From 09fee76ee3ad2779b12c664e0e5d0c2b9787cec0 Mon Sep 17 00:00:00 2001 From: Matthias Glastra Date: Fri, 22 Dec 2023 14:25:14 +0100 Subject: [PATCH] fix: Fix incorrect command argument --key. --key is replaced by --signing-key. --- README.md | 8 ++++---- run_demo.py | 10 +++++----- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 2b58de9..82a718f 100644 --- a/README.md +++ b/README.md @@ -106,7 +106,7 @@ directory and perform the step. ```shell cd ../functionary_bob -in-toto-run --step-name clone --use-dsse --products demo-project/foo.py --key bob -- git clone https://github.com/in-toto/demo-project.git +in-toto-run --step-name clone --use-dsse --products demo-project/foo.py --signing-key bob -- git clone https://github.com/in-toto/demo-project.git ``` Here is what happens behind the scenes: @@ -124,7 +124,7 @@ So first Bob records the state of the files he will modify: ```shell # In functionary_bob directory -in-toto-record start --step-name update-version --use-dsse --key bob --materials demo-project/foo.py +in-toto-record start --step-name update-version --use-dsse --signing-key bob --materials demo-project/foo.py ``` Then Bob uses an editor of his choice to update the version number in `demo-project/foo.py`, e.g.: @@ -137,7 +137,7 @@ And finally he records the state of files after the modification and produces a link metadata file called `update-version.[Bob's keyid].link`. ```shell # In functionary_bob directory -in-toto-record stop --step-name update-version --use-dsse --key bob --products demo-project/foo.py +in-toto-record stop --step-name update-version --use-dsse --signing-key bob --products demo-project/foo.py ``` Bob has done his work and can send over the sources to Carl, who will create @@ -154,7 +154,7 @@ to change to Carl's directory and create a package of the software project ```shell cd ../functionary_carl -in-toto-run --step-name package --use-dsse --materials demo-project/foo.py --products demo-project.tar.gz --key carl -- tar --exclude ".git" -zcvf demo-project.tar.gz demo-project +in-toto-run --step-name package --use-dsse --materials demo-project/foo.py --products demo-project.tar.gz --signing-key carl -- tar --exclude ".git" -zcvf demo-project.tar.gz demo-project ``` This will create another step link metadata file, called `package.[Carl's keyid].link`. diff --git a/run_demo.py b/run_demo.py index 8c5c32e..f7cfff3 100644 --- a/run_demo.py +++ b/run_demo.py @@ -33,7 +33,7 @@ def supply_chain(): " --verbose" " --use-dsse" " --step-name clone --products demo-project/foo.py" - " --key bob -- git clone https://github.com/in-toto/demo-project.git") + " --signing-key bob -- git clone https://github.com/in-toto/demo-project.git") print(clone_cmd) subprocess.call(shlex.split(clone_cmd)) @@ -43,7 +43,7 @@ def supply_chain(): " --verbose" " --use-dsse" " --step-name update-version" - " --key bob" + " --signing-key bob" " --materials demo-project/foo.py") print(update_version_start_cmd) @@ -58,7 +58,7 @@ def supply_chain(): " --verbose" " --use-dsse" " --step-name update-version" - " --key bob" + " --signing-key bob" " --products demo-project/foo.py") print(update_version_stop_cmd) @@ -73,7 +73,7 @@ def supply_chain(): " --use-dsse" " --step-name package --materials demo-project/foo.py" " --products demo-project.tar.gz" - " --key carl --record-streams" + " --signing-key carl --record-streams" " -- tar --exclude '.git' -zcvf demo-project.tar.gz demo-project") print(package_cmd) subprocess.call(shlex.split(package_cmd)) @@ -115,7 +115,7 @@ def supply_chain(): " --use-dsse" " --step-name package --materials demo-project/foo.py" " --products demo-project.tar.gz" - " --key carl --record-streams" + " --signing-key carl --record-streams" " -- tar --exclude '.git' -zcvf demo-project.tar.gz demo-project") print(package_cmd) subprocess.call(shlex.split(package_cmd))