{ "info": { "author": "New York University: Secure Systems Lab", "author_email": "in-toto-dev@googlegroups.com", "bugtrack_url": null, "classifiers": [ "Development Status :: 4 - Beta", "Intended Audience :: Developers", "License :: OSI Approved :: Apache Software License", "Natural Language :: English", "Operating System :: MacOS :: MacOS X", "Operating System :: POSIX", "Operating System :: POSIX :: Linux", "Programming Language :: Python", "Programming Language :: Python :: 2", "Programming Language :: Python :: 2.7", "Programming Language :: Python :: 3", "Programming Language :: Python :: 3.5", "Programming Language :: Python :: 3.6", "Programming Language :: Python :: 3.7", "Programming Language :: Python :: Implementation :: CPython", "Topic :: Security", "Topic :: Software Development" ], "description": "# in-toto [![Build Status](https://travis-ci.org/in-toto/in-toto.svg?branch=develop)](https://travis-ci.org/in-toto/in-toto) [![Coverage Status](https://coveralls.io/repos/github/in-toto/in-toto/badge.svg?branch=develop)](https://coveralls.io/github/in-toto/in-toto?branch=develop) [![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/1523/badge)](https://bestpractices.coreinfrastructure.org/projects/1523) [![Build status](https://ci.appveyor.com/api/projects/status/taxlhrrlf3co07e1/branch/develop?svg=true)](https://ci.appveyor.com/project/in-toto/in-toto/branch/develop)\n\n\n\nin-toto provides a framework to protect the integrity of the software supply chain. It does so by verifying that each task in the chain is carried out as planned, by authorized personnel only, and that the product is not tampered with in transit.\n\nin-toto requires a **project owner** to create a **layout**. A layout lists the sequence of **steps** of the software supply chain, and the **functionaries** authorized to perform these steps.\nWhen a functionary performs a step in-toto gathers information about the used command and the related files and stores it in a **link** metadata file. As a consequence link files provide the required evidence to establish a continuous chain that can be validated against the steps defined in the layout.\n\nThe layout, signed by the project owners, together with the links, signed by the designated functionaries, are released as part of the final product, and can be validated manually or via automated tooling in, e.g. a package manager.\n\n\n## Getting Started\n\n### Install Dependencies\n - [Python](www.python.org) in version 2.7 - crypto libraries require header files\n - [OpenSSL](https://www.openssl.org/) - crypto libraries require header files\n - [git](https://git-scm.com/) - version control system\n - [pip](https://pip.pypa.io) - package installer tool\n\n### Installation\nIt is strongly recommended to install in-toto in an isolated Python environment. For easy setup instructions visit the docs for [`virtualenv`](https://virtualenv.pypa.io) and the convenient [`vitualenvwrapper`](https://virtualenvwrapper.readthedocs.io).\n\n```shell\npip install in-toto\n```\n### Create layout, run supply chain steps and verify final product\n\n#### Layout\n\nThe in-toto software supply chain layout consists of the following parts:\n - **expiration date**\n - **readme** (an optional description of the supply chain)\n - **functionary keys** (public keys, used to verify link metadata signatures)\n - **signatures** (one or more layout signatures created with the project owner key(s))\n - **software supply chain steps**\n correspond to steps carried out by a functionary as part of the software supply chain. The steps defined in the layout list the functionaries who are authorized to carry out the step (by key id). Steps require a unique name to associate them (upon verification) with link metadata that is created when a functionary carries out the step using the `in-toto` tools. Additionally, steps must have material and product rules which define the files a step is supposed to operate on. Material and product rules are described in the section below.