Comments (6)
JMSwag
commented on May 21, 2024
I'm pretty sure this is the bug I found today at work. There is an issue somewhere with importing the keyfile. I'm investigating now.
from pyupdater.
JPFrancoia
commented on May 21, 2024
Something like no key file, no versions.gz file ?
from pyupdater.
JMSwag
commented on May 21, 2024
First let me apologize for not answering your questions.
Signing is essential to the security of this library. It adds a signature to the version file which the client verifies with the public key. Signing also generates the versions.gz & keys.gz archives. Once you have those the call to update_check will return an update object which you can call the downlod & extract_restart to complete your update.
The bug mentioned above is unrelated to this.
Will you be using AWS S3 or your own server? May I ask why you don't want to sign your metadata?
from pyupdater.
JPFrancoia
commented on May 21, 2024
First let me apologize for not answering your questions.
Don't worry, we all have a job and we are all busy.
Signing is essential to the security of this library. It adds a signature to the version file which the client verifies with the public key. Signing also generates the versions.gz & keys.gz archives.
So basically, I have to sign my package to get those two files ? My bad if I didn't follow completely the procedure, I thought I could bypass the signing part.
Will you be using AWS S3 or your own server?
Nope, I'll be using a shared server (provider: OVH). I'll upload the files via FTP.
May I ask why you don't want to sign your metadata?
No particular reason. I've never done it, so I don't know what the benefits could be (maybe you can tell me more about it, or give me a link ?).
For now I'm just testing, so I thought I could start without the additional layer of complexity that the signing part is.
from pyupdater.
JMSwag
commented on May 21, 2024
PyUpdater is a simplified, but still relatively secure, version of TUF.
Example of updating with the TUF client.
Check the TUF spec. It's good!
from pyupdater.
privateOmega
commented on May 21, 2024
@JMSwag Sorry for commenting on an old issue, but I didnt want to open a new one since I am also stuck with the whole versions.gz file being missing.
Would versions.gz be generated only during signing, and could we bypass that?
Tbh, I am not able to follow the process of creating a keypack and signing it, and I am doing a POC and wanted a minimal attempt.
from pyupdater.
Related Issues (20)
- Why does the PyUpdater download the zip file even there are a patch files? HOT 1
- How to undo mistakes? HOT 3
- get_highest_version() returns wrong version for pre-release channels HOT 3
- TestExecutionExtraction and TestExecutionRestart tests failing HOT 1
- paramiko.ssh_exception.BadAuthenticationType: Bad authentication type; allowed types: ['publickey'] HOT 1
- remove_previous_versions() compares strings instead of Version objects HOT 4
- Project Update v5 - Clean Slate HOT 37
- Discord server for support and smaller discussions HOT 4
- Config confusion
- Whitespace in app name is preserved in filenames HOT 5
- KeyError: 'html_url, TypeError: Object of type bytes is not JSON serializable
- Temporary test directories not removed
- Split version for CI environment doesn't actually work fully in practice
- Does PyUpdater has other that Overwrite method?
- (Feature Request) Ignore errors on/do not copy spesific files when updating
- PyUpdater not finding updates HOT 1
- How does pyupdater support Windows digital certificate signing when building EXE files? HOT 4
- What should we do in case the update URL changed (there are users use the app)?
- Fix find menu
- Success vs tempfail vs permfail HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pyupdater.