Linux command
in-toto-run 命令
文本
复制后可按需替换文件名、目录或参数。
常用示例
Run and record command
in-toto-run -n [step_name] -k [key.pem] -- [command]
Record with materials and products
in-toto-run -n [build] -k [key] -m [src/] -p [dist/] -- make
Exclude patterns
in-toto-run -n [step] -k [key] --exclude [*.log] -- ./build.sh
Record without running
in-toto-run -n [step] -k [key] -m [files] -p [files]
说明
in-toto-run executes a command while recording supply chain metadata. It captures materials before execution and products after, creating a signed link file. The tool is central to in-toto supply chain security. Each link provides cryptographic proof of what inputs and outputs a build step had.
参数
- -n _NAME_
- Step name for link metadata.
- -k _KEY_
- Private key for signing.
- -m _MATERIALS_
- Materials (inputs) to record.
- -p _PRODUCTS_
- Products (outputs) to record.
- --exclude _PATTERN_
- Exclude files matching pattern.
- -c _COMMAND_
- Command to run (alternative to --).
- --help
- Display help information.
FAQ
What is the in-toto-run command used for?
in-toto-run executes a command while recording supply chain metadata. It captures materials before execution and products after, creating a signed link file. The tool is central to in-toto supply chain security. Each link provides cryptographic proof of what inputs and outputs a build step had.
How do I run a basic in-toto-run example?
Run `in-toto-run -n [step_name] -k [key.pem] -- [command]` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does -n _NAME_ do in in-toto-run?
Step name for link metadata.