Custom metadata as described in the TUF spec can be specified when adding a new bundle to a repository.
The high-level interface has been simplified slightly w.r.t. #100: users can now only add custom metadata to the archive, not to the patch (if any).
This makes sense, because the archive is the only thing a typical user should be interested in (patches are considered an internal implementation detail). If really necessary, the low-level Roles.add_or_update_target() can still be used to add custom metadata to patches.
On the client side, this metadata is made available via the TargetMeta class. Note that Client.check_for_updates() only ever returns a TargetMeta instance for the archive, regardless of whether a patch update or a full update will be performed.
For example,
...
new_archive_meta = client.check_for_updates()
if new_archive_meta:
...
if new_archive_meta.custom:
...
Custom metadata as described in the TUF spec can be specified when adding a new bundle to a repository.
The high-level interface has been simplified slightly w.r.t. #100: users can now only add custom metadata to the archive, not to the patch (if any).
This makes sense, because the archive is the only thing a typical user should be interested in (patches are considered an internal implementation detail). If really necessary, the low-level
Roles.add_or_update_target()can still be used to add custom metadata to patches.Examples
On the repo side:
The custom metadata ends up in the
targets.jsonfile as follows:On the client side, this metadata is made available via the
TargetMetaclass. Note thatClient.check_for_updates()only ever returns aTargetMetainstance for the archive, regardless of whether a patch update or a full update will be performed.For example,
fixes #99