Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add TUF schema files #246

Draft
wants to merge 37 commits into
base: master
Choose a base branch
from
Draft

Add TUF schema files #246

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
37 commits
Select commit Hold shift + click to select a range
dc9fe0b
Add TUF and in-toto schema files
Aug 25, 2022
24dc032
Remove files specific to Datadog agent integrations
Sep 1, 2022
885ea58
Minimum allowed version in 1 in timestamps.schema.json
Sep 1, 2022
767c54a
Allow versions without patch release number in timestamp.schema.json
Sep 1, 2022
6b6d6fb
Allow optional patch version in spec_version field
Sep 1, 2022
850f864
Require only targets.json in snapshot schema
Sep 1, 2022
40247c4
Version numbers are always 1 or above
Sep 1, 2022
975c34a
Neither specific targets nor delegations are expected in targets.json
Sep 1, 2022
4c22256
Use explicit pattern for datetime format
Sep 1, 2022
46281e4
Add missing version to targets.schema.json
Sep 1, 2022
fb56026
Loosen requirement on keyids
Sep 1, 2022
3a253ff
Let users specify signature scheme
Sep 1, 2022
84ad9f4
Add optional parts of the METAFILES section in snapshot.json
Sep 1, 2022
d6731dc
Field consistent_snapshot is optional in root.json
Sep 1, 2022
2affedf
Add optional mirror role to root.json
Sep 1, 2022
05fdf4b
Additionally specify targets in targets.json schema
Sep 1, 2022
17f3efd
Targets is a required property in targets.json
Sep 1, 2022
e6b6832
Specify schema of delegations in targets.json
Sep 1, 2022
3a59b30
Adjust targets section of targets.json
Sep 1, 2022
945bd6f
Fix schema for targets in targets.json
Sep 1, 2022
c6c6674
Minimum version number is 1
Sep 1, 2022
7705ca9
Provide schema for mirrors.json
Sep 6, 2022
a5f6a0e
Remove keyid_hash_algorithms from root.json schema
Sep 8, 2022
d9b0672
Remove schema for mirrors.json
Sep 8, 2022
5579cfa
Allow additional properties for keys to capture also keyid_hash_algor…
Sep 8, 2022
99843d9
Add schema for map.json file
Sep 8, 2022
9fb5926
Adjust schema for map.json - no need to have signed content
Sep 8, 2022
e17ccfb
Mention JSON schema files in TUF specification
Sep 9, 2022
62067e2
Relax requirement on signitures
Sep 11, 2022
1e6a129
Keyids can be SHA256
Sep 11, 2022
39d2add
SHA256/SHA512 are not required
Sep 11, 2022
c423ee2
Custom key is not required in targets.json schema
Sep 11, 2022
bcc2c17
Use JSON date-time format for expires
Sep 11, 2022
4efec41
Be more specific about keys allowed in targets.json delegations
Sep 13, 2022
a037d25
Bump date in TUF spec
Sep 13, 2022
dba81f9
Revert to using pattern for expires
Sep 14, 2022
ecc07c9
Bump version of tuf spec
Sep 14, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
145 changes: 145 additions & 0 deletions schemas/in-toto-metadata-signer-x.schema.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,145 @@
{
fridex marked this conversation as resolved.
Show resolved Hide resolved
"$schema": "http://json-schema.org/draft-04/schema#",
"type": "object",
"additionalProperties": false,
"properties": {
"signatures": {
"type": "array",
"items": [
{
"type": "object",
"additionalProperties": false,
"properties": {
"keyid": {
"type": "string",
"minLength": 64,
"maxLength": 64,
"pattern": "^[a-f0-9]{64}$"
},
"sig": {
"type": "string",
"minLength": 1024,
"maxLength": 1024,
"pattern": "^[a-f0-9]{1024}$"
}
},
"required": [
"keyid",
"sig"
]
}
]
},
"signed": {
"type": "object",
"additionalProperties": false,
"properties": {
"_type": {
"enum": ["targets"]
},
"delegations": {
"type": "object",
"additionalProperties": false,
"properties": {
"keys": {
"type": "object"
},
"roles": {
"type": "array",
"items": {}
}
},
"required": [
"keys",
"roles"
]
},
"expires": {
"type": "string",
"format": "date-time"
},
"spec_version": {
"type": "string",
"pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$"
},
"targets": {
"type": "object",
"additionalProperties": false,
"patternProperties": {
"^(simple/[a-z-0-9]+/[a-z0-9-]+-py2\\.py3-none-any\\.whl)|(in-toto-metadata/[a-f0-9]{64}/((wheels-signer)|(tag)|(wheels-builder))\\.[a-f0-9]{8}\\.link)$": {
"type": "object",
"additionalProperties": false,
"properties": {
"custom": {
"type": "object",
"additionalProperties": false,
"properties": {
"in-toto": {
"type": "array",
"items": [
{
"type": "string",
"pattern": "in-toto-metadata/([a-f0-9]{64}/(wheels-signer|wheels-builder|tag)\\.[a-f0-9]{8}\\.link)|root.layout"
}
]
},
"root-layout-type": {
"enum": ["extras", "core"]
}
}
},
"hashes": {
"type": "object",
"additionalProperties": false,
"properties": {
"sha256": {
"type": "string",
"minLength": 64,
"maxLength": 64,
"pattern": "^[a-f0-9]{64}$"
},
"sha512": {
"type": "string",
"minLength": 128,
"maxLength": 128,
"pattern": "^[a-f0-9]{128}$"
}
},
"required": [
"sha256",
"sha512"
]
},
"length": {
"type": "integer",
"minimum": 1
}
},
"required": [
"custom",
"hashes",
"length"
]
}
}
},
"version": {
"type": "integer",
"minimum": 0
}
},
"required": [
"_type",
"delegations",
"expires",
"spec_version",
"targets",
"version"
]
}
},
"required": [
"signatures",
"signed"
]
}
168 changes: 168 additions & 0 deletions schemas/in-toto-metadata-signer.schema.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,168 @@
{
fridex marked this conversation as resolved.
Show resolved Hide resolved
"$schema": "http://json-schema.org/draft-04/schema#",
"type": "object",
"properties": {
"signatures": {
"type": "array",
"items": [
{
"type": "object",
"properties": {
"keyid": {
"type": "string",
"minLength": 64,
"maxLength": 64,
"pattern": "^[a-f0-9]{64}$"
},
"sig": {
"type": "string",
"minLength": 1024,
"maxLength": 1024,
"pattern": "^[a-f0-9]{1024}$"
}
},
"required": [
"keyid",
"sig"
]
}
]
},
"signed": {
"type": "object",
"properties": {
"_type": {
"enum": ["targets"]
},
"delegations": {
"type": "object",
"properties": {
"keys": {
"type": "object",
"additionalProperties": false,
"patternProperties": {
"^[a-f0-9]{64}$": {
"type": "object",
"properties": {
"keyid_hash_algorithms": {
"type": "array",
"items": {
"enum": [
"sha256",
"sha512"
]
}
},
"keytype": {
"enum": ["rsa"]
},
"keyval": {
"type": "object",
"properties": {
"public": {
"type": "string",
"pattern": "^-----BEGIN PUBLIC KEY-----"
}
},
"required": [
"public"
]
},
"scheme": {
"enum": ["rsassa-pss-sha256"]
}
},
"required": [
"keyid_hash_algorithms",
"keytype",
"keyval",
"scheme"
]
}
}
},
"roles": {
"type": "array",
"items": [
{
"type": "object",
"properties": {
"keyids": {
"type": "array",
"items": [
{
"type": "string",
"minLength": 64,
"maxLength": 64,
"pattern": "^[a-f0-9]{64}$"
}
]
},
"name": {
"type": "string",
"pattern": "^in-toto-metadata-signer-[0-9a-f]$"
},
"paths": {
"type": "array",
"items": [
{
"type": "string",
"pattern": "^in-toto-metadata/[0-9a-f]\\*/\\*\\.link$"
}
]
},
"terminating": {
"type": "boolean"
},
"threshold": {
"type": "integer",
"minimum": 1
}
},
"required": [
"keyids",
"name",
"paths",
"terminating",
"threshold"
]
}
]
}
},
"required": [
"keys",
"roles"
]
},
"expires": {
"type": "string",
"format": "date-time"
},
"spec_version": {
"type": "string",
"pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$"
},
"targets": {
"type": "object"
},
"version": {
"type": "integer",
"minimum": 0
}
},
"required": [
"_type",
"delegations",
"expires",
"spec_version",
"targets",
"version"
]
}
},
"required": [
"signatures",
"signed"
]
}
Loading