stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
cf5b72974f923126944f4dcd47e85864ebb31a3b
git.stella-ops.org/docs/features/unchecked/binaryindex/reproducible-build-verification.md

29 lines
2.0 KiB
Markdown
Raw Blame History

# Reproducible build verification
## Module
BinaryIndex
## Status
IMPLEMENTED
## Description
Reproducible build backend supports local rebuilds with air-gap bundle support for verifying binary provenance.
## Implementation Details
- **Modules**: `src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Builders/`, `src/BinaryIndex/StellaOps.BinaryIndex.Worker/`, `src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.GroundTruth.Reproducible/`
- **Key Classes**:
- `ReproducibleBuildJob` (`src/BinaryIndex/StellaOps.BinaryIndex.Worker/Jobs/ReproducibleBuildJob.cs`) - worker job that executes reproducible builds using `IFunctionFingerprintExtractor`, `IPatchDiffEngine`, and `IFingerprintClaimRepository`
- `ReproducibleBuildJob` (builders) (`src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Builders/ReproducibleBuildJobTypes.cs`) - builder-level reproducible build job with options
- `ReproducibleBuildOptions` - configuration for build verification parameters
- `ValidationHarnessService` (`src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.GroundTruth.Reproducible/ValidationHarnessService.cs`) - validates reproducible build outputs
- `FingerprintClaim` / `FingerprintClaimEvidence` (`src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Builders/FingerprintClaimModels.cs`) - claims produced from build verification
- **Interfaces**: `IReproducibleBuilder` (`src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Builders/IReproducibleBuilder.cs`), `IReproducibleBuildJob`
## E2E Test Plan
- [ ] Submit a source package and verify reproducible build produces matching binary fingerprints
- [ ] Verify `FingerprintClaim` is generated with correct `FingerprintClaimEvidence` linking to Build-ID
- [ ] Verify build verification with non-matching binaries produces a failed verification result
- [ ] Verify air-gap bundle support: import build inputs from bundle and verify build completes offline
- [ ] Verify `ReproducibleBuildOptions` configuration controls build behavior
- [ ] Verify build job integrates with `IPatchDiffEngine` for post-build comparison
Reference in New Issue View Git Blame Copy Permalink