trdl
trdl (stands for "true delivery") is an Open Source solution providing a secure channel for delivering updates from the Git repository to the end user.
The project team releases new versions of the software and switches them in the release channels. Git acts as the single source of truth while Vault is used as a tool to verify operations as well as populate and maintain the TUF repository. The user selects a release channel, continuously receives the latest software version from the TUF repository, and uses it.
We have been successfully using trdl to continuously deliver our werf CI/CD tool to CI runners and user hosts.
Architecture
trdl combines two key components: the server and the client.
trdl-server:
- builds and releases software versions;
- publishes the release channels (here is an example configuration from werf);
- ensures the release and the publication security via verifying the minimal number of valid GPG signatures associated with an action;
- ensures the object storage security via saving data signed by keys (no one has access to those keys) and continuously rotating TUF keys and metadata.
trdl-client:
- manages software repositories;
- updates software version within the selected release channel;
- provides easy operation with software version artifacts in the shell session;
- ensures safe communication via working with the TUF repository in a reliable fashion.
How it works
Releasing
Publishing the channels
Installation
trdl-client
Download trdl
client binaries from the GitHub Releases page, optionally verifying the binary with the PGP signature.
Documentation
Project's website is now available with more information (including developers quickstart) to follow soon.
Community & support
Please feel free to reach developers/maintainers and users via GitHub Discussions for any questions regarding trdl.
Your issues are processed carefully if posted to issues at GitHub.
License
Apache License 2.0, see LICENSE.