simple streams

simplestreams is an on-disk format and associated tooling to securely convey and mirror artifacts and/or their metadata that change over time in a structured way.

An artifact might be a software release, a disk image or any other data blob or set of data blobs. Metadata can be any key/value pair. The JSON-based disk format can be exported directly over HTTPS, mirrored and updated atomically without race conditions, and allows for cryptographic verification of the data back to the public signing keys of the originator.

simplestreams is used for the automatable, secure and reliable distribution of such artifacts. For example, Ubuntu Cloud Images and their metadata are provided using this mechanism. Where public cloud vendors integrate cloud image distribution into their own products, Ubuntu nevertheless publishes Ubuntu image identifiers using simplestreams, so that the same mechanism can be used to locate Ubuntu images on any cloud.

simplestreams can be used directly by users to retrieve any subset of artifacts and metadata, whether historical or the “latest” version. Cryptographic verification back to the origin works through mirror layers whether full or partial, so this also works well for internal mirrors and even air gapped environments. Developers can use simplestreams to provide artifact and metadata to their users that automatically carry all of these properties.