Comments (6)
I'm pretty sure this is the bug I found today at work. There is an issue somewhere with importing the keyfile. I'm investigating now.
from pyupdater.
Something like no key file, no versions.gz file ?
from pyupdater.
First let me apologize for not answering your questions.
Signing is essential to the security of this library. It adds a signature to the version file which the client verifies with the public key. Signing also generates the versions.gz & keys.gz archives. Once you have those the call to update_check will return an update object which you can call the downlod & extract_restart to complete your update.
The bug mentioned above is unrelated to this.
Will you be using AWS S3 or your own server? May I ask why you don't want to sign your metadata?
from pyupdater.
First let me apologize for not answering your questions.
Don't worry, we all have a job and we are all busy.
Signing is essential to the security of this library. It adds a signature to the version file which the client verifies with the public key. Signing also generates the versions.gz & keys.gz archives.
So basically, I have to sign my package to get those two files ? My bad if I didn't follow completely the procedure, I thought I could bypass the signing part.
Will you be using AWS S3 or your own server?
Nope, I'll be using a shared server (provider: OVH). I'll upload the files via FTP.
May I ask why you don't want to sign your metadata?
No particular reason. I've never done it, so I don't know what the benefits could be (maybe you can tell me more about it, or give me a link ?).
For now I'm just testing, so I thought I could start without the additional layer of complexity that the signing part is.
from pyupdater.
PyUpdater is a simplified, but still relatively secure, version of TUF.
Example of updating with the TUF client.
Check the TUF spec. It's good!
from pyupdater.
@JMSwag Sorry for commenting on an old issue, but I didnt want to open a new one since I am also stuck with the whole versions.gz file being missing.
Would versions.gz be generated only during signing, and could we bypass that?
Tbh, I am not able to follow the process of creating a keypack and signing it, and I am doing a POC and wanted a minimal attempt.
from pyupdater.
Related Issues (20)
- Why does the PyUpdater download the zip file even there are a patch files? HOT 1
- How to undo mistakes? HOT 3
- get_highest_version() returns wrong version for pre-release channels HOT 3
- TestExecutionExtraction and TestExecutionRestart tests failing HOT 1
- paramiko.ssh_exception.BadAuthenticationType: Bad authentication type; allowed types: ['publickey'] HOT 1
- remove_previous_versions() compares strings instead of Version objects HOT 4
- Project Update v5 - Clean Slate HOT 37
- Discord server for support and smaller discussions HOT 4
- Config confusion
- Whitespace in app name is preserved in filenames HOT 5
- KeyError: 'html_url, TypeError: Object of type bytes is not JSON serializable
- Temporary test directories not removed
- Split version for CI environment doesn't actually work fully in practice
- Does PyUpdater has other that Overwrite method?
- (Feature Request) Ignore errors on/do not copy spesific files when updating
- PyUpdater not finding updates HOT 1
- How does pyupdater support Windows digital certificate signing when building EXE files? HOT 4
- What should we do in case the update URL changed (there are users use the app)?
- Fix find menu
- Success vs tempfail vs permfail HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pyupdater.