diff --git a/.gitignore b/.gitignore index 5649ea20dbdff452359508c057b5fdc33b05aec4..d229ea591a701a19d6332a084e839e99525b09b2 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ .idea/* .vscode/* logid +rekor-cli diff --git a/README.md b/README.md index f4950c8daca2c1f992729467592cc4e6aa74e133..99f0b8de924bc595573c3cf832045978539d9722 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ Early Development / Experimental use only. Rekór - Greek for “Record†-Rekor's goals are to provide an immutable tamper resistant ledger of metadata generated within a software projects supply chain. Rekor will enable software maintainers and build systems to record signed metadata to an immutable record. Other parties can then query said metadata to enable them to make informed decisions on trust and nonrepudiation of an object's lifecycle, based on signed metadata stored within a tamper proof binary (merkle) tree. +Rekor's goals are to provide an immutable tamper resistant ledger of metadata generated within a software projects supply chain. Rekor will enable software maintainers and build systems to record signed metadata to an immutable record. Other parties can then query said metadata to enable them to make informed decisions on trust and non-repudiation of an object's life-cycle, based on signed metadata stored within a tamper proof binary (merkle) tree. The Rekor CLI requires a running instance of the [rekor-server](https://github.com/projectrekor/rekor-server). @@ -12,18 +12,34 @@ The CLI will default to using a rekor server connection of `localhost:3000`, sho ## Add an entry -The `add` command sends a file to the transparency log, who then adds the file to the transparency log as a merkle leaf. +The `add` command sends a file to the transparency log, who then adds the file +to the transparency log as a merkle leaf. -`rekor add --linkfile <your/linkfile.link>` +`rekor-cli add --linkfile <your/yourfile>` ## Get Proof of Entry -`rekor get --linkfile <your/linkfile.link>` +`rekor-cli get --linkfile <your/yourfile>` -The `get` command performs an inclusion proof request to the transparency log. Atttributes such as the files merkle hash, signed tree root hash are used -to cryptographically verify proof of entry. +The `get` command performs an inclusion proof request to the transparency log. +Attributes such as the files merkle hash, signed tree root hash are used to +cryptographically verify proof of entry. -## Contributions and Issues +## Performs a consistency proof against the tree between the last seen time and now + +This command can be used to monitor the tree for updates, it creates a track +file in `$HOME/.rekor/rekor.json` + +`rekor-cli update` + +## get leaf -Contributions are welcome, please fork and make a pull request. Likewise if you find an issue, please do raise it. +Pass an index and the file is retrieved using a filename according to the merkle +hash. + +`rekor-cli getleaf --index 1` + +## Contributions and Issues +Contributions are welcome, please fork and make a pull request. Likewise if you +find an issue, please do raise it.