Root class

class Root(version, spec_version, expires, keys, roles, consistent_snapshot=None, unrecognized_fields=None)

A container for the signed part of root metadata.

Parameters listed below are also instance attributes.

Parameters

  • version (int) – Metadata version number.

  • spec_version (str) – Supported TUF specification version number.

  • expires (datetime.datetime) – Metadata expiry date.

  • keys (Dict[str, Key]) – Dictionary of keyids to Keys. Defines the keys used in roles.

  • roles (Mapping[str, Role]) – Dictionary of role names to Roles. Defines which keys are required to sign the metadata for a specific role.

  • consistent_snapshot (Optional[bool]) – True if repository supports consistent snapshots.

  • unrecognized_fields (Optional[Mapping[str, Any]]) – Dictionary of all attributes that are not managed by TUF Metadata API

Raises

ValueError – Invalid arguments.

add_key(role, key)

Adds new signing key for delegated role role.

Parameters

  • role (str) – Name of the role, for which key is added.

  • key (Key) – Signing key to be added for role.

Raises

ValueError – If role doesn’t exist.

Return type

None

property expires: datetime.datetime

The metadata expiry date:

# Use 'datetime' module to e.g. expire in seven days from now
obj.expires = utcnow() + timedelta(days=7)
is_expired(reference_time=None)

Checks metadata expiration against a reference time.

Parameters

reference_time (Optional[datetime.datetime]) – Time to check expiration date against. A naive datetime in UTC expected. Default is current UTC date and time.

Returns

True if expiration time is less than the reference time.

Return type

bool

remove_key(role, keyid)

Removes key from role and updates the key store.

Parameters

  • role (str) – Name of the role, for which a signing key is removed.

  • keyid (str) – Identifier of the key to be removed for role.

Raises

ValueError – If role doesn’t exist or if role doesn’t include the key.

Return type

None