Description
This is a future wishlist item for client API (#1135), based on working on pip integration.
Current issues with TUF from pip point of view:
- No way to implement progress indication (a current feature) in pip
- Difficult to implement parallel downloads in pip (a potential future feature)
- No way to control low level HTTP details (authentication, timeouts, concurrency)
Some of these could be fixed by adding more complexity to TUF... but potentially the correct fix is to separate downloading from the other TUF functionality and let the clients do that themselves.
High level functionality list of the client currently looks like this:
- generic metadata update (
client.updater.Updater.refresh()
) - target metadata update (
client.updater.Updater.get_one_valid_targetinfo()
) - resolving potential download URLs for target (
mirrors.get_list_of_mirrors()
, happens during all metadata and target downloads) - local cache check (
client.updater.Updater.updated_targets()
) - downloading target (
client.updater.Updater.download_target()
) - verifying target (happens inside
client.updater.Updater.download_target()
)
Maybe we can optionally let user handle "downloading target" and expose "verifying target" step in a more usable way to the user. This means that "resolving download URLs" must be better exposed to user. Also "local cache check" need re-design: if user downloads files, they also control caching so we can't expect tuf cache directory structure to exist.