Service Setup
Repository Service for TUF (RSTUF) has two specific processes as part of the initial setup: Ceremony and Bootstrap.
Note
The setup and configuration requirements:
Set of root key(s) and online key for signing
RSTUF service deployed
Ceremony and Bootstrap
Note
It is a one-time process to setup the RSTUF service. If this process is completed during the deployment do not run it again.
RSTUF Command Line Interface provides a guided process for the Ceremony and Bootstrap.
To make this process easier, the Repository Service for TUF CLI provides an interactive guided process to perform the Ceremony.
Note
Required RSTUF CLI installed (See Installation)
❯ rstuf admin ceremony -h
A video demonstrating this process is available.
Ceremony
The Ceremony defines the RSTUF settings/configuration and generates the initial signed TUF root metadata.
It does not activate the RSTUF service. It generates the required JSON payload to bootstrap the RSTUF service.
The Ceremony can be done Connected as a specific step or Disconnected, combined with Bootstrap.
This process generates the initial metadata and defines some settings of the TUF service.
See settings details
Root metadata expiration policy
Defines how long this metadata is valid, for example, 365 days (year). This metadata is invalid when it expires.
Root number of keys
It is the total number of root keys (offline keys) used by the TUF Root metadata. The number of keys implies that the number of identities is the TUF Metadata’s top-level administrator.
Note
Updating the Root metadata with new expiration, changing/updating keys or the number of keys, threshold, or rotating a new online key and sign requires following the Metadata Update process.
Note
RSTUF requires all Root key(s) during the Ceremony.
Note
RSTUF requires at least the threshold number of Root key(s) for Metadata Update.
Root key threshold
The minimum number of keys required to update and sign the TUF Root metadata.
Targets, BINS, Snapshot, and Timestamp metadata expiration policy
Defines how long this metadata is valid. The metadata is invalid when it expires.
Targets number of delegated hash bin roles
The target metadata file might contain a large number of artifacts. The target role delegates trust to the hash bin roles to reduce the metadata overhead for clients.
Targets base URL
The base URL path for downloading all artifacts. Example: https://www.example.com/download/
Signing
This process will also require the Online Key and Root Key(s) (offline) for signing the initial root TUF metadata.
The settings are guided during Ceremony.
Disconnected
The disconnected Ceremony will only generate the required JSON payload
(payload.json
) file. The Bootstrap requires the
payload.
Note
The payload (payload.json
) contains only public data, it does not contain
private keys.
This process is appropriate when performing the Ceremony on a disconnected computer to RSTUF API to perform the Bootstrap later as a separate step.
❯ rstuf admin ceremony
Connected
The connected Ceremony generates the JSON payload file and run the Bootstrap request to RSTUF API.
This process is appropriate when performing the Ceremony on a computer connected to RSTUF API. It does not require a Bootstrap step.
❯ rstuf admin ceremony -b
Bootstrap
If a Ceremony Connected is complete, skip this, as the RSTUF service is ready.
If a Ceremony Disconnected is complete, it requires running the Bootstrap from a computer connected to the RSTUF API.
❯ rstuf admin ceremony -b -u