Currently, when rebuilderd records an in-toto link after a successful rebuild, the absolute path of both the input and output packages are recorded. Typically, this looks something like /tmp/rebuilderd<build string>/{inputs,out}/<package file>. This should be replaced with just <package file>, enabling more straightforward artifact rules in in-toto layouts. Since rebuilderd is aware of the build location, it can pass this path to in-toto as a string to be left-stripped.
Currently, when rebuilderd records an in-toto link after a successful rebuild, the absolute path of both the input and output packages are recorded. Typically, this looks something like
/tmp/rebuilderd<build string>/{inputs,out}/<package file>. This should be replaced with just<package file>, enabling more straightforward artifact rules in in-toto layouts. Since rebuilderd is aware of the build location, it can pass this path to in-toto as a string to be left-stripped.Related: https://github.com/in-toto/in-toto-rs/issues/12