stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity

feat: Add native binary analyzer test utilities and implement SM2 signing tests
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Manifest Integrity / Audit SHA256SUMS Files (push) Has been cancelled
Details
Manifest Integrity / Validate Schema Integrity (push) Has been cancelled
Details
Manifest Integrity / Validate Contract Documents (push) Has been cancelled
Details
Manifest Integrity / Validate Pack Fixtures (push) Has been cancelled
Details
Manifest Integrity / Verify Merkle Roots (push) Has been cancelled
Details
Scanner Analyzers / Build Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Discover Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Test Language Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Validate Test Fixtures (push) Has been cancelled
Details
Scanner Analyzers / Verify Deterministic Output (push) Has been cancelled
Details
Signals CI & Image / signals-ci (push) Has been cancelled
Details
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Details
Export Center CI / export-ci (push) Has been cancelled
Details
Notify Smoke Test / Notify Unit Tests (push) Has been cancelled
Details
Notify Smoke Test / Notifier Service Tests (push) Has been cancelled
Details
Notify Smoke Test / Notification Smoke Test (push) Has been cancelled
Details

Browse Source 
- Introduced `NativeTestBase` class for ELF, PE, and Mach-O binary parsing helpers and assertions.
- Created `TestCryptoFactory` for SM2 cryptographic provider setup and key generation.
- Implemented `Sm2SigningTests` to validate signing functionality with environment gate checks.
- Developed console export service and store with comprehensive unit tests for export status management.
This commit is contained in:
StellaOps Bot
2025-12-07 13:12:41 +02:00
parent d907729778
commit e53a282fbe
387 changed files with 21941 additions and 1518 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
docs/modules/mirror/dsse-revision-decision.md Normal file
View File

@@ -0,0 +1,58 @@
# DSSE Revision Decision
**Decision ID:** DECISION-MIRROR-001
**Status:** DEFAULT-APPROVED
**Effective Date:** 2025-12-06
**48h Window Started:** 2025-12-06T00:00:00Z
## Decision
The Mirror bundle DSSE envelope format follows the **in-toto v1.0** specification with StellaOps extensions for offline verification.
## Rationale
1. in-toto v1.0 is the industry standard for software supply chain attestations
2. DSSE (Dead Simple Signing Envelope) provides a clean JSON wrapper
3. Existing tooling (`cosign`, `rekor`) supports this format
4. Aligns with Evidence Locker DSSE patterns already implemented
## Specification
```json
{
"payloadType": "application/vnd.in-toto+json",
"payload": "<base64-encoded-in-toto-statement>",
"signatures": [
{
"keyid": "<key-id>",
"sig": "<base64-signature>"
}
]
}
```
### StellaOps Extensions
- `_stellaops.revision`: Bundle revision number
- `_stellaops.timestamp`: ISO-8601 UTC timestamp
- `_stellaops.merkleRoot`: SHA-256 Merkle root of bundle contents
## Impact
- Tasks unblocked: ~5
- Sprint files affected: SPRINT_0150_mirror_dsse
## Reversibility
To change the DSSE format:
1. Propose new format in `docs/modules/mirror/dsse-proposal.md`
2. Get Security Guild sign-off
3. Update all affected sprint files
4. Ensure backward compatibility for existing bundles
## References
- [in-toto Specification](https://in-toto.io/)
- [DSSE Specification](https://github.com/secure-systems-lab/dsse)
- [Mirror Signing Runbook](./signing-runbook.md)
- [DSSE TUF Profile](./dsse-tuf-profile.md)