Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update demo project to work with 2.1.1 version #65

Closed
wants to merge 1 commit into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -106,7 +106,7 @@ directory and perform the step.

```shell
cd ../functionary_bob
in-toto-run --step-name clone --use-dsse --products demo-project/foo.py --key bob -- git clone https://github.com/in-toto/demo-project.git
in-toto-run --step-name clone --use-dsse --products demo-project/foo.py --signing-key bob -- git clone https://github.com/in-toto/demo-project.git
```

Here is what happens behind the scenes:
Expand All @@ -124,7 +124,7 @@ So first Bob records the state of the files he will modify:

```shell
# In functionary_bob directory
in-toto-record start --step-name update-version --use-dsse --key bob --materials demo-project/foo.py
in-toto-record start --step-name update-version --use-dsse --signing-key bob --materials demo-project/foo.py
```

Then Bob uses an editor of his choice to update the version number in `demo-project/foo.py`, e.g.:
Expand All @@ -137,7 +137,7 @@ And finally he records the state of files after the modification and produces
a link metadata file called `update-version.[Bob's keyid].link`.
```shell
# In functionary_bob directory
in-toto-record stop --step-name update-version --use-dsse --key bob --products demo-project/foo.py
in-toto-record stop --step-name update-version --use-dsse --signing-key bob --products demo-project/foo.py
```

Bob has done his work and can send over the sources to Carl, who will create
Expand All @@ -154,7 +154,7 @@ to change to Carl's directory and create a package of the software project

```shell
cd ../functionary_carl
in-toto-run --step-name package --use-dsse --materials demo-project/foo.py --products demo-project.tar.gz --key carl -- tar --exclude ".git" -zcvf demo-project.tar.gz demo-project
in-toto-run --step-name package --use-dsse --materials demo-project/foo.py --products demo-project.tar.gz --signing-key carl -- tar --exclude ".git" -zcvf demo-project.tar.gz demo-project
```

This will create another step link metadata file, called `package.[Carl's keyid].link`.
Expand Down
10 changes: 5 additions & 5 deletions run_demo.py
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ def supply_chain():
" --verbose"
" --use-dsse"
" --step-name clone --products demo-project/foo.py"
" --key bob -- git clone https://github.com/in-toto/demo-project.git")
" --signing-key bob -- git clone https://github.com/in-toto/demo-project.git")
print(clone_cmd)
subprocess.call(shlex.split(clone_cmd))

Expand All @@ -43,7 +43,7 @@ def supply_chain():
" --verbose"
" --use-dsse"
" --step-name update-version"
" --key bob"
" --signing-key bob"
" --materials demo-project/foo.py")

print(update_version_start_cmd)
Expand All @@ -58,7 +58,7 @@ def supply_chain():
" --verbose"
" --use-dsse"
" --step-name update-version"
" --key bob"
" --signing-key bob"
" --products demo-project/foo.py")

print(update_version_stop_cmd)
Expand All @@ -73,7 +73,7 @@ def supply_chain():
" --use-dsse"
" --step-name package --materials demo-project/foo.py"
" --products demo-project.tar.gz"
" --key carl --record-streams"
" --signing-key carl --record-streams"
" -- tar --exclude '.git' -zcvf demo-project.tar.gz demo-project")
print(package_cmd)
subprocess.call(shlex.split(package_cmd))
Expand Down Expand Up @@ -115,7 +115,7 @@ def supply_chain():
" --use-dsse"
" --step-name package --materials demo-project/foo.py"
" --products demo-project.tar.gz"
" --key carl --record-streams"
" --signing-key carl --record-streams"
" -- tar --exclude '.git' -zcvf demo-project.tar.gz demo-project")
print(package_cmd)
subprocess.call(shlex.split(package_cmd))
Expand Down
Loading