This page describes the system and setup requirements for a Packaging environment to interact with Rugged. The Rugged system is designed to require minimal interaction with existing automation processes around packaging and publishing artifacts that become Targets the Rugged system will secure. Essentially, the Packaging Pipeline need only place new Targets into a directory structure in which Rugged will notice them, generate signatures and incorporate them into the TUF repository metadata, etc.
You will presumably already have some sort of packaging pipeline. There are 2 options for setting up Rugged:
Note that you’ll need to set up an Admin Environment in order to interact with the Rugged system and your TUF repository.
To interact directly with Rugged via its rugged commands, you will need to
have credentials to the RabbitMQ configured. This will allow the CLI to
dispatch tasks to the workers.
To add Targets to Rugged (eg. rugged add-targets, you will also need to
locally mount the incoming_targets directory.
The Monitor worker
will handle adding targets to Rugged automatically. When using the Monitor
worker, your packaging environment will not need credentials for RabbitMQ, nor
a locally-mounted incoming_targets directory.
In order to provide targets to the Monitor worker, you will need to mount the
post_to_tuf directory (typically /opt/post_to_tuf). To add targets, you
will then want adapt your packaging scripts to:
post_to_tuf directory named
TUF_TMP_<TIMESTAMP>TUF_READY_<TIMESTAMP>Step 2 may take some time to complete, since network filesystems incur some overhead to sync. This sequence ensures that the Monitor worker does not start processing the new Targets until that syncing is complete.
After step 3, the Monitor worker will rename the directory to
TUF_PROCESSING_<TIMESTAMP>, before eventually removing it altogether, once it
has completed the ingestion of the new targets.