Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update repo metadata for 0.1.1 upstream release #32

Merged
merged 3 commits into from
Jan 27, 2021
Merged

Update repo metadata for 0.1.1 upstream release #32

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
e63edbc
Fix link in README.md
lukpueh Jan 27, 2021
1307390
Update installation instructions in README.md
lukpueh Jan 27, 2021
205ea18
Add CHANGELOG.md with initial entries
lukpueh Jan 27, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
# Changelog

## v0.1.1
- Update installation instructions in README.md
- Add this CHANGELOG.md

## v0.1.0
Initial release.
40 changes: 10 additions & 30 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,45 +8,25 @@ from public [*rebuilders*](https://salsa.debian.org/reproducible-builds/debian-r


### Installation
The transport method must be an executable in `/usr/lib/apt/methods/` and its
dependencies must be installed.
The transport and its dependencies are available via `apt`. Below command
installs the transport to `/usr/lib/apt/methods/intoto`, as well as a default
config file and layout (see below).

---
**NOTE:** *This is a temporary solution until this transport is available as
Debian package (see #11).*

---

```shell
# Get sources
git clone https://github.com/in-toto/apt-transport-in-toto.git
# Install requirements
pip install -r apt-transport-in-toto/requirements.txt
# Install transport
ln -s apt-transport-in-toto/intoto.py /usr/lib/apt/methods/intoto
chmod 755 /usr/lib/apt/methods/intoto
```


### Configuration
---
**NOTE:** *Once this transport is available as Debian package, default
configuration and installation of required metadata may be performed
automatically on installation of the package
(see [#11](https://github.com/in-toto/apt-transport-in-toto/issues/1)).*

---
sudo apt install apt-transport-in-toto
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ping @h01ger. Is it too early to say this?

```

#### Layout
To define the requirement of reproducibility for a package, an in-toto layout
must be available on the client at verification time and its path must be
specified in the apt configuration file (see
[*Options*](https://github.com/in-toto/apt-transport-in-toto#options) below).

A generic rebuild layout can be found in [`data/root.layout`](data/root.layout)
and may be used to verify any package. It contains public keys to verify the
authenticity and integrity of rebuilder link metadata and a threshold that
specifies how many authorized rebuilders need to agree on their result.
A generic rebuild layout ([`data/root.layout`](data/root.layout)) is made
available in `/etc/intoto/root.layout` upon installation. It contains public
keys to verify the authenticity and integrity of rebuilder link metadata
generated by currently available rebuilders, and a threshold that specifies how many
authorized rebuilders need to agree on their result.

---
**NOTE:** *Update the layout to add or revoke rebuilder authorizations.
Expand Down