Merge pull request #32 from lukpueh/bump_v0.1.1

Update repo metadata for 0.1.1 upstream release
in-toto · Jan 27, 2021 · bd3c56b · bd3c56b
2 parents 904332d + 205ea18
commit bd3c56b
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 30 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -0,0 +1,8 @@
+# Changelog
+
+## v0.1.1
+- Update installation instructions in README.md
+- Add this CHANGELOG.md
+
+## v0.1.0
+Initial release.
diff --git a/README.md b/README.md
@@ -8,45 +8,25 @@ from public [*rebuilders*](https://salsa.debian.org/reproducible-builds/debian-r
 
 
 ### Installation
-The transport method must be an executable in `/usr/lib/apt/methods/` and its
-dependencies must be installed.
+The transport and its dependencies are available via `apt`. Below command
+installs the transport to `/usr/lib/apt/methods/intoto`, as well as a default
+config file and layout (see below).
 
----
-**NOTE:** *This is a temporary solution until this transport is available as
-Debian package (see #11).*
-
----
-
-```shell
-# Get sources
-git clone https://github.com/in-toto/apt-transport-in-toto.git
-# Install requirements
-pip install -r apt-transport-in-toto/requirements.txt
-# Install transport
-ln -s apt-transport-in-toto/intoto.py /usr/lib/apt/methods/intoto
-chmod 755 /usr/lib/apt/methods/intoto
 ```
-
-
-### Configuration
----
-**NOTE:** *Once this transport is available as Debian package, default
-configuration and installation of required metadata may be performed
-automatically on installation of the package
-(see [#11](https://github.com/in-toto/apt-transport-in-toto/issues/1)).*
-
----
+sudo apt install apt-transport-in-toto
+```
 
 #### Layout
 To define the requirement of reproducibility for a package, an in-toto layout
 must be available on the client at verification time and its path must be
 specified in the apt configuration file (see
 [*Options*](https://github.com/in-toto/apt-transport-in-toto#options) below).
 
-A generic rebuild layout can be found in [`data/root.layout`](data/root.layout)
-and may be used to verify any package. It contains public keys to verify the
-authenticity and integrity of rebuilder link metadata and a threshold that
-specifies how many authorized rebuilders need to agree on their result.
+A generic rebuild layout ([`data/root.layout`](data/root.layout)) is made
+available in `/etc/intoto/root.layout` upon installation. It contains public
+keys to verify the authenticity and integrity of rebuilder link metadata
+generated by currently available rebuilders, and a threshold that specifies how many
+authorized rebuilders need to agree on their result.
 
 ---
 **NOTE:** *Update the layout to add or revoke rebuilder authorizations.