stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
75f694276902c08e7dbe39c0c222b8cad586bf55
git.stella-ops.org/tests/EvidenceLocker/Bundles/Golden
History
StellaOps Bot 4dc7cf834a
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
Console CI / console-ci (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Export Center CI / export-ci (push) Has been cancelled
Details
VEX Proof Bundles / verify-bundles (push) Has been cancelled
Details
Add sample proof bundle configurations and verification script 
- Introduced sample proof bundle configuration files for testing, including `sample-proof-bundle-config.dsse.json`, `sample-proof-bundle.dsse.json`, and `sample-proof-bundle.json`.
- Implemented a verification script `test_verify_sample.sh` to validate proof bundles against specified schemas and catalogs.
- Updated existing proof bundle configurations with new metadata, including versioning, created timestamps, and justification details.
- Enhanced evidence entries with expiration dates and hashes for better integrity checks.
- Ensured all new configurations adhere to the defined schema for consistency and reliability in testing.
2025-12-04 08:54:32 +02:00
..
README.md
Add sample proof bundle configurations and verification script
2025-12-04 08:54:32 +02:00

README.md

Evidence Locker Golden Fixtures (EB10)

Purpose: reference bundles and replay records used by CI to prove deterministic packaging, DSSE subject stability, and portable redaction behaviour.

Layout

  • sealed/ sealed bundle.tgz artifacts with matching manifest.json, checksums.txt, and expected Merkle root in expected.json.
  • portable/ redacted portable-bundle-v1.tgz paired with expected.json noting masked fields.
  • replay/ replay.ndjson records aligned to the bundle fixtures; ordering is canonical (recordedAtUtc, scanId).

Expectations

  • Gzip timestamp pinned to 2025-01-01T00:00:00Z; tar entries use 0644 perms and fixed mtime.
  • checksums.txt sorted lexicographically by canonicalPath; Merkle root equals sha256sum checksums.txt.
  • DSSE subject ties to the Merkle root; manifest validates against schemas/bundle.manifest.schema.json.
  • Portable bundles must exclude tenant identifiers and include redaction metadata in the manifest.

How to (re)generate

  1. Set TZ=UTC and ensure deterministic tool versions.
  2. Run EvidenceLocker pipeline to produce sealed bundle; copy outputs here with expected hash values.
  3. Produce portable bundle and replay records using the same input set; write expected.json capturing root hashes and replay digests.
  4. Update xUnit tests in StellaOps.EvidenceLocker.Tests to consume these fixtures without network calls.