Merge pull request 'feature: validate commits in reverse date-time order when MAX_COMMITS_TO_CHECK is used' (#12 ) from date-order into main

Reviewed-on: #12 Reviewed-by: Artur Neumann <artur@jankaritech.eu>
feature: validate commits in reverse date-time order when MAX_COMMITS_TO_CHECK is used
2025-06-04 03:16:25 +00:00 · 2025-06-03 17:21:42 +05:45 · 2025-06-02 11:40:09 +00:00 · 2025-06-02 15:32:48 +05:45 · 2025-06-02 14:32:23 +05:45 · 2025-06-02 04:10:47 +00:00
6 changed files with 2313 additions and 2267 deletions
--- a/.gitea/workflows/validate.yaml
+++ b/.gitea/workflows/validate.yaml
@@ -0,0 +1,32 @@
+name: Validate Trusted Timestamps Actions Demo
+run-name: ${{ gitea.actor }} is validating the trusted timestamps of all commits 🚀
+on: [push]
+
+variables:
+  EXPECTED_TRUSTANCHORS_HASH: "70a1c7e2fc62a0b62e44063f0e730b20b0f209d15c84b310ad06ce616c352829"
+
+jobs:
+  Validate:
+    runs-on: ubuntu-latest
+    timeout-minutes: 2
+    steps:
+      - name: Install extra software
+        run: |
+          apt-get update
+          apt-get install -y xxd
+      - name: Check out repository code
+        uses: actions/checkout@v4
+        with:
+           fetch-depth: 0
+      - name: Setup timestamping authorities
+        run: |
+          git config --local timestamping.tsa0.url https://freetsa.org/tsr
+          bash -c 'yes | ./hooks/trust.sh https://freetsa.org/tsr'
+          git config --local timestamping.tsa1.url https://tsa.cesnet.cz:3162/tsa
+          bash -c 'yes | ./hooks/trust.sh https://tsa.cesnet.cz:3162/tsa'
+      - name: Check hashes of all trustanchors
+        run: |
+          ./hooks/validate_trustanchors_hash.sh .git/hoqoks/trustanchors ${{ EXPECTED_TRUSTANCHORS_HASH }}
+      - name: Validate timestamps of all commits
+        run: |
+          ./hooks/validate.sh --minversion 0
--- a/.timestampltv/crls/5024EC0B994B2230F00A0F90A60D1D281D1B3FBE.crl
+++ b/.timestampltv/crls/5024EC0B994B2230F00A0F90A60D1D281D1B3FBE.crl
--- a/.timestampltv/crls/E1D782A8E191BEEF6BCA1691B5AAB494A6249BF3.crl
+++ b/.timestampltv/crls/E1D782A8E191BEEF6BCA1691B5AAB494A6249BF3.crl
@@ -2,17 +2,17 @@
 MIIC5jCCAc4CAQEwDQYJKoZIhvcNAQELBQAwcjELMAkGA1UEBhMCVVMxFTATBgNV
 BAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTExMC8G
 A1UEAxMoRGlnaUNlcnQgU0hBMiBBc3N1cmVkIElEIFRpbWVzdGFtcGluZyBDQRcN
-MjUwMTI0MDUxNDI4WhcNMjUwMTMxMDUxNDI4WjCB9TAhAhAL2v0LKRQzmpYSZqw1
+MjUwMjEyMDUyMjQ1WhcNMjUwMjE5MDUyMjQ1WjCB9TAhAhAL2v0LKRQzmpYSZqw1
 OkdEFw0xNjEwMjQxNzQyNDlaMCECEAH40oMtKRkZcbNQw9u8pQAXDTE2MTExMTE1
 MjEzNFowIQIQClKwbEb16yWgi9U/3Ht4hhcNMTgwOTAzMTIxMTQyWjAhAhAFlx7K
 SlmJinvPTLfjd5doFw0xOTA5MzAwODE2MjRaMCECEAxFkEkmQLBOlEh/jEwCeJAX
 DTIxMDIwOTIyMzk0MlowIQIQBMvnUVSd49EL7YN0yV7iRBcNMjEwMjA5MjMyMzM3
 WjAhAhALmUrhw5aLANVesgZ0jpseFw0yMTAyMDkyMzI0MjNaoDAwLjAfBgNVHSME
-GDAWgBT0tuEgHf4prtLkYaWyoiWyyBc1bjALBgNVHRQEBAICDNwwDQYJKoZIhvcN
-AQELBQADggEBAGuGW4lrI1pz4IwilL1u3rFRWD43/2Cu0+Pc1+tRx+QqB42aB0Jl
-esdIRc7t7bZ+5wmJyl5DTToQ3Vm7v34dXlblmmlJ2IM+1BKNEO4jMg82i4CFHtaE
-1e2lTfCOKR7YiTmUv/E44jAeQNJbt3k/6gnpDTGafJTIybYNh3uVDtC8Iiun4DKH
-x1qe0qzuixF2TDdTRgPP293nShxNJP5G9G5JaOGSreVOItwEhI+GP6rrPffcanfJ
-v7ghEutuJCE2BGZkqL5iEGgAbMYhFitCu58rfwCHF78uz8T/kxbe5Ax2Zu1IV3is
-kuc5vOHsT/GFYnMC4PZn9J9eYKLE6mzr0SY=
+GDAWgBT0tuEgHf4prtLkYaWyoiWyyBc1bjALBgNVHRQEBAICDO8wDQYJKoZIhvcN
+AQELBQADggEBALr4VopJYkMfQ97HiyqytcWRY/vgyU/LxOwlH0/1DBSeeObQB0Nj
