Update root with unrecognized fields

1.root.json

{
 "signatures": [
  {
   "keyid": "bb3de7c557a82e1f8b2867dd3e457e51c7f01bd262c4c812eb5818600776f0ad",
   "sig": "e7ae9d3cd1c9818bff2a8d2a80a350acc802397f9db0a37a8540656501e42b92daeb3802245ed41ce79c062c18b1619a8af2a139b1147cf4831251d23e8ff104"
  }
 ],
 "signed": {
  "_type": "root",
  "consistent_snapshot": true,
  "expires": "2022-11-11T16:44:35Z",
  "keys": {
   "bb3de7c557a82e1f8b2867dd3e457e51c7f01bd262c4c812eb5818600776f0ad": {
    "keytype": "ed25519",
    "keyval": {
     "public": "f082bc4de8ed97c713f4780e22ff8cfad495a8f8b978f0c01a2c661a9874cd96"
    },
    "scheme": "ed25519"
   }
  },
  "roles": {
   "root": {
    "keyids": [
     "bb3de7c557a82e1f8b2867dd3e457e51c7f01bd262c4c812eb5818600776f0ad"
    ],
    "threshold": 1
   },
   "snapshot": {
    "keyids": [
     "bb3de7c557a82e1f8b2867dd3e457e51c7f01bd262c4c812eb5818600776f0ad"
    ],
    "threshold": 1
   },
   "targets": {
    "keyids": [
     "bb3de7c557a82e1f8b2867dd3e457e51c7f01bd262c4c812eb5818600776f0ad"
    ],
    "threshold": 1
   },
   "timestamp": {
    "keyids": [
     "bb3de7c557a82e1f8b2867dd3e457e51c7f01bd262c4c812eb5818600776f0ad"
    ],
    "threshold": 1
   }
  },
  "spec_version": "1.0.30",
  "version": 1
 }
}

2.root.json

{
 "signatures": [
  {
   "keyid": "bb3de7c557a82e1f8b2867dd3e457e51c7f01bd262c4c812eb5818600776f0ad",
   "sig": "a9e82f214909e3afe7c22ebd6f05b4ac580ba751bc738b3069c40a71df2be716af4ca46e28b771391ca081f60387eae39fbbc4dc89bd1841575ee4b2e8b54c0d"
  }
 ],
 "signed": {
  "_type": "root",
  "consistent_snapshot": true,
  "expires": "2022-11-11T16:44:35Z",
  "keys": {
   "bb3de7c557a82e1f8b2867dd3e457e51c7f01bd262c4c812eb5818600776f0ad": {
    "keytype": "ed25519",
    "keyval": {
     "public": "f082bc4de8ed97c713f4780e22ff8cfad495a8f8b978f0c01a2c661a9874cd96"
    },
    "scheme": "ed25519"
   }
  },
  "roles": {
   "root": {
    "keyids": [
     "bb3de7c557a82e1f8b2867dd3e457e51c7f01bd262c4c812eb5818600776f0ad"
    ],
    "threshold": 1
   },
   "snapshot": {
    "keyids": [
     "bb3de7c557a82e1f8b2867dd3e457e51c7f01bd262c4c812eb5818600776f0ad"
    ],
    "threshold": 1
   },
   "targets": {
    "keyids": [
     "bb3de7c557a82e1f8b2867dd3e457e51c7f01bd262c4c812eb5818600776f0ad"
    ],
    "threshold": 1
   },
   "timestamp": {
    "keyids": [
     "bb3de7c557a82e1f8b2867dd3e457e51c7f01bd262c4c812eb5818600776f0ad"
    ],
    "threshold": 1
   }
  },
  "spec_version": "1.0.30",
  "supported_versions": [
   {
    "path": "FOLDER_NAME",
    "root-digest": "ROOT_DIGEST",
    "root-filename": "ROOT_FILENAME",
    "version": "MAJOR_VERSION"
   }
  ],
  "version": 2
 }
}

client.sh

#!/bin/bash

###############################################################
# Demo client to updates root metadata with unrecognized fields
#
# Usage:
# 1. Install requirements: `pip install securesystemslib[crypto,pynacl] tuf`
# 2. Download client.sh and make executable
# 3. Run client: `./client.sh`

# TUF repo metadata is served from this gist.
# See 1.root.json and 2.root.json above.
repo_url=https://gist.githubusercontent.com/lukpueh/242295da3062ada94c4e8e7155975527/raw/2f0ee5a9c37d940f1c3ab29ee135992fc1230439

# Download initial root to CWD with curl (out of band trust bootstraping)
curl ${repo_url}/1.root.json -o root.json

# Update root in CWD with TUF
#
# NOTE: This fails because the repo does not serve 'timestamp.json'
# The root update still works, even though the new root (version 2)
# includes an unknown field ("supported_versions"). See root.json in CWD.
python - << EOF
from tuf.ngclient import Updater

updater = Updater(
    metadata_dir=".",
    metadata_base_url="${repo_url}")

updater.refresh()
EOF