license switch agpl -> busl1, sprints work, new product advisories
This commit is contained in:
master
@@ -29,10 +29,17 @@ See `etc/airgap.yaml.sample` for configuration options.
|
||||
Key settings:
|
||||
- Staleness policy (maxAgeHours, warnAgeHours, staleAction)
|
||||
- Time anchor requirements (requireTimeAnchor)
|
||||
- Per-content staleness budgets (advisories, VEX, packages, mitigations)
|
||||
- Per-content staleness budgets (advisories, VEX, packages, mitigations)
|
||||
- PostgreSQL connection (schema: `airgap`)
|
||||
- Export/import paths and validation rules
|
||||
|
||||
## Bundle manifest (v2) additions
|
||||
|
||||
- `canonicalManifestHash`: sha256 of canonical JSON for deterministic verification.
|
||||
- `subject`: sha256 (+ optional sha512) digest of the bundle target.
|
||||
- `timestamps`: RFC3161/eIDAS timestamp entries with TSA chain/OCSP/CRL refs.
|
||||
- `rekorProofs`: entry body/inclusion proof paths plus signed entry timestamp for offline verification.
|
||||
|
||||
## Dependencies
|
||||
|
||||
- PostgreSQL (schema: `airgap`)
|
||||
|
||||
@@ -60,6 +60,7 @@ AirGap Time calculates drift = `now(monotonic) - anchor.issued_at` and exposes:
|
||||
- Test vectors located under `src/AirGap/StellaOps.AirGap.Time/fixtures/`.
|
||||
- For offline testing, simulate monotonic clock via `ITestClock` to avoid system clock drift in CI.
|
||||
- Staleness calculations use `StalenessCalculator` + `StalenessBudget`/`StalenessEvaluation` (see `src/AirGap/StellaOps.AirGap.Time/Services` and `.Models`); warning/breach thresholds must be non-negative and warning ≤ breach.
|
||||
- RFC3161 verification in offline mode consumes bundle-stapled TSA chain + OCSP/CRL blobs (`tsa/chain/`, `tsa/ocsp/`, `tsa/crl/`) and fails closed when revocation evidence is missing.
|
||||
|
||||
## 7. References
|
||||
|
||||
|
||||
Reference in New Issue
Block a user