UNPKG

@tufjs/cli

Version:

CLI for interacting with TUF repositories

github.com/theupdateframework/tuf-js/tree/main/packages/cli

theupdateframework/tuf-js

134 lines (133 loc) 5.65 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
"use strict"; var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { if (k2 === undefined) k2 = k; var desc = Object.getOwnPropertyDescriptor(m, k); if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) { desc = { enumerable: true, get: function() { return m[k]; } }; } Object.defineProperty(o, k2, desc); }) : (function(o, m, k, k2) { if (k2 === undefined) k2 = k; o[k2] = m[k]; })); var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { Object.defineProperty(o, "default", { enumerable: true, value: v }); }) : function(o, v) { o["default"] = v; }); var __importStar = (this && this.__importStar) || (function () { var ownKeys = function(o) { ownKeys = Object.getOwnPropertyNames || function (o) { var ar = []; for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k; return ar; }; return ownKeys(o); }; return function (mod) { if (mod && mod.__esModule) return mod; var result = {}; if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]); __setModuleDefault(result, mod); return result; }; })(); var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", { value: true }); const core_1 = require("@oclif/core"); const fs = __importStar(require("fs")); const make_fetch_happen_1 = __importDefault(require("make-fetch-happen")); const os = __importStar(require("os")); const path = __importStar(require("path")); const tuf_js_1 = require("tuf-js"); class DownloadTarget extends core_1.Command { static aliases = ['download']; static description = 'download a target from a TUF repository and verify its signature'; static examples = ['<%= config.bin %> <%= command.id %>']; static flags = { 'cache-path': core_1.Flags.string({ description: 'path to the Sigstore TUF cache', required: false, }), 'metadata-base-url': core_1.Flags.string({ description: 'URL to the TUF metadata repository', required: true, }), 'target-base-url': core_1.Flags.string({ description: 'URL to the TUF target repository', required: false, }), 'target-name': core_1.Flags.string({ description: 'name of the target to download', required: true, }), root: core_1.Flags.file({ description: 'path to the initial trusted root', exactlyOne: ['unsafe-root-download'], }), 'unsafe-root-download': core_1.Flags.boolean({ description: 'allow downloading the trusted root from the TUF metadata repository (THIS IS NOT SAFE)', allowNo: false, exactlyOne: ['root'], }), 'output-file': core_1.Flags.string({ char: 'o', description: 'write output to file', required: false, aliases: ['output', 'out'], }), }; async run() { const { flags } = await this.parse(DownloadTarget); let metadataPath = flags['cache-path']; // If no cache path is specified, create a temporary directory. if (!metadataPath) { const tmpDir = fs.realpathSync(os.tmpdir()); metadataPath = fs.mkdtempSync(tmpDir + path.sep); } const targetPath = path.join(metadataPath, 'targets'); if (!fs.existsSync(targetPath)) { fs.mkdirSync(targetPath, { recursive: true }); } if (flags.root) { fs.copyFileSync(flags.root, path.join(metadataPath, 'root.json')); } if (flags['unsafe-root-download']) { const rootUrl = flags['metadata-base-url'] + '/1.root.json'; const rootJSON = (await (0, make_fetch_happen_1.default)(rootUrl).then((res) => res.json())); fs.writeFileSync(path.join(metadataPath, 'root.json'), JSON.stringify(rootJSON, null, 2)); } if (!fs.existsSync(path.join(metadataPath, 'root.json'))) { throw new Error('No root.json found in the cache path. Please specify a root.json file or allow downloading the root.json from the TUF metadata repository.'); } const metadataBaseUrl = flags['metadata-base-url']; const targetBaseUrl = flags['target-base-url'] || `${metadataBaseUrl}/targets`; const updater = new tuf_js_1.Updater({ metadataBaseUrl, targetBaseUrl, metadataDir: metadataPath, targetDir: targetPath, }); await updater.refresh(); const targetInfo = await updater.getTargetInfo(flags['target-name']); if (!targetInfo) { throw new Error(`Target ${flags['target-name']} not found`); } const targetContent = await updater .downloadTarget(targetInfo) .then((path) => fs.readFileSync(path, 'utf-8')); if (flags['output-file']) { fs.writeFileSync(flags['output-file'], targetContent); } else { this.log(targetContent); } // If no cache path was specified, delete the temporary directory. if (!flags['cache-path']) { fs.rmSync(metadataPath, { force: true, recursive: true }); } } } exports.default = DownloadTarget;