Skip to content

Releases: in-toto/in-toto

Stable release 0.2.3

09 Oct 16:55
v0.2.3
b19ba72
Compare
Choose a tag to compare

in-toto v0.2.3

  • Add common interface for Python's subprocess module
  • Add Python 3.7 support
  • Drop Python 3.3 support
  • Add windows support
  • Add AppVeyor testing (windows)
  • Add optional line ending normalization when hashing artifacts (windows)
  • Add optional compact json representation for metadata
  • Make exclude filter behavior match gitignore when recording artifacts
  • Make cwd recording optional when creating link metadata
  • Add a substitution layer to support parameter substitution upon verification
  • Improve gpg support
  • Add full support for ed25519 keys and add optional key type parameter
  • Fix bug in rule verification (#204)

v0.2.3.dev5

28 Sep 14:46
v0.2.3.dev5
0f2afd3
Compare
Choose a tag to compare
v0.2.3.dev5 Pre-release
Pre-release
v0.2.3.dev5

v0.2.3.dev4

20 Sep 20:27
v0.2.3.dev4
8766c0c
Compare
Choose a tag to compare
v0.2.3.dev4 Pre-release
Pre-release
v0.2.3.dev4

v0.2.3.dev3

20 Sep 03:20
v0.2.3.dev3
2f7ff57
Compare
Choose a tag to compare
v0.2.3.dev3 Pre-release
Pre-release

Preview release 3 for in-toto 0.2.3

Version 0.2.3.dev2

14 Sep 19:28
v0.2.3.dev2
0287e0c
Compare
Choose a tag to compare
Version 0.2.3.dev2 Pre-release
Pre-release

Release candidate for 0.2.3

0.2.dev3

10 Jul 21:02
0.2.dev3
e8cb9aa
Compare
Choose a tag to compare
0.2.dev3 Pre-release
Pre-release

This release includes a couple of upstream bugfixes and parameter substitution. A more formal release with windows support will follow soon.

Version 0.2.2

30 Mar 20:53
0.2.2
5c8e0cd
Compare
Choose a tag to compare
Version 0.2.2 Pre-release
Pre-release

in-toto v0.2.2

  • Add support for gpg signing subkeys.
  • Drop strict requirement on securesystemslib 0.9.
  • Command line tool changes:
    • Add a --base-path parameter to in-toto record and in-toto run
    • in-toto-record now follows symbolic links
  • Fixed typo in exception messages
  • Adds support for sublayout namespacing (for in-toto spec 0.9 compliance)
  • Path prefix is normalized during in-toto verification:
    • Paths such as foo//bar match with foo/bar.

in-toto v0.2.1

21 Feb 17:41
0.2.1
f10ac5d
Compare
Choose a tag to compare
in-toto v0.2.1 Pre-release
Pre-release
  • Add metablock validators
  • Add abstract class for layout steps and inspections
  • Disallow passing command string to step and inspection constructor
  • Add custom __repr__ for step and inspection objects
  • Add layout creation convenience methods
  • Command Line tool changes
    • Add missing shebangs
    • Enhance help messages
    • Fix argparse bug for required subcommand in in-toto-record
    • Rename short option to record streams in in-toto-run
  • Fix gpg hashing algorithm name
  • Add layout creation example document
  • Refactor logging and user feedback
  • Rename artifact_rules module to rulelib and add convenience methods

in-toto v0.2.0

19 Jan 17:54
0.2.0
5a60c88
Compare
Choose a tag to compare
in-toto v0.2.0 Pre-release
Pre-release
  • Fix link metadata bug in in_toto_mock
  • Add support for GPG signing and verification of layout and link metadata
  • Add support for Python 3.4, 3.5 and 3.6
  • Refactor signature and threshold verification in final product verification so that not every signature on a given layout needs to be valid, as long as every signature for which a key is passed is valid, and at least one key is passed. Furthermore, not all imported links need to carry an authorized and valid signature, as as long as there are enough links with an authorized and valid signature for any given step. Links with unauthorized signatures or invalid signatures are ignored
  • Remove canonicaljson dependency and use securesystemslib's canonicaljson encoding
  • Refactor order of positional arguments in in-toto-record command line tool
  • Add linters (pylint and bandit) and fix linting errors (e.g.: indentation and unused variables and imports)
  • Add schemas for in-toto specific crypto-related metadata formats
  • Improve testing code coverage to 100%
  • Add debian directory required to create a debian package
  • Add .editorconfig and GitHub issue and pull request templates, ACKNOWLEDGEMENTS.md, CODE-OF-CONDUCT.md, GOVERNANCE.md, MAINTAINERS.txt and passing core infrastructure best practice badge, add "Security Issues and Bugs" and "Instructions for Contributors" section in README.md

in-toto v0.1.1

09 Nov 20:00
0.1.1
460d9de
Compare
Choose a tag to compare
in-toto v0.1.1 Pre-release
Pre-release

Initial pre-release