LinuxCommandLibrary

in-toto-run

executes a command while recording supply chain metadata

TLDR

Run and record command

$ in-toto-run -n [step_name] -k [key.pem] -- [command]
copy
Record with materials and products
$ in-toto-run -n [build] -k [key] -m [src/] -p [dist/] -- make
copy
Exclude patterns
$ in-toto-run -n [step] -k [key] --exclude [*.log] -- ./build.sh
copy
Record without running
$ in-toto-run -n [step] -k [key] -m [files] -p [files]
copy

SYNOPSIS

in-toto-run [options] [-- command]

DESCRIPTION

in-toto-run executes a command while recording supply chain metadata. It captures materials before execution and products after, creating a signed link file.
The tool is central to in-toto supply chain security. Each link provides cryptographic proof of what inputs and outputs a build step had.

PARAMETERS

-n NAME

Step name for link metadata.
-k KEY
Private key for signing.
-m MATERIALS
Materials (inputs) to record.
-p PRODUCTS
Products (outputs) to record.
--exclude PATTERN
Exclude files matching pattern.
-c COMMAND
Command to run (alternative to --).
--help
Display help information.

CAVEATS

Requires signing key. Links must match layout. Python-based tool.

HISTORY

in-toto-run is the primary recording tool in in-toto, developed at NYU for protecting software supply chain integrity.

SEE ALSO

in-toto-record(1), in-toto-verify(1), in-toto-sign(1)

> TERMINAL_GEAR

Curated for the Linux community

Copied to clipboard

> TERMINAL_GEAR

Curated for the Linux community