pub enum PathSet {
Paths(Vec<PathPattern>),
PathHashPrefixes(Vec<PathHashPrefix>),
}Expand description
Specifies the target paths that a delegated role controls.
Variants§
Paths(Vec<PathPattern>)
The “paths” list describes paths that the role is trusted to provide. Clients MUST check that a target is in one of the trusted paths of all roles in a delegation chain, not just in a trusted path of the role that describes the target file. PATHPATTERN can include shell- style wildcards and supports the Unix filename pattern matching convention. Its format may either indicate a path to a single file, or to multiple paths with the use of shell-style wildcards. For example, the path pattern “targets/*.tgz” would match file paths “targets/foo.tgz” and “targets/bar.tgz”, but not “targets/foo.txt”. Likewise, path pattern “foo-version-?.tgz” matches “foo-version-2.tgz” and “foo-version-a.tgz”, but not “foo-version-alpha.tgz”. To avoid surprising behavior when matching targets with PATHPATTERN, it is RECOMMENDED that PATHPATTERN uses the forward slash (/) as directory separator and does not start with a directory separator, akin to TARGETSPATH.
PathHashPrefixes(Vec<PathHashPrefix>)
The path_hash_prefixes list is used to succinctly describe a set of target paths.
Specifically, each HEX_DIGEST in path_hash_prefixes describes a set of target paths;
therefore, path_hash_prefixes is the union over each prefix of its set of target paths.
The target paths must meet this condition: each target path, when hashed with the SHA-256
hash function to produce a 64-byte hexadecimal digest (HEX_DIGEST), must share the same
prefix as one of the prefixes in path_hash_prefixes. This is useful to split a large
number of targets into separate bins identified by consistent hashing.