- Metadata class
- Root class
- Timestamp class
- Snapshot class
- Targets class
The low-level Metadata API.
The low-level Metadata API in
tuf.api.metadata module contains:
Safe de/serialization of metadata to and from files.
Access to and modification of signed metadata content.
Signing metadata and verifying signatures.
Metadata API implements functionality at the metadata file level, it does not provide TUF repository or client functionality on its own (but can be used to implement them).
The API design is based on the file format defined in the TUF specification and the object attributes generally follow the JSON format used in the specification.
The above principle means that a
Metadata object represents a single
metadata file, and has a
signed attribute that is an instance of one of the
four top level signed classes (
To make Python type annotations useful
Metadata can be type constrained: e.g. the
signed attribute of
Metadata[Root] is known to be
Currently Metadata API supports JSON as the file format.
A basic example of repository implementation using the Metadata is available in examples/repo_example.