Establishing trust in community repositories

Names and identifiers

type name = string

The name of resources, used e.g. for package names.

val pp_name : name Conex_utils.fmt

pp_name name is a pretty printer for name.

val name_equal : name -> name -> bool

name_equal a b is the result of a case insensitive comparison of a and b.

type identifier = string

The type of identifiers.

pp_id id is a pretty printer for identifier.

val id_equal : identifier -> identifier -> bool

id_equal a b is the result of a case insensitive comparison of a and b.

type timestamp = string

The type for a timestamp, always a RFC3339 string in UTC (no timezone information).

val pp_timestamp : timestamp Conex_utils.fmt

Wire format

module Wire : sig ... end

The wire encoding is abstract here, one suitable decoding and encoding engine is Conex_opam_encoding. The wire encoding is used for digest computations, and persistent storage on disk.

Resource types

type typ = [
| `Root
| `Targets

The sum type of all possible resources.

val typ_to_string : typ -> string

resource_to_string res is the string representation of res.

val string_to_typ : string -> typ option

string_to_resource str is either Some resource or None.

val pp_typ : typ Conex_utils.fmt

pp_resource pp is a pretty printer for resource.

val typ_equal : typ -> typ -> bool

resource_equal a b is true if they are the same, otherwise false.

val typ_of_wire : Wire.s -> ( typ, string ) result
type err = [
| `Parse of string
| `Unknown_alg of string
| `Malformed
val pp_err : err Conex_utils.fmt
module Header : sig ... end

Common header on disk


module Digest : sig ... end
module Digest_map : sig ... end

Asymmetric key types

module Key : sig ... end

Cryptographic signatures

module Signature : sig ... end
val to_be_signed : Wire.t -> timestamp -> identifier -> Signature.alg -> Wire.t

to_be_signed data timestamp id algorithm prepares the representation used by signing and verification

module Expression : sig ... end


The root contains the (offline) root keys, also defines snapshot, timestamp, and maintainers. Furthermore, it contains configuration information such as where keys are located in this repository and where the data is stored.

module Root : sig ... end
module Delegation : sig ... end
module Target : sig ... end
module Targets : sig ... end