trdl
Secure and continuous delivery
Simple, reliable, and fast

trdl is an Open Source solution providing a secure channel for delivering updates from the Git repository to the end user.

The project team releases new versions of the software and switches them in the release channels. Git acts as the single source of truth while Vault is used as a tool to verify operations as well as populate and maintain the TUF repository.

The user selects a release channel, continuously receives the latest software version from the TUF repository, and uses it.

Problems that trdl solves for you
  • Continuous delivery limitations

    Continuous delivery via the CI system works well for the SaaS model, that is, for software hosted on cloud servers. At the same time, you would be hard-pressed to find a tool that is as fast at delivering code to user devices.

  • Challenges related to implementing a secure delivery

    What complicates things:

    • Software release and changes in release channels must only occur based on a collective decision of the team (quorum).
    • The system must protect against unauthorized access and data compromise.
    • The system must not be compromised by human mistakes, including regulation breaches.
  • Package manager limitations

    There are many package managers, but they all have common drawbacks:

    • Each platform requires its own manager.
    • The package creation process is complicated.
    • There is a lot of manual work involved: the user has to add the package source, find the package, and install/upgrade/uninstall it.
Components and their functions
The trdl server
implements the TUF repository and securely populates it.

  • Releases new software versions.

  • Publishes the release channels.

  • Verifies all operations via a quorum of GPG signatures.

  • Ensures a continuous rotation of TUF repository encryption keys and metadata.

The trdl client
ensures reliable updates delivery and the use of software securely.

  • Updates software versions through selected channels.

  • Verifies updates pulled from a trusted TUF repository.

  • Provides various options for using and updating the software.

How does trdl work?
Let's look at how the project team uses trdl to continuously deliver updates to users. The process in its simplified form involves three main steps: pushing the release to the TUF repository, publishing the release channel, and delivering the release to the user via the published release channel.
Releasing

The developer creates a Git tag with the new software version (v1.0.1) and signs it with their GPG signature.

The project quorum signs the commit with GPG signatures.

The release build process commences. The CI system passes the Git tag to Vault.

Vault checks to see if the Git tag contains the minimum set of allowed GPG signatures. If all the necessary signatures are there, Vault starts the build.

Vault signs the resulting build (artifact). Note that Vault automatically generates keys to sign the build with. Those keys are stored in the Vault storage in encrypted form. No one can access those keys or use them.

The resulting build (along with the metadata) gets pushed to the TUF repository. However, the client continues to run the old software version (v1.0.0) until the new version is published in the selected release channel.

Publishing the channels

The developer makes changes to the release channels in Git and commits them while signing with a GPG signature.

The project quorum signs the commit with GPG signatures.

The channel publishing process begins. The CI system passes the commit to Vault.

Vault checks to see if the commit contains the minimum set of allowed GPG signatures.

Vault signs the updated list of channels and related releases. Note that Vault automatically generates keys to sign the build with. Those keys are stored in the Vault storage in encrypted form. No one can access them.

The updated channels (along with the metadata) get pushed to the TUF repository.

The channel gets published. The new software version then becomes available to the client that is configured to use this release channel.

Advantages
  • Release channels instead of software versions

    The user doesn’t have to download specific package versions. Instead, all (s)he has to do is choose a release channel with the desired compatibility (any SemVer combination) and stability levels (alpha, beta, early access, stable, or rock solid). Via these channels, developers distribute the appropriate release versions. There is no limit to the frequency of the updates.

  • All operations are confirmed by a GPG quorum

    trdl implements the so-called "M of N" verification mechanism: every commit in Git related to releasing or publishing channels must be signed using a set minimum number of trusted GPG keys.

  • Truly secure delivery

    The trdl security system is based on three components: the TUF repository, the Vault plugin, and Git.

    • The TUF repository protects against unauthorized software access, key compromise and loss. It is responsible for the relevance, consistency, and integrity of the data.
    • Vault is a secure platform for running a trdl server that enables secure management of encryption keys.
    • Git stores commit code, configurations, and GPG signatures to verify operations.
  • Support for various platforms
    • MacOS, Windows, Ubuntu, Red Hat, and even Gentoo.
    • All popular command shells are supported.