linuxcon v4 when the going gets tough, get tuf going! · 2017. 12. 14. · when the going gets...

Report

Post on 18-Aug-2020

4 Views

Category:

Documents

0 Downloads

Preview:

Click to see full reader

TRANSCRIPT

When the going gets tough,Get TUF going!

Riyaz Faizullabhoy - @riyazdf

Motivation

What is TUF?

Using TUF

Hermetic Builds

Where does software come from?

$> _

$>curl | sudo bash

$>apt-get install

• authenticity

$>apt-get install

• authenticity• integrity

$>apt-get install really-old-foo

$>#not after 2007 $>apt-get install really-old-foo

• authenticity• integrity• freshness

$> $pkg-manager install foo

• authenticity (TLS)• integrity (TLS)• freshness

• authenticity (TLS - transport only)• integrity (TLS - transport only)• freshness

foo

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIcBAABCAAGBQJXUtcbAAoJEItIrWJGklVTp6oP/ROIMdfBerB+sKswke8mau1w aalsr6MmQgARItPhsQvFUaRXEXDJvefRdPJl+xDl1zUkJJhLJIsW9VmpBk19l2pU oWuiy6Ou9BWWA2qmS/3BKdmriuXp8LtjpQ2prj3jefOfIcUUlWtusATp0qM3JvGr UWFDkxzQAqZycwuY7n1e4YNyE30iAbPtWB3cKs6Bi7nNWREeQ9cAsJJPnVIl/e6t H3KI8F2QkQ/HwfN9KYfZKyChMubBKsl1txOlgHs1QLrrhft6kP3RDoKRhJTuPvnr 3QWH3Hlo6B/nqpX7hOcAkw6gfnpVe+SHBKOE8b93nTR4Gh7l1R1hjdUdO46rQLVy iz1WcWgJkMj13kePrDC3gM+CaT7O0ug4dQ1b1brPzuJwz7j7mHIIOUdwOZ+7OWf5 ppdxXB5E6/XJN2X26V3KdHTgfsFmu2eX9PaDIjA26XP8DtPOSaz6sYrPxQtRPS2w oSp8Kkgh4kVTftymKvDcbFp7OF1qhCxWkwvCB+StTI5s+aRfkIUqQkYS12EYI6b7 uQq0r5QjM6DzsnCRKrRh2EUzgHdfax1iIEY+kC2BvG+Xw6wHro47iR4gaRzR1c7x LRm5uxrGCq5zV9Lp+LBNGkAQJzivkm8ka7yYss5DIk6gVeTsHbcSLnmt4rUViZOp BsAoXDQUdfv80oIg39BMiQIcBAABCAAGBQJXUtcbAAoJEHY40EQrkNAQp6oQAIsl 7tPJpwTzKrv6r8gEQggyRvFEp8Ubi+/8wPf+AawutClXNONB5lLvceA0SEgwPH0L js+kDrmNZRQ65PAEUf0mWwq8kdNWTcVDfKvI/Te2tr65/yaVFTLDDoAsC9M5Q9QX i3h0xCZAT6hQSl7oSzWQIJkAqAer/9ctvYE6S9hAyiUIj9MQUA/PPBmEUcxKlADd Rjg2JHJJFODkciHWyQboU7UAOwpGIW/LFgFlr+nMomP/wQoZdOKyKS0QG8I0dxbh o19tvoxBN32KS6yQM1oQDhvXIlvZiirohBCXSVXiLYIzEzZfcLqP9cRGOUlzMtKw P9m1tM0Lx+yY8OZTshedR+u+6lW+vdPQ0Ar3MzE+98DE3zT+NDgGUJQNAtfkFesW az6bMS07c947zbBZIAg0iO0ys2PCI7bwNdJAJ9VjujAKZ5R5c9IZOltF3RRiQcn9 QODaFM4cGrndS53tmtjR2vPNoEk8jVR0mbp6Nyr7t4sgCGkiDyqO1xZOIOX1pCMQ seD6XOq2cWTSSisIRo8Cccdo3ciE4yfYZQ/3+gLaqDOrtBIGxj9iumS1ELI6XHb7 7LjYz72Z5gjzK2X+jQCJFD/QNZv4n8dkoYgRVk4ZgEg+BuctUA85RggaLR2R9JCV NRcXJtGybbGDQ85vFuzLYyUrSnfc5Vcm31tcy94h =nSRR -----END PGP SIGNATURE-----

