Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Roadmap for cli tools: repo.py, client.py

See original GitHub issue

Description of issue or feature request: Recently, several issues and some fixes related to the TUF command line tools repo.py and script.py have been brought forward: #873, #874, #876, #877, #878, #879, #880 and “Some comments on TUF…” on the mailinglist. These include concerns about the script names, unexpected behavior, missing TUF features, etc.

@awwad has pointed out that repo.py and client.py are mostly tutorial tools, useful to get familiar with TUF (see QUICKSTART.md). Whereas an actual TUF integration will require direct use of the underlying libraries tuf.repository_tool and tuf.client.updater.

Given the recent GitHub and mailing list activity around these tool, we need to either clarify that these tools are purely for educational purpose, or develop them more actively so that they can actually used by an integrator.

Thanks, @cminyard and @lixuefeng2 for bringing this to our attention!

Current behavior: The use of and plans for repo.py and client.py are unclear.

Expected behavior: Decide to what extent repo.py and client.py should be enhanced, maintained, etc.

Issue Analytics

State:
Created 4 years ago
Comments:13 (10 by maintainers)

Top GitHub Comments

2reactions

lukpuehcommented, May 29, 2019

Thanks for chiming in, @trishankatdatadog and @cminyard! Here are my 2 cents.

IMHO, the higher level of API abstraction should be split out of the repo code, cleaned up, and extended. Then a repo tool that is thought through well should be created on top of it in a way that it can be extended by others.

yes! Let’s try to identify what parts, currently in repo.py/client.py (or missing from it), should be in repository_lib or repository_tool, and client.updater respectively, e.g. "add this set of files to the repository as this role", etc. (see https://github.com/theupdateframework/tuf/pull/878#pullrequestreview-242216754 for related observations).

…could move this code and documentation elsewhere

yes. The cli script(s) could live in a separate repo, e.g. tuf-cli, along with related documentation. Ideally, all they do is parsing arguments and call into the corresponding library functions (similar to what we do in in-toto/in-toto#in_toto_run.py). I am also happy to reconsider using an alternative to argparse. @trishankatdatadog, you seemed very fond of click?

1reaction

lukpuehcommented, Feb 23, 2022

Since the release of v1.0.0, python-tuf no longer provides repo.py and client.py cli tools.

Development of tutorial/quick-start -like CLI tools tracked in #1797 (alternatives are already available)
Development of production-use CLI tools (repository-side) tracked in #1136