+uF7vcF2bhbpnxba7gvzOPryudwtbqquf2cl3CJG6MC2D8Nk1XzntDnpxCjVSfsAr
+158zAWPevyiuj3yzFz04mYALt/ZmOJMTF0vyKN8cg5bwfLu3itV6b6vhpuloIhRc
+Hmsbgr3BtCVHkf4vJWq/qKDEMcOhSrJ6wxGCzVyphenewSIbVcogj19cRZDFPWOC
+3sAy/GY3Rz0qK30tDvNbE1uum8gy5ijXFmepJ/lEetRCvrIsxTsXJOj0tqVZfIIQ
+E1YWUZ57TiBBrdS+dTgmRxkN/zaAfYVAIck=
 -----END X509 CRL-----
--- a/hooks/timestamping
+++ b/hooks/timestamping
@@ -553,7 +553,7 @@ download_crls_for_chain() {
      local URL=$(openssl x509 -inform PEM -in $EXTRACTED_CERT -text -noout \
                  | awk '/CRL Distribution Points:/{f=1} f && /URI:/ {print; exit}' \
                  | sed 's/^.*URI://1')
-      if curl "$URL" --output "$CRL_TMP" &> "$OUT_STREAM"; then
+      if curl -L "$URL" --output "$CRL_TMP" &> "$OUT_STREAM"; then
        if openssl crl -in "$CRL_TMP" -inform DER -noout &> "$OUT_STREAM"; then
          openssl crl -in "$CRL_TMP" -inform DER >> "$OUTPUT_FILE"
        elif openssl crl -in "$CRL_TMP" -inform PEM -noout &> "$OUT_STREAM"; then
--- a/hooks/validate.sh
+++ b/hooks/validate.sh
@@ -42,6 +42,10 @@ if [[ ! -d "$DIR" ]]; then DIR="$PWD"; fi
 . "$DIR/timestamping"

 declare -i MINVERSION=$TIMESTAMPING_VERSION
+declare -i MAX_COMMITS_TO_CHECK=0
+declare -A PROCESSED_COMMIT
+declare -A COMMITS
+declare -A COMMIT_TIMES

 while [[ $# -gt 0 ]]; do
  KEY="$1"
@@ -61,6 +65,16 @@ while [[ $# -gt 0 ]]; do
      shift # past argument
      shift # past value
      ;;
+    -max|--maxcommits)
+      INTEGER_REGEX='^[0-9]+$'
+      if ! [[ "$2" =~ $INTEGER_REGEX ]]; then
+        echo_error "$KEY: expected positive integer"
+        exit 1
+      fi
+      MAX_COMMITS_TO_CHECK="$2"
+      shift # past argument
+      shift # past value
+      ;;
    -v|--verbose)
      OUT_STREAM=/dev/stdout
      shift # past argument
@@ -89,6 +103,10 @@ fi
 # tokens, the function will return 0 but echo a warning about the invalid token.
 validate_commit() {
  local COMMIT_HASH="$1"
+  if [[ ${PROCESSED_COMMIT[$COMMIT_HASH]} ]]; then
+    log "validate_commit for $COMMIT_HASH has already been validated"
+    return 0
+  fi
  log "validate_commit for $COMMIT_HASH"

  local TIMESTAMP_COMMIT_VERSION
@@ -275,9 +293,11 @@ validate_commit() {
  #assert that all extracted timestamps have been processed
  assert "[ $NUM_PROCESSED -eq $NUM_EXTRACTED ]" "All extracted token must be processed."

+  PROCESSED_COMMIT[$COMMIT_HASH]=1
+
  if [ $NUM_VALID -gt 0 ]; then
    if [ $NUM_INVALID -gt 0 ]; then
-      echo_warning "Warning: While commit $COMMIT_HASH contains $NUM_VALID valid timestamp tokens and thus is considered proppely timestamped, it also contains $NUM_INVALID invalid timestamp tokens."
+      echo_warning "Warning: While commit $COMMIT_HASH contains $NUM_VALID valid timestamp tokens and thus is considered properly timestamped, it also contains $NUM_INVALID invalid timestamp tokens."
    fi
    DATE_STRING=$(date -d @"$EARLIEST_VALID_UNIX_TIME")
    echo_info "Commit $COMMIT_HASH, which timestamps commit $PARENT_HASH at $DATE_STRING, contains $NUM_VALID valid timestamp tokens."
@@ -293,6 +313,13 @@ validate_commit() {
 # param1: commit hash
 # returns: 0 if the validation of the commit and all its ancestors succeeded
 validate_commit_and_parents() {
+  # If MAX_COMMITS_TO_CHECK is zero (or a negative number) then that is understood as "infinity".
+  # So finish if we have reached the limit, and if the limit is not "infinity".