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIcBAABCAAGBQJXUtcbAAoJEItIrWJGklVTp6oP/ROIMdfBerB+sKswke8mau1w aalsr6MmQgARItPhsQvFUaRXEXDJvefRdPJl+xDl1zUkJJhLJIsW9VmpBk19l2pU oWuiy6Ou9BWWA2qmS/3BKdmriuXp8LtjpQ2prj3jefOfIcUUlWtusATp0qM3JvGr UWFDkxzQAqZycwuY7n1e4YNyE30iAbPtWB3cKs6Bi7nNWREeQ9cAsJJPnVIl/e6t H3KI8F2QkQ/HwfN9KYfZKyChMubBKsl1txOlgHs1QLrrhft6kP3RDoKRhJTuPvnr 3QWH3Hlo6B/nqpX7hOcAkw6gfnpVe+SHBKOE8b93nTR4Gh7l1R1hjdUdO46rQLVy iz1WcWgJkMj13kePrDC3gM+CaT7O0ug4dQ1b1brPzuJwz7j7mHIIOUdwOZ+7OWf5 ppdxXB5E6/XJN2X26V3KdHTgfsFmu2eX9PaDIjA26XP8DtPOSaz6sYrPxQtRPS2w oSp8Kkgh4kVTftymKvDcbFp7OF1qhCxWkwvCB+StTI5s+aRfkIUqQkYS12EYI6b7 uQq0r5QjM6DzsnCRKrRh2EUzgHdfax1iIEY+kC2BvG+Xw6wHro47iR4gaRzR1c7x LRm5uxrGCq5zV9Lp+LBNGkAQJzivkm8ka7yYss5DIk6gVeTsHbcSLnmt4rUViZOp BsAoXDQUdfv80oIg39BMiQIcBAABCAAGBQJXUtcbAAoJEHY40EQrkNAQp6oQAIsl 7tPJpwTzKrv6r8gEQggyRvFEp8Ubi+/8wPf+AawutClXNONB5lLvceA0SEgwPH0L js+kDrmNZRQ65PAEUf0mWwq8kdNWTcVDfKvI/Te2tr65/yaVFTLDDoAsC9M5Q9QX i3h0xCZAT6hQSl7oSzWQIJkAqAer/9ctvYE6S9hAyiUIj9MQUA/PPBmEUcxKlADd Rjg2JHJJFODkciHWyQboU7UAOwpGIW/LFgFlr+nMomP/wQoZdOKyKS0QG8I0dxbh o19tvoxBN32KS6yQM1oQDhvXIlvZiirohBCXSVXiLYIzEzZfcLqP9cRGOUlzMtKw P9m1tM0Lx+yY8OZTshedR+u+6lW+vdPQ0Ar3MzE+98DE3zT+NDgGUJQNAtfkFesW az6bMS07c947zbBZIAg0iO0ys2PCI7bwNdJAJ9VjujAKZ5R5c9IZOltF3RRiQcn9 QODaFM4cGrndS53tmtjR2vPNoEk8jVR0mbp6Nyr7t4sgCGkiDyqO1xZOIOX1pCMQ seD6XOq2cWTSSisIRo8Cccdo3ciE4yfYZQ/3+gLaqDOrtBIGxj9iumS1ELI6XHb7 7LjYz72Z5gjzK2X+jQCJFD/QNZv4n8dkoYgRVk4ZgEg+BuctUA85RggaLR2R9JCV NRcXJtGybbGDQ85vFuzLYyUrSnfc5Vcm31tcy94h =nSRR -----END PGP SIGNATURE-----

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIcBAABCAAGBQJXUtcbAAoJEItIrWJGklVTp6oP/ROIMdfBerB+sKswke8mau1w aalsr6MmQgARItPhsQvFUaRXEXDJvefRdPJl+xDl1zUkJJhLJIsW9VmpBk19l2pU oWuiy6Ou9BWWA2qmS/3BKdmriuXp8LtjpQ2prj3jefOfIcUUlWtusATp0qM3JvGr UWFDkxzQAqZycwuY7n1e4YNyE30iAbPtWB3cKs6Bi7nNWREeQ9cAsJJPnVIl/e6t H3KI8F2QkQ/HwfN9KYfZKyChMubBKsl1txOlgHs1QLrrhft6kP3RDoKRhJTuPvnr 3QWH3Hlo6B/nqpX7hOcAkw6gfnpVe+SHBKOE8b93nTR4Gh7l1R1hjdUdO46rQLVy iz1WcWgJkMj13kePrDC3gM+CaT7O0ug4dQ1b1brPzuJwz7j7mHIIOUdwOZ+7OWf5 ppdxXB5E6/XJN2X26V3KdHTgfsFmu2eX9PaDIjA26XP8DtPOSaz6sYrPxQtRPS2w oSp8Kkgh4kVTftymKvDcbFp7OF1qhCxWkwvCB+StTI5s+aRfkIUqQkYS12EYI6b7 uQq0r5QjM6DzsnCRKrRh2EUzgHdfax1iIEY+kC2BvG+Xw6wHro47iR4gaRzR1c7x LRm5uxrGCq5zV9Lp+LBNGkAQJzivkm8ka7yYss5DIk6gVeTsHbcSLnmt4rUViZOp BsAoXDQUdfv80oIg39BMiQIcBAABCAAGBQJXUtcbAAoJEHY40EQrkNAQp6oQAIsl 7tPJpwTzKrv6r8gEQggyRvFEp8Ubi+/8wPf+AawutClXNONB5lLvceA0SEgwPH0L js+kDrmNZRQ65PAEUf0mWwq8kdNWTcVDfKvI/Te2tr65/yaVFTLDDoAsC9M5Q9QX i3h0xCZAT6hQSl7oSzWQIJkAqAer/9ctvYE6S9hAyiUIj9MQUA/PPBmEUcxKlADd Rjg2JHJJFODkciHWyQboU7UAOwpGIW/LFgFlr+nMomP/wQoZdOKyKS0QG8I0dxbh o19tvoxBN32KS6yQM1oQDhvXIlvZiirohBCXSVXiLYIzEzZfcLqP9cRGOUlzMtKw P9m1tM0Lx+yY8OZTshedR+u+6lW+vdPQ0Ar3MzE+98DE3zT+NDgGUJQNAtfkFesW az6bMS07c947zbBZIAg0iO0ys2PCI7bwNdJAJ9VjujAKZ5R5c9IZOltF3RRiQcn9 QODaFM4cGrndS53tmtjR2vPNoEk8jVR0mbp6Nyr7t4sgCGkiDyqO1xZOIOX1pCMQ seD6XOq2cWTSSisIRo8Cccdo3ciE4yfYZQ/3+gLaqDOrtBIGxj9iumS1ELI6XHb7 7LjYz72Z5gjzK2X+jQCJFD/QNZv4n8dkoYgRVk4ZgEg+BuctUA85RggaLR2R9JCV NRcXJtGybbGDQ85vFuzLYyUrSnfc5Vcm31tcy94h =nSRR -----END PGP SIGNATURE-----

$>apt-get install really-old-foo

Freeze and Rollback Attacks?