\n - **inspections** define commands to be run during the verification process and can also list material and product rules.\n\nTake a look at the [demo layout creation example](https://github.com/in-toto/in-toto/blob/develop/layout-creation.md)\nfor further information on how to create an in-toto layout. Or try our\nexperimental [layout creation web tool](https://in-toto.engineering.nyu.edu/).\n\n\n\n#### Artifact Rules\nA software supply chain usually operates on a set of files, such as source code, executables, packages, or the like. in-toto calls these files artifacts. A material is an artifact that will be used when a step or inspection is carried out. Likewise, a product is an artifact that results from carrying out a step.\n\nThe in-toto layout provides a simple rule language to authorize or enforce the artifacts of a step and to chain them together. This adds the following guarantees for any given step or inspection:\n- Only artifacts **authorized** by the project owner are created, modified or deleted,\n- each defined creation, modification or deletion is **enforced**, and also\n- restricted to the scope of its definition, which **chains** subsequent steps and inspections together.\n\nNote that it is up to you to properly secure your supply chain, by authorizing, enforcing and chaining materials and products using any and usually multiple of the following rules:\n- `CREATE `\n- `DELETE `\n- `MODIFY `\n- `ALLOW `\n- `DISALLOW `\n- `REQUIRE `\n- `MATCH [IN ] WITH (MATERIALS|PRODUCTS) [IN ] FROM `\n\n*Rule arguments specified as `` allow for Unix shell-style wildcards as implemented by Python's [`fnmatch`](https://docs.python.org/2/library/fnmatch.html).*\n\nTo learn more about the different rule types, their guarantees and how they are applied take a look at the [Artifact Rules](https://github.com/in-toto/docs/blob/master/in-toto-spec.md#433-artifact-rules) section of the in-toto specification.\n\n#### Carrying out software supply chain steps\n\n##### in-toto-run\n`in-toto-run` is used to execute a step in the software supply chain. This can\nbe anything relevant to the project such as tagging a release with `git`,\nrunning a test, or building a binary. The relevant step name and command are\npassed as arguments, along with materials, which are files required for that\nstep's command to execute, and products which are files expected as a result\nof the execution of that command. These, and other relevant details\npertaining to the step are stored in a link file, which is signed using the\nfunctionary's key.\n\nIf materials are not passed to the command, the link file generated just\ndoesn't record them. Similarly, if the execution of a command via\n`in-toto-run` doesn't result in any products, they're not recorded in the link\nfile. Any files that are modified or used in any way during the execution of\nthe command are not recorded in the link file unless explicitly passed as\nartifacts. Conversely, any materials or products passed to the command are\nrecorded in the link file even if they're not part of the execution\nof the command.\n\nSee [this simple usage example from the demo application\nfor more details](https://github.com/in-toto/demo).\nFor a detailed list of all the command line arguments, run `in-toto-run --help`\nor look at the [code documentation](https://github.com/in-toto/in-toto/blob/develop/in_toto/in_toto_run.py).\n\n##### in-toto-record\n`in-toto-record` works similar to `in-toto-run` but can be used for\nmulti-part software supply chain steps, i.e. steps that are not carried out\nby a single command. Use `in-toto-record start ...` to create a\npreliminary link file that only records the *materials*, then run the\ncommands of that step or edit files manually and finally use\n`in-toto-record stop ...` to record the *products* and generate the actual\nlink metadata file. For a detailed list of all command line arguments and their usage,\nrun `in-toto-record start --help` or `in-toto-record stop --help`, or look at\nthe [code documentation](https://github.com/in-toto/in-toto/blob/develop/in_toto/in_toto_record.py).\n\n#### Release final product\n\nIn order to verify the final product with in-toto, the verifier must have access to the layout, the `*.link` files,\nand the project owner's public key(s).\n\n#### Verification\nUse `in-toto-verify` on the final product to verify that\n- the layout was signed with the project owner's private key(s),\n- has not expired,\n- each step was performed and signed by the authorized functionary,\n- the functionaries used the commands, they were supposed to use,\n- materials and products of each step were in place as defined by the rules, and\n- run the defined inspections\n\nFor a detailed list of all command line arguments and their usage, run\n`in-toto-verify --help` or look at the\n[code documentation](https://github.com/in-toto/in-toto/blob/develop/in_toto/in_toto_verify.py).\n\n#### Signatures\n`in-toto-sign` is a metadata signature helper tool to add, replace, and\nverify signatures within in-toto Link or Layout metadata, with options to:\n- replace (default) or add signature(s), with layout metadata able to be\nsigned by multiple keys at once while link metadata can only be signed by one key at a time\n- write signed metadata to a specified path (if no output path is specified,\nlayout metadata is written to the path of the input file while link metadata\nis written to `..link`)\n- verify signatures\n\nThis tool is intended to sign layouts created by the\n[layout web wizard](https://in-toto.engineering.nyu.edu/), but also serves\nwell to re-sign test and demo data. For example, it can be used if metadata\nformats or signing routines change.\n\nFor a detailed list of all command line arguments and their usage, run\n`in-toto-sign --help` or look at the\n[code documentation](https://github.com/in-toto/in-toto/blob/develop/in_toto/in_toto_sign.py).\n\n#### Settings\nSettings can be configured in [`in_toto.settings`](https://github.com/in-toto/in-toto/blob/develop/in_toto/settings.py), via prefixed environment variables or in RCfiles in one of the following\npaths: */etc/in_toto/config, /etc/in_totorc, \\~/.config/in_toto/config,\n\\~/.config/in_toto, \\~/.in_toto/config, \\~/.in_totorc, .in_totorc*.\n\nA setting in an RCfile in the current working directory overrides\nthe same\nsetting in an RCfile in the user's home directory, which overrides the\nsame setting in an environment variable, which overrides the same setting\nin `in_toto.settings`.\n\nSetting names are restricted to the below listed settings (case sensitive).\nAlso, setting values that contain colons are parsed as list.\n\n##### Available Settings\n\n`ARTIFACT_EXCLUDE_PATTERNS` Specifies a list of glob patterns that can be used to\nexclude files from being recorded as materials or products. See [runlib\ndocs for more details](https://github.com/in-toto/in-toto/blob/develop/in_toto/runlib.py#L124-L142).\n\n`ARTIFACT_BASE_PATH` If set, material and product paths passed to\n`in-toto-run` are searched relative to the set base path. Also, the base\npath is stripped from the paths written to the resulting link metadata\nfile.\n\n##### Examples\n```shell\n# Bash style environment variable export\nexport IN_TOTO_ARTIFACT_BASE_PATH='/home/user/project'\nexport IN_TOTO_ARTIFACT_EXCLUDE_PATTERNS='*.link:.gitignore'\n```\n```\n# E.g in rcfile ~/.in_totorc\n[in-toto settings]\nARTIFACT_BASE_PATH=/home/user/project\nARTIFACT_EXCLUDE_PATTERNS=*.link:.gitignore\n\n```\n\n## in-toto demo\nYou can try in-toto by running the [demo application](https://github.com/in-toto/demo).\nThe demo basically outlines three users viz., Alice (project owner), Bob (functionary) and Carl (functionary) and how in-toto helps to specify a project layout and verify that the layout has been followed in a correct manner.\n\n## Specification\nYou can read more about how in-toto works by taking a look at the [specification](https://github.com/in-toto/docs/raw/master/in-toto-spec.pdf).\n\n\n## Security Issues and Bugs\nSecurity issues can be reported by emailing justincappos@gmail.com.\n\nAt a minimum, the report must contain the following:\n* Description of the vulnerability.\n* Steps to reproduce the issue.\n\nOptionally, reports that are emailed can be encrypted with PGP. You should use\nPGP key fingerprint E9C0 59EC 0D32 64FA B35F 94AD 465B F9F6 F8EB 475A.\n\nPlease do not use the GitHub issue tracker to submit vulnerability reports. The\nissue tracker is intended for bug reports and to make feature requests.\n\n## Instructions for Contributors\nDevelopment of in-toto occurs on the \"develop\" branch of this repository.\nContributions can be made by submitting GitHub *Pull Requests*. Take a look at\nour [development\nguidelines](https://github.com/secure-systems-lab/lab-guidelines/blob/master/dev-workflow.md)\nfor detailed instructions. Submitted code should follow our [style\nguidelines](https://github.com/secure-systems-lab/code-style-guidelines) and\nmust be unit tested.\n\nContributors must also indicate acceptance of the [Developer Certificate of\nOrigin (DCO)](https://developercertificate.org/) by appending a `Signed-off-by:\nYour Name ` to each git commit message (see [`git commit\n--signoff`](https://git-scm.com/docs/git-commit#Documentation/git-commit.txt---signoff)).\n\n\n## Acknowledgments\nThis project is managed by Prof. Justin Cappos and other members of the\n[Secure Systems Lab](https://ssl.engineering.nyu.edu/) at NYU and the\n[NJIT Cybersecurity Research Center](https://centers.njit.edu/cybersecurity).\n\nThis research was supported by the Defense Advanced Research Projects Agency\n(DARPA) and the Air Force Research Laboratory (AFRL). Any opinions, findings,\nand conclusions or recommendations expressed in this material are those of the\nauthors and do not necessarily reflect the views of DARPA and AFRL. The United\nStates Government is authorized to reproduce and distribute reprints\nnotwithstanding any copyright notice herein.\n\n\n", "description_content_type": "text/markdown", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://in-toto.io", "keywords": "software supply chain security", "license": "Apache-2.0", "maintainer": "", "maintainer_email": "", "name": "in-toto", "package_url": "https://pypi.org/project/in-toto/", "platform": "", "project_url": "https://pypi.org/project/in-toto/", "project_urls": { "Bug Reports": "https://github.com/in-toto/in-toto/issues", "Homepage": "https://in-toto.io", "Source": "https://github.com/in-toto/in-toto" }, "release_url": "https://pypi.org/project/in-toto/0.4.1/", "requires_dist": [ "six", "securesystemslib[crypto] (>=0.12.0)", "attrs", "python-dateutil", "iso8601", "pathspec", "subprocess32 ; python_version < \"3\"", "pynacl (>1.2.0) ; extra == 'pynacl'" ], "requires_python": ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, <4", "summary": "A framework to define and secure the integrity of software supply chains", "version": "0.4.1" }, "last_serial": 5970645, "releases": { "0.1.1": [ { "comment_text": "", "digests": { "md5": "b078fe50513eb3601387279363270ad5", "sha256": "1c264c1953480ff9c374a19adcd91fcba9ace84ad615baf58b9c4b8cee33779d" }, "downloads": -1, "filename": "in_toto-0.1.1-py2-none-any.whl", "has_sig": false, "md5_digest": "b078fe50513eb3601387279363270ad5", "packagetype": "bdist_wheel", "python_version": "py2", "requires_python": null, "size": 74842, "upload_time": "2017-11-09T19:45:48", "url": "https://files.pythonhosted.org/packages/1a/ad/5a9759213850eb3e544ec83c00ca2f79aa00009430a377ea569b1bf430ff/in_toto-0.1.1-py2-none-any.whl" }, { "comment_text": "", "digests": { "md5": "43fc9122029cad6a503860d8ff55329b", "sha256": "4525cd859e1b9af70960577bd744f0784b89f9b31c4989c2e06114eb526b4f2d" }, "downloads": -1, "filename": "in-toto-0.1.1.tar.gz", "has_sig": true, "md5_digest": "43fc9122029cad6a503860d8ff55329b", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 53436, "upload_time": "2017-11-09T19:46:05", "url": "https://files.pythonhosted.org/packages/2d/50/520c02bdfe6ea46c0cffd0b83684ff3e77785cd7aa1577080913dea3b598/in-toto-0.1.1.tar.gz" } ], "0.2.0": [ { "comment_text": "", "digests": { "md5": "b3d5d11f6b57000ba09fa8b586f26648", "sha256": "8b19abd6bed62b280e7a93807fe2adfa149910206987ee326e1658400d1c6de1" }, "downloads": -1, "filename": "in_toto-0.2.0-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "b3d5d11f6b57000ba09fa8b586f26648", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 94289, "upload_time": "2018-01-19T17:44:00", "url": "https://files.pythonhosted.org/packages/14/24/7365f0053706c5c58247c7a55d29fef28797e91cb938e9c2d5abf3593cde/in_toto-0.2.0-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "5d26344229e9761917d92b6dbb089a97", "sha256": "4ecbe12a4c5278ea9a670d38e2111a7e56e93110ea7c592432230a637de5e0c1" }, "downloads": -1, "filename": "in-toto-0.2.0.tar.gz", "has_sig": true, "md5_digest": "5d26344229e9761917d92b6dbb089a97", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 51688, "upload_time": "2018-01-19T17:44:02", "url": "https://files.pythonhosted.org/packages/0f/c1/eb7821617e3b62101e2a4d4014bec440f747bdef81b49d963cff3d62b9fc/in-toto-0.2.0.tar.gz" } ], "0.2.1": [ { "comment_text": "", "digests": { "md5": "a5a2e0174abe8d514854b93bdc7a3a67", "sha256": "5fa88a6aa5418aeb2459bb585cf2a98f556b36a7e7dd9a735273827a2eab5872" }, "downloads": -1, "filename": "in_toto-0.2.1-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "a5a2e0174abe8d514854b93bdc7a3a67", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 71432, "upload_time": "2018-02-21T18:05:14", "url": "https://files.pythonhosted.org/packages/75/e6/e13c36b9b8d1314237ac4b6fe3cebe3025a50b30497a682d42c71e7c21f2/in_toto-0.2.1-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "86b27a689df430c76876cccc4b71548f", "sha256": "e9e8af14faead6e22cbd4a8502690bf226f5ed0963b63cd0dcd9acebf454989c" }, "downloads": -1, "filename": "in-toto-0.2.1.tar.gz", "has_sig": true, "md5_digest": "86b27a689df430c76876cccc4b71548f", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 57986, "upload_time": "2018-02-21T18:05:16", "url": "https://files.pythonhosted.org/packages/33/1f/2ca2a9bd5b0209581ba32e2b446990c787d5868ff386cfae7c846554ee9f/in-toto-0.2.1.tar.gz" } ], "0.2.2": [ { "comment_text": "", "digests": { "md5": "54c17861024aea78b02f7029bda269eb", "sha256": "b10f6063b8d9b12537bd03f99a38ef8e29e2946aefa5ca8f4adf9c816748416d" }, "downloads": -1, "filename": "in_toto-0.2.2-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "54c17861024aea78b02f7029bda269eb", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 100443, "upload_time": "2018-04-05T14:42:34", "url": "https://files.pythonhosted.org/packages/1d/3a/1284c207c81f9eb27034f6d3102c45d040142850e67272adf5f0b6ab83c0/in_toto-0.2.2-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "c4326adb0abf531c7908995c24e13295", "sha256": "9ff9c9ef9471576e1eeefd14e410f054afce9ee6df3727000ae1d68142a26c83" }, "downloads": -1, "filename": "in-toto-0.2.2.tar.gz", "has_sig": true, "md5_digest": "c4326adb0abf531c7908995c24e13295", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 62468, "upload_time": "2018-04-05T14:39:51", "url": "https://files.pythonhosted.org/packages/a2/32/f8a8c35f8773d24ee1bffee9f7426c2a2ce8158a9dd609d9f67a9d5ae6b9/in-toto-0.2.2.tar.gz" } ], "0.2.3": [ { "comment_text": "", "digests": { "md5": "289d02340e809089871c26cc38d318b5", "sha256": "bbe25d02407604d0627e9dcdbca33ac6d5a05fa12fb40c5ad256b988e40a370b" }, "downloads": -1, "filename": "in-toto-0.2.3.tar.gz", "has_sig": false, "md5_digest": "289d02340e809089871c26cc38d318b5", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 64606, "upload_time": "2018-10-09T16:51:11", "url": "https://files.pythonhosted.org/packages/06/4d/4d32a374793f87b26a350fe659fc4abdc92a41fa9178f26af6683e40cf26/in-toto-0.2.3.tar.gz" } ], "0.2.3.dev2": [ { "comment_text": "", "digests": { "md5": "bbcea1fa907eb3f6fa0daa52ecc4dbaf", "sha256": "956758949bb151efe48df20d089cff5c60c57cbc83dff6632dccd8bdcfa4bd8f" }, "downloads": -1, "filename": "in-toto-0.2.3.dev2.tar.gz", "has_sig": false, "md5_digest": "bbcea1fa907eb3f6fa0daa52ecc4dbaf", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 62687, "upload_time": "2018-09-14T19:25:15", "url": "https://files.pythonhosted.org/packages/fb/4c/7165b9d78fa808c7db6996eb4b94ff6c00762b19c5a8761bd460e1a57951/in-toto-0.2.3.dev2.tar.gz" } ], "0.2.3.dev3": [ { "comment_text": "", "digests": { "md5": "c93d6c934c84020c14048cea8511aedb", "sha256": "7a1afcddbf288a73cc1204ca0bad8b13644fe526f474431b28b737376365aece" }, "downloads": -1, "filename": "in-toto-0.2.3.dev3.tar.gz", "has_sig": false, "md5_digest": "c93d6c934c84020c14048cea8511aedb", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 62950, "upload_time": "2018-09-20T03:18:26", "url": "https://files.pythonhosted.org/packages/4f/3d/e7b3e71960197c30cf3748c35f2f71c31645c464025e4e9cc5f62bb93d52/in-toto-0.2.3.dev3.tar.gz" } ], "0.2.3.dev4": [ { "comment_text": "", "digests": { "md5": "f4ab56a916f8daaa999f758da9d50aca", "sha256": "caaec2bfe39ce9581053187120f287fc46cc1d32a0cbfda3209edbce952784a9" }, "downloads": -1, "filename": "in-toto-0.2.3.dev4.tar.gz", "has_sig": false, "md5_digest": "f4ab56a916f8daaa999f758da9d50aca", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 63119, "upload_time": "2018-09-20T20:25:38", "url": "https://files.pythonhosted.org/packages/e1/84/a283743669085c331c9ff283916c618f1e6b887329ad5c12e3c5fe47dfa8/in-toto-0.2.3.dev4.tar.gz" } ], "0.2.3.dev5": [ { "comment_text": "", "digests": { "md5": "9b02911f90260812ac25a515eef2af2f", "sha256": "d6b2f917bd209c4f63fea7531be6825d70ca15c4b52836b4c1fa7128b4f7edf5" }, "downloads": -1, "filename": "in-toto-0.2.3.dev5.tar.gz", "has_sig": false, "md5_digest": "9b02911f90260812ac25a515eef2af2f", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 63153, "upload_time": "2018-09-28T14:44:54", "url": "https://files.pythonhosted.org/packages/ac/f3/35c63e1003f531b9a5879c491075fccb2492a891535a62cccd0fc16bd5e9/in-toto-0.2.3.dev5.tar.gz" } ], "0.2.dev3": [ { "comment_text": "", "digests": { "md5": "573785ef7ada172f7c671e4483d9a9ae", "sha256": "acbaa5d54a21d0a4618a287980929ef2ef0fb9199acf6d619a994225c6cb2ce1" }, "downloads": -1, "filename": "in-toto-0.2.dev3.tar.gz", "has_sig": false, "md5_digest": "573785ef7ada172f7c671e4483d9a9ae", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 64359, "upload_time": "2018-07-10T20:59:45", "url": "https://files.pythonhosted.org/packages/03/77/3c97434c1fc9674289fc6b61f8f67b3c002a9c53b8a2f615ad86d7f51ae1/in-toto-0.2.dev3.tar.gz" } ], "0.3.0": [ { "comment_text": "", "digests": { "md5": "2e7ef76357ee6e404309ff837912af2b", "sha256": "94a48896d41cfd57235a0152af401f010e9c5720f44a6c841cbc11e8d7c3a8a1" }, "downloads": -1, "filename": "in-toto-0.3.0.tar.gz", "has_sig": true, "md5_digest": "2e7ef76357ee6e404309ff837912af2b", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 71268, "upload_time": "2019-03-22T17:38:32", "url": "https://files.pythonhosted.org/packages/9e/e6/aec45bf9b671d689ed695866ad1e98231129627718eb015a5ae91eca64f5/in-toto-0.3.0.tar.gz" } ], "0.4.0": [ { "comment_text": "", "digests": { "md5": "8de6d9c4837da79f9685224e75ebd4c9", "sha256": "48c387ba32bd5d6a1fb0fde2592660f5a7292baf5a9560d0bfe6e04f8852fa05" }, "downloads": -1, "filename": "in_toto-0.4.0-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "8de6d9c4837da79f9685224e75ebd4c9", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, <4", "size": 96340, "upload_time": "2019-09-09T17:07:13", "url": "https://files.pythonhosted.org/packages/58/b0/8e70540a962de811026ca48c1d11aad981a1c98d580d741d6121364c9511/in_toto-0.4.0-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "892d0462e770a997b770b68df1f71726", "sha256": "cf400aa0eb637df919c908902e06b1c41bb46d8c085ddaa4d95ae83f5ca6def4" }, "downloads": -1, "filename": "in-toto-0.4.0.tar.gz", "has_sig": true, "md5_digest": "892d0462e770a997b770b68df1f71726", "packagetype": "sdist", "python_version": "source", "requires_python": ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, <4", "size": 169677, "upload_time": "2019-09-09T17:07:16", "url": "https://files.pythonhosted.org/packages/59/c1/b99d36acea55b023e23e6df58b01d5192449890a38f4015ddb7c2ffd1087/in-toto-0.4.0.tar.gz" } ], "0.4.1": [ { "comment_text": "", "digests": { "md5": "2d8fcda39082c2042b18fdc850967ec1", "sha256": "8d23a6051a73f0454bb9f5bace85f496822543a78080f1337a28bc5b4e06d7c6" }, "downloads": -1, "filename": "in_toto-0.4.1-py2.py3-none-any.whl", "has_sig": true, "md5_digest": "2d8fcda39082c2042b18fdc850967ec1", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, <4", "size": 96587, "upload_time": "2019-10-14T09:50:22", "url": "https://files.pythonhosted.org/packages/bd/9b/917d9bcbcfa548c1f517096c5b2ca140020d919276d15b3485ce8c0f38d0/in_toto-0.4.1-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "1c6cf274a6c045f393b2cbe404a6e6af", "sha256": "a65618468aefaa64ea9f34d67ee2b9b1a63eefe16c47f80a730438b90b7078e6" }, "downloads": -1, "filename": "in-toto-0.4.1.tar.gz", "has_sig": true, "md5_digest": "1c6cf274a6c045f393b2cbe404a6e6af", "packagetype": "sdist", "python_version": "source", "requires_python": ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, <4", "size": 170030, "upload_time": "2019-10-14T09:50:25", "url": "https://files.pythonhosted.org/packages/df/86/9ac7ed62547b01d6aebea43fea50a31dd4fbaafcf0cccc0845fd77273497/in-toto-0.4.1.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "2d8fcda39082c2042b18fdc850967ec1", "sha256": "8d23a6051a73f0454bb9f5bace85f496822543a78080f1337a28bc5b4e06d7c6" }, "downloads": -1, "filename": "in_toto-0.4.1-py2.py3-none-any.whl", "has_sig": true, "md5_digest": "2d8fcda39082c2042b18fdc850967ec1", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, <4", "size": 96587, "upload_time": "2019-10-14T09:50:22", "url": "https://files.pythonhosted.org/packages/bd/9b/917d9bcbcfa548c1f517096c5b2ca140020d919276d15b3485ce8c0f38d0/in_toto-0.4.1-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "1c6cf274a6c045f393b2cbe404a6e6af", "sha256": "a65618468aefaa64ea9f34d67ee2b9b1a63eefe16c47f80a730438b90b7078e6" }, "downloads": -1, "filename": "in-toto-0.4.1.tar.gz", "has_sig": true, "md5_digest": "1c6cf274a6c045f393b2cbe404a6e6af", "packagetype": "sdist", "python_version": "source", "requires_python": ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, <4", "size": 170030, "upload_time": "2019-10-14T09:50:25", "url": "https://files.pythonhosted.org/packages/df/86/9ac7ed62547b01d6aebea43fea50a31dd4fbaafcf0cccc0845fd77273497/in-toto-0.4.1.tar.gz" } ] }