lukpueh
commented
2 months ago I just pushed YkSigner, which provides a minimal compatibility layer over taf.yubikey module functions for use with MetadataRepository.
See 42fbfac commit message for details.
Notes about tests:
- I had to comment out a few legacy imports to test YkSigner so that it can import
taf.yubikey(see most recent commit) - If you run YkSigner tests with
REAL_YK=1, it will look for a real yubikey and use it, which includes prompting for the pin.
Implements basic primitives, defined by the python-tuf Repository abstraction, to read and edit metadata on disk, handling version and expiry bumps, and signature creation, and facilitating snapshot and timestamp creation.
And adds exemplary API methods that use these primitives while preserving consistent repo states:
Can be tested with:
More details about the design, and recommendations for how to move on from here can be found in this Google doc.