+  NUM_COMMITS_CHECKED=${#PROCESSED_COMMIT[@]}
+  if [[ ${NUM_COMMITS_CHECKED} -ge ${MAX_COMMITS_TO_CHECK} ]] && [[ ${MAX_COMMITS_TO_CHECK} -ge 1 ]]; then
+    # enough commits have already been checked, so return early
+    return 0;
+  fi
  local COMMIT_HASH="$1"
  log "validate_commit_and_parents for $COMMIT_HASH"

@@ -300,6 +327,7 @@ validate_commit_and_parents() {
  if ! validate_commit "$COMMIT_HASH"; then
    ALL_PASSED=false
  fi
+  NUM_COMMITS_CHECKED=${#PROCESSED_COMMIT[@]}
  local PARENTS=$(git cat-file -p "$COMMIT_HASH" | awk '/^$/{exit} /parent/ {print}' | sed 's/parent //')
  #iterate over all parents of commit
  if [ ! -z "$PARENTS" ]; then
@@ -315,6 +343,64 @@ validate_commit_and_parents() {
  return 1
 }

+# Recursive function to find all ancestors of commit
+# param1: commit hash
+# creates an array COMMITS, key is the commit hash, value is the commit time (Unix epoch seconds)
+# the array contains all commits found in all paths from the passed-in commit hash back to the root commit of the repo
+# the array is global so it can be accessed after the function returns
+find_all_commits() {
+  local COMMIT_HASH="$1"
+  log "find_all_commits for $COMMIT_HASH"
+  # git show "ct" format returns the commit time as Unix epoch seconds
+  COMMIT_TIME=$(git show --no-patch --format=%ct "$COMMIT_HASH")
+  COMMITS[$COMMIT_HASH]="${COMMIT_TIME}"
+
+  local PARENTS=$(git cat-file -p "$COMMIT_HASH" | awk '/^$/{exit} /parent/ {print}' | sed 's/parent //')
+  # iterate over all parents of commit
+  if [ ! -z "$PARENTS" ]; then
+    while read PARENT_HASH; do
+      if [[ ${COMMITS[$PARENT_HASH]} ]]; then
+        log "commit $PARENT_HASH has already been processed"
+      else
+        find_all_commits "$PARENT_HASH"
+      fi
+    done <<< $(printf "%s" "$PARENTS")
+  fi
+}
+
+# Validate the commits in the COMMITS array, up to MAX_COMMITS_TO_CHECK
+# returns: 0 if the validation of the commits succeeded
+validate_commits() {
+  ALL_PASSED=true
+  # create an associative array with keys using the Unix epoch commit time and value the commit hash
+  # this array can be easily used to sort in (forward or reverse) order of time
+  for HASH in "${!COMMITS[@]}"; do
+    UNIX_EPOCH_TIME="${COMMITS[$HASH]}"
+    # two commits could have the exact same Unix epoch in seconds
+    # so make that unique by appending an "x" and the hash
+    UNIQUE_KEY="${UNIX_EPOCH_TIME}x${HASH}"
+    COMMIT_TIMES[$UNIQUE_KEY]="${HASH}"
+  done
+  # sort into reverse order
+  SORTED_KEYS=($(printf "%s\n" "${!COMMIT_TIMES[@]}" | sort -r))
+  # process the commits from latest time to oldest time
+  ALL_PASSED=true
+  for ENTRY in "${SORTED_KEYS[@]}"; do
+    COMMIT_HASH=${COMMIT_TIMES[${ENTRY}]}
+    log "${ENTRY} has value ${COMMIT_HASH}"
+    NUM_COMMITS_CHECKED=${#PROCESSED_COMMIT[@]}
+    if [[ ${NUM_COMMITS_CHECKED} -lt ${MAX_COMMITS_TO_CHECK} ]]; then
+      if ! validate_commit "$COMMIT_HASH"; then
+        ALL_PASSED=false
+      fi
+    fi
+  done
+  if [ "$ALL_PASSED" = true ]; then
+    return 0
+  fi
+  return 1
+}
+
 echo_info "Checking repository integrity..."
 #check git repository integrity
 if ! git fsck --full --strict --no-progress --no-dangling "$COMMIT_HASH"; then
@@ -326,10 +412,21 @@ echo ""

 echo_info "Validating timestamps. This may take a while..."
 echo ""
-if validate_commit_and_parents "$COMMIT_HASH"; then
-  echo_success "Validation OK: All timestamped commits in the commit history of $COMMIT_HASH contain at least one valid timestamp."
+if [[ ${MAX_COMMITS_TO_CHECK} -ge 1 ]]; then
+  find_all_commits "$COMMIT_HASH"
+  if validate_commits; then
+    echo_success "Validation OK: ${NUM_COMMITS_CHECKED} timestamped commits in the commit history of $COMMIT_HASH contain at least one valid timestamp."
    exit 0
-else
+  else
    echo_error "Validation Failed: There are timestamped commits in the commit history of $COMMIT_HASH which do not contain any valid timestamps."
    exit 1
+  fi
+else
+  if validate_commit_and_parents "$COMMIT_HASH"; then
+    echo_success "Validation OK: All timestamped commits in the commit history of $COMMIT_HASH contain at least one valid timestamp."
+    exit 0
+  else
+    echo_error "Validation Failed: There are timestamped commits in the commit history of $COMMIT_HASH which do not contain any valid timestamps."