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIcBAABCAAGBQJXUtcbAAoJEItIrWJGklVTp6oP/ROIMdfBerB+sKswke8mau1w aalsr6MmQgARItPhsQvFUaRXEXDJvefRdPJl+xDl1zUkJJhLJIsW9VmpBk19l2pU oWuiy6Ou9BWWA2qmS/3BKdmriuXp8LtjpQ2prj3jefOfIcUUlWtusATp0qM3JvGr UWFDkxzQAqZycwuY7n1e4YNyE30iAbPtWB3cKs6Bi7nNWREeQ9cAsJJPnVIl/e6t H3KI8F2QkQ/HwfN9KYfZKyChMubBKsl1txOlgHs1QLrrhft6kP3RDoKRhJTuPvnr 3QWH3Hlo6B/nqpX7hOcAkw6gfnpVe+SHBKOE8b93nTR4Gh7l1R1hjdUdO46rQLVy iz1WcWgJkMj13kePrDC3gM+CaT7O0ug4dQ1b1brPzuJwz7j7mHIIOUdwOZ+7OWf5 ppdxXB5E6/XJN2X26V3KdHTgfsFmu2eX9PaDIjA26XP8DtPOSaz6sYrPxQtRPS2w oSp8Kkgh4kVTftymKvDcbFp7OF1qhCxWkwvCB+StTI5s+aRfkIUqQkYS12EYI6b7 uQq0r5QjM6DzsnCRKrRh2EUzgHdfax1iIEY+kC2BvG+Xw6wHro47iR4gaRzR1c7x LRm5uxrGCq5zV9Lp+LBNGkAQJzivkm8ka7yYss5DIk6gVeTsHbcSLnmt4rUViZOp BsAoXDQUdfv80oIg39BMiQIcBAABCAAGBQJXUtcbAAoJEHY40EQrkNAQp6oQAIsl 7tPJpwTzKrv6r8gEQggyRvFEp8Ubi+/8wPf+AawutClXNONB5lLvceA0SEgwPH0L js+kDrmNZRQ65PAEUf0mWwq8kdNWTcVDfKvI/Te2tr65/yaVFTLDDoAsC9M5Q9QX i3h0xCZAT6hQSl7oSzWQIJkAqAer/9ctvYE6S9hAyiUIj9MQUA/PPBmEUcxKlADd Rjg2JHJJFODkciHWyQboU7UAOwpGIW/LFgFlr+nMomP/wQoZdOKyKS0QG8I0dxbh o19tvoxBN32KS6yQM1oQDhvXIlvZiirohBCXSVXiLYIzEzZfcLqP9cRGOUlzMtKw P9m1tM0Lx+yY8OZTshedR+u+6lW+vdPQ0Ar3MzE+98DE3zT+NDgGUJQNAtfkFesW az6bMS07c947zbBZIAg0iO0ys2PCI7bwNdJAJ9VjujAKZ5R5c9IZOltF3RRiQcn9 QODaFM4cGrndS53tmtjR2vPNoEk8jVR0mbp6Nyr7t4sgCGkiDyqO1xZOIOX1pCMQ seD6XOq2cWTSSisIRo8Cccdo3ciE4yfYZQ/3+gLaqDOrtBIGxj9iumS1ELI6XHb7 7LjYz72Z5gjzK2X+jQCJFD/QNZv4n8dkoYgRVk4ZgEg+BuctUA85RggaLR2R9JCV NRcXJtGybbGDQ85vFuzLYyUrSnfc5Vcm31tcy94h =nSRR -----END PGP SIGNATURE-----

Survivable Key Compromise?

• authenticity • integrity• freshness• survivable key compromise

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIcBAABCAAGBQJXUtcbAAoJEItIrWJGklVTp6oP/ROIMdfBerB+sKswke8mau1w aalsr6MmQgARItPhsQvFUaRXEXDJvefRdPJl+xDl1zUkJJhLJIsW9VmpBk19l2pU oWuiy6Ou9BWWA2qmS/3BKdmriuXp8LtjpQ2prj3jefOfIcUUlWtusATp0qM3JvGr UWFDkxzQAqZycwuY7n1e4YNyE30iAbPtWB3cKs6Bi7nNWREeQ9cAsJJPnVIl/e6t H3KI8F2QkQ/HwfN9KYfZKyChMubBKsl1txOlgHs1QLrrhft6kP3RDoKRhJTuPvnr 3QWH3Hlo6B/nqpX7hOcAkw6gfnpVe+SHBKOE8b93nTR4Gh7l1R1hjdUdO46rQLVy iz1WcWgJkMj13kePrDC3gM+CaT7O0ug4dQ1b1brPzuJwz7j7mHIIOUdwOZ+7OWf5 ppdxXB5E6/XJN2X26V3KdHTgfsFmu2eX9PaDIjA26XP8DtPOSaz6sYrPxQtRPS2w oSp8Kkgh4kVTftymKvDcbFp7OF1qhCxWkwvCB+StTI5s+aRfkIUqQkYS12EYI6b7 uQq0r5QjM6DzsnCRKrRh2EUzgHdfax1iIEY+kC2BvG+Xw6wHro47iR4gaRzR1c7x LRm5uxrGCq5zV9Lp+LBNGkAQJzivkm8ka7yYss5DIk6gVeTsHbcSLnmt4rUViZOp BsAoXDQUdfv80oIg39BMiQIcBAABCAAGBQJXUtcbAAoJEHY40EQrkNAQp6oQAIsl 7tPJpwTzKrv6r8gEQggyRvFEp8Ubi+/8wPf+AawutClXNONB5lLvceA0SEgwPH0L js+kDrmNZRQ65PAEUf0mWwq8kdNWTcVDfKvI/Te2tr65/yaVFTLDDoAsC9M5Q9QX i3h0xCZAT6hQSl7oSzWQIJkAqAer/9ctvYE6S9hAyiUIj9MQUA/PPBmEUcxKlADd Rjg2JHJJFODkciHWyQboU7UAOwpGIW/LFgFlr+nMomP/wQoZdOKyKS0QG8I0dxbh o19tvoxBN32KS6yQM1oQDhvXIlvZiirohBCXSVXiLYIzEzZfcLqP9cRGOUlzMtKw P9m1tM0Lx+yY8OZTshedR+u+6lW+vdPQ0Ar3MzE+98DE3zT+NDgGUJQNAtfkFesW az6bMS07c947zbBZIAg0iO0ys2PCI7bwNdJAJ9VjujAKZ5R5c9IZOltF3RRiQcn9 QODaFM4cGrndS53tmtjR2vPNoEk8jVR0mbp6Nyr7t4sgCGkiDyqO1xZOIOX1pCMQ seD6XOq2cWTSSisIRo8Cccdo3ciE4yfYZQ/3+gLaqDOrtBIGxj9iumS1ELI6XHb7 7LjYz72Z5gjzK2X+jQCJFD/QNZv4n8dkoYgRVk4ZgEg+BuctUA85RggaLR2R9JCV NRcXJtGybbGDQ85vFuzLYyUrSnfc5Vcm31tcy94h =nSRR -----END PGP SIGNATURE-----

Trust Thresholding?

• authenticity • integrity• freshness• survivable key compromise• thresholding

• authenticity • integrity• freshness• survivable key compromise• thresholding

• authenticity • integrity• freshness• survivable key compromise• thresholding• ease of use

Get TUF(The Update Framework)

•Diplomat: Using Delegations to Protect Community Repositories •Survivable Key Compromise in Software Update Systems •A Look in the Mirror: Attacks on Package Managers •Package Management Security

TUF repository

TUF repository packages

root timestamp snapshot targets delegation

Root:

Timestamp:

Snapshot:

Targets:

Expiry: ...

Root Metadata

Root:

Timestamp:

Snapshot:

Targets:

Expiry: ...

Root Metadata

USA

Switzerland

China

Offline for security

• Backup in bank vault

• Use signing hardware

TUF repository packages

?

java : { hashes }openssl : { hashes }…

Expiry: ...

Targets Metadata

Keys: { Alice: Bob:}

Expiry: ...

Targets Metadata

A

B

java:openssl:

[Alice][Bob]

Delegation Metadata

Ajava-8-jre : { hashes }java-7-jre : { hashes }...Expiry: ...

Bopenssl-1.0.1t : { hashes }openssl-1.0.2h : { hashes }...Expiry: ...

java-8-jre java-7-jre

openssl-1.0.1t openssl-1.0.2h

A

B

openssl-1.0.1t openssl-1.0.2h

java java-8-jdkjava-7-jdk

java-8-jrejava-7-jre

apt

openssl

A

B

C

A

jdk

jre

openssl-1.0.1t openssl-1.0.2h

java java-8-jdkjava-7-jdk

java-8-jrejava-7-jre

apt

openssl

A

B

C

A

jdk

jre

E

D

• authenticity • integrity• freshness• survivable key compromise• thresholding

• authenticity • integrity• freshness• survivable key compromise• thresholding

• authenticity • integrity• freshness• survivable key compromise• thresholding

Root : { hashes }Targets : { hashes }

Alice : { hashes }Bob : { hashes }…

Expiry: ...

Snapshot Metadata

• authenticity • integrity• freshness• survivable key compromise• thresholding

Snapshot : { hashes }

Expiry: 24 hours from now

Timestamp Metadata

openssl-1.0.1t openssl-1.0.2h

java java-8-jdkjava-7-jdk

java-8-jrejava-7-jre

apt

openssl

A

B

C

A

jdk

jre

E

D X

• authenticity • integrity• freshness• survivable key compromise• thresholding

#

# #

#

#

#

Timestamp

Lifetime

Snapshot

Targets/ Delegations

Root

Metadata Lifetime

t

Timestamp

Lifetime

Snapshot

Targets/ Delegations

Root

Keeping Freshness

t

Timestamp

Lifetime

Snapshot

Targets/ Delegations

Root

Snapshot Expired!

t

Timestamp

Lifetime

Snapshot

Targets/ Delegations

Root

Sign a new Snapshot

t

Timestamp

Lifetime

Snapshot

Targets/ Delegations

Root

Sign a new Timestamp to point the Snapshot

t

Timestamp

Lifetime

Snapshot

Targets/ Delegations

Root

Want to publish something?

t

Timestamp

Lifetime

Snapshot

Targets/ Delegations

Root

Sign the hash into a new Targets or Delegation file

t

Timestamp

Lifetime

Snapshot

Targets/ Delegations

Root

Sign a new Snapshot that references this Targets file

t

Timestamp

Lifetime

Snapshot

Targets/ Delegations

Root

Sign a new Timestamp that references the new Snapshot

t

Timestamp

Lifetime

Snapshot

Targets/ Delegations

Root

Situation normal

t

Timestamp

Lifetime

Snapshot

Targets/ Delegations

Root

Oh no, I think my Snapshot key was compromised!

t

Compromise is “when” not “if”

Root: Timestamp: Snapshot: Targets:

Root Metadata

Root: Timestamp: Snapshot: Targets:

Root Metadata

Snapshot Metadata

Timestamp

Lifetime

Snapshot

Targets/ Delegations

Root

Before recovery

t

Timestamp

Lifetime

Snapshot

Targets/ Delegations

Root

Create and sign the new Snapshot key into Root

t

Timestamp

Lifetime

Snapshot

Targets/ Delegations

Root

Sign a new Snapshot with the new key

t

Timestamp

Lifetime

Snapshot

Targets/ Delegations

Root

Sign new Timestamp to reference new Snapshot

t

• authenticity • integrity• freshness• survivable key compromise• thresholding• ease of use

coming soon!

GPG TUF

• …• auditability

?

How can we start using TUF?

Demo

• ease of use?

Demo

• authenticity • integrity• freshness• survivable key compromise• thresholding• ease of use

github.com/docker/notary

http://github.com/docker/notary

$> export DOCKER_CONTENT_TRUST=1

alpine

latest: {hash} edge: {hash} 2.6: {hash} 3.3: {hash} 3.4: {hash}

alpine

$> $pkg-manager install openssl

Design Goals: - root of trust in package manager maintainers - with thresholding

- freshness guarantees

- signed index of all packages

- signed package targets by package maintainers - name to hash resolution - with thresholding

package-manager maintainer(s)

freshness

package-manager maintainer(s)

signs indexfreshness

package-manager maintainer(s)

signs indexfreshness

maintainer keys

package-manager maintainer(s)

signs indexfreshness

maintainer keys

openssl: {hash}

package-manager maintainer(s)

Future work: hermetic builds

Learn More• Read the spec:

• github.com/theupdateframework/tuf/ (docs/tuf-spec.txt)

• Look at Notary: • github.com/docker/notary

• Read the Docker Content Trust docs:• docs.docker.com/engine/security/trust/content_trust/

https://github.com/theupdateframework/tuf/
https://github.com/docker/notary
https://docs.docker.com/engine/security/trust/content_trust/

THANK YOU

Root:

Timestamp:

Snapshot:

Targets:

Expiry: ...

Root Metadata

Appendix: root key rotations

Root:

Timestamp:

Snapshot:

Targets:

Expiry: ...

Root Metadata

Appendix: root key rotations

Root:

Timestamp:

Snapshot:

Targets:

newRoot:

Timestamp:

Snapshot:

Targets:

old

Appendix: root key rotations

Root:

Timestamp:

Snapshot:

Targets:

newRoot:

Timestamp:

Snapshot:

Targets:

oldXAppendix: root key rotations

Appendix: DCT pull flow

Appendix: DCT pull flow

uses manifest/layer merkle tree

top related

“when the going gets tough, the tough get going.” ·...
Documents
when the going gets tough, the tough get...
Documents
when the going gets tough, the tough get data: scamps
Documents
when the going gets tough the leader gets going · 2017. 9....
Documents
when the going gets tough, the pets get going
Documents
– what is “ tuf ” series – tuf’s milestone –...
Documents
when the going gets tough - the tough get ….worse! ·...
Documents
when the going gets tough attracting and retaining...
Business
whenthe going gets tough
Spiritual
going gets tough
Documents
self-healing networks when the going gets tough, the tough...
Documents
mechanical face seals when the going gets tough
Documents
when the going gets tough
Documents
activating teams, when going through tough times!
Business
what to do when the going gets tough: tips for the
Documents
if your going to be dumb you gotta be tough!!!
Documents
when the going gets tough, the pets get going... care and...
Documents
when the going gets double wishbone front suspension tough
Documents
when the going got tough, a real estate financier got us ......
Documents
when the going gets tough, the tough get going
Documents