[SECURESIGN-1228] add/update/remove old-style targets

tuftool/README.md

@@ -115,8 +115,42 @@ tuftool update \
    --timestamp-version 2 \
    --outdir "${WRK}/tuf-repo" \
    --metadata-url file:///$WRK/tuf-repo/metadata
+
+#[Optional] Set an RHTAS target (fulcio, ctlog, rekor, tsa)!
+touch "${WRK}/input/ctfe.pub" 
+
+tuftool rhtas \
+   --root "${ROOT}" \
+   --key "${WRK}/keys/root.pem" \
+   --set-ctlog-target "${WRK}/input/ctfe.pub" \
+   --ctlog-uri "https://ctfe.sigstore.dev" \
+   --targets-expires 'in 3 weeks' \
+   --targets-version 3 \
+   --snapshot-expires 'in 3 weeks' \
+   --snapshot-version 3 \
+   --timestamp-expires 'in 1 week' \
+   --timestamp-version 3 \
+   --outdir "${WRK}/tuf-repo" \
+   --metadata-url file:///$WRK/tuf-repo/metadata
+
+# delete a target
+tuftool rhtas \
+   --root "${ROOT}" \
+   --key "${WRK}/keys/root.pem" \
+   --delete-target "ctfe.pub" \
+   --targets-expires 'in 3 weeks' \
+   --targets-version 4 \
+   --snapshot-expires 'in 3 weeks' \
+   --snapshot-version 4 \
+   --timestamp-expires 'in 1 week' \
+   --timestamp-version 4 \
+   --outdir "${WRK}/tuf-repo" \
+   --metadata-url file:///$WRK/tuf-repo/metadata
+
 ```
 
+
+
 ### Download TUF Repo
 Now that we have created TUF repo, we can inspect it using download command. 
 Download command is usually used to download a remote repo using HTTP/S url, but 

tuftool/src/error.rs

@@ -73,6 +73,56 @@ pub(crate) enum Error {
         backtrace: Backtrace,
     },
 
+    #[snafu(display("Invalid target status. The status must be either 'Active' or 'Expired'"))]
+    NoValidTargetStatus { backtrace: Backtrace },
+
+    #[snafu(display("Unable to create directory: {:?}", path))]
+    CreateDir {
+        path: PathBuf,
+        source: std::io::Error,
+        backtrace: Backtrace,
+    },
+
+    #[snafu(display("Invalid path: {:?}", path))]
+    InvalidPath { path: PathBuf, backtrace: Backtrace },
+
+    #[snafu(display("Failed to copy file from {:?} to {:?}: {}", src, destination, source))]
+    FileCopy {
+        src: PathBuf,
+        destination: PathBuf,
+        source: std::io::Error,
+        backtrace: Backtrace,
+    },
+
+    #[snafu(display("Failed to remove target '{}': {}", name, source))]
+    RemoveTarget {
+        name: String,
+        source: tough::error::Error,
+        backtrace: Backtrace,
+    },
+
+    #[snafu(display("Failed to remove existing target path '{}': {}", path.display(), source))]
+    RemoveTargetPath {
+        path: PathBuf,
+        source: std::io::Error,
+        backtrace: Backtrace,
+    },
+
+    #[snafu(display("Failed to remove target: Target file does not exist"))]
+    TargetFileDoesNotExist { backtrace: Backtrace },
+
+    #[snafu(display("Failed to read directory '{}': {}", path.display(), source))]
+    ReadDir {
+        path: PathBuf,
+        source: std::io::Error,
+    },
+
+    #[snafu(display("Failed to process directory entry in '{}': {}", path.display(), source))]
+    DirEntry {
+        path: PathBuf,
+        source: std::io::Error,
+    },
+
     #[snafu(display("Couldn't find role '{}': {}", role, source))]
     DelegateeNotFound {
         role: String,

tuftool/src/main.rs

@@ -24,6 +24,7 @@ mod download_root;
 mod error;
 mod remove_key_role;
 mod remove_role;
+mod rhtas;
 mod root;
 mod source;
 mod transfer_metadata;
@@ -90,6 +91,8 @@ enum Command {
     TransferMetadata(transfer_metadata::TransferMetadataArgs),
     /// Update a TUF repository's metadata and optionally add targets
     Update(Box<update::UpdateArgs>),
+    /// Manage RHTAS TUF
+    Rhtas(Box<rhtas::RhtasArgs>),
 }
 
 impl Command {
@@ -99,6 +102,7 @@ impl Command {
             Command::Root(root_subcommand) => root_subcommand.run().await,
             Command::Download(args) => args.run().await,
             Command::Update(args) => args.run().await,
+            Command::Rhtas(args) => args.run().await,
             Command::Delegation(cmd) => cmd.run().await,
             Command::Clone(cmd) => cmd.run().await,
             Command::TransferMetadata(cmd) => cmd.run().await,