+    exit 1
+  fi
 fi
--- a/hooks/validate_trustanchors_hash.sh
+++ b/hooks/validate_trustanchors_hash.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+
+#    Copyright (c) 2024 JankariTech UG
+#    Authors: Artur Neumann
+#    Script to check if the trustanchors have been changed
+
+TRUSTANCHOR_DIR="$1"
+EXPECTED_COMMIT_HASH="$2"
+
+if [[ $# -ne 2 ]]; then
+    echo "Usage: $0 <trustanchor_dir> <expected_commit_hash>"
+    exit 1
+fi
+
+if [ -z "$EXPECTED_COMMIT_HASH" ]; then
+    echo "No expected hash provided"
+    exit 1
+fi
+
+# get the sha256 hash of all files in the trustanchor directory
+ACTUAL_COMMIT_HASH=$(find "$TRUSTANCHOR_DIR" -type f -exec sha256sum {} \; | sort | sha256sum | cut -d ' ' -f 1)
+
+if [ "$EXPECTED_COMMIT_HASH" != "$ACTUAL_COMMIT_HASH" ]; then
+    echo "The trustanchors have been changed, please review the provided hash"
+    exit 1
+fi
Author	SHA1	Message	Date
Artur Neumann	093d283977	Merge pull request 'feature: validate commits in reverse date-time order when MAX_COMMITS_TO_CHECK is used' (#12 ) from date-order into main All checks were successful Validate Trusted Timestamps Actions Demo / Validate (push) Successful in 54m17s Details Reviewed-on: #12 Reviewed-by: Artur Neumann <artur@jankaritech.eu>	2025-06-04 03:16:25 +00:00
Phil Davis	d48097695b	feature: validate commits in reverse date-time order when MAX_COMMITS_TO_CHECK is used All checks were successful Validate Trusted Timestamps Actions Demo / Validate (push) Successful in 28m9s Details This ensures that the most recent commits are the ones that are validated.	2025-06-03 17:21:42 +05:45
phil	1622c1244f	Merge pull request 'fix: stop correctly when MAX_COMMITS_TO_CHECK is reached' (#10 ) from respect-MAX_COMMITS_TO_CHECK into main All checks were successful Validate Trusted Timestamps Actions Demo / Validate (push) Successful in 22m53s Details Reviewed-on: #10 Reviewed-by: Artur Neumann <artur@jankaritech.eu>	2025-06-02 11:40:09 +00:00
Phil Davis	f712aa0822	chore: adjust comment about MAX_COMMITS_TO_CHECK All checks were successful Validate Trusted Timestamps Actions Demo / Validate (push) Successful in 14m39s Details	2025-06-02 15:32:48 +05:45
Phil Davis	8aba6e98d1	fix: stop correctly when MAX_COMMITS_TO_CHECK is reached All checks were successful Validate Trusted Timestamps Actions Demo / Validate (push) Successful in 11m40s Details	2025-06-02 14:32:23 +05:45
phil	31e44f9b70	Merge pull request 'feature: limit the number of commits to be validated' (#9 ) from limit-num-commits-validated into main All checks were successful Validate Trusted Timestamps Actions Demo / Validate (push) Successful in 14m5s Details Reviewed-on: #9 Reviewed-by: Artur Neumann <artur@jankaritech.eu>	2025-06-02 04:10:47 +00:00
Phil Davis	4437b66f67	feature: default to checking all commits All checks were successful Validate Trusted Timestamps Actions Demo / Validate (push) Successful in 13m47s Details	2025-05-29 09:55:57 +05:45
Phil Davis	aabd314dde	feature: limit the number of commits to be validated All checks were successful Validate Trusted Timestamps Actions Demo / Validate (push) Successful in 49s Details Signed-off-by: Phil Davis <phil@jankaritech.com>	2025-05-28 10:56:06 +05:45
Artur Neumann	ac5e6a6a89	Merge pull request 'only validate each commit once' (#7 ) from validate-each-commit-once-only into main All checks were successful Validate Trusted Timestamps Actions Demo / Validate (push) Successful in 2m59s Details Reviewed-on: #7 Reviewed-by: Artur Neumann <artur@jankaritech.eu>	2025-03-19 03:55:52 +00:00
Phil Davis	2976a241af	only validate each commit once All checks were successful Validate Trusted Timestamps Actions Demo / Validate (push) Successful in 2m8s Details	2025-03-18 13:47:27 +05:45
Artur Neumann	0d1494003c	Merge pull request 'follow redirects when downloading certificates' (#6 ) from follow into main All checks were successful Validate Trusted Timestamps Actions Demo / Validate (push) Successful in 25m42s Details Reviewed-on: #6 Reviewed-by: phil <phil@jankaritech.eu>	2025-02-17 03:37:10 +00:00
Artur Neumann	06b6d255e8	-----TIMESTAMP COMMIT----- All checks were successful Validate Trusted Timestamps Actions Demo / Validate (push) Successful in 13m36s Details Version: 1 Algorithm: sha1 Preimage: version:1,parent:d5c7b22b53192ffed685f3b8362ff8e8076c290c,tree:86b28882e4cf79c90690ac82831ddf06a10e55ad Digest: 0050ab353bfbdc4f0faf1d555d19787eaf6a6913 Timestamp: https://freetsa.org/tsr Info: Timestamp generated with GitTrustedTimestamps by Mabulous GmbH Version: 1 Policy OID: tsa_policy1 Hash Algorithm: sha1 Message data: 0000 - 00 50 ab 35 3b fb dc 4f-0f af 1d 55 5d 19 78 7e .P.5;..O...U].x~ 0010 - af 6a 69 13 .ji. Serial number: 0x05806698 Time stamp: Feb 13 06:24:31 2025 GMT Accuracy: unspecified Ordering: yes Nonce: 0x9BFC14C8020EB66B TSA: DirName:/O=Free TSA/OU=TSA/description=This certificate digitally signs documents and time stamp requests made using the freetsa.org online services/CN=www.freetsa.org/emailAddress=busilezas@gmail.com/L=Wuerzburg/C=DE/ST=Bayern Extensions: -----BEGIN RFC3161 TOKEN----- MIIFOAYJKoZIhvcNAQcCoIIFKTCCBSUCAQMxDzANBglghkgBZQMEAgMFADCCAX8G CyqGSIb3DQEJEAEEoIIBbgSCAWowggFmAgEBBgQqAwQBMCEwCQYFKw4DAhoFAAQU AFCrNTv73E8Prx1VXRl4fq9qaRMCBAWAZpgYDzIwMjUwMjEzMDYyNDMxWgEB/wIJ AJv8FMgCDrZroIIBEaSCAQ0wggEJMREwDwYDVQQKEwhGcmVlIFRTQTEMMAoGA1UE CxMDVFNBMXYwdAYDVQQNE21UaGlzIGNlcnRpZmljYXRlIGRpZ2l0YWxseSBzaWdu cyBkb2N1bWVudHMgYW5kIHRpbWUgc3RhbXAgcmVxdWVzdHMgbWFkZSB1c2luZyB0 aGUgZnJlZXRzYS5vcmcgb25saW5lIHNlcnZpY2VzMRgwFgYDVQQDEw93d3cuZnJl ZXRzYS5vcmcxIjAgBgkqhkiG9w0BCQEWE2J1c2lsZXphc0BnbWFpbC5jb20xEjAQ BgNVBAcTCVd1ZXJ6YnVyZzELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJheWVybjGC A4owggOGAgEBMIGjMIGVMREwDwYDVQQKEwhGcmVlIFRTQTEQMA4GA1UECxMHUm9v dCBDQTEYMBYGA1UEAxMPd3d3LmZyZWV0c2Eub3JnMSIwIAYJKoZIhvcNAQkBFhNi dXNpbGV6YXNAZ21haWwuY29tMRIwEAYDVQQHEwlXdWVyemJ1cmcxDzANBgNVBAgT BkJheWVybjELMAkGA1UEBhMCREUCCQDB6YYWDajpgjANBglghkgBZQMEAgMFAKCB uDAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQwHAYJKoZIhvcNAQkFMQ8XDTI1 MDIxMzA2MjQzMVowKwYLKoZIhvcNAQkQAgwxHDAaMBgwFgQUkW2j2GDsyoLjS8Wd F5Pn6WiHXxQwTwYJKoZIhvcNAQkEMUIEQB52HUI0c2GSPHMEZ06bBC1B3c44YNNd ZAX5WaBuXq67HV+nlNcnY2HUtBEfDt0gjx9g8mXfVCB/hVpC+EN2bf8wDQYJKoZI hvcNAQEBBQAEggIAg3ZRGvOLTqX6ulk4dwjYRcj+nKK8hh2vyohA8OMq/+4VgYG+ Ujgqe29V4APXQ3SsCtotSufOqWifSvzzn/olaUYOn9d8aP24JiDcmNf6oFUnZHEJ TfbQ0SUDeAYNodNMVxjG3IrVu0TYqjTLPmjYxvjeipnshUvfNDFzW87QILYT/ChB GNAv8p91z41/D+vMjtOUoSsyWDMUhrbxRWqsxHTDiBqAmWeGPVONxFpZDaRJpHlR pqkY/Cgs2JONw+o3AKCiSm9Hleue3liHxR0N6wixuZUl1eYge/19VluxeMLNS2IP Lx7vELITLpGsmtSCUKAhWgRd77xUrrfpQif1dIiZvHOIXF702swKuvsQ8jcXheQn 1jBSLuiZbjLzpMGp59pN43ObhUeYwGmbgqlQaceP6C73iQogBU3N9uY5J3hwdYbx SgZUhyApjUIvhVKmSm9UU56dOYCxmb0innyxdDsWc3hdeDXAdIibPx+B6AcDlysr 8QyEKgWogfEq+/NrFsc6xe+Jn6Td+p3+5izS6CgsHHA8S2nXfmQFNzMi2hnWVL5L f4zH0xoR+vD5vcQxo1K/FHh+6F6OxvAsjS2/KmmUjvj6yypVNqZGjTTvusGS9xKG r3jF1qbwWdKwhD0+LrdEia3TA5R+0eXc79aEeeoRrBGmY1O589cCYRJDPzE= -----END RFC3161 TOKEN----- Timestamp: https://tsa.cesnet.cz:3162/tsa Info: Timestamp generated with GitTrustedTimestamps by Mabulous GmbH Version: 1 Policy OID: 1.3.6.1.4.1.22408.1.2.3.45 Hash Algorithm: sha1 Message data: 0000 - 00 50 ab 35 3b fb dc 4f-0f af 1d 55 5d 19 78 7e .P.5;..O...U].x~ 0010 - af 6a 69 13 .ji. Serial number: 0x72F09E96316D97FF Time stamp: Feb 13 06:24:32 2025 GMT Accuracy: unspecified Ordering: no Nonce: 0xE050DA61DF1B13B1 TSA: DirName:/DC=cz/DC=cesnet-ca/O=CESNET/CN=tsa.cesnet.cz Extensions: -----BEGIN RFC3161 TOKEN----- MIID1QYJKoZIhvcNAQcCoIIDxjCCA8ICAQMxDzANBglghkgBZQMEAgEFADCBzgYL KoZIhvcNAQkQAQSggb4EgbswgbgCAQEGDCsGAQQBga8IAQIDLTAhMAkGBSsOAwIa BQAEFABQqzU7+9xPD68dVV0ZeH6vamkTAghy8J6WMW2X/xgPMjAyNTAyMTMwNjI0 MzJaAgkA4FDaYd8bE7GgXKRaMFgxEjAQBgoJkiaJk/IsZAEZFgJjejEZMBcGCgmS JomT8ixkARkWCWNlc25ldC1jYTEPMA0GA1UECgwGQ0VTTkVUMRYwFAYDVQQDDA10 c2EuY2VzbmV0LmN6MYIC2TCCAtUCAQEwbDBgMRIwEAYKCZImiZPyLGQBGRYCY3ox GTAXBgoJkiaJk/IsZAEZFgljZXNuZXQtY2ExEjAQBgNVBAoMCUNFU05FVCBDQTEb MBkGA1UEAwwSUGVyc29uYWwgU2lnbmluZyAyAghq94ZoOsDXcDANBglghkgBZQME AgEFAKCCAT4wGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEEMBwGCSqGSIb3DQEJ BTEPFw0yNTAyMTMwNjI0MzJaMC0GCSqGSIb3DQEJNDEgMB4wDQYJYIZIAWUDBAIB BQChDQYJKoZIhvcNAQELBQAwLwYJKoZIhvcNAQkEMSIEIBOM1Xd1ny1/Cn2qwXnV uTCuRE5ISmPDMJ66d0bTQKmzMIGhBgsqhkiG9w0BCRACDDGBkTCBjjCBizCBiAQU UCTsC5lLIjDwCg+Qpg0dKB0bP74wcDBkpGIwYDESMBAGCgmSJomT8ixkARkWAmN6 MRkwFwYKCZImiZPyLGQBGRYJY2VzbmV0LWNhMRIwEAYDVQQKDAlDRVNORVQgQ0Ex GzAZBgNVBAMMElBlcnNvbmFsIFNpZ25pbmcgMgIIaveGaDrA13AwDQYJKoZIhvcN AQELBQAEggEArnIdS1TSpOveavo2Y83DKcRVh73cD5uykpY6R0OFFxY/NprrYnT/ AHl+skRF0k5zcsVCbhH/BoWujj4Y+Oz5fSk29P/etC5kxTz9gMfmgSbKvV04vGjY n99Pb+ubx2xUFFQ4QeG43Esja4E37kt1H9VWuYBy+kNnExhQOW0/SwZXHJ3RV2N6 bvIHeTjXYopgAdUn9Nvr70FS9QYgr/D/gIrx6YEOoWcra8fA/ze2s6kIeO2KgTMO 7yt51tcjOtKvn/0amvHAazS4fnSDKoPWdQB33ZQQBcAI+luVGCpMYo5dHRQirOef VGE4bjPCkyXj9vuyQslf+yMw4VJ0Ur9yUw== -----END RFC3161 TOKEN-----	2025-02-13 12:09:32 +05:45
Artur Neumann	d5c7b22b53	follow redirects when downloading certificate	2025-02-13 12:09:11 +05:45
Artur Neumann	0e07bab508	Merge pull request 'automatically validate all timestamps in CI' (#5 ) from validate-timestamps-in-ci into main All checks were successful Validate Trusted Timestamps Actions Demo / Validate (push) Successful in 13m35s Details Reviewed-on: #5 Reviewed-by: phil <phil@jankaritech.eu>	2025-01-31 05:52:10 +00:00
Artur Neumann	b1a1cdd088	-----TIMESTAMP COMMIT----- All checks were successful Validate Trusted Timestamps Actions Demo / Validate (push) Successful in 7m30s Details Version: 1 Algorithm: sha1 Preimage: version:1,parent:e1d1c5e26ee291018cd217af3f734066af67e1c2,tree:6bb692a51b515326489d4f5cda9f6de455bf71bb Digest: a45bc2719ce0c445cf7aaec3549ae8e8297c45a3 Timestamp: https://freetsa.org/tsr Info: Timestamp generated with GitTrustedTimestamps by Mabulous GmbH Version: 1 Policy OID: tsa_policy1 Hash Algorithm: sha1 Message data: 0000 - a4 5b c2 71 9c e0 c4 45-cf 7a ae c3 54 9a e8 e8 .[.q...E.z..T... 0010 - 29 7c 45 a3 )\|E. Serial number: 0x0527B7D9 Time stamp: Jan 24 10:27:32 2025 GMT Accuracy: unspecified Ordering: yes Nonce: 0x301EF3AF455AF2B2 TSA: DirName:/O=Free TSA/OU=TSA/description=This certificate digitally signs documents and time stamp requests made using the freetsa.org online services/CN=www.freetsa.org/emailAddress=busilezas@gmail.com/L=Wuerzburg/C=DE/ST=Bayern Extensions: -----BEGIN RFC3161 TOKEN----- MIIFNwYJKoZIhvcNAQcCoIIFKDCCBSQCAQMxDzANBglghkgBZQMEAgMFADCCAX4G CyqGSIb3DQEJEAEEoIIBbQSCAWkwggFlAgEBBgQqAwQBMCEwCQYFKw4DAhoFAAQU pFvCcZzgxEXPeq7DVJro6Cl8RaMCBAUnt9kYDzIwMjUwMTI0MTAyNzMyWgEB/wII MB7zr0Va8rKgggERpIIBDTCCAQkxETAPBgNVBAoTCEZyZWUgVFNBMQwwCgYDVQQL EwNUU0ExdjB0BgNVBA0TbVRoaXMgY2VydGlmaWNhdGUgZGlnaXRhbGx5IHNpZ25z IGRvY3VtZW50cyBhbmQgdGltZSBzdGFtcCByZXF1ZXN0cyBtYWRlIHVzaW5nIHRo ZSBmcmVldHNhLm9yZyBvbmxpbmUgc2VydmljZXMxGDAWBgNVBAMTD3d3dy5mcmVl dHNhLm9yZzEiMCAGCSqGSIb3DQEJARYTYnVzaWxlemFzQGdtYWlsLmNvbTESMBAG A1UEBxMJV3VlcnpidXJnMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmF5ZXJuMYID ijCCA4YCAQEwgaMwgZUxETAPBgNVBAoTCEZyZWUgVFNBMRAwDgYDVQQLEwdSb290 IENBMRgwFgYDVQQDEw93d3cuZnJlZXRzYS5vcmcxIjAgBgkqhkiG9w0BCQEWE2J1 c2lsZXphc0BnbWFpbC5jb20xEjAQBgNVBAcTCVd1ZXJ6YnVyZzEPMA0GA1UECBMG QmF5ZXJuMQswCQYDVQQGEwJERQIJAMHphhYNqOmCMA0GCWCGSAFlAwQCAwUAoIG4 MBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRABBDAcBgkqhkiG9w0BCQUxDxcNMjUw MTI0MTAyNzMyWjArBgsqhkiG9w0BCRACDDEcMBowGDAWBBSRbaPYYOzKguNLxZ0X k+fpaIdfFDBPBgkqhkiG9w0BCQQxQgRAOhGsL1oQELPv80v31i69i6cmzAjZZQHN HJa/S4qmj6B6+larLZDPHJpIBcuBn1yXxEUylN6O5wjBy4Bt1OfVOzANBgkqhkiG 9w0BAQEFAASCAgA22duKRnJngnpVAjqex7dIDOleDMlwL97U5BaYrCHKJfUEwIH8 M3Q2HmiYEIFBXwnifxQxY4zZXJIAx7VIhwW82Yyt9c5SlPAWRKTZ8tllJQy0gUiL fFcn+tj0iKJEcBTHM5rxRlIJkP2S0nu0FPC3/lUsx0MLSL7gA11h2lsQhPMdehHx yp5JMuSg/+fiqfmwwSFBd9LPlxmwcyBu/6sBKSoPBnL9DJiKl9GZYKrxoUiGJF9s 6N+wkbp5qgusAnsEOnb8rd1+BYn74wyXtY+8z3nmO/qTV6DJWFe94NMYRvilGf3F 9hqpXAVF0LCrUWbwNpWsUlE/+V5OiDgs4mRWLNFIXvcHySOkPmM1y7xDvUUIcvsw uwDUwPmwpAHSTXgakcfkhLdxev6H4yPUO0LjzGfL5U7Rwzjt/SygJRgZhLO3cDI0 94sbBMiNUbnjSOCTW9AJ4FAHJchzDWjHo6EHPq/VZBm5dhlc6nLLjb4glL7nTQ6B j1ceJhZ/1P4n9Ht7tXHNjysKd5kRkstMecsC8XkeTHyzcCpH4MnnkDlY0yY8imAp Bvk5M0kpeE0CX1X15TRNHCKoLhuBHGj6CS2CaPwhsSzR5Iemt0eIIiIUNNWAQ97z vRZ+wF7EefGsf3MNyl5UqaTdWyBReNbllSTasN4zlo1NJBv6k7xNI8QfdQ== -----END RFC3161 TOKEN----- Timestamp: https://tsa.cesnet.cz:3162/tsa Info: Timestamp generated with GitTrustedTimestamps by Mabulous GmbH Version: 1 Policy OID: 1.3.6.1.4.1.22408.1.2.3.45 Hash Algorithm: sha1 Message data: 0000 - a4 5b c2 71 9c e0 c4 45-cf 7a ae c3 54 9a e8 e8 .[.q...E.z..T... 0010 - 29 7c 45 a3 )\|E. Serial number: 0x27AA2B6CB2AEA0CE Time stamp: Jan 24 10:27:33 2025 GMT Accuracy: unspecified Ordering: no Nonce: 0xEB2CD76043666DEA TSA: DirName:/DC=cz/DC=cesnet-ca/O=CESNET/CN=tsa.cesnet.cz Extensions: -----BEGIN RFC3161 TOKEN----- MIID1QYJKoZIhvcNAQcCoIIDxjCCA8ICAQMxDzANBglghkgBZQMEAgEFADCBzgYL KoZIhvcNAQkQAQSggb4EgbswgbgCAQEGDCsGAQQBga8IAQIDLTAhMAkGBSsOAwIa BQAEFKRbwnGc4MRFz3quw1Sa6OgpfEWjAggnqitssq6gzhgPMjAyNTAxMjQxMDI3 MzNaAgkA6yzXYENmbeqgXKRaMFgxEjAQBgoJkiaJk/IsZAEZFgJjejEZMBcGCgmS JomT8ixkARkWCWNlc25ldC1jYTEPMA0GA1UECgwGQ0VTTkVUMRYwFAYDVQQDDA10 c2EuY2VzbmV0LmN6MYIC2TCCAtUCAQEwbDBgMRIwEAYKCZImiZPyLGQBGRYCY3ox GTAXBgoJkiaJk/IsZAEZFgljZXNuZXQtY2ExEjAQBgNVBAoMCUNFU05FVCBDQTEb MBkGA1UEAwwSUGVyc29uYWwgU2lnbmluZyAyAghq94ZoOsDXcDANBglghkgBZQME AgEFAKCCAT4wGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEEMBwGCSqGSIb3DQEJ BTEPFw0yNTAxMjQxMDI3MzNaMC0GCSqGSIb3DQEJNDEgMB4wDQYJYIZIAWUDBAIB BQChDQYJKoZIhvcNAQELBQAwLwYJKoZIhvcNAQkEMSIEIODM6KO3/ht6dWauUKQT N3BJKLMYAmo+GyAN5hfHC80lMIGhBgsqhkiG9w0BCRACDDGBkTCBjjCBizCBiAQU UCTsC5lLIjDwCg+Qpg0dKB0bP74wcDBkpGIwYDESMBAGCgmSJomT8ixkARkWAmN6 MRkwFwYKCZImiZPyLGQBGRYJY2VzbmV0LWNhMRIwEAYDVQQKDAlDRVNORVQgQ0Ex GzAZBgNVBAMMElBlcnNvbmFsIFNpZ25pbmcgMgIIaveGaDrA13AwDQYJKoZIhvcN AQELBQAEggEAW8YhIhKvAEroACSgC1XB/fGemF9KUAYz9RAVMzCzNqvCJlut56Wc ynCl7NG7b+cR8OEtecp9VvzqHoVH1B0YpOWglkIYYRWEy3sWuYjQLiTBwTxvmTUC NQXn4khbngiZboXHnF8c/y2qxBwENra4TPt4JT5HdfNdkOhf7UhGH3FrgpHDpgPN Qsh3oXZz9140D9oT5DB/uXDRGkhCJ/9aWrP3VgIraFZ/LBJMYA1KAdc+wLsMMMUx nQzto8K2t4OMKVW731Z+43lY/GQECDWgvi5KXnT7r5wYGh5QaAziOf/XnalvtohN /Y2Cda6fjivYNFbyjkvsJJzOTFf6W+XE+g== -----END RFC3161 TOKEN-----	2025-01-24 16:12:33 +05:45
Artur Neumann	e1d1c5e26e	automatically validate all timestamps any time a change is proposed or incrporated int the archive (main branch) this check runs and 1. checks if all certificates of the Time-stamping authorities are as expected 2. all new and historic time-stamps are valid	2025-01-24 16:12:22 +05:45
Artur Neumann	9eb12b9101	Merge pull request 'script to validate whether the hash of the trustanchors folder changed' (#4 ) from validate_trustanchors_hash into main Reviewed-on: #4 Reviewed-by: phil <phil@jankaritech.eu>	2025-01-24 07:58:27 +00:00
Artur Neumann	49f05d35b8	-----TIMESTAMP COMMIT----- Version: 1 Algorithm: sha1 Preimage: version:1,parent:d22f203ab5b04e04de0dbcdf0fce3ec6a18dbf51,tree:e70e876f915fa2d63bdf7d405fb48ca1a9e50096 Digest: 94ca5c45f986511199fda711cd83dae79b27eaf5 Timestamp: https://freetsa.org/tsr Info: Timestamp generated with GitTrustedTimestamps by Mabulous GmbH Version: 1 Policy OID: tsa_policy1 Hash Algorithm: sha1 Message data: 0000 - 94 ca 5c 45 f9 86 51 11-99 fd a7 11 cd 83 da e7 ..\E..Q......... 0010 - 9b 27 ea f5 .'.. Serial number: 0x052729E1 Time stamp: Jan 24 07:57:56 2025 GMT Accuracy: unspecified Ordering: yes Nonce: 0x95B6DC184C0090F2 TSA: DirName:/O=Free TSA/OU=TSA/description=This certificate digitally signs documents and time stamp requests made using the freetsa.org online services/CN=www.freetsa.org/emailAddress=busilezas@gmail.com/L=Wuerzburg/C=DE/ST=Bayern Extensions: -----BEGIN RFC3161 TOKEN----- MIIFOAYJKoZIhvcNAQcCoIIFKTCCBSUCAQMxDzANBglghkgBZQMEAgMFADCCAX8G CyqGSIb3DQEJEAEEoIIBbgSCAWowggFmAgEBBgQqAwQBMCEwCQYFKw4DAhoFAAQU lMpcRfmGURGZ/acRzYPa55sn6vUCBAUnKeEYDzIwMjUwMTI0MDc1NzU2WgEB/wIJ AJW23BhMAJDyoIIBEaSCAQ0wggEJMREwDwYDVQQKEwhGcmVlIFRTQTEMMAoGA1UE CxMