Root class
- class Root(version, spec_version, expires, keys, roles, consistent_snapshot=None, unrecognized_fields=None)
A container for the signed part of root metadata.
Parameters listed below are also instance attributes.
- Parameters
version (int) – Metadata version number.
spec_version (str) – Supported TUF specification version number.
expires (datetime.datetime) – Metadata expiry date.
keys (Dict[str, Key]) – Dictionary of keyids to Keys. Defines the keys used in
roles
.roles (Mapping[str, Role]) – Dictionary of role names to Roles. Defines which keys are required to sign the metadata for a specific role.
consistent_snapshot (Optional[bool]) –
True
if repository supports consistent snapshots.unrecognized_fields (Optional[Mapping[str, Any]]) – Dictionary of all attributes that are not managed by TUF Metadata API
- Raises
ValueError – Invalid arguments.
- add_key(role, key)
Adds new signing key for delegated role
role
.- Parameters
role (str) – Name of the role, for which
key
is added.key (Key) – Signing key to be added for
role
.
- Raises
ValueError – If
role
doesn’t exist.- Return type
None
- property expires: datetime.datetime
The metadata expiry date:
# Use 'datetime' module to e.g. expire in seven days from now obj.expires = utcnow() + timedelta(days=7)
- is_expired(reference_time=None)
Checks metadata expiration against a reference time.
- Parameters
reference_time (Optional[datetime.datetime]) – Time to check expiration date against. A naive datetime in UTC expected. Default is current UTC date and time.
- Returns
True
if expiration time is less than the reference time.- Return type
bool
- remove_key(role, keyid)
Removes key from
role
and updates the key store.- Parameters
role (str) – Name of the role, for which a signing key is removed.
keyid (str) – Identifier of the key to be removed for
role
.
- Raises
ValueError – If
role
doesn’t exist or ifrole
doesn’t include the key.- Return type
None