Installation¶
Requirements¶
- Python
>=3.11 - Network access to PyPI for live inspection
Install from PyPI¶
pip install trustcheck
Verify the CLI is available¶
trustcheck --help
Show the installed package version and report schema version:
trustcheck --version
Check local prerequisites before relying on resolver isolation, private indexes, or provenance verification:
trustcheck doctor
Upgrade¶
pip install --upgrade trustcheck
Install from the Snap Store¶
sudo snap install trustcheck
trustcheck --version
Do not include punctuation after the package name in the install command.
Snap command not found¶
Snap exposes the application as /snap/bin/trustcheck. Some distributions or
shell sessions do not add /snap/bin to PATH until the user logs out and
back in.
Confirm the installed application works independently of PATH:
snap run trustcheck --version
snap run trustcheck inspect requests
If those commands work, start a new login session or update the current one:
export PATH="/snap/bin:$PATH"
trustcheck --version
If snap run trustcheck --version fails too, inspect the installed revision:
snap info trustcheck
snap connections trustcheck
Snap provenance verification reports permission denied¶
Versions before the XDG confinement fix could let Sigstore resolve its TUF
trust metadata to hidden directories in the real home directory. The Snap
home interface does not grant general access to hidden home paths, so
verification could report [unexpected_verification_error] [Errno 13]
Permission denied.
Refresh to the latest stable revision:
sudo snap refresh trustcheck
trustcheck inspect sampleproject --version 4.0.0
Current revisions keep Sigstore data, cache, and configuration under the
snap-owned $SNAP_USER_COMMON directory.
Notes¶
CI runs should stay aligned with the package's advertised Python support. When you need fully reproducible automation, pin both the Python version and the trustcheck version.