php-tuf / php-tuf
PHP implementation of The Update Framework (TUF)
Installs: 3 658
Dependents: 1
Suggesters: 0
Security: 0
Stars: 41
Watchers: 10
Forks: 20
Open Issues: 30
Requires
- php: ^8.1
- ext-json: *
- guzzlehttp/promises: ^2
- guzzlehttp/psr7: ^2.4
- paragonie/sodium_compat: ^1.13
- symfony/validator: ^6.1 || ^7
Requires (Dev)
- phpunit/phpunit: ^9
- slevomat/coding-standard: ^8.2
- squizlabs/php_codesniffer: ^3.7
- symfony/filesystem: ^6.4
- symfony/phpunit-bridge: ^5
Suggests
- ext-sodium: Provides faster verification of updates
- dev-main
- 0.1.6
- 0.1.5
- 0.1.4
- 0.1.3
- 0.1.2
- 0.1.1
- dev-test-ephemeral
- dev-remove-sodium-compat
- dev-spec-1.0.29
- dev-fix/rotated-keys-check
- dev-tedbow-add_fixture_test_cases_json
- dev-wip
- dev-gen17_check
- dev-temp
- dev-tedbow_builder
- dev-tedbow-test-target-files-naming
- dev-tedbow-spec-5-4-1
- dev-tedbow_verify_meta
- dev-computekeyids_private
- dev-xjm-meeting-notes
- dev-tedbow_attack_tests
- dev-tedbow-phpcs-dev
- dev-roledb_meta
- dev-composer-integration-fake
- dev-fixtures_13
- dev-mbaynton-more-workflow-tests
- dev-workflow-3
- dev-ted_tests_wip
- dev-mbaynton-wip
This package is auto-updated.
Last update: 2025-01-09 19:49:38 UTC
README
IMPORTANT
PHP-TUF is in a pre-release state and is not considered a complete or secure version of the TUF framework. It should currently only be used for testing, development and feedback.
Do not use in production for secure target downloads!!
PHP-TUF is a PHP implementation of The Update Framework (TUF) to provide signing and verification for secure PHP application updates. Read the TUF specification for more information on how TUF is intended to work and the security it provides.
PHP-TUF project development is primarily focused on supporting secure automated updates for PHP CMSes, although it should also work for any PHP application or Composer project. Contributing projects:
PHP-TUF client requirements
The PHP-TUF client is designed to provide TUF verification to PHP applications for target signatures.
- Minimum required PHP version: 8.1
- Requires
ext-json
- The
paragonie/sodium_compat
dependency provides a polyfill for the Sodium cryptography library; however, installingext-sodium
is recommended for better performance and security.
Code style
The code generally follows PSR-2 with some additional formatting rules for code documentation and array formatting. Run PHPCS to check for code style compliance:
composer phpcs
Testing
Test fixtures generation
Run the following command:
composer fixtures
Fixtures should appear in fixtures/
.
Running the PHP-TUF tests
- Ensure you have all required dependencies by running
composer install
. - Run
composer test
at the project's root.
Dependency policies and information
To provide a lightweight, reliable, and secure client, external dependencies are carefully limited. Any proposed dependency additions (and those dependencies' dependencies) should undergo the Drupal core dependency evaluation process.
For evaluations and policies of current dependencies, see the PHP-TUF dependency information.