1## in-toto record stop
2
3Records and adds the paths and hashes of the passed products to the link metadata file and updates the signature.
4
5### Synopsis
6
7Expects preliminary link file ‘.<name>.<keyid prefix>.link-unfinished’ in the CWD,
8signed by the passed functionary’s key. If found, it records
9and adds the paths and hashes of the passed products to the
10link metadata file, updates the signature and renames the
11file to ‘<name>.<keyid prefix>.link’.
12
13```
14in-toto record stop [flags]
15```
16
17### Options
18
19```
20 -h, --help help for stop
21 -p, --products stringArray Paths to files or directories, whose paths and hashes
22 are stored in the resulting link metadata after the
23 command is executed. Symlinks are followed.
24```
25
26### Options inherited from parent commands
27
28```
29 -c, --cert string Path to a PEM formatted certificate that corresponds
30 with the provided key.
31 -e, --exclude stringArray Path patterns to match paths that should not be recorded as
32 ‘materials’ or ‘products’. Passed patterns override patterns defined
33 in environment variables or config files. See Config docs for details.
34 --follow-symlink-dirs Follow symlinked directories to their targets. Note: this parameter
35 toggles following linked directories only, linked files are always
36 recorded independently of this parameter.
37 -k, --key string Path to a private key file to sign the resulting link metadata.
38 The keyid prefix is used as an infix for the link metadata filename,
39 i.e. ‘<name>.<keyid prefix>.link’. See ‘–key-type’ for available
40 formats. Passing one of ‘–key’ or ‘–gpg’ is required.
41 -l, --lstrip-paths stringArray Path prefixes used to left-strip artifact paths before storing
42 them to the resulting link metadata. If multiple prefixes
43 are specified, only a single prefix can match the path of
44 any artifact and that is then left-stripped. All prefixes
45 are checked to ensure none of them are a left substring
46 of another.
47 -d, --metadata-directory string Directory to store link metadata (default "./")
48 -n, --name string Name for the resulting link metadata file.
49 It is also used to associate the link with a step defined
50 in an in-toto layout.
51 --normalize-line-endings Enable line normalization in order to support different
52 operating systems. It is done by replacing all line separators
53 with a new line character.
54 --spiffe-workload-api-path string UDS path for SPIFFE workload API
55 --use-dsse Create metadata using DSSE instead of the legacy signature wrapper.
56```
57
58### SEE ALSO
59
60* [in-toto record](in-toto_record.md) - Creates a signed link metadata file in two steps, in order to provide
61 evidence for supply chain steps that cannot be carried out by a single command
62
View as plain text