About

This is a modified version of pip that integrates in-toto verification.
It assumes that there is an outer package, containing the payload package and the files necessary for toto-verification.

pip-in-toto installation

First install in-toto as outlined in the
"Download and setup in-toto on *NIX (Linux, OS X, ..)" section of https://github.com/in-toto/in-toto/tree/develop/demo

# After installing in-toto, get pip-in-toto
git clone https://github.com/team-ferret/pip-in-toto.git

# Change into project root directory
cd pip-in-toto

# Install with pip in "develop mode"
# (we strongly recommend using Virtual Environments)
# http://docs.python-guide.org/en/latest/dev/virtualenvs/
pip install -e .

pip-in-toto options

The following options are now valid when using pip install
- --toto-verify (layout) (layout-keys)
  - EXAMPLE: pip install MyDemoProject3 --toto-verify root.layout alice.pub
- --toto-default: (Assumes a default layout of "root.layout" and layout-key of "alice.pub")
  - EXAMPLE: pip install MyDemoProject3 --toto-default

Sample packages pip installable with pip-in-toto

MyDemoProject3
MyMaliciousProject

Name		Name	Last commit message	Last commit date
Latest commit History 29 Commits
.travis		.travis
contrib		contrib
docs		docs
pip.egg-info		pip.egg-info
pip		pip
tasks		tasks
tests		tests
.coveragerc		.coveragerc
.landscape.yml		.landscape.yml
.mailmap		.mailmap
.travis.yml		.travis.yml
AUTHORS.txt		AUTHORS.txt
CHANGES.txt		CHANGES.txt
LICENSE.txt		LICENSE.txt
MANIFEST.in		MANIFEST.in
README.md		README.md
README.rst		README.rst
appveyor.yml		appveyor.yml
dev-requirements.txt		dev-requirements.txt
setup.cfg		setup.cfg
setup.py		setup.py
tox.ini		tox.ini

License

team-ferret/pip-in-toto

Folders and files

Latest commit

History

Repository files navigation

About

pip-in-toto installation

pip-in-toto options

Sample packages pip installable with pip-in-toto

About

Resources

License

Stars

Watchers

Forks

Languages