I'm just trying to get my hands around a simple version of updating an app that I have its repo targets & metadata hosted on a separate Github repo. I got it working great when locally hosted per the tufup_example guide... The issue I'm running into is that whenever I start main.exe (created by following tufup_example on windows) is that (I think) the timestamp.json isn't correctly being deserialized...

I've ran through tuf's & tufup's docs and have been at this for a week, so now I'm earnestly asking for help or guidance on this. Am I overlooking something? Do I need to do something special to sign metadata now that it's hosted on Github?

Copy of my error is below, I hope it's just something simple I'm overlooking:

Traceback (most recent call last):
  File "main.py", line 12, in <module>
  File "myapp\__init__.py", line 75, in main
  File "myapp\__init__.py", line 36, in update
  File "tufup\client.py", line 154, in check_for_updates
  File "tuf\ngclient\updater.py", line 133, in refresh
  File "tuf\ngclient\updater.py", line 346, in _load_timestamp
  File "tuf\ngclient\_internal\trusted_metadata_set.py", line 211, in update_timestamp
  File "tuf\api\metadata.py", line 263, in from_bytes
  File "tuf\api\serialization\json.py", line 40, in deserialize
tuf.api.serialization.DeserializationError: Failed to deserialize JSON
[11720] Failed to execute script 'main' due to unhandled exception!
PS C:\Users\username\AppData\Local\Programs\my_app> .\main.exe
INFO:__main__:my_app 1.0
DEBUG:tuf.ngclient._internal.trusted_metadata_set:Updating initial trusted root
DEBUG:tuf.ngclient._internal.trusted_metadata_set:Loaded trusted root v1
DEBUG:tuf.ngclient.fetcher:Downloading: https://github.com/username/updater/blob/main/metadata/2.root.json
DEBUG:tuf.ngclient._internal.requests_fetcher:Made new session ('https', 'github.com')
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): github.com:443
DEBUG:urllib3.connectionpool:https://github.com:443 "GET /username/updater/blob/main/metadata/2.root.json HTTP/1.1" 404 None
DEBUG:tuf.ngclient._internal.trusted_metadata_set:Updated timestamp v3
DEBUG:tuf.ngclient.fetcher:Downloading: https://github.com/username/updater/blob/main/metadata/timestamp.json
DEBUG:tuf.ngclient._internal.requests_fetcher:Reusing session ('https', 'github.com')
DEBUG:urllib3.connectionpool:Resetting dropped connection: github.com
DEBUG:urllib3.connectionpool:https://github.com:443 "GET /username/updater/blob/main/metadata/timestamp.json HTTP/1.1" 200 2321
DEBUG:tuf.ngclient.fetcher:Downloaded 6205 out of 16384 bytes
Traceback (most recent call last):
  File "tuf\api\serialization\json.py", line 37, in deserialize
  File "tuf\api\metadata.py", line 172, in from_dict
KeyError: 'signed'

I created a working app that would auto-update itself from a localhost server as described in the tufup_example, however when I created a new repo from github and hosted fresh files that had the metadata and target files pointing to that Github repo, I received the above error(s).

I tried creating several "clean" repos and clients but have not been able to figure out this error.

1

There are 1 answers

0
TheSlant On

When the app checks for updates and JSONDeserializer.deserialize() is called for the timestamp.json file, the raw data is the entire Github webpage, so using this stack overflow post about using https://raw.githubusercontent.com rather than github.com..., this grabbed solely the contents of the JSON file, rather than a response containing it and other elements of the page!

Using the https://raw.githubusercontent.com/ address path makes the app run successfully in its production env.