35 lines
1.5 KiB
Markdown
35 lines
1.5 KiB
Markdown
# MIRROR-CRT-56-001 · Thin bundle assembler handoff (v0.1)
|
|
|
|
Purpose: unblock MIRROR-CRT-56-001 by defining expected assembler outputs so the real thin bundle can replace the milestone-0 sample.
|
|
|
|
## Expected outputs
|
|
- Artifact: `out/mirror/thin/mirror-thin-v1.tar.gz`
|
|
- Manifest: `out/mirror/thin/mirror-thin-v1.manifest.json` containing:
|
|
- `version`: "1.0.0"
|
|
- `created`: UTC ISO-8601
|
|
- `layers`: array of `{ digest, size, path }`
|
|
- `indexes`: array of `{ name, digest }` for evidence/linkset indexes
|
|
- `hashes`: `{ tarball_sha256, manifest_sha256 }`
|
|
- Checksums: `.sha256` files for tarball and manifest stored alongside artifacts.
|
|
|
|
## Assembly steps (reference for assembler owners)
|
|
1) Produce layer tar parts deterministically (sorted entries, zeroed mtimes/uid/gid, pax headers disabled).
|
|
2) Compose `mirror-thin-v1.tar.gz` using stable order: `manifest.json`, `layers/*`, `indexes/*`.
|
|
3) Generate manifest JSON and compute SHA256 for both tarball and manifest; write `.sha256` files.
|
|
4) Sign manifest (DSSE optional) and place signature next to manifest if available.
|
|
|
|
## Determinism requirements
|
|
- POSIX tar with numeric owner 0:0, mtime 0, sorted paths.
|
|
- Gzip with `--no-name` and fixed timestamp 0.
|
|
- No duplicate files; symlinks forbidden.
|
|
|
|
## Evidence
|
|
- When produced, place artefacts under `out/mirror/thin/` and add hashes to this doc.
|
|
|
|
## Owners
|
|
- Mirror Creator Guild (assembler)
|
|
- AirGap Guild (consumer)
|
|
|
|
## Status
|
|
- Handoff doc published 2025-11-19; awaiting assembler output to replace milestone-0 sample.
|