From dc9fe0b6d8f4a34c9b0e6d341aa56d929163ab2e Mon Sep 17 00:00:00 2001 From: Fridolin Pokorny Date: Thu, 25 Aug 2022 19:15:45 +0200 Subject: [PATCH 01/37] Add TUF and in-toto schema files --- schemas/in-toto-metadata-signer-x.schema.json | 145 ++++ schemas/in-toto-metadata-signer.schema.json | 168 +++++ schemas/root.schema.json | 181 +++++ schemas/snapshot.schema.json | 704 ++++++++++++++++++ schemas/targets.schema.json | 274 +++++++ schemas/timestamp.schema.json | 116 +++ schemas/wheels-signer-x.schema.json | 148 ++++ schemas/wheels-signer.schema.json | 174 +++++ 8 files changed, 1910 insertions(+) create mode 100644 schemas/in-toto-metadata-signer-x.schema.json create mode 100644 schemas/in-toto-metadata-signer.schema.json create mode 100644 schemas/root.schema.json create mode 100644 schemas/snapshot.schema.json create mode 100644 schemas/targets.schema.json create mode 100644 schemas/timestamp.schema.json create mode 100644 schemas/wheels-signer-x.schema.json create mode 100644 schemas/wheels-signer.schema.json diff --git a/schemas/in-toto-metadata-signer-x.schema.json b/schemas/in-toto-metadata-signer-x.schema.json new file mode 100644 index 0000000..1a883fb --- /dev/null +++ b/schemas/in-toto-metadata-signer-x.schema.json @@ -0,0 +1,145 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "additionalProperties": false, + "properties": { + "signatures": { + "type": "array", + "items": [ + { + "type": "object", + "additionalProperties": false, + "properties": { + "keyid": { + "type": "string", + "minLength": 64, + "maxLength": 64, + "pattern": "^[a-f0-9]{64}$" + }, + "sig": { + "type": "string", + "minLength": 1024, + "maxLength": 1024, + "pattern": "^[a-f0-9]{1024}$" + } + }, + "required": [ + "keyid", + "sig" + ] + } + ] + }, + "signed": { + "type": "object", + "additionalProperties": false, + "properties": { + "_type": { + "enum": ["targets"] + }, + "delegations": { + "type": "object", + "additionalProperties": false, + "properties": { + "keys": { + "type": "object" + }, + "roles": { + "type": "array", + "items": {} + } + }, + "required": [ + "keys", + "roles" + ] + }, + "expires": { + "type": "string", + "format": "date-time" + }, + "spec_version": { + "type": "string", + "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" + }, + "targets": { + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^(simple/[a-z-0-9]+/[a-z0-9-]+-py2\\.py3-none-any\\.whl)|(in-toto-metadata/[a-f0-9]{64}/((wheels-signer)|(tag)|(wheels-builder))\\.[a-f0-9]{8}\\.link)$": { + "type": "object", + "additionalProperties": false, + "properties": { + "custom": { + "type": "object", + "additionalProperties": false, + "properties": { + "in-toto": { + "type": "array", + "items": [ + { + "type": "string", + "pattern": "in-toto-metadata/([a-f0-9]{64}/(wheels-signer|wheels-builder|tag)\\.[a-f0-9]{8}\\.link)|root.layout" + } + ] + }, + "root-layout-type": { + "enum": ["extras", "core"] + } + } + }, + "hashes": { + "type": "object", + "additionalProperties": false, + "properties": { + "sha256": { + "type": "string", + "minLength": 64, + "maxLength": 64, + "pattern": "^[a-f0-9]{64}$" + }, + "sha512": { + "type": "string", + "minLength": 128, + "maxLength": 128, + "pattern": "^[a-f0-9]{128}$" + } + }, + "required": [ + "sha256", + "sha512" + ] + }, + "length": { + "type": "integer", + "minimum": 1 + } + }, + "required": [ + "custom", + "hashes", + "length" + ] + } + } + }, + "version": { + "type": "integer", + "minimum": 0 + } + }, + "required": [ + "_type", + "delegations", + "expires", + "spec_version", + "targets", + "version" + ] + } + }, + "required": [ + "signatures", + "signed" + ] +} diff --git a/schemas/in-toto-metadata-signer.schema.json b/schemas/in-toto-metadata-signer.schema.json new file mode 100644 index 0000000..b7f9f8b --- /dev/null +++ b/schemas/in-toto-metadata-signer.schema.json @@ -0,0 +1,168 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "signatures": { + "type": "array", + "items": [ + { + "type": "object", + "properties": { + "keyid": { + "type": "string", + "minLength": 64, + "maxLength": 64, + "pattern": "^[a-f0-9]{64}$" + }, + "sig": { + "type": "string", + "minLength": 1024, + "maxLength": 1024, + "pattern": "^[a-f0-9]{1024}$" + } + }, + "required": [ + "keyid", + "sig" + ] + } + ] + }, + "signed": { + "type": "object", + "properties": { + "_type": { + "enum": ["targets"] + }, + "delegations": { + "type": "object", + "properties": { + "keys": { + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[a-f0-9]{64}$": { + "type": "object", + "properties": { + "keyid_hash_algorithms": { + "type": "array", + "items": { + "enum": [ + "sha256", + "sha512" + ] + } + }, + "keytype": { + "enum": ["rsa"] + }, + "keyval": { + "type": "object", + "properties": { + "public": { + "type": "string", + "pattern": "^-----BEGIN PUBLIC KEY-----" + } + }, + "required": [ + "public" + ] + }, + "scheme": { + "enum": ["rsassa-pss-sha256"] + } + }, + "required": [ + "keyid_hash_algorithms", + "keytype", + "keyval", + "scheme" + ] + } + } + }, + "roles": { + "type": "array", + "items": [ + { + "type": "object", + "properties": { + "keyids": { + "type": "array", + "items": [ + { + "type": "string", + "minLength": 64, + "maxLength": 64, + "pattern": "^[a-f0-9]{64}$" + } + ] + }, + "name": { + "type": "string", + "pattern": "^in-toto-metadata-signer-[0-9a-f]$" + }, + "paths": { + "type": "array", + "items": [ + { + "type": "string", + "pattern": "^in-toto-metadata/[0-9a-f]\\*/\\*\\.link$" + } + ] + }, + "terminating": { + "type": "boolean" + }, + "threshold": { + "type": "integer", + "minimum": 1 + } + }, + "required": [ + "keyids", + "name", + "paths", + "terminating", + "threshold" + ] + } + ] + } + }, + "required": [ + "keys", + "roles" + ] + }, + "expires": { + "type": "string", + "format": "date-time" + }, + "spec_version": { + "type": "string", + "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" + }, + "targets": { + "type": "object" + }, + "version": { + "type": "integer", + "minimum": 0 + } + }, + "required": [ + "_type", + "delegations", + "expires", + "spec_version", + "targets", + "version" + ] + } + }, + "required": [ + "signatures", + "signed" + ] +} diff --git a/schemas/root.schema.json b/schemas/root.schema.json new file mode 100644 index 0000000..cb93c50 --- /dev/null +++ b/schemas/root.schema.json @@ -0,0 +1,181 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "required": ["signatures", "signed"], + "additionalProperties": false, + "properties": { + "signatures": { + "type": "array", + "items": { + "type": "object", + "required": ["keyid", "sig"], + "additionalProperties": false, + "properties": { + "keyid": { + "type": "string", + "minLength": 64, + "maxLength": 64, + "pattern": "^[a-f0-9]{64}$" + }, + "sig": { + "type": "string", + "minLength": 1024, + "maxLength": 1024, + "pattern": "^[a-f0-9]{1024}$" + } + } + } + }, + "signed": { + "type": "object", + "required": ["_type", "consistent_snapshot", "expires", "keys", "roles", "spec_version", "version"], + "additionalProperties": false, + "properties": { + "_type": { + "enum": ["root"] + }, + "consistent_snapshot": { + "type": "boolean" + }, + "expires": { + "type": "string", + "format": "date-time" + }, + "keys": { + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[0-9a-f]{64}$": { + "type": "object", + "required": ["keyid_hash_algorithms", "keytype", "keyval", "scheme"], + "additionalProperties": false, + "properties": { + "keyid_hash_algorithms": { + "type": "array", + "items": { + "enum": [ + "sha256", + "sha512" + ] + } + }, + "keytype": { + "enum": ["rsa"] + }, + "keyval": { + "type": "object", + "required": ["public"], + "additionalProperties": false, + "properties": { + "public": { + "type": "string", + "pattern": "^-----BEGIN PUBLIC KEY-----" + } + } + }, + "scheme": { + "enum": ["rsassa-pss-sha256"] + } + } + } + } + }, + "roles": { + "type": "object", + "required": ["root", "snapshot", "targets", "timestamp"], + "additionalProperties": false, + "properties": { + "root": { + "type": "object", + "required": ["keyids", "threshold"], + "additionalProperties": false, + "properties": { + "keyids": { + "type": "array", + "items": { + "type": "string", + "minLength": 64, + "maxLength": 64, + "pattern": "^[a-f0-9]{64}$" + } + }, + "threshold": { + "type": "number", + "minimum": 1 + } + } + }, + "snapshot": { + "type": "object", + "required": ["keyids", "threshold"], + "additionalProperties": false, + "properties": { + "keyids": { + "type": "array", + "items": { + "type": "string", + "minLength": 64, + "maxLength": 64, + "pattern": "^[a-f0-9]{64}$" + } + }, + "threshold": { + "type": "number", + "minimum": 1 + } + } + }, + "targets": { + "type": "object", + "required": ["keyids", "threshold"], + "additionalProperties": false, + "properties": { + "keyids": { + "type": "array", + "items": { + "type": "string", + "minLength": 64, + "maxLength": 64, + "pattern": "^[a-f0-9]{64}$" + } + }, + "threshold": { + "type": "number", + "minimum": 1 + } + } + }, + "timestamp": { + "type": "object", + "required": ["keyids", "threshold"], + "additionalProperties": false, + "properties": { + "keyids": { + "type": "array", + "items": { + "type": "string", + "minLength": 64, + "maxLength": 64, + "pattern": "^[a-f0-9]{64}$" + } + }, + "threshold": { + "type": "number", + "minimum": 1 + } + } + } + } + }, + "spec_version": { + "type": "string", + "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]$" + }, + "version": { + "type": "number", + "minimum": 0 + } + } + } + } +} diff --git a/schemas/snapshot.schema.json b/schemas/snapshot.schema.json new file mode 100644 index 0000000..3111651 --- /dev/null +++ b/schemas/snapshot.schema.json @@ -0,0 +1,704 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "additionalProperties": false, + "properties": { + "signatures": { + "type": "array", + "items": [ + { + "type": "object", + "additionalProperties": false, + "properties": { + "keyid": { + "type": "string", + "minLength": 64, + "maxLength": 64, + "pattern": "^[a-f0-9]{64}$" + }, + "sig": { + "type": "string", + "minLength": 1024, + "maxLength": 1024, + "pattern": "^[a-f0-9]{1024}$" + } + }, + "required": [ + "keyid", + "sig" + ] + } + ] + }, + "signed": { + "type": "object", + "additionalProperties": false, + "properties": { + "_type": { + "enum": ["snapshot"] + }, + "expires": { + "type": "string", + "format": "date-time" + }, + "meta": { + "type": "object", + "additionalProperties": false, + "properties": { + "in-toto-metadata-signer-0.json": { + "type": "object", + "additionalProperties": false, + "properties": { + "version": { + "type": "integer", + "minimum": 0 + } + }, + "required": [ + "version" + ] + }, + "in-toto-metadata-signer-1.json": { + "type": "object", + "additionalProperties": false, + "properties": { + "version": { + "type": "integer", + "minimum": 0 + } + }, + "required": [ + "version" + ] + }, + "in-toto-metadata-signer-2.json": { + "type": "object", + "additionalProperties": false, + "properties": { + "version": { + "type": "integer", + "minimum": 0 + } + }, + "required": [ + "version" + ] + }, + "in-toto-metadata-signer-3.json": { + "type": "object", + "additionalProperties": false, + "properties": { + "version": { + "type": "integer", + "minimum": 0 + } + }, + "required": [ + "version" + ] + }, + "in-toto-metadata-signer-4.json": { + "type": "object", + "additionalProperties": false, + "properties": { + "version": { + "type": "integer", + "minimum": 0 + } + }, + "required": [ + "version" + ] + }, + "in-toto-metadata-signer-5.json": { + "type": "object", + "additionalProperties": false, + "properties": { + "version": { + "type": "integer", + "minimum": 0 + } + }, + "required": [ + "version" + ] + }, + "in-toto-metadata-signer-6.json": { + "type": "object", + "additionalProperties": false, + "properties": { + "version": { + "type": "integer", + "minimum": 0 + } + }, + "required": [ + "version" + ] + }, + "in-toto-metadata-signer-7.json": { + "type": "object", + "additionalProperties": false, + "properties": { + "version": { + "type": "integer", + "minimum": 0 + } + }, + "required": [ + "version" + ] + }, + "in-toto-metadata-signer-8.json": { + "type": "object", + "additionalProperties": false, + "properties": { + "version": { + "type": "integer", + "minimum": 0 + } + }, + "required": [ + "version" + ] + }, + "in-toto-metadata-signer-9.json": { + "type": "object", + "additionalProperties": false, + "properties": { + "version": { + "type": "integer", + "minimum": 0 + } + }, + "required": [ + "version" + ] + }, + "in-toto-metadata-signer-a.json": { + "type": "object", + "additionalProperties": false, + "properties": { + "version": { + "type": "integer", + "minimum": 0 + } + }, + "required": [ + "version" + ] + }, + "in-toto-metadata-signer-b.json": { + "type": "object", + "additionalProperties": false, + "properties": { + "version": { + "type": "integer", + "minimum": 0 + } + }, + "required": [ + "version" + ] + }, + "in-toto-metadata-signer-c.json": { + "type": "object", + "additionalProperties": false, + "properties": { + "version": { + "type": "integer", + "minimum": 0 + } + }, + "required": [ + "version" + ] + }, + "in-toto-metadata-signer-d.json": { + "type": "object", + "additionalProperties": false, + "properties": { + "version": { + "type": "integer", + "minimum": 0 + } + }, + "required": [ + "version" + ] + }, + "in-toto-metadata-signer-e.json": { + "type": "object", + "additionalProperties": false, + "properties": { + "version": { + "type": "integer", + "minimum": 0 + } + }, + "required": [ + "version" + ] + }, + "in-toto-metadata-signer-f.json": { + "type": "object", + "additionalProperties": false, + "properties": { + "version": { + "type": "integer", + "minimum": 0 + } + }, + "required": [ + "version" + ] + }, + "in-toto-metadata-signer.json": { + "type": "object", + "additionalProperties": false, + "properties": { + "version": { + "type": "integer", + "minimum": 0 + } + }, + "required": [ + "version" + ] + }, + "targets.json": { + "type": "object", + "additionalProperties": false, + "properties": { + "version": { + "type": "integer", + "minimum": 0 + } + }, + "required": [ + "version" + ] + }, + "wheels-signer-a.json": { + "type": "object", + "additionalProperties": false, + "properties": { + "version": { + "type": "integer", + "minimum": 0 + } + }, + "required": [ + "version" + ] + }, + "wheels-signer-b.json": { + "type": "object", + "additionalProperties": false, + "properties": { + "version": { + "type": "integer", + "minimum": 0 + } + }, + "required": [ + "version" + ] + }, + "wheels-signer-c.json": { + "type": "object", + "additionalProperties": false, + "properties": { + "version": { + "type": "integer", + "minimum": 0 + } + }, + "required": [ + "version" + ] + }, + "wheels-signer-d.json": { + "type": "object", + "additionalProperties": false, + "properties": { + "version": { + "type": "integer", + "minimum": 0 + } + }, + "required": [ + "version" + ] + }, + "wheels-signer-e.json": { + "type": "object", + "additionalProperties": false, + "properties": { + "version": { + "type": "integer", + "minimum": 0 + } + }, + "required": [ + "version" + ] + }, + "wheels-signer-f.json": { + "type": "object", + "additionalProperties": false, + "properties": { + "version": { + "type": "integer", + "minimum": 0 + } + }, + "required": [ + "version" + ] + }, + "wheels-signer-g.json": { + "type": "object", + "additionalProperties": false, + "properties": { + "version": { + "type": "integer", + "minimum": 0 + } + }, + "required": [ + "version" + ] + }, + "wheels-signer-h.json": { + "type": "object", + "additionalProperties": false, + "properties": { + "version": { + "type": "integer", + "minimum": 0 + } + }, + "required": [ + "version" + ] + }, + "wheels-signer-i.json": { + "type": "object", + "additionalProperties": false, + "properties": { + "version": { + "type": "integer", + "minimum": 0 + } + }, + "required": [ + "version" + ] + }, + "wheels-signer-j.json": { + "type": "object", + "additionalProperties": false, + "properties": { + "version": { + "type": "integer", + "minimum": 0 + } + }, + "required": [ + "version" + ] + }, + "wheels-signer-k.json": { + "type": "object", + "additionalProperties": false, + "properties": { + "version": { + "type": "integer", + "minimum": 0 + } + }, + "required": [ + "version" + ] + }, + "wheels-signer-l.json": { + "type": "object", + "additionalProperties": false, + "properties": { + "version": { + "type": "integer", + "minimum": 0 + } + }, + "required": [ + "version" + ] + }, + "wheels-signer-m.json": { + "type": "object", + "additionalProperties": false, + "properties": { + "version": { + "type": "integer", + "minimum": 0 + } + }, + "required": [ + "version" + ] + }, + "wheels-signer-n.json": { + "type": "object", + "additionalProperties": false, + "properties": { + "version": { + "type": "integer", + "minimum": 0 + } + }, + "required": [ + "version" + ] + }, + "wheels-signer-o.json": { + "type": "object", + "additionalProperties": false, + "properties": { + "version": { + "type": "integer", + "minimum": 0 + } + }, + "required": [ + "version" + ] + }, + "wheels-signer-p.json": { + "type": "object", + "additionalProperties": false, + "properties": { + "version": { + "type": "integer", + "minimum": 0 + } + }, + "required": [ + "version" + ] + }, + "wheels-signer-q.json": { + "type": "object", + "additionalProperties": false, + "properties": { + "version": { + "type": "integer", + "minimum": 0 + } + }, + "required": [ + "version" + ] + }, + "wheels-signer-r.json": { + "type": "object", + "additionalProperties": false, + "properties": { + "version": { + "type": "integer", + "minimum": 0 + } + }, + "required": [ + "version" + ] + }, + "wheels-signer-s.json": { + "type": "object", + "additionalProperties": false, + "properties": { + "version": { + "type": "integer", + "minimum": 0 + } + }, + "required": [ + "version" + ] + }, + "wheels-signer-t.json": { + "type": "object", + "additionalProperties": false, + "properties": { + "version": { + "type": "integer", + "minimum": 0 + } + }, + "required": [ + "version" + ] + }, + "wheels-signer-u.json": { + "type": "object", + "additionalProperties": false, + "properties": { + "version": { + "type": "integer", + "minimum": 0 + } + }, + "required": [ + "version" + ] + }, + "wheels-signer-v.json": { + "type": "object", + "additionalProperties": false, + "properties": { + "version": { + "type": "integer", + "minimum": 0 + } + }, + "required": [ + "version" + ] + }, + "wheels-signer-w.json": { + "type": "object", + "additionalProperties": false, + "properties": { + "version": { + "type": "integer", + "minimum": 0 + } + }, + "required": [ + "version" + ] + }, + "wheels-signer-x.json": { + "type": "object", + "additionalProperties": false, + "properties": { + "version": { + "type": "integer", + "minimum": 0 + } + }, + "required": [ + "version" + ] + }, + "wheels-signer-y.json": { + "type": "object", + "additionalProperties": false, + "properties": { + "version": { + "type": "integer", + "minimum": 0 + } + }, + "required": [ + "version" + ] + }, + "wheels-signer-z.json": { + "type": "object", + "additionalProperties": false, + "properties": { + "version": { + "type": "integer", + "minimum": 0 + } + }, + "required": [ + "version" + ] + }, + "wheels-signer.json": { + "type": "object", + "additionalProperties": false, + "properties": { + "version": { + "type": "integer", + "minimum": 0 + } + }, + "required": [ + "version" + ] + } + }, + "required": [ + "in-toto-metadata-signer-0.json", + "in-toto-metadata-signer-1.json", + "in-toto-metadata-signer-2.json", + "in-toto-metadata-signer-3.json", + "in-toto-metadata-signer-4.json", + "in-toto-metadata-signer-5.json", + "in-toto-metadata-signer-6.json", + "in-toto-metadata-signer-7.json", + "in-toto-metadata-signer-8.json", + "in-toto-metadata-signer-9.json", + "in-toto-metadata-signer-a.json", + "in-toto-metadata-signer-b.json", + "in-toto-metadata-signer-c.json", + "in-toto-metadata-signer-d.json", + "in-toto-metadata-signer-e.json", + "in-toto-metadata-signer-f.json", + "in-toto-metadata-signer.json", + "targets.json", + "wheels-signer-a.json", + "wheels-signer-b.json", + "wheels-signer-c.json", + "wheels-signer-d.json", + "wheels-signer-e.json", + "wheels-signer-f.json", + "wheels-signer-g.json", + "wheels-signer-h.json", + "wheels-signer-i.json", + "wheels-signer-j.json", + "wheels-signer-k.json", + "wheels-signer-l.json", + "wheels-signer-m.json", + "wheels-signer-n.json", + "wheels-signer-o.json", + "wheels-signer-p.json", + "wheels-signer-q.json", + "wheels-signer-r.json", + "wheels-signer-s.json", + "wheels-signer-t.json", + "wheels-signer-u.json", + "wheels-signer-v.json", + "wheels-signer-w.json", + "wheels-signer-x.json", + "wheels-signer-y.json", + "wheels-signer-z.json", + "wheels-signer.json" + ] + }, + "spec_version": { + "type": "string", + "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]$" + }, + "version": { + "type": "integer", + "minimum": 0 + } + }, + "required": [ + "_type", + "expires", + "meta", + "spec_version", + "version" + ] + } + }, + "required": [ + "signatures", + "signed" + ] +} diff --git a/schemas/targets.schema.json b/schemas/targets.schema.json new file mode 100644 index 0000000..de1a4b5 --- /dev/null +++ b/schemas/targets.schema.json @@ -0,0 +1,274 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "additionalProperties": false, + "properties": { + "signatures": { + "type": "array", + "items": [ + { + "type": "object", + "additionalProperties": false, + "properties": { + "keyid": { + "type": "string", + "minLength": 64, + "maxLength": 64, + "pattern": "^[a-f0-9]{64}$" + }, + "sig": { + "type": "string", + "minLength": 1024, + "maxLength": 1024, + "pattern": "^[a-f0-9]{1024}$" + } + }, + "required": [ + "keyid", + "sig" + ] + } + ] + }, + "signed": { + "type": "object", + "additionalProperties": false, + "properties": { + "_type": { + "enum": ["targets"] + }, + "delegations": { + "type": "object", + "additionalProperties": false, + "properties": { + "keys": { + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[a-f0-9]{64}$": { + "type": "object", + "additionalProperties": false, + "properties": { + "keyid_hash_algorithms": { + "type": "array", + "items": [ + { + "enum": ["sha256", "sha512"] + } + ] + }, + "keytype": { + "enum": ["rsa"] + }, + "keyval": { + "type": "object", + "required": ["public"], + "additionalProperties": false, + "properties": { + "public": { + "type": "string", + "pattern": "^-----BEGIN PUBLIC KEY-----" + } + } + }, + "scheme": { + "enum": ["rsassa-pss-sha256"] + } + }, + "required": [ + "keyid_hash_algorithms", + "keytype", + "keyval", + "scheme" + ] + } + } + }, + "roles": { + "type": "array", + "items": [ + { + "type": "object", + "additionalProperties": false, + "properties": { + "keyids": { + "type": "array", + "items": [ + { + "type": "string", + "minLength": 64, + "maxLength": 64, + "pattern": "^[a-f0-9]{64}$" + } + ] + }, + "name": { + "type": "string", + "minLength": 1 + }, + "paths": { + "type": "array", + "items": [ + { + "type": "string", + "minLength": 1 + } + ], + "minLength": 1 + }, + "terminating": { + "type": "boolean" + }, + "threshold": { + "type": "integer", + "minimum": 1 + } + }, + "required": [ + "keyids", + "name", + "paths", + "terminating", + "threshold" + ] + } + ] + } + }, + "required": [ + "keys", + "roles" + ] + }, + "expires": { + "type": "string", + "format": "date-time" + }, + "spec_version": { + "type": "string", + "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]$" + }, + "targets": { + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^in-toto-metadata/[0-9a-z.]+.layout$": { + "type": "object", + "additionalProperties": false, + "properties": { + "custom": { + "type": "object", + "additionalProperties": false, + "properties": { + "in-toto": { + "type": "array", + "items": [ + { + "type": "string", + "pattern": "^in-toto-pubkeys/[a-f0-9]{64}.pub$" + } + ], + "minLength": 1 + }, + "root-layout-type": { + "enum": ["core", "extras"] + } + }, + "required": [ + "in-toto", + "root-layout-type" + ] + }, + "hashes": { + "type": "object", + "additionalProperties": false, + "properties": { + "sha256": { + "type": "string", + "minLength": 64, + "maxLength": 64, + "pattern": "^[a-f0-9]{64}$" + }, + "sha512": { + "type": "string", + "minLength": 128, + "maxLength": 128, + "pattern": "^[a-f0-9]{128}$" + } + }, + "required": [ + "sha256", + "sha512" + ] + }, + "length": { + "type": "integer", + "minimum": 1 + } + }, + "required": [ + "custom", + "hashes", + "length" + ] + }, + "^in-toto-pubkeys/[0-9a-f]{64}.pub$": { + "type": "object", + "properties": { + "custom": { + "type": "object" + }, + "hashes": { + "type": "object", + "properties": { + "sha256": { + "type": "string", + "minLength": 64, + "maxLength": 64, + "pattern": "^[a-f0-9]{64}$" + }, + "sha512": { + "type": "string", + "minLength": 128, + "maxLength": 128, + "pattern": "^[a-f0-9]{128}$" + } + }, + "required": [ + "sha256", + "sha512" + ] + }, + "length": { + "type": "integer", + "minimum": 1 + } + }, + "required": [ + "custom", + "hashes", + "length" + ] + } + } + }, + "version": { + "type": "integer", + "minimum": 0 + } + }, + "required": [ + "_type", + "delegations", + "expires", + "spec_version", + "targets", + "version" + ] + } + }, + "required": [ + "signatures", + "signed" + ] +} diff --git a/schemas/timestamp.schema.json b/schemas/timestamp.schema.json new file mode 100644 index 0000000..1ddcaf7 --- /dev/null +++ b/schemas/timestamp.schema.json @@ -0,0 +1,116 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "additionalProperties": false, + "properties": { + "signatures": { + "type": "array", + "items": [ + { + "type": "object", + "additionalProperties": false, + "properties": { + "keyid": { + "type": "string", + "minLength": 64, + "maxLength": 64, + "pattern": "^[a-f0-9]{64}$" + }, + "sig": { + "type": "string", + "minLength": 1024, + "maxLength": 1024, + "pattern": "^[a-f0-9]{1024}$" + } + }, + "required": [ + "keyid", + "sig" + ] + } + ] + }, + "signed": { + "type": "object", + "additionalProperties": false, + "properties": { + "_type": { + "enum": ["timestamp"] + }, + "expires": { + "type": "string", + "format": "date-time" + }, + "meta": { + "type": "object", + "additionalProperties": false, + "properties": { + "snapshot.json": { + "type": "object", + "additionalProperties": false, + "properties": { + "hashes": { + "type": "object", + "additionalProperties": false, + "properties": { + "sha256": { + "type": "string", + "minLength": 64, + "maxLength": 64, + "pattern": "^[a-f0-9]{64}$" + }, + "sha512": { + "type": "string", + "minLength": 128, + "maxLength": 128, + "pattern": "^[a-f0-9]{128}$" + } + }, + "required": [ + "sha256", + "sha512" + ] + }, + "length": { + "type": "integer", + "minimum": 1 + }, + "version": { + "type": "integer", + "minimum": 0 + } + }, + "required": [ + "hashes", + "length", + "version" + ] + } + }, + "required": [ + "snapshot.json" + ] + }, + "spec_version": { + "type": "string", + "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]$" + }, + "version": { + "type": "integer", + "minimum": 0 + } + }, + "required": [ + "_type", + "expires", + "meta", + "spec_version", + "version" + ] + } + }, + "required": [ + "signatures", + "signed" + ] +} diff --git a/schemas/wheels-signer-x.schema.json b/schemas/wheels-signer-x.schema.json new file mode 100644 index 0000000..ec33817 --- /dev/null +++ b/schemas/wheels-signer-x.schema.json @@ -0,0 +1,148 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "additionalProperties": false, + "properties": { + "signatures": { + "type": "array", + "items": [ + { + "type": "object", + "additionalProperties": false, + "properties": { + "keyid": { + "type": "string", + "minLength": 64, + "maxLength": 64, + "pattern": "^[a-f0-9]{64}$" + }, + "sig": { + "type": "string", + "minLength": 1024, + "maxLength": 1024, + "pattern": "^[a-f0-9]{1024}$" + } + }, + "required": [ + "keyid", + "sig" + ] + } + ] + }, + "signed": { + "type": "object", + "additionalProperties": false, + "properties": { + "_type": { + "enum": ["targets"] + }, + "delegations": { + "type": "object", + "additionalProperties": false, + "properties": { + "keys": { + "type": "object" + }, + "roles": { + "type": "array", + "items": {} + } + }, + "required": [ + "keys", + "roles" + ] + }, + "expires": { + "type": "string", + "format": "date-time" + }, + "spec_version": { + "type": "string", + "pattern": "[0-9]+\\.[0-9]+\\.[0-9]+" + }, + "targets": { + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^simple/([a-z0-9-]+/[a-z0-9-_.]+-py2.py3-none-any.whl)?|(([a-z0-9-_]+/[a-z0-9-_.]+)?index.html)$": { + "type": "object", + "additionalProperties": false, + "properties": { + "custom": { + "type": "object", + "additionalProperties": false, + "properties": { + "in-toto": { + "type": "array", + "items": [ + { + "type": "string", + "pattern": "in-toto-metadata/([a-f0-9]{64}/(wheels-signer|wheels-builder|tag)\\.[a-f0-9]{8}\\.link)|root.layout" + } + ] + }, + "root-layout-type": { + "enum": ["core", "extras"] + } + }, + "required": [ + "in-toto", + "root-layout-type" + ] + }, + "hashes": { + "type": "object", + "properties": { + "sha256": { + "type": "string", + "minLength": 64, + "maxLength": 64, + "pattern": "^[a-f0-9]{64}$" + }, + "sha512": { + "type": "string", + "minLength": 128, + "maxLength": 128, + "pattern": "^[a-f0-9]{128}$" + } + }, + "required": [ + "sha256", + "sha512" + ] + }, + "length": { + "type": "integer", + "minimum": 1 + } + }, + "required": [ + "custom", + "hashes", + "length" + ] + } + } + }, + "version": { + "type": "integer", + "minimum": 0 + } + }, + "required": [ + "_type", + "delegations", + "expires", + "spec_version", + "targets", + "version" + ] + } + }, + "required": [ + "signatures", + "signed" + ] +} diff --git a/schemas/wheels-signer.schema.json b/schemas/wheels-signer.schema.json new file mode 100644 index 0000000..20ae1cc --- /dev/null +++ b/schemas/wheels-signer.schema.json @@ -0,0 +1,174 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "additionalProperties": false, + "properties": { + "signatures": { + "type": "array", + "items": [ + { + "type": "object", + "additionalProperties": false, + "properties": { + "keyid": { + "type": "string", + "minLength": 64, + "maxLength": 64, + "pattern": "^[a-f0-9]{64}$" + }, + "sig": { + "type": "string", + "minLength": 1024, + "maxLength": 1024, + "pattern": "^[a-f0-9]{1024}$" + } + }, + "required": [ + "keyid", + "sig" + ] + } + ] + }, + "signed": { + "type": "object", + "additionalProperties": false, + "properties": { + "_type": { + "enum": ["targets"] + }, + "delegations": { + "type": "object", + "additionalProperties": false, + "properties": { + "keys": { + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[a-f0-9]{64}$": { + "type": "object", + "additionalProperties": false, + "properties": { + "keyid_hash_algorithms": { + "type": "array", + "items": [ + { + "enum": ["sha256", "sha512"] + } + ] + }, + "keytype": { + "enum": ["rsa"] + }, + "keyval": { + "type": "object", + "additionalProperties": false, + "properties": { + "public": { + "type": "string", + "pattern": "^-----BEGIN PUBLIC KEY-----" + } + }, + "required": [ + "public" + ] + }, + "scheme": { + "enum": ["rsassa-pss-sha256"] + } + }, + "required": [ + "keyid_hash_algorithms", + "keytype", + "keyval", + "scheme" + ] + } + } + }, + "roles": { + "type": "array", + "items": [ + { + "type": "object", + "additionalProperties": false, + "properties": { + "keyids": { + "type": "array", + "items": [ + { + "type": "string", + "minLength": 64, + "maxLength": 64, + "pattern": "^[a-f0-9]{64}$" + } + ] + }, + "name": { + "type": "string", + "minLength": 1 + }, + "paths": { + "type": "array", + "items": [ + { + "type": "string", + "pattern": "^simple/((.+(.html|.whl))|(index.html))$" + } + ] + }, + "terminating": { + "type": "boolean" + }, + "threshold": { + "type": "integer", + "minimum": 1 + } + }, + "required": [ + "keyids", + "name", + "paths", + "terminating", + "threshold" + ] + } + ] + } + }, + "required": [ + "keys", + "roles" + ] + }, + "expires": { + "type": "string", + "format": "date-time" + }, + "spec_version": { + "type": "string", + "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]$" + }, + "targets": { + "type": "object" + }, + "version": { + "type": "integer", + "minimum": 0 + } + }, + "required": [ + "_type", + "delegations", + "expires", + "spec_version", + "targets", + "version" + ] + } + }, + "required": [ + "signatures", + "signed" + ] +} From 24dc03218de8683b2e7b20e5160e0e8a7d449431 Mon Sep 17 00:00:00 2001 From: Fridolin Pokorny Date: Thu, 1 Sep 2022 13:11:16 +0200 Subject: [PATCH 02/37] Remove files specific to Datadog agent integrations --- schemas/in-toto-metadata-signer-x.schema.json | 145 --------------- schemas/in-toto-metadata-signer.schema.json | 168 ----------------- schemas/wheels-signer-x.schema.json | 148 --------------- schemas/wheels-signer.schema.json | 174 ------------------ 4 files changed, 635 deletions(-) delete mode 100644 schemas/in-toto-metadata-signer-x.schema.json delete mode 100644 schemas/in-toto-metadata-signer.schema.json delete mode 100644 schemas/wheels-signer-x.schema.json delete mode 100644 schemas/wheels-signer.schema.json diff --git a/schemas/in-toto-metadata-signer-x.schema.json b/schemas/in-toto-metadata-signer-x.schema.json deleted file mode 100644 index 1a883fb..0000000 --- a/schemas/in-toto-metadata-signer-x.schema.json +++ /dev/null @@ -1,145 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-04/schema#", - "type": "object", - "additionalProperties": false, - "properties": { - "signatures": { - "type": "array", - "items": [ - { - "type": "object", - "additionalProperties": false, - "properties": { - "keyid": { - "type": "string", - "minLength": 64, - "maxLength": 64, - "pattern": "^[a-f0-9]{64}$" - }, - "sig": { - "type": "string", - "minLength": 1024, - "maxLength": 1024, - "pattern": "^[a-f0-9]{1024}$" - } - }, - "required": [ - "keyid", - "sig" - ] - } - ] - }, - "signed": { - "type": "object", - "additionalProperties": false, - "properties": { - "_type": { - "enum": ["targets"] - }, - "delegations": { - "type": "object", - "additionalProperties": false, - "properties": { - "keys": { - "type": "object" - }, - "roles": { - "type": "array", - "items": {} - } - }, - "required": [ - "keys", - "roles" - ] - }, - "expires": { - "type": "string", - "format": "date-time" - }, - "spec_version": { - "type": "string", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "targets": { - "type": "object", - "additionalProperties": false, - "patternProperties": { - "^(simple/[a-z-0-9]+/[a-z0-9-]+-py2\\.py3-none-any\\.whl)|(in-toto-metadata/[a-f0-9]{64}/((wheels-signer)|(tag)|(wheels-builder))\\.[a-f0-9]{8}\\.link)$": { - "type": "object", - "additionalProperties": false, - "properties": { - "custom": { - "type": "object", - "additionalProperties": false, - "properties": { - "in-toto": { - "type": "array", - "items": [ - { - "type": "string", - "pattern": "in-toto-metadata/([a-f0-9]{64}/(wheels-signer|wheels-builder|tag)\\.[a-f0-9]{8}\\.link)|root.layout" - } - ] - }, - "root-layout-type": { - "enum": ["extras", "core"] - } - } - }, - "hashes": { - "type": "object", - "additionalProperties": false, - "properties": { - "sha256": { - "type": "string", - "minLength": 64, - "maxLength": 64, - "pattern": "^[a-f0-9]{64}$" - }, - "sha512": { - "type": "string", - "minLength": 128, - "maxLength": 128, - "pattern": "^[a-f0-9]{128}$" - } - }, - "required": [ - "sha256", - "sha512" - ] - }, - "length": { - "type": "integer", - "minimum": 1 - } - }, - "required": [ - "custom", - "hashes", - "length" - ] - } - } - }, - "version": { - "type": "integer", - "minimum": 0 - } - }, - "required": [ - "_type", - "delegations", - "expires", - "spec_version", - "targets", - "version" - ] - } - }, - "required": [ - "signatures", - "signed" - ] -} diff --git a/schemas/in-toto-metadata-signer.schema.json b/schemas/in-toto-metadata-signer.schema.json deleted file mode 100644 index b7f9f8b..0000000 --- a/schemas/in-toto-metadata-signer.schema.json +++ /dev/null @@ -1,168 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-04/schema#", - "type": "object", - "properties": { - "signatures": { - "type": "array", - "items": [ - { - "type": "object", - "properties": { - "keyid": { - "type": "string", - "minLength": 64, - "maxLength": 64, - "pattern": "^[a-f0-9]{64}$" - }, - "sig": { - "type": "string", - "minLength": 1024, - "maxLength": 1024, - "pattern": "^[a-f0-9]{1024}$" - } - }, - "required": [ - "keyid", - "sig" - ] - } - ] - }, - "signed": { - "type": "object", - "properties": { - "_type": { - "enum": ["targets"] - }, - "delegations": { - "type": "object", - "properties": { - "keys": { - "type": "object", - "additionalProperties": false, - "patternProperties": { - "^[a-f0-9]{64}$": { - "type": "object", - "properties": { - "keyid_hash_algorithms": { - "type": "array", - "items": { - "enum": [ - "sha256", - "sha512" - ] - } - }, - "keytype": { - "enum": ["rsa"] - }, - "keyval": { - "type": "object", - "properties": { - "public": { - "type": "string", - "pattern": "^-----BEGIN PUBLIC KEY-----" - } - }, - "required": [ - "public" - ] - }, - "scheme": { - "enum": ["rsassa-pss-sha256"] - } - }, - "required": [ - "keyid_hash_algorithms", - "keytype", - "keyval", - "scheme" - ] - } - } - }, - "roles": { - "type": "array", - "items": [ - { - "type": "object", - "properties": { - "keyids": { - "type": "array", - "items": [ - { - "type": "string", - "minLength": 64, - "maxLength": 64, - "pattern": "^[a-f0-9]{64}$" - } - ] - }, - "name": { - "type": "string", - "pattern": "^in-toto-metadata-signer-[0-9a-f]$" - }, - "paths": { - "type": "array", - "items": [ - { - "type": "string", - "pattern": "^in-toto-metadata/[0-9a-f]\\*/\\*\\.link$" - } - ] - }, - "terminating": { - "type": "boolean" - }, - "threshold": { - "type": "integer", - "minimum": 1 - } - }, - "required": [ - "keyids", - "name", - "paths", - "terminating", - "threshold" - ] - } - ] - } - }, - "required": [ - "keys", - "roles" - ] - }, - "expires": { - "type": "string", - "format": "date-time" - }, - "spec_version": { - "type": "string", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "targets": { - "type": "object" - }, - "version": { - "type": "integer", - "minimum": 0 - } - }, - "required": [ - "_type", - "delegations", - "expires", - "spec_version", - "targets", - "version" - ] - } - }, - "required": [ - "signatures", - "signed" - ] -} diff --git a/schemas/wheels-signer-x.schema.json b/schemas/wheels-signer-x.schema.json deleted file mode 100644 index ec33817..0000000 --- a/schemas/wheels-signer-x.schema.json +++ /dev/null @@ -1,148 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-04/schema#", - "type": "object", - "additionalProperties": false, - "properties": { - "signatures": { - "type": "array", - "items": [ - { - "type": "object", - "additionalProperties": false, - "properties": { - "keyid": { - "type": "string", - "minLength": 64, - "maxLength": 64, - "pattern": "^[a-f0-9]{64}$" - }, - "sig": { - "type": "string", - "minLength": 1024, - "maxLength": 1024, - "pattern": "^[a-f0-9]{1024}$" - } - }, - "required": [ - "keyid", - "sig" - ] - } - ] - }, - "signed": { - "type": "object", - "additionalProperties": false, - "properties": { - "_type": { - "enum": ["targets"] - }, - "delegations": { - "type": "object", - "additionalProperties": false, - "properties": { - "keys": { - "type": "object" - }, - "roles": { - "type": "array", - "items": {} - } - }, - "required": [ - "keys", - "roles" - ] - }, - "expires": { - "type": "string", - "format": "date-time" - }, - "spec_version": { - "type": "string", - "pattern": "[0-9]+\\.[0-9]+\\.[0-9]+" - }, - "targets": { - "type": "object", - "additionalProperties": false, - "patternProperties": { - "^simple/([a-z0-9-]+/[a-z0-9-_.]+-py2.py3-none-any.whl)?|(([a-z0-9-_]+/[a-z0-9-_.]+)?index.html)$": { - "type": "object", - "additionalProperties": false, - "properties": { - "custom": { - "type": "object", - "additionalProperties": false, - "properties": { - "in-toto": { - "type": "array", - "items": [ - { - "type": "string", - "pattern": "in-toto-metadata/([a-f0-9]{64}/(wheels-signer|wheels-builder|tag)\\.[a-f0-9]{8}\\.link)|root.layout" - } - ] - }, - "root-layout-type": { - "enum": ["core", "extras"] - } - }, - "required": [ - "in-toto", - "root-layout-type" - ] - }, - "hashes": { - "type": "object", - "properties": { - "sha256": { - "type": "string", - "minLength": 64, - "maxLength": 64, - "pattern": "^[a-f0-9]{64}$" - }, - "sha512": { - "type": "string", - "minLength": 128, - "maxLength": 128, - "pattern": "^[a-f0-9]{128}$" - } - }, - "required": [ - "sha256", - "sha512" - ] - }, - "length": { - "type": "integer", - "minimum": 1 - } - }, - "required": [ - "custom", - "hashes", - "length" - ] - } - } - }, - "version": { - "type": "integer", - "minimum": 0 - } - }, - "required": [ - "_type", - "delegations", - "expires", - "spec_version", - "targets", - "version" - ] - } - }, - "required": [ - "signatures", - "signed" - ] -} diff --git a/schemas/wheels-signer.schema.json b/schemas/wheels-signer.schema.json deleted file mode 100644 index 20ae1cc..0000000 --- a/schemas/wheels-signer.schema.json +++ /dev/null @@ -1,174 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-04/schema#", - "type": "object", - "additionalProperties": false, - "properties": { - "signatures": { - "type": "array", - "items": [ - { - "type": "object", - "additionalProperties": false, - "properties": { - "keyid": { - "type": "string", - "minLength": 64, - "maxLength": 64, - "pattern": "^[a-f0-9]{64}$" - }, - "sig": { - "type": "string", - "minLength": 1024, - "maxLength": 1024, - "pattern": "^[a-f0-9]{1024}$" - } - }, - "required": [ - "keyid", - "sig" - ] - } - ] - }, - "signed": { - "type": "object", - "additionalProperties": false, - "properties": { - "_type": { - "enum": ["targets"] - }, - "delegations": { - "type": "object", - "additionalProperties": false, - "properties": { - "keys": { - "type": "object", - "additionalProperties": false, - "patternProperties": { - "^[a-f0-9]{64}$": { - "type": "object", - "additionalProperties": false, - "properties": { - "keyid_hash_algorithms": { - "type": "array", - "items": [ - { - "enum": ["sha256", "sha512"] - } - ] - }, - "keytype": { - "enum": ["rsa"] - }, - "keyval": { - "type": "object", - "additionalProperties": false, - "properties": { - "public": { - "type": "string", - "pattern": "^-----BEGIN PUBLIC KEY-----" - } - }, - "required": [ - "public" - ] - }, - "scheme": { - "enum": ["rsassa-pss-sha256"] - } - }, - "required": [ - "keyid_hash_algorithms", - "keytype", - "keyval", - "scheme" - ] - } - } - }, - "roles": { - "type": "array", - "items": [ - { - "type": "object", - "additionalProperties": false, - "properties": { - "keyids": { - "type": "array", - "items": [ - { - "type": "string", - "minLength": 64, - "maxLength": 64, - "pattern": "^[a-f0-9]{64}$" - } - ] - }, - "name": { - "type": "string", - "minLength": 1 - }, - "paths": { - "type": "array", - "items": [ - { - "type": "string", - "pattern": "^simple/((.+(.html|.whl))|(index.html))$" - } - ] - }, - "terminating": { - "type": "boolean" - }, - "threshold": { - "type": "integer", - "minimum": 1 - } - }, - "required": [ - "keyids", - "name", - "paths", - "terminating", - "threshold" - ] - } - ] - } - }, - "required": [ - "keys", - "roles" - ] - }, - "expires": { - "type": "string", - "format": "date-time" - }, - "spec_version": { - "type": "string", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]$" - }, - "targets": { - "type": "object" - }, - "version": { - "type": "integer", - "minimum": 0 - } - }, - "required": [ - "_type", - "delegations", - "expires", - "spec_version", - "targets", - "version" - ] - } - }, - "required": [ - "signatures", - "signed" - ] -} From 885ea589dfae2f845ec647c8c2f9de1efc512028 Mon Sep 17 00:00:00 2001 From: Fridolin Pokorny Date: Thu, 1 Sep 2022 13:14:10 +0200 Subject: [PATCH 03/37] Minimum allowed version in 1 in timestamps.schema.json --- schemas/timestamp.schema.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/schemas/timestamp.schema.json b/schemas/timestamp.schema.json index 1ddcaf7..edbab5a 100644 --- a/schemas/timestamp.schema.json +++ b/schemas/timestamp.schema.json @@ -77,7 +77,7 @@ }, "version": { "type": "integer", - "minimum": 0 + "minimum": 1 } }, "required": [ @@ -97,7 +97,7 @@ }, "version": { "type": "integer", - "minimum": 0 + "minimum": 1 } }, "required": [ From 767c54aefd96b1408f6b21c1ce2e322200bb3af4 Mon Sep 17 00:00:00 2001 From: Fridolin Pokorny Date: Thu, 1 Sep 2022 13:14:39 +0200 Subject: [PATCH 04/37] Allow versions without patch release number in timestamp.schema.json --- schemas/timestamp.schema.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/schemas/timestamp.schema.json b/schemas/timestamp.schema.json index edbab5a..369ca12 100644 --- a/schemas/timestamp.schema.json +++ b/schemas/timestamp.schema.json @@ -93,7 +93,7 @@ }, "spec_version": { "type": "string", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]$" + "pattern": "^[0-9]+\\.[0-9]+(\\.[0-9]+)?$" }, "version": { "type": "integer", From 6b6d6fb9eb934e1fba2303e94a3f57d1d16e1030 Mon Sep 17 00:00:00 2001 From: Fridolin Pokorny Date: Thu, 1 Sep 2022 13:20:26 +0200 Subject: [PATCH 05/37] Allow optional patch version in spec_version field --- schemas/root.schema.json | 2 +- schemas/snapshot.schema.json | 2 +- schemas/targets.schema.json | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/schemas/root.schema.json b/schemas/root.schema.json index cb93c50..91ec9e2 100644 --- a/schemas/root.schema.json +++ b/schemas/root.schema.json @@ -169,7 +169,7 @@ }, "spec_version": { "type": "string", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]$" + "pattern": "^[0-9]+\\.[0-9]+(\\.[0-9]+)?$" }, "version": { "type": "number", diff --git a/schemas/snapshot.schema.json b/schemas/snapshot.schema.json index 3111651..14f6bbc 100644 --- a/schemas/snapshot.schema.json +++ b/schemas/snapshot.schema.json @@ -681,7 +681,7 @@ }, "spec_version": { "type": "string", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]$" + "pattern": "^[0-9]+\\.[0-9]+(\\.[0-9]+)?$" }, "version": { "type": "integer", diff --git a/schemas/targets.schema.json b/schemas/targets.schema.json index de1a4b5..1774346 100644 --- a/schemas/targets.schema.json +++ b/schemas/targets.schema.json @@ -146,7 +146,7 @@ }, "spec_version": { "type": "string", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]$" + "pattern": "^[0-9]+\\.[0-9]+(\\.[0-9]+)?$" }, "targets": { "type": "object", From 850f8640a7ffb9215305d8f040eaebcdfcc19bb1 Mon Sep 17 00:00:00 2001 From: Fridolin Pokorny Date: Thu, 1 Sep 2022 13:25:14 +0200 Subject: [PATCH 06/37] Require only targets.json in snapshot schema --- schemas/snapshot.schema.json | 620 +---------------------------------- 1 file changed, 2 insertions(+), 618 deletions(-) diff --git a/schemas/snapshot.schema.json b/schemas/snapshot.schema.json index 14f6bbc..500e71b 100644 --- a/schemas/snapshot.schema.json +++ b/schemas/snapshot.schema.json @@ -43,229 +43,8 @@ }, "meta": { "type": "object", - "additionalProperties": false, + "additionalProperties": true, "properties": { - "in-toto-metadata-signer-0.json": { - "type": "object", - "additionalProperties": false, - "properties": { - "version": { - "type": "integer", - "minimum": 0 - } - }, - "required": [ - "version" - ] - }, - "in-toto-metadata-signer-1.json": { - "type": "object", - "additionalProperties": false, - "properties": { - "version": { - "type": "integer", - "minimum": 0 - } - }, - "required": [ - "version" - ] - }, - "in-toto-metadata-signer-2.json": { - "type": "object", - "additionalProperties": false, - "properties": { - "version": { - "type": "integer", - "minimum": 0 - } - }, - "required": [ - "version" - ] - }, - "in-toto-metadata-signer-3.json": { - "type": "object", - "additionalProperties": false, - "properties": { - "version": { - "type": "integer", - "minimum": 0 - } - }, - "required": [ - "version" - ] - }, - "in-toto-metadata-signer-4.json": { - "type": "object", - "additionalProperties": false, - "properties": { - "version": { - "type": "integer", - "minimum": 0 - } - }, - "required": [ - "version" - ] - }, - "in-toto-metadata-signer-5.json": { - "type": "object", - "additionalProperties": false, - "properties": { - "version": { - "type": "integer", - "minimum": 0 - } - }, - "required": [ - "version" - ] - }, - "in-toto-metadata-signer-6.json": { - "type": "object", - "additionalProperties": false, - "properties": { - "version": { - "type": "integer", - "minimum": 0 - } - }, - "required": [ - "version" - ] - }, - "in-toto-metadata-signer-7.json": { - "type": "object", - "additionalProperties": false, - "properties": { - "version": { - "type": "integer", - "minimum": 0 - } - }, - "required": [ - "version" - ] - }, - "in-toto-metadata-signer-8.json": { - "type": "object", - "additionalProperties": false, - "properties": { - "version": { - "type": "integer", - "minimum": 0 - } - }, - "required": [ - "version" - ] - }, - "in-toto-metadata-signer-9.json": { - "type": "object", - "additionalProperties": false, - "properties": { - "version": { - "type": "integer", - "minimum": 0 - } - }, - "required": [ - "version" - ] - }, - "in-toto-metadata-signer-a.json": { - "type": "object", - "additionalProperties": false, - "properties": { - "version": { - "type": "integer", - "minimum": 0 - } - }, - "required": [ - "version" - ] - }, - "in-toto-metadata-signer-b.json": { - "type": "object", - "additionalProperties": false, - "properties": { - "version": { - "type": "integer", - "minimum": 0 - } - }, - "required": [ - "version" - ] - }, - "in-toto-metadata-signer-c.json": { - "type": "object", - "additionalProperties": false, - "properties": { - "version": { - "type": "integer", - "minimum": 0 - } - }, - "required": [ - "version" - ] - }, - "in-toto-metadata-signer-d.json": { - "type": "object", - "additionalProperties": false, - "properties": { - "version": { - "type": "integer", - "minimum": 0 - } - }, - "required": [ - "version" - ] - }, - "in-toto-metadata-signer-e.json": { - "type": "object", - "additionalProperties": false, - "properties": { - "version": { - "type": "integer", - "minimum": 0 - } - }, - "required": [ - "version" - ] - }, - "in-toto-metadata-signer-f.json": { - "type": "object", - "additionalProperties": false, - "properties": { - "version": { - "type": "integer", - "minimum": 0 - } - }, - "required": [ - "version" - ] - }, - "in-toto-metadata-signer.json": { - "type": "object", - "additionalProperties": false, - "properties": { - "version": { - "type": "integer", - "minimum": 0 - } - }, - "required": [ - "version" - ] - }, "targets.json": { "type": "object", "additionalProperties": false, @@ -278,405 +57,10 @@ "required": [ "version" ] - }, - "wheels-signer-a.json": { - "type": "object", - "additionalProperties": false, - "properties": { - "version": { - "type": "integer", - "minimum": 0 - } - }, - "required": [ - "version" - ] - }, - "wheels-signer-b.json": { - "type": "object", - "additionalProperties": false, - "properties": { - "version": { - "type": "integer", - "minimum": 0 - } - }, - "required": [ - "version" - ] - }, - "wheels-signer-c.json": { - "type": "object", - "additionalProperties": false, - "properties": { - "version": { - "type": "integer", - "minimum": 0 - } - }, - "required": [ - "version" - ] - }, - "wheels-signer-d.json": { - "type": "object", - "additionalProperties": false, - "properties": { - "version": { - "type": "integer", - "minimum": 0 - } - }, - "required": [ - "version" - ] - }, - "wheels-signer-e.json": { - "type": "object", - "additionalProperties": false, - "properties": { - "version": { - "type": "integer", - "minimum": 0 - } - }, - "required": [ - "version" - ] - }, - "wheels-signer-f.json": { - "type": "object", - "additionalProperties": false, - "properties": { - "version": { - "type": "integer", - "minimum": 0 - } - }, - "required": [ - "version" - ] - }, - "wheels-signer-g.json": { - "type": "object", - "additionalProperties": false, - "properties": { - "version": { - "type": "integer", - "minimum": 0 - } - }, - "required": [ - "version" - ] - }, - "wheels-signer-h.json": { - "type": "object", - "additionalProperties": false, - "properties": { - "version": { - "type": "integer", - "minimum": 0 - } - }, - "required": [ - "version" - ] - }, - "wheels-signer-i.json": { - "type": "object", - "additionalProperties": false, - "properties": { - "version": { - "type": "integer", - "minimum": 0 - } - }, - "required": [ - "version" - ] - }, - "wheels-signer-j.json": { - "type": "object", - "additionalProperties": false, - "properties": { - "version": { - "type": "integer", - "minimum": 0 - } - }, - "required": [ - "version" - ] - }, - "wheels-signer-k.json": { - "type": "object", - "additionalProperties": false, - "properties": { - "version": { - "type": "integer", - "minimum": 0 - } - }, - "required": [ - "version" - ] - }, - "wheels-signer-l.json": { - "type": "object", - "additionalProperties": false, - "properties": { - "version": { - "type": "integer", - "minimum": 0 - } - }, - "required": [ - "version" - ] - }, - "wheels-signer-m.json": { - "type": "object", - "additionalProperties": false, - "properties": { - "version": { - "type": "integer", - "minimum": 0 - } - }, - "required": [ - "version" - ] - }, - "wheels-signer-n.json": { - "type": "object", - "additionalProperties": false, - "properties": { - "version": { - "type": "integer", - "minimum": 0 - } - }, - "required": [ - "version" - ] - }, - "wheels-signer-o.json": { - "type": "object", - "additionalProperties": false, - "properties": { - "version": { - "type": "integer", - "minimum": 0 - } - }, - "required": [ - "version" - ] - }, - "wheels-signer-p.json": { - "type": "object", - "additionalProperties": false, - "properties": { - "version": { - "type": "integer", - "minimum": 0 - } - }, - "required": [ - "version" - ] - }, - "wheels-signer-q.json": { - "type": "object", - "additionalProperties": false, - "properties": { - "version": { - "type": "integer", - "minimum": 0 - } - }, - "required": [ - "version" - ] - }, - "wheels-signer-r.json": { - "type": "object", - "additionalProperties": false, - "properties": { - "version": { - "type": "integer", - "minimum": 0 - } - }, - "required": [ - "version" - ] - }, - "wheels-signer-s.json": { - "type": "object", - "additionalProperties": false, - "properties": { - "version": { - "type": "integer", - "minimum": 0 - } - }, - "required": [ - "version" - ] - }, - "wheels-signer-t.json": { - "type": "object", - "additionalProperties": false, - "properties": { - "version": { - "type": "integer", - "minimum": 0 - } - }, - "required": [ - "version" - ] - }, - "wheels-signer-u.json": { - "type": "object", - "additionalProperties": false, - "properties": { - "version": { - "type": "integer", - "minimum": 0 - } - }, - "required": [ - "version" - ] - }, - "wheels-signer-v.json": { - "type": "object", - "additionalProperties": false, - "properties": { - "version": { - "type": "integer", - "minimum": 0 - } - }, - "required": [ - "version" - ] - }, - "wheels-signer-w.json": { - "type": "object", - "additionalProperties": false, - "properties": { - "version": { - "type": "integer", - "minimum": 0 - } - }, - "required": [ - "version" - ] - }, - "wheels-signer-x.json": { - "type": "object", - "additionalProperties": false, - "properties": { - "version": { - "type": "integer", - "minimum": 0 - } - }, - "required": [ - "version" - ] - }, - "wheels-signer-y.json": { - "type": "object", - "additionalProperties": false, - "properties": { - "version": { - "type": "integer", - "minimum": 0 - } - }, - "required": [ - "version" - ] - }, - "wheels-signer-z.json": { - "type": "object", - "additionalProperties": false, - "properties": { - "version": { - "type": "integer", - "minimum": 0 - } - }, - "required": [ - "version" - ] - }, - "wheels-signer.json": { - "type": "object", - "additionalProperties": false, - "properties": { - "version": { - "type": "integer", - "minimum": 0 - } - }, - "required": [ - "version" - ] } }, "required": [ - "in-toto-metadata-signer-0.json", - "in-toto-metadata-signer-1.json", - "in-toto-metadata-signer-2.json", - "in-toto-metadata-signer-3.json", - "in-toto-metadata-signer-4.json", - "in-toto-metadata-signer-5.json", - "in-toto-metadata-signer-6.json", - "in-toto-metadata-signer-7.json", - "in-toto-metadata-signer-8.json", - "in-toto-metadata-signer-9.json", - "in-toto-metadata-signer-a.json", - "in-toto-metadata-signer-b.json", - "in-toto-metadata-signer-c.json", - "in-toto-metadata-signer-d.json", - "in-toto-metadata-signer-e.json", - "in-toto-metadata-signer-f.json", - "in-toto-metadata-signer.json", - "targets.json", - "wheels-signer-a.json", - "wheels-signer-b.json", - "wheels-signer-c.json", - "wheels-signer-d.json", - "wheels-signer-e.json", - "wheels-signer-f.json", - "wheels-signer-g.json", - "wheels-signer-h.json", - "wheels-signer-i.json", - "wheels-signer-j.json", - "wheels-signer-k.json", - "wheels-signer-l.json", - "wheels-signer-m.json", - "wheels-signer-n.json", - "wheels-signer-o.json", - "wheels-signer-p.json", - "wheels-signer-q.json", - "wheels-signer-r.json", - "wheels-signer-s.json", - "wheels-signer-t.json", - "wheels-signer-u.json", - "wheels-signer-v.json", - "wheels-signer-w.json", - "wheels-signer-x.json", - "wheels-signer-y.json", - "wheels-signer-z.json", - "wheels-signer.json" + "targets.json" ] }, "spec_version": { From 40247c49fbcdb0db3d002c909654db3e2aa080df Mon Sep 17 00:00:00 2001 From: Fridolin Pokorny Date: Thu, 1 Sep 2022 13:27:21 +0200 Subject: [PATCH 07/37] Version numbers are always 1 or above --- schemas/root.schema.json | 2 +- schemas/snapshot.schema.json | 4 ++-- schemas/targets.schema.json | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/schemas/root.schema.json b/schemas/root.schema.json index 91ec9e2..8ee8e48 100644 --- a/schemas/root.schema.json +++ b/schemas/root.schema.json @@ -173,7 +173,7 @@ }, "version": { "type": "number", - "minimum": 0 + "minimum": 1 } } } diff --git a/schemas/snapshot.schema.json b/schemas/snapshot.schema.json index 500e71b..27c6f06 100644 --- a/schemas/snapshot.schema.json +++ b/schemas/snapshot.schema.json @@ -51,7 +51,7 @@ "properties": { "version": { "type": "integer", - "minimum": 0 + "minimum": 1 } }, "required": [ @@ -69,7 +69,7 @@ }, "version": { "type": "integer", - "minimum": 0 + "minimum": 1 } }, "required": [ diff --git a/schemas/targets.schema.json b/schemas/targets.schema.json index 1774346..3b54b05 100644 --- a/schemas/targets.schema.json +++ b/schemas/targets.schema.json @@ -254,7 +254,7 @@ }, "version": { "type": "integer", - "minimum": 0 + "minimum": 1 } }, "required": [ From 975c34a4ee2b7b9c3697e7d08f61a5f1e9f26306 Mon Sep 17 00:00:00 2001 From: Fridolin Pokorny Date: Thu, 1 Sep 2022 13:30:56 +0200 Subject: [PATCH 08/37] Neither specific targets nor delegations are expected in targets.json --- schemas/targets.schema.json | 211 +----------------------------------- 1 file changed, 2 insertions(+), 209 deletions(-) diff --git a/schemas/targets.schema.json b/schemas/targets.schema.json index 3b54b05..506bd85 100644 --- a/schemas/targets.schema.json +++ b/schemas/targets.schema.json @@ -38,107 +38,7 @@ "enum": ["targets"] }, "delegations": { - "type": "object", - "additionalProperties": false, - "properties": { - "keys": { - "type": "object", - "additionalProperties": false, - "patternProperties": { - "^[a-f0-9]{64}$": { - "type": "object", - "additionalProperties": false, - "properties": { - "keyid_hash_algorithms": { - "type": "array", - "items": [ - { - "enum": ["sha256", "sha512"] - } - ] - }, - "keytype": { - "enum": ["rsa"] - }, - "keyval": { - "type": "object", - "required": ["public"], - "additionalProperties": false, - "properties": { - "public": { - "type": "string", - "pattern": "^-----BEGIN PUBLIC KEY-----" - } - } - }, - "scheme": { - "enum": ["rsassa-pss-sha256"] - } - }, - "required": [ - "keyid_hash_algorithms", - "keytype", - "keyval", - "scheme" - ] - } - } - }, - "roles": { - "type": "array", - "items": [ - { - "type": "object", - "additionalProperties": false, - "properties": { - "keyids": { - "type": "array", - "items": [ - { - "type": "string", - "minLength": 64, - "maxLength": 64, - "pattern": "^[a-f0-9]{64}$" - } - ] - }, - "name": { - "type": "string", - "minLength": 1 - }, - "paths": { - "type": "array", - "items": [ - { - "type": "string", - "minLength": 1 - } - ], - "minLength": 1 - }, - "terminating": { - "type": "boolean" - }, - "threshold": { - "type": "integer", - "minimum": 1 - } - }, - "required": [ - "keyids", - "name", - "paths", - "terminating", - "threshold" - ] - } - ] - } - }, - "required": [ - "keys", - "roles" - ] + "type": "object" }, "expires": { "type": "string", @@ -149,120 +49,13 @@ "pattern": "^[0-9]+\\.[0-9]+(\\.[0-9]+)?$" }, "targets": { - "type": "object", - "additionalProperties": false, - "patternProperties": { - "^in-toto-metadata/[0-9a-z.]+.layout$": { - "type": "object", - "additionalProperties": false, - "properties": { - "custom": { - "type": "object", - "additionalProperties": false, - "properties": { - "in-toto": { - "type": "array", - "items": [ - { - "type": "string", - "pattern": "^in-toto-pubkeys/[a-f0-9]{64}.pub$" - } - ], - "minLength": 1 - }, - "root-layout-type": { - "enum": ["core", "extras"] - } - }, - "required": [ - "in-toto", - "root-layout-type" - ] - }, - "hashes": { - "type": "object", - "additionalProperties": false, - "properties": { - "sha256": { - "type": "string", - "minLength": 64, - "maxLength": 64, - "pattern": "^[a-f0-9]{64}$" - }, - "sha512": { - "type": "string", - "minLength": 128, - "maxLength": 128, - "pattern": "^[a-f0-9]{128}$" - } - }, - "required": [ - "sha256", - "sha512" - ] - }, - "length": { - "type": "integer", - "minimum": 1 - } - }, - "required": [ - "custom", - "hashes", - "length" - ] - }, - "^in-toto-pubkeys/[0-9a-f]{64}.pub$": { - "type": "object", - "properties": { - "custom": { - "type": "object" - }, - "hashes": { - "type": "object", - "properties": { - "sha256": { - "type": "string", - "minLength": 64, - "maxLength": 64, - "pattern": "^[a-f0-9]{64}$" - }, - "sha512": { - "type": "string", - "minLength": 128, - "maxLength": 128, - "pattern": "^[a-f0-9]{128}$" - } - }, - "required": [ - "sha256", - "sha512" - ] - }, - "length": { - "type": "integer", - "minimum": 1 - } - }, - "required": [ - "custom", - "hashes", - "length" - ] - } - } - }, - "version": { - "type": "integer", - "minimum": 1 + "type": "object" } }, "required": [ "_type", - "delegations", "expires", "spec_version", - "targets", "version" ] } From 4c222562987d757744735ce3174408a8779b99ad Mon Sep 17 00:00:00 2001 From: Fridolin Pokorny Date: Thu, 1 Sep 2022 13:49:34 +0200 Subject: [PATCH 09/37] Use explicit pattern for datetime format --- schemas/root.schema.json | 2 +- schemas/snapshot.schema.json | 2 +- schemas/targets.schema.json | 2 +- schemas/timestamp.schema.json | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/schemas/root.schema.json b/schemas/root.schema.json index 8ee8e48..b760beb 100644 --- a/schemas/root.schema.json +++ b/schemas/root.schema.json @@ -39,7 +39,7 @@ }, "expires": { "type": "string", - "format": "date-time" + "pattern": "^[0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}Z$" }, "keys": { "type": "object", diff --git a/schemas/snapshot.schema.json b/schemas/snapshot.schema.json index 27c6f06..4991c96 100644 --- a/schemas/snapshot.schema.json +++ b/schemas/snapshot.schema.json @@ -39,7 +39,7 @@ }, "expires": { "type": "string", - "format": "date-time" + "pattern": "^[0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}Z$" }, "meta": { "type": "object", diff --git a/schemas/targets.schema.json b/schemas/targets.schema.json index 506bd85..cd8b0b7 100644 --- a/schemas/targets.schema.json +++ b/schemas/targets.schema.json @@ -42,7 +42,7 @@ }, "expires": { "type": "string", - "format": "date-time" + "pattern": "^[0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}Z$" }, "spec_version": { "type": "string", diff --git a/schemas/timestamp.schema.json b/schemas/timestamp.schema.json index 369ca12..6840794 100644 --- a/schemas/timestamp.schema.json +++ b/schemas/timestamp.schema.json @@ -39,7 +39,7 @@ }, "expires": { "type": "string", - "format": "date-time" + "pattern": "^[0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}Z$" }, "meta": { "type": "object", From 46281e49dbceceaf9ebc3bd1dbfe970d20ec03b4 Mon Sep 17 00:00:00 2001 From: Fridolin Pokorny Date: Thu, 1 Sep 2022 13:56:03 +0200 Subject: [PATCH 10/37] Add missing version to targets.schema.json --- schemas/targets.schema.json | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/schemas/targets.schema.json b/schemas/targets.schema.json index cd8b0b7..770eda4 100644 --- a/schemas/targets.schema.json +++ b/schemas/targets.schema.json @@ -50,6 +50,10 @@ }, "targets": { "type": "object" + }, + "version": { + "type": "integer", + "minValue": 1 } }, "required": [ From fb56026450824a71905eb2b15e840ebdee70b7f3 Mon Sep 17 00:00:00 2001 From: Fridolin Pokorny Date: Thu, 1 Sep 2022 14:06:12 +0200 Subject: [PATCH 11/37] Loosen requirement on keyids --- schemas/root.schema.json | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) diff --git a/schemas/root.schema.json b/schemas/root.schema.json index b760beb..4efe3a6 100644 --- a/schemas/root.schema.json +++ b/schemas/root.schema.json @@ -94,9 +94,7 @@ "type": "array", "items": { "type": "string", - "minLength": 64, - "maxLength": 64, - "pattern": "^[a-f0-9]{64}$" + "minLength": 1 } }, "threshold": { @@ -114,9 +112,7 @@ "type": "array", "items": { "type": "string", - "minLength": 64, - "maxLength": 64, - "pattern": "^[a-f0-9]{64}$" + "minLength": 1 } }, "threshold": { @@ -134,9 +130,7 @@ "type": "array", "items": { "type": "string", - "minLength": 64, - "maxLength": 64, - "pattern": "^[a-f0-9]{64}$" + "minLength": 1 } }, "threshold": { @@ -154,9 +148,7 @@ "type": "array", "items": { "type": "string", - "minLength": 64, - "maxLength": 64, - "pattern": "^[a-f0-9]{64}$" + "minLength": 1 } }, "threshold": { From 3a253ff0db7786c8e5e4e35a375a4de24abc502b Mon Sep 17 00:00:00 2001 From: Fridolin Pokorny Date: Thu, 1 Sep 2022 14:12:59 +0200 Subject: [PATCH 12/37] Let users specify signature scheme --- schemas/root.schema.json | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/schemas/root.schema.json b/schemas/root.schema.json index 4efe3a6..194752c 100644 --- a/schemas/root.schema.json +++ b/schemas/root.schema.json @@ -69,12 +69,13 @@ "properties": { "public": { "type": "string", - "pattern": "^-----BEGIN PUBLIC KEY-----" + "minLength": 1 } } }, "scheme": { - "enum": ["rsassa-pss-sha256"] + "type": "string", + "minLength": 1 } } } From 84ad9f4304a3fc903bb0084405f9a32e5f38c5c8 Mon Sep 17 00:00:00 2001 From: Fridolin Pokorny Date: Thu, 1 Sep 2022 14:20:55 +0200 Subject: [PATCH 13/37] Add optional parts of the METAFILES section in snapshot.json --- schemas/snapshot.schema.json | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/schemas/snapshot.schema.json b/schemas/snapshot.schema.json index 4991c96..c6e6406 100644 --- a/schemas/snapshot.schema.json +++ b/schemas/snapshot.schema.json @@ -52,6 +52,13 @@ "version": { "type": "integer", "minimum": 1 + }, + "length": { + "type": "integer", + "minimum": 1 + }, + "hashes": { + "type": "object" } }, "required": [ From d6731dcd1a556e43c67fee638d748ffacf4eb1c3 Mon Sep 17 00:00:00 2001 From: Fridolin Pokorny Date: Thu, 1 Sep 2022 14:29:43 +0200 Subject: [PATCH 14/37] Field consistent_snapshot is optional in root.json --- schemas/root.schema.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/schemas/root.schema.json b/schemas/root.schema.json index 194752c..9e7681b 100644 --- a/schemas/root.schema.json +++ b/schemas/root.schema.json @@ -28,7 +28,7 @@ }, "signed": { "type": "object", - "required": ["_type", "consistent_snapshot", "expires", "keys", "roles", "spec_version", "version"], + "required": ["_type", "expires", "keys", "roles", "spec_version", "version"], "additionalProperties": false, "properties": { "_type": { From 2affedf90ea991824d2f2737abe855c01fbc92b6 Mon Sep 17 00:00:00 2001 From: Fridolin Pokorny Date: Thu, 1 Sep 2022 14:30:11 +0200 Subject: [PATCH 15/37] Add optional mirror role to root.json --- schemas/root.schema.json | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/schemas/root.schema.json b/schemas/root.schema.json index 9e7681b..45dc34a 100644 --- a/schemas/root.schema.json +++ b/schemas/root.schema.json @@ -86,6 +86,24 @@ "required": ["root", "snapshot", "targets", "timestamp"], "additionalProperties": false, "properties": { + "mirror": { + "type": "object", + "required": ["keyids", "threshold"], + "additionalProperties": false, + "properties": { + "keyids": { + "type": "array", + "items": { + "type": "string", + "minLength": 1 + } + }, + "threshold": { + "type": "number", + "minimum": 1 + } + } + }, "root": { "type": "object", "required": ["keyids", "threshold"], From 05fdf4b27132604dd224f88b535a111f94398e62 Mon Sep 17 00:00:00 2001 From: Fridolin Pokorny Date: Thu, 1 Sep 2022 14:36:42 +0200 Subject: [PATCH 16/37] Additionally specify targets in targets.json schema --- schemas/targets.schema.json | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/schemas/targets.schema.json b/schemas/targets.schema.json index 770eda4..5905467 100644 --- a/schemas/targets.schema.json +++ b/schemas/targets.schema.json @@ -49,7 +49,21 @@ "pattern": "^[0-9]+\\.[0-9]+(\\.[0-9]+)?$" }, "targets": { - "type": "object" + "type": "object", + "additionalProperties": false, + "properties": { + "hashes": { + "type": "object" + }, + "length": { + "type": "integer", + "minLength": 1, + }, + "custom": { + "type": "object" + } + }, + "required": ["hashes", "length"] }, "version": { "type": "integer", From 17f3efdc12bdeb2d0157d621bcbc7c1f038a46a1 Mon Sep 17 00:00:00 2001 From: Fridolin Pokorny Date: Thu, 1 Sep 2022 14:37:08 +0200 Subject: [PATCH 17/37] Targets is a required property in targets.json --- schemas/targets.schema.json | 1 + 1 file changed, 1 insertion(+) diff --git a/schemas/targets.schema.json b/schemas/targets.schema.json index 5905467..0196310 100644 --- a/schemas/targets.schema.json +++ b/schemas/targets.schema.json @@ -74,6 +74,7 @@ "_type", "expires", "spec_version", + "targets", "version" ] } From e6b6832186cd91c237f45a0c259662f390a2afe0 Mon Sep 17 00:00:00 2001 From: Fridolin Pokorny Date: Thu, 1 Sep 2022 14:47:50 +0200 Subject: [PATCH 18/37] Specify schema of delegations in targets.json --- schemas/targets.schema.json | 44 ++++++++++++++++++++++++++++++++++++- 1 file changed, 43 insertions(+), 1 deletion(-) diff --git a/schemas/targets.schema.json b/schemas/targets.schema.json index 0196310..f610c9d 100644 --- a/schemas/targets.schema.json +++ b/schemas/targets.schema.json @@ -38,7 +38,49 @@ "enum": ["targets"] }, "delegations": { - "type": "object" + "type": "object", + "additionalProperties": false, + "properties": { + "keys": { + "type": "object" + }, + "roles": { + "type": "array", + "items": { + "type": "object", + "additionalProperties": false, + "properties": { + "name": { + "type": "string", + "minLength": 1 + }, + "keyids": { + "type": "array", + "items": { + "type": "string", + "minLength": 1 + } + }, + "threshold": { + "type": "integer", + "minLength": 1 + }, + "path_hash_prefixes": { + "type": "string", + "minLength": 1 + }, + "paths": { + "type": "array", + "minLength": 1 + }, + "terminating": { + "type": "boolean" + } + }, + "required": ["name", "keyids", "threshold", "paths", "terminating"] + } + } + } }, "expires": { "type": "string", From 3a59b309868d732940b75fc346e0ef1e180e6fa1 Mon Sep 17 00:00:00 2001 From: Fridolin Pokorny Date: Thu, 1 Sep 2022 14:48:23 +0200 Subject: [PATCH 19/37] Adjust targets section of targets.json --- schemas/targets.schema.json | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/schemas/targets.schema.json b/schemas/targets.schema.json index f610c9d..71e4aa0 100644 --- a/schemas/targets.schema.json +++ b/schemas/targets.schema.json @@ -92,20 +92,19 @@ }, "targets": { "type": "object", - "additionalProperties": false, + "additionalProperties": true, "properties": { "hashes": { "type": "object" }, "length": { "type": "integer", - "minLength": 1, + "minLength": 1 }, "custom": { "type": "object" } - }, - "required": ["hashes", "length"] + } }, "version": { "type": "integer", From 945bd6f4556ab25560336ae6c3708c0951e1b466 Mon Sep 17 00:00:00 2001 From: Fridolin Pokorny Date: Thu, 1 Sep 2022 15:05:27 +0200 Subject: [PATCH 20/37] Fix schema for targets in targets.json --- schemas/targets.schema.json | 52 +++++++++++++++++++++++++++++-------- 1 file changed, 41 insertions(+), 11 deletions(-) diff --git a/schemas/targets.schema.json b/schemas/targets.schema.json index 71e4aa0..f7859c6 100644 --- a/schemas/targets.schema.json +++ b/schemas/targets.schema.json @@ -92,17 +92,47 @@ }, "targets": { "type": "object", - "additionalProperties": true, - "properties": { - "hashes": { - "type": "object" - }, - "length": { - "type": "integer", - "minLength": 1 - }, - "custom": { - "type": "object" + "additionalProperties": false, + "patternProperties": { + ".+": { + "type": "object", + "additionalProperties": false, + "properties": { + "custom": { + "type": "object" + }, + "hashes": { + "type": "object", + "additionalProperties": false, + "properties": { + "sha256": { + "type": "string", + "minLength": 64, + "maxLength": 64, + "pattern": "^[a-f0-9]{64}$" + }, + "sha512": { + "type": "string", + "minLength": 128, + "maxLength": 128, + "pattern": "^[a-f0-9]{128}$" + } + }, + "required": [ + "sha256", + "sha512" + ] + }, + "length": { + "type": "integer", + "minimum": 1 + } + }, + "required": [ + "custom", + "hashes", + "length" + ] } } }, From c6c66747e6396205d30be611fd7e59598f2a4507 Mon Sep 17 00:00:00 2001 From: Fridolin Pokorny Date: Thu, 1 Sep 2022 15:15:52 +0200 Subject: [PATCH 21/37] Minimum version number is 1 --- schemas/targets.schema.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/schemas/targets.schema.json b/schemas/targets.schema.json index f7859c6..8637f88 100644 --- a/schemas/targets.schema.json +++ b/schemas/targets.schema.json @@ -63,7 +63,7 @@ }, "threshold": { "type": "integer", - "minLength": 1 + "minimum": 1 }, "path_hash_prefixes": { "type": "string", @@ -138,7 +138,7 @@ }, "version": { "type": "integer", - "minValue": 1 + "minimum": 1 } }, "required": [ From 7705ca90b777f128db227b1c76033e32007dff50 Mon Sep 17 00:00:00 2001 From: Fridolin Pokorny Date: Tue, 6 Sep 2022 14:21:49 +0200 Subject: [PATCH 22/37] Provide schema for mirrors.json --- schemas/mirrors.schema.json | 85 +++++++++++++++++++++++++++++++++++++ 1 file changed, 85 insertions(+) create mode 100644 schemas/mirrors.schema.json diff --git a/schemas/mirrors.schema.json b/schemas/mirrors.schema.json new file mode 100644 index 0000000..318ca64 --- /dev/null +++ b/schemas/mirrors.schema.json @@ -0,0 +1,85 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "required": ["signatures", "signed"], + "additionalProperties": false, + "properties": { + "signatures": { + "type": "array", + "items": { + "type": "object", + "required": ["keyid", "sig"], + "additionalProperties": false, + "properties": { + "keyid": { + "type": "string", + "minLength": 64, + "maxLength": 64, + "pattern": "^[a-f0-9]{64}$" + }, + "sig": { + "type": "string", + "minLength": 1024, + "maxLength": 1024, + "pattern": "^[a-f0-9]{1024}$" + } + } + } + }, + "signed": { + "type": "object", + "required": ["_type", "expires", "mirrors", "spec_version", "version"], + "additionalProperties": false, + "properties": { + "_type": { + "enum": ["mirrors"] + }, + "expires": { + "type": "string", + "pattern": "^[0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}Z$" + }, + "mirrors": { + "type": "object", + "required": ["urlbase", "metapath", "targetspath", "metacontent", "targetscontent"], + "additionalProperties": false, + "properties": { + "urlbase": { + "type": "string", + "minLength": 1 + }, + "metapath": { + "type": "string", + "minLength": 1 + }, + "targetspath": { + "type": "string", + "minLength": 1 + }, + "metacontent": { + "type": "array", + "items": { + "type": "string", + "minLength": 1 + } + }, + "targetscontent": { + "type": "array", + "items": { + "type": "string", + "minLength": 1 + } + } + } + }, + "spec_version": { + "type": "string", + "pattern": "^[0-9]+\\.[0-9]+(\\.[0-9]+)?$" + }, + "version": { + "type": "number", + "minimum": 1 + } + } + } + } +} From a5f6a0ed0d83b47472b6ff7f7fada9f5e65ec3f5 Mon Sep 17 00:00:00 2001 From: Fridolin Pokorny Date: Thu, 8 Sep 2022 09:09:11 +0200 Subject: [PATCH 23/37] Remove keyid_hash_algorithms from root.json schema --- schemas/root.schema.json | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/schemas/root.schema.json b/schemas/root.schema.json index 45dc34a..cc1d73a 100644 --- a/schemas/root.schema.json +++ b/schemas/root.schema.json @@ -47,18 +47,9 @@ "patternProperties": { "^[0-9a-f]{64}$": { "type": "object", - "required": ["keyid_hash_algorithms", "keytype", "keyval", "scheme"], + "required": ["keytype", "keyval", "scheme"], "additionalProperties": false, "properties": { - "keyid_hash_algorithms": { - "type": "array", - "items": { - "enum": [ - "sha256", - "sha512" - ] - } - }, "keytype": { "enum": ["rsa"] }, From d9b067251d1788762058c8005a07389d9f67a781 Mon Sep 17 00:00:00 2001 From: Fridolin Pokorny Date: Thu, 8 Sep 2022 09:10:01 +0200 Subject: [PATCH 24/37] Remove schema for mirrors.json --- schemas/mirrors.schema.json | 85 ------------------------------------- 1 file changed, 85 deletions(-) delete mode 100644 schemas/mirrors.schema.json diff --git a/schemas/mirrors.schema.json b/schemas/mirrors.schema.json deleted file mode 100644 index 318ca64..0000000 --- a/schemas/mirrors.schema.json +++ /dev/null @@ -1,85 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-04/schema#", - "type": "object", - "required": ["signatures", "signed"], - "additionalProperties": false, - "properties": { - "signatures": { - "type": "array", - "items": { - "type": "object", - "required": ["keyid", "sig"], - "additionalProperties": false, - "properties": { - "keyid": { - "type": "string", - "minLength": 64, - "maxLength": 64, - "pattern": "^[a-f0-9]{64}$" - }, - "sig": { - "type": "string", - "minLength": 1024, - "maxLength": 1024, - "pattern": "^[a-f0-9]{1024}$" - } - } - } - }, - "signed": { - "type": "object", - "required": ["_type", "expires", "mirrors", "spec_version", "version"], - "additionalProperties": false, - "properties": { - "_type": { - "enum": ["mirrors"] - }, - "expires": { - "type": "string", - "pattern": "^[0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}Z$" - }, - "mirrors": { - "type": "object", - "required": ["urlbase", "metapath", "targetspath", "metacontent", "targetscontent"], - "additionalProperties": false, - "properties": { - "urlbase": { - "type": "string", - "minLength": 1 - }, - "metapath": { - "type": "string", - "minLength": 1 - }, - "targetspath": { - "type": "string", - "minLength": 1 - }, - "metacontent": { - "type": "array", - "items": { - "type": "string", - "minLength": 1 - } - }, - "targetscontent": { - "type": "array", - "items": { - "type": "string", - "minLength": 1 - } - } - } - }, - "spec_version": { - "type": "string", - "pattern": "^[0-9]+\\.[0-9]+(\\.[0-9]+)?$" - }, - "version": { - "type": "number", - "minimum": 1 - } - } - } - } -} From 5579cfa438867ea2462a1f6bcd92565ffc06fb32 Mon Sep 17 00:00:00 2001 From: Fridolin Pokorny Date: Thu, 8 Sep 2022 09:14:33 +0200 Subject: [PATCH 25/37] Allow additional properties for keys to capture also keyid_hash_algorithms --- schemas/root.schema.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/schemas/root.schema.json b/schemas/root.schema.json index cc1d73a..d38721d 100644 --- a/schemas/root.schema.json +++ b/schemas/root.schema.json @@ -48,7 +48,7 @@ "^[0-9a-f]{64}$": { "type": "object", "required": ["keytype", "keyval", "scheme"], - "additionalProperties": false, + "additionalProperties": true, "properties": { "keytype": { "enum": ["rsa"] From 99843d9a712574135e776b6fb6d0963d4a7c7ce8 Mon Sep 17 00:00:00 2001 From: Fridolin Pokorny Date: Thu, 8 Sep 2022 09:34:22 +0200 Subject: [PATCH 26/37] Add schema for map.json file --- schemas/map.schema.json | 91 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 91 insertions(+) create mode 100644 schemas/map.schema.json diff --git a/schemas/map.schema.json b/schemas/map.schema.json new file mode 100644 index 0000000..ca15b4e --- /dev/null +++ b/schemas/map.schema.json @@ -0,0 +1,91 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "required": ["signatures", "signed"], + "additionalProperties": false, + "properties": { + "signatures": { + "type": "array", + "items": { + "type": "object", + "required": ["keyid", "sig"], + "additionalProperties": false, + "properties": { + "keyid": { + "type": "string", + "minLength": 64, + "maxLength": 64, + "pattern": "^[a-f0-9]{64}$" + }, + "sig": { + "type": "string", + "minLength": 1024, + "maxLength": 1024, + "pattern": "^[a-f0-9]{1024}$" + } + } + } + }, + "signed": { + "type": "object", + "required": ["_type", "repositories", "mapping", "spec_version", "version"], + "additionalProperties": false, + "properties": { + "_type": { + "enum": ["map"] + }, + "repositories": { + "type": "object", + "items": { + "type": "object", + "patternProperties": { + ".+": { + "type": "object", + "items": { + "type": "string", + "minimum": 1 + } + } + } + } + }, + "mapping": { + "type": "object", + "additionalProperties": false, + "required": ["paths", "repositories", "threshold", "terminating"], + "properties": { + "paths": { + "type": "array", + "items": { + "type": "string", + "minLength": 1 + } + }, + "repositories": { + "type": "array", + "items": { + "type": "string", + "minLength": 1 + } + }, + "threshold": { + "type": "integer", + "minimum": 1 + }, + "terminating": { + "type": "boolean" + } + } + }, + "spec_version": { + "type": "string", + "pattern": "^[0-9]+\\.[0-9]+(\\.[0-9]+)?$" + }, + "version": { + "type": "number", + "minimum": 1 + } + } + } + } +} From 9fb5926233ae271cd12bc85a1dd4c2e8bcbab161 Mon Sep 17 00:00:00 2001 From: Fridolin Pokorny Date: Thu, 8 Sep 2022 09:40:39 +0200 Subject: [PATCH 27/37] Adjust schema for map.json - no need to have signed content --- schemas/map.schema.json | 108 ++++++++++++++-------------------------- 1 file changed, 36 insertions(+), 72 deletions(-) diff --git a/schemas/map.schema.json b/schemas/map.schema.json index ca15b4e..9ae7271 100644 --- a/schemas/map.schema.json +++ b/schemas/map.schema.json @@ -1,91 +1,55 @@ { "$schema": "http://json-schema.org/draft-04/schema#", "type": "object", - "required": ["signatures", "signed"], + "required": ["repositories", "mapping"], "additionalProperties": false, "properties": { - "signatures": { - "type": "array", + "repositories": { + "type": "object", "items": { "type": "object", - "required": ["keyid", "sig"], - "additionalProperties": false, - "properties": { - "keyid": { - "type": "string", - "minLength": 64, - "maxLength": 64, - "pattern": "^[a-f0-9]{64}$" - }, - "sig": { - "type": "string", - "minLength": 1024, - "maxLength": 1024, - "pattern": "^[a-f0-9]{1024}$" + "patternProperties": { + ".+": { + "type": "object", + "items": { + "type": "string", + "minimum": 1 + } } } } }, - "signed": { - "type": "object", - "required": ["_type", "repositories", "mapping", "spec_version", "version"], - "additionalProperties": false, - "properties": { - "_type": { - "enum": ["map"] - }, - "repositories": { - "type": "object", - "items": { - "type": "object", - "patternProperties": { - ".+": { - "type": "object", - "items": { - "type": "string", - "minimum": 1 - } - } + "mapping": { + "type": "array", + "items": { + "type": "object", + "additionalProperties": false, + "required": ["paths", "repositories", "threshold", "terminating"], + "properties": { + "paths": { + "type": "array", + "items": { + "type": "string", + "minLength": 1 } - } - }, - "mapping": { - "type": "object", - "additionalProperties": false, - "required": ["paths", "repositories", "threshold", "terminating"], - "properties": { - "paths": { - "type": "array", - "items": { - "type": "string", - "minLength": 1 - } - }, - "repositories": { - "type": "array", - "items": { - "type": "string", - "minLength": 1 - } - }, - "threshold": { - "type": "integer", - "minimum": 1 - }, - "terminating": { - "type": "boolean" + }, + "repositories": { + "type": "array", + "items": { + "type": "string", + "minLength": 1 } + }, + "threshold": { + "type": "integer", + "minimum": 1 + }, + "terminating": { + "type": "boolean" } - }, - "spec_version": { - "type": "string", - "pattern": "^[0-9]+\\.[0-9]+(\\.[0-9]+)?$" - }, - "version": { - "type": "number", - "minimum": 1 } } } } } + From e17ccfbb3e4ae4889b19b603bbe9dcb316ba8633 Mon Sep 17 00:00:00 2001 From: Fridolin Pokorny Date: Fri, 9 Sep 2022 12:50:45 +0200 Subject: [PATCH 28/37] Mention JSON schema files in TUF specification --- tuf-spec.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tuf-spec.md b/tuf-spec.md index 9616036..009c0a7 100644 --- a/tuf-spec.md +++ b/tuf-spec.md @@ -3,7 +3,7 @@ Title: The Update Framework Specification Shortname: TUF Status: LS Abstract: A framework for securing software update systems. -Date: 2022-04-28 +Date: 2022-09-09 Editor: Justin Cappos, NYU Editor: Trishank Karthik Kuppusamy, Datadog Editor: Joshua Lock, VMware @@ -516,6 +516,10 @@ floating-point numbers omitted. When calculating the digest of an object, we use the "canonical JSON" subdialect as described at [Canonical JSON]( http://wiki.laptop.org/go/Canonical_JSON). +Users of TUF can use JSON schema files available in [theupdateframework/specification +repository](https://github.com/theupdateframework/specification/tree/master/schemas) +to validate TUF JSON files. + ## File formats: general principles ## {#file-formats-general-principles} All signed metadata objects have the format: From 62067e2ab7ed7748350dd1898ab31583741ba8b9 Mon Sep 17 00:00:00 2001 From: Fridolin Pokorny Date: Sun, 11 Sep 2022 18:56:49 +0200 Subject: [PATCH 29/37] Relax requirement on signitures --- schemas/root.schema.json | 4 +--- schemas/snapshot.schema.json | 4 +--- schemas/targets.schema.json | 4 +--- schemas/timestamp.schema.json | 4 +--- 4 files changed, 4 insertions(+), 12 deletions(-) diff --git a/schemas/root.schema.json b/schemas/root.schema.json index d38721d..097347b 100644 --- a/schemas/root.schema.json +++ b/schemas/root.schema.json @@ -19,9 +19,7 @@ }, "sig": { "type": "string", - "minLength": 1024, - "maxLength": 1024, - "pattern": "^[a-f0-9]{1024}$" + "minLength": 1 } } } diff --git a/schemas/snapshot.schema.json b/schemas/snapshot.schema.json index c6e6406..ec7f0cd 100644 --- a/schemas/snapshot.schema.json +++ b/schemas/snapshot.schema.json @@ -18,9 +18,7 @@ }, "sig": { "type": "string", - "minLength": 1024, - "maxLength": 1024, - "pattern": "^[a-f0-9]{1024}$" + "minLength": 1 } }, "required": [ diff --git a/schemas/targets.schema.json b/schemas/targets.schema.json index 8637f88..e92aba7 100644 --- a/schemas/targets.schema.json +++ b/schemas/targets.schema.json @@ -18,9 +18,7 @@ }, "sig": { "type": "string", - "minLength": 1024, - "maxLength": 1024, - "pattern": "^[a-f0-9]{1024}$" + "minLength": 1 } }, "required": [ diff --git a/schemas/timestamp.schema.json b/schemas/timestamp.schema.json index 6840794..93294e0 100644 --- a/schemas/timestamp.schema.json +++ b/schemas/timestamp.schema.json @@ -18,9 +18,7 @@ }, "sig": { "type": "string", - "minLength": 1024, - "maxLength": 1024, - "pattern": "^[a-f0-9]{1024}$" + "minLength": 1 } }, "required": [ From 1e6a12972a038a7d034012430a3010377a585ef8 Mon Sep 17 00:00:00 2001 From: Fridolin Pokorny Date: Sun, 11 Sep 2022 19:02:14 +0200 Subject: [PATCH 30/37] Keyids can be SHA256 --- schemas/root.schema.json | 25 +++++++++++++++++-------- schemas/targets.schema.json | 4 +++- 2 files changed, 20 insertions(+), 9 deletions(-) diff --git a/schemas/root.schema.json b/schemas/root.schema.json index 097347b..99368a4 100644 --- a/schemas/root.schema.json +++ b/schemas/root.schema.json @@ -49,7 +49,7 @@ "additionalProperties": true, "properties": { "keytype": { - "enum": ["rsa"] + "enum": ["rsa", "ed25519", "ecdsa-sha2-nistp256"] }, "keyval": { "type": "object", @@ -63,8 +63,7 @@ } }, "scheme": { - "type": "string", - "minLength": 1 + "enum": ["rsassa-pss-sha256", "ed25519", "ecdsa-sha2-nistp256"] } } } @@ -84,7 +83,9 @@ "type": "array", "items": { "type": "string", - "minLength": 1 + "minLength": 64, + "maxLength": 64, + "pattern": "^[a-f0-9]{64}$" } }, "threshold": { @@ -102,7 +103,9 @@ "type": "array", "items": { "type": "string", - "minLength": 1 + "minLength": 64, + "maxLength": 64, + "pattern": "^[a-f0-9]{64}$" } }, "threshold": { @@ -120,7 +123,9 @@ "type": "array", "items": { "type": "string", - "minLength": 1 + "minLength": 64, + "maxLength": 64, + "pattern": "^[a-f0-9]{64}$" } }, "threshold": { @@ -138,7 +143,9 @@ "type": "array", "items": { "type": "string", - "minLength": 1 + "minLength": 64, + "maxLength": 64, + "pattern": "^[a-f0-9]{64}$" } }, "threshold": { @@ -156,7 +163,9 @@ "type": "array", "items": { "type": "string", - "minLength": 1 + "minLength": 64, + "maxLength": 64, + "pattern": "^[a-f0-9]{64}$" } }, "threshold": { diff --git a/schemas/targets.schema.json b/schemas/targets.schema.json index e92aba7..f6e3f17 100644 --- a/schemas/targets.schema.json +++ b/schemas/targets.schema.json @@ -56,7 +56,9 @@ "type": "array", "items": { "type": "string", - "minLength": 1 + "minLength": 64, + "maxLength": 64, + "pattern": "^[a-f0-9]{64}$" } }, "threshold": { From 39d2addfba0643f0ff719dc9b753d33ac671c6f4 Mon Sep 17 00:00:00 2001 From: Fridolin Pokorny Date: Sun, 11 Sep 2022 19:04:33 +0200 Subject: [PATCH 31/37] SHA256/SHA512 are not required --- schemas/targets.schema.json | 6 +----- schemas/timestamp.schema.json | 6 +----- 2 files changed, 2 insertions(+), 10 deletions(-) diff --git a/schemas/targets.schema.json b/schemas/targets.schema.json index f6e3f17..6bc91fd 100644 --- a/schemas/targets.schema.json +++ b/schemas/targets.schema.json @@ -117,11 +117,7 @@ "maxLength": 128, "pattern": "^[a-f0-9]{128}$" } - }, - "required": [ - "sha256", - "sha512" - ] + } }, "length": { "type": "integer", diff --git a/schemas/timestamp.schema.json b/schemas/timestamp.schema.json index 93294e0..7282c9a 100644 --- a/schemas/timestamp.schema.json +++ b/schemas/timestamp.schema.json @@ -63,11 +63,7 @@ "maxLength": 128, "pattern": "^[a-f0-9]{128}$" } - }, - "required": [ - "sha256", - "sha512" - ] + } }, "length": { "type": "integer", From c423ee29196cb2ffd5c0163378276a7adfef3333 Mon Sep 17 00:00:00 2001 From: Fridolin Pokorny Date: Sun, 11 Sep 2022 19:05:22 +0200 Subject: [PATCH 32/37] Custom key is not required in targets.json schema --- schemas/targets.schema.json | 1 - 1 file changed, 1 deletion(-) diff --git a/schemas/targets.schema.json b/schemas/targets.schema.json index 6bc91fd..8e25bf2 100644 --- a/schemas/targets.schema.json +++ b/schemas/targets.schema.json @@ -125,7 +125,6 @@ } }, "required": [ - "custom", "hashes", "length" ] From bcc2c170c56a3f2444e8897443909b06e0365f58 Mon Sep 17 00:00:00 2001 From: Fridolin Pokorny Date: Sun, 11 Sep 2022 19:24:55 +0200 Subject: [PATCH 33/37] Use JSON date-time format for expires --- schemas/root.schema.json | 2 +- schemas/snapshot.schema.json | 2 +- schemas/targets.schema.json | 2 +- schemas/timestamp.schema.json | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/schemas/root.schema.json b/schemas/root.schema.json index 99368a4..0a21bed 100644 --- a/schemas/root.schema.json +++ b/schemas/root.schema.json @@ -37,7 +37,7 @@ }, "expires": { "type": "string", - "pattern": "^[0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}Z$" + "format": "date-time" }, "keys": { "type": "object", diff --git a/schemas/snapshot.schema.json b/schemas/snapshot.schema.json index ec7f0cd..91db7d6 100644 --- a/schemas/snapshot.schema.json +++ b/schemas/snapshot.schema.json @@ -37,7 +37,7 @@ }, "expires": { "type": "string", - "pattern": "^[0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}Z$" + "format": "date-time" }, "meta": { "type": "object", diff --git a/schemas/targets.schema.json b/schemas/targets.schema.json index 8e25bf2..d66af02 100644 --- a/schemas/targets.schema.json +++ b/schemas/targets.schema.json @@ -84,7 +84,7 @@ }, "expires": { "type": "string", - "pattern": "^[0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}Z$" + "format": "date-time" }, "spec_version": { "type": "string", diff --git a/schemas/timestamp.schema.json b/schemas/timestamp.schema.json index 7282c9a..963bb77 100644 --- a/schemas/timestamp.schema.json +++ b/schemas/timestamp.schema.json @@ -37,7 +37,7 @@ }, "expires": { "type": "string", - "pattern": "^[0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}Z$" + "format": "date-time" }, "meta": { "type": "object", From 4efec41207488b375bb827b6e599861e21698efd Mon Sep 17 00:00:00 2001 From: Fridolin Pokorny Date: Tue, 13 Sep 2022 14:52:32 +0200 Subject: [PATCH 34/37] Be more specific about keys allowed in targets.json delegations --- schemas/targets.schema.json | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/schemas/targets.schema.json b/schemas/targets.schema.json index d66af02..429e568 100644 --- a/schemas/targets.schema.json +++ b/schemas/targets.schema.json @@ -40,7 +40,33 @@ "additionalProperties": false, "properties": { "keys": { - "type": "object" + "type": "object", + "patternProperties": { + "^[0-9a-f]{64}$": { + "type": "object", + "required": ["keytype", "keyval", "scheme"], + "additionalProperties": true, + "properties": { + "keytype": { + "enum": ["rsa", "ed25519", "ecdsa-sha2-nistp256"] + }, + "keyval": { + "type": "object", + "required": ["public"], + "additionalProperties": false, + "properties": { + "public": { + "type": "string", + "minLength": 1 + } + } + }, + "scheme": { + "enum": ["rsassa-pss-sha256", "ed25519", "ecdsa-sha2-nistp256"] + } + } + } + } }, "roles": { "type": "array", From a037d254032c6aae03df02da163da5c2873109f4 Mon Sep 17 00:00:00 2001 From: Fridolin Pokorny Date: Tue, 13 Sep 2022 23:33:39 +0200 Subject: [PATCH 35/37] Bump date in TUF spec --- tuf-spec.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tuf-spec.md b/tuf-spec.md index 009c0a7..6ca9064 100644 --- a/tuf-spec.md +++ b/tuf-spec.md @@ -3,7 +3,7 @@ Title: The Update Framework Specification Shortname: TUF Status: LS Abstract: A framework for securing software update systems. -Date: 2022-09-09 +Date: 2022-09-15 Editor: Justin Cappos, NYU Editor: Trishank Karthik Kuppusamy, Datadog Editor: Joshua Lock, VMware From dba81f9af2a2f244507ccecaad9135bf4144f05a Mon Sep 17 00:00:00 2001 From: Fridolin Pokorny Date: Wed, 14 Sep 2022 09:10:20 +0200 Subject: [PATCH 36/37] Revert to using pattern for expires --- schemas/root.schema.json | 2 +- schemas/snapshot.schema.json | 2 +- schemas/targets.schema.json | 2 +- schemas/timestamp.schema.json | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/schemas/root.schema.json b/schemas/root.schema.json index 0a21bed..99368a4 100644 --- a/schemas/root.schema.json +++ b/schemas/root.schema.json @@ -37,7 +37,7 @@ }, "expires": { "type": "string", - "format": "date-time" + "pattern": "^[0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}Z$" }, "keys": { "type": "object", diff --git a/schemas/snapshot.schema.json b/schemas/snapshot.schema.json index 91db7d6..ec7f0cd 100644 --- a/schemas/snapshot.schema.json +++ b/schemas/snapshot.schema.json @@ -37,7 +37,7 @@ }, "expires": { "type": "string", - "format": "date-time" + "pattern": "^[0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}Z$" }, "meta": { "type": "object", diff --git a/schemas/targets.schema.json b/schemas/targets.schema.json index 429e568..8828616 100644 --- a/schemas/targets.schema.json +++ b/schemas/targets.schema.json @@ -110,7 +110,7 @@ }, "expires": { "type": "string", - "format": "date-time" + "pattern": "^[0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}Z$" }, "spec_version": { "type": "string", diff --git a/schemas/timestamp.schema.json b/schemas/timestamp.schema.json index 963bb77..7282c9a 100644 --- a/schemas/timestamp.schema.json +++ b/schemas/timestamp.schema.json @@ -37,7 +37,7 @@ }, "expires": { "type": "string", - "format": "date-time" + "pattern": "^[0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}Z$" }, "meta": { "type": "object", From ecc07c98643494c79017121f59f2995e85d6e360 Mon Sep 17 00:00:00 2001 From: Fridolin Pokorny Date: Wed, 14 Sep 2022 09:11:12 +0200 Subject: [PATCH 37/37] Bump version of tuf spec --- tuf-spec.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tuf-spec.md b/tuf-spec.md index 6ca9064..ce85497 100644 --- a/tuf-spec.md +++ b/tuf-spec.md @@ -16,7 +16,7 @@ Boilerplate: copyright no, conformance no Local Boilerplate: header yes Markup Shorthands: css no, markdown yes Metadata Include: This version off, Abstract off -Text Macro: VERSION 1.0.30 +Text Macro: VERSION 1.0.31 Note: We strive to make the specification easy to implement, so if you come