tuf/remote: HTTP client with custom/authentication headers

[lucab]

I was looking into the feasibility of integrating this crate into a docker client, as the docker registry has a TUF-based trusted distribution extension called notary.

One initial issue I'm seeing is that the docker notary endpoints require authentication via HTTP header, but I'm not seeing any direct way of setting custom headers on the internally-built request. Do you have any suggestions in that direction? Should ConfigBuilder grow some way to take a third-party function which manipulate the RequestBuilder before sending it?

[heartsucker]

This likely wouldn't be compatible with Notary since the spec has moved on from a rigid definition of metadata fields, encodings, and data interchange formats. One consumer of this lib already had problems because this deviates from the Python reference implementation: #93

It is possible that Notary and the Python impl both followed an old version of the draft to the T and are compatible, but that likely would not be the case between future implementations.

However, if in general you want to be able to set custom headers, that should be possible.

[lucab]

Thanks for the forewarning, I literally just started scratching the surface of this so it may as well turn out to be non-compatible. I'll report back once I'll get interesting datapoints.

[heartsucker]

It actually looks like rustup is pinned to hyper 0.9.8 right now, so it would probably make more sense to have rust-tuf and rustup both meet at 0.10 instead of advancing them both to 0.11.

I opened an upstream issue to address that: rust-lang/rustup#1195