Atomically write metadata to file system

Before this patch, `FileSystemRepository::store_metadata` would
stream writes into the destination. If the system crashed,
it's possible the metadata could be truncated. This refactors
the code to atomically write metadata to avoid this happening.

Note that this changes the behavior of
`FileSystemRepository::store_target`. It used to store the
temporary files in a `$REPO/temp` directory, but instead
this moves the temp files into the same directory as the
destination file. This was done to avoid the case where
`temp/` was stored on a separate filesystem than the
destination. If that were the case,
`NamedTemporaryFile::persist` would not be atomic.
1 file changed
tree: 679c6f941caa7b200a804d32604868a319a2580e
  1. .gitignore
  2. .travis.yml
  3. Cargo.toml
  6. Makefile
  8. appveyor.yml
  9. src/
  10. tests/


Travis build Status Appveyor build status codecov

A Rust implementation of The Update Framework (TUF).

Full documentation is hosted at

Warning: Beta Software

This is under active development and may not suitable for production use. Further, the API is unstable and you should be prepared to refactor on even patch releases.


Please make all pull requests to the develop branch.


This project has a full disclosure policy on security related errors. Please treat these errors like all other bugs and file a public issue. Errors communicated via other channels will be immediately made public.



This work is dual licensed under the MIT and Apache-2.0 licenses. See LICENSE-MIT and LICENSE-APACHE for details.

Cryptography Notice

This software includes and uses cryptographic software. Your current country may have restrictions on the import, export, possession, or use of cryptographic software. Check your country's relevant laws before using this in any way. See Wassenaar for more info.