-
Notifications
You must be signed in to change notification settings - Fork 275
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ngclient: support StorageBackendInterface
?
#2676
Comments
I think the expected behaviour sounds reasonable. There is a related question to consider -- in a scenario where you have "distributed workers", maybe what you really want is a bunch of "read-only" workers that operate without ever connecting to the repository (at least for metadata), and one writing tuf client that actually does the updates at regular intervals. Previously we tried to make an offline mode that would be use friendly -- usable by CLI apps -- and that turned out complicated (compared to the potential advantages). The "offline mode" described above (where it's ok to just immediately fail if the local metadata is not up-to-date and someone promises to keep it updated) would be simple to add. "dumb read-only mode" or IO abstraction (or both) sound like things that could be added as optional features to ngclient.
|
Thanks for extrapolating this! This is indeed the underlying scenario, and probably is a more accurate encapsulation of what I actually need 🙂 |
Description of issue or feature request:
Right now,
tuf.ngclient
is heavily tied to local system I/O: it assumes a metadata directory on disk that can be read/written. For example:python-tuf/tuf/ngclient/updater.py
Lines 293 to 312 in 4d2ff8d
This is problematic in distributed worker setups like Warehouse (PyPI), where each worker has its own container/entire VM and thus can't easily share on-disk TUF repos. In particular, this causes both reliability and security concerns:
This problem was noted a few years back, before
tuf.ngclient
was created: #1009. The solution then was to add a filesystem abstraction to thetuf.metadata
APIs, which was done via secure-systems-lab/securesystemslib#232 and #1009. However, this abstraction wasn't added to thengclient
APIs, only to the low-levelmetadata
ones.Current behavior:
tuf.ngclient
currently assumes that it can perform persistent local I/O for its repository.Expected behavior:
tuf.ngclient
should support an I/O abstraction (such as the pre-existingStorageBackendInterface
, if suitable) for persistent repo operations, enabling use in distributed deployments.The text was updated successfully, but these errors were encountered: