search

awslabs / tough

Rust libraries and tools for using and generating TUF repositories
191 stars 43 forks source link

tuftool: fix root gen-rsa command bug #729

Closed webern closed 7 months ago

webern commented 7 months ago

Issue #, if available:

Closes #728

Description of changes:

A bug introduced in 55a40cc caused the tuftool tuftool root gen-rsa command to be unusable because it caused file paths to be parsed with Url::parse. This commit only uses URL for parsing if the SSM or KMS schemes are found. Otherwise it is assumed to be a file path and parsed with PathBuf.

Testing

This now works (previously would error):

dir=/tmp/url-bug
rm -rf $dir
mkdir $dir

cargo run --package tuftool -- root init $dir/root.json
cargo run --package tuftool -- root gen-rsa-key \
   $dir/root.json \
   $dir/default.pem \
   --role root --role snapshot --role targets --role timestamp

dir=/tmp/url-bug
rm -rf $dir
mkdir $dir

This also works (using aws-kms):

dir=/tmp/url-bug
rm -rf $dir
mkdir $dir

cargo run --package tuftool -- root init $dir/root.json
cargo run --package tuftool -- root add-key $dir/root.json \
   --key aws-kms:///alias/bottlerocket \
   --role root

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.