stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity

audit work, fixed StellaOps.sln warnings/errors, fixed tests, sprints work, new advisories

Browse Source
This commit is contained in:
master
2026-01-07 18:49:59 +02:00
parent 04ec098046
commit 608a7f85c0
866 changed files with 56323 additions and 6231 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
docs/security/rootpack_ru_package.md
View File

@@ -21,9 +21,9 @@ This guide describes the reproducible process for assembling the sovereign crypt
```bash
# from repository root
scripts/crypto/package-rootpack-ru.sh
ops/crypto/package-rootpack-ru.sh
# optionally specify destination
scripts/crypto/package-rootpack-ru.sh /tmp/rootpack_ru_$(date -u +%Y%m%dT%H%M%SZ)
ops/crypto/package-rootpack-ru.sh /tmp/rootpack_ru_$(date -u +%Y%m%dT%H%M%SZ)
```
The script performs the following steps:
@@ -45,11 +45,11 @@ cp src/__Libraries/StellaOps.Cryptography.Plugin.CryptoPro/third_party/AlexMAS.G
## 3. Attach deterministic test evidence
After running `scripts/crypto/package-rootpack-ru.sh`, execute the deterministic harness to capture logs:
After running `ops/crypto/package-rootpack-ru.sh`, execute the deterministic harness to capture logs:
```bash
scripts/crypto/run-rootpack-ru-tests.sh
# or specify ROOTPACK_LOG_DIR=/tmp/rootpack_ru_tests scripts/crypto/run-rootpack-ru-tests.sh
ops/crypto/run-rootpack-ru-tests.sh
# or specify ROOTPACK_LOG_DIR=/tmp/rootpack_ru_tests ops/crypto/run-rootpack-ru-tests.sh
```
Copy the resulting `logs/rootpack_ru_<timestamp>/` directory into the bundle before distributing it (or store it alongside the tarball in your evidence store).
@@ -97,7 +97,7 @@ Ship the CLI binary inside the RootPack so operators in sealed environments can
The bundle and scripts above assume several pieces of functionality that have not landed yet:
- **Integration tests:** `scripts/crypto/run-rootpack-ru-tests.sh` exercises only SHA/Ed25519 paths because CryptoPro/PKCS#11 integration tests are still TODO.
- **Integration tests:** `ops/crypto/run-rootpack-ru-tests.sh` exercises only SHA/Ed25519 paths because CryptoPro/PKCS#11 integration tests are still TODO.
- **Symmetric GOST:** RootPack artifacts ship only signing plug-ins; Magma/Kuznyechik support for exports/data-at-rest is pending.
These gaps are being tracked in Sprint 514 (SEC-CRYPTO backlog). This guide will be updated once the missing work is delivered.