Metadata API
The low-level Metadata API in tuf.api.metadata
module contains:
Safe de/serialization of metadata to and from files.
Access to and modification of signed metadata content.
Signing metadata and verifying signatures.
Metadata API implements functionality at the metadata file level, it does not provide TUF repository or client functionality on its own (but can be used to implement them).
The API design is based on the file format defined in the TUF specification and the object attributes generally follow the JSON format used in the specification.
The above principle means that a Metadata
object represents a single
metadata file, and has a signed
attribute that is an instance of one of the
four top level signed classes (Root
, Timestamp
, Snapshot
and Targets
).
To make Python type annotations useful Metadata
can be type constrained: e.g. the
signed attribute of Metadata[Root]
is known to be Root
.
Currently Metadata API supports JSON as the file format.
A basic example of repository implementation using the Metadata is available in examples/repo_example.