erickt @mnm678 @lukpueh @trishankatdatadog @joshuagl