Question about update_cache

[0x0645]

So I was trying to build something similar to the example and after building the app start with this error

Traceback (most recent call last):
  File "einvoicing_desktop\app.py", line 33, in <module>
  File "<frozen importlib._bootstrap>", line 1007, in _find_and_load
  File "<frozen importlib._bootstrap>", line 986, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 680, in _load_unlocked
  File "PyInstaller\loader\pyimod02_importers.py", line 493, in exec_module
  File "einvoicing_desktop\update.py", line 13, in <module>
  File "tufup\client.py", line 42, in __init__
  File "tuf\ngclient\updater.py", line 97, in __init__
  File "tuf\ngclient\updater.py", line 273, in _load_local_metadata
FileNotFoundError: [Errno 2] No such file or directory: 'C:\\Users\\Mostafa\\AppData\\Local\\testsing\\update_cache\\metadata\\root.json'

So when does the\update_cache\\metadata\\root.json' get created and why it's missing here despite working with the example

[dennisvang]

@0x0645 The root.json file is created during the initial setup of your update repository (on your development machine). The original file is located in the repository's metadata folder.

The root.json file does the following things:

• identifies known keys
• assigns keys to roles (including root itself)
• specifies how many signatures are required for each role (number of signatures >= threshold)

The root file is only modified when keys are added or removed (which should be rare), or when the file expires.

Note that the repo metadata folder contains versioned root files, for example 1.root.json. Every time the root file is modified, you get a new version, e.g. 2.root.json. A copy of the latest version is always available as root.json (without the version prefix).

Your app, i.e. the client-side, needs a copy of the root.json file. This copy should be part of your app's initial distribution. So, when your users first install your app, e.g. after downloading it manually from your website, the app should already include a trusted copy of the root.json file, and the app's tufup-client should know where to find that file.

How you include this copy of the root.json is up to you. The tufup-example uses the PyInstaller spec file to make sure the file is automatically included in the app bundle. The myapp example then makes sure the file is copied to the required location at runtime. However, this is just one of many possible ways to do it.

One of the features of tufup is that you have full, explicit, control over where all your files are stored on the client side. That's done via the arguments when you create aClient() instance. In the example these paths are defined in a settings.py file, but you could define them anywhere you want.

[0x0645]

Thank you for the very useful information and I think it will be handy if your comment gets added to the tufup documentation. Another thing that I think should be added is that the APP_NAME in the client settings shouldn't have spaces because I was having a bug related to that.

[dennisvang]

Thank you for the very useful information and I think it will be handy if your comment gets added to the tufup documentation.

@0x0645 You're right, the documentation still needs a lot of work. I'll make sure this will be added.

Another thing that I think should be added is that the APP_NAME in the client settings shouldn't have spaces because I was having a bug related to that.

Could you describe how this bug arises? What was the error message and/or stack trace?