Merge pull request #70 from in-toto/dependabot/pip/in-toto-2.3.0

Bump in-toto from 2.1.1 to 2.3.0
in-toto · May 9, 2024 · 927ba96 · 927ba96
2 parents f921735 + d873e27
commit 927ba96
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 3 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -16,8 +16,11 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        python-version: ['3.7', '3.8', '3.9', '3.10']
-        os: [ubuntu-latest, macos-latest]
+        python-version: ['3.8', '3.9', '3.10', '3.11']
+        os: [ubuntu-latest]
+        include:
+          - python-version: "3.11"
+            os: macos-latest
 
     runs-on: ${{ matrix.os }}
     steps:

diff --git a/requirements.txt b/requirements.txt
@@ -1 +1 @@
-in-toto==2.1.1
+in-toto==2.3.0
diff --git a/run_demo_md.py b/run_demo_md.py
@@ -41,27 +41,34 @@
 Created demo in-toto layout as "root.layout".
 + cd ../functionary_bob
 + in-toto-run --step-name clone --use-dsse --products demo-project/foo.py --key bob -- git clone https://github.com/in-toto/demo-project.git
+'-k', '--key' is deprecated, use '--signing-key' instead.
 + in-toto-record start --step-name update-version --use-dsse --key bob --materials demo-project/foo.py
+'-k', '--key' is deprecated, use '--signing-key' instead.
 + sed -i.bak s/v0/v1/ demo-project/foo.py
 + rm demo-project/foo.py.bak
 + in-toto-record stop --step-name update-version --use-dsse --key bob --products demo-project/foo.py
+'-k', '--key' is deprecated, use '--signing-key' instead.
 + cp -r demo-project ../functionary_carl/
 + cd ../functionary_carl
 + in-toto-run --step-name package --use-dsse --materials demo-project/foo.py --products demo-project.tar.gz --key carl -- tar --exclude .git -zcvf demo-project.tar.gz demo-project
+'-k', '--key' is deprecated, use '--signing-key' instead.
 + cd ..
 + cp owner_alice/root.layout functionary_bob/clone.776a00e2.link functionary_bob/update-version.776a00e2.link functionary_carl/package.2f89b927.link functionary_carl/demo-project.tar.gz final_product/
 + cd final_product
 + cp ../owner_alice/alice.pub .
 + in-toto-verify --layout root.layout --layout-key alice.pub
+'-k', '--layout-keys' is deprecated, use '--verification-keys' instead.
 + echo 0
 0
 + cd ../functionary_carl
 + echo something evil
 + in-toto-run --step-name package --use-dsse --materials demo-project/foo.py --products demo-project.tar.gz --key carl -- tar --exclude .git -zcvf demo-project.tar.gz demo-project
+'-k', '--key' is deprecated, use '--signing-key' instead.
 + cd ..
 + cp owner_alice/root.layout functionary_bob/clone.776a00e2.link functionary_bob/update-version.776a00e2.link functionary_carl/package.2f89b927.link functionary_carl/demo-project.tar.gz final_product/
 + cd final_product
 + in-toto-verify --layout root.layout --layout-key alice.pub
+'-k', '--layout-keys' is deprecated, use '--verification-keys' instead.
 (in-toto-verify) RuleVerificationError: 'DISALLOW *' matched the following artifacts: ['demo-project/foo.py']
 Full trace for 'expected_materials' of item 'package':
 Available materials (used for queue):
@@ -103,6 +110,8 @@
       universal_newlines=True)
   stdout, _ = proc.communicate()
 
+  print(stdout)
+
   # Fail if the output is not what we expected
   if stdout != EXPECTED_STDOUT:
     difflist = list(difflib.Differ().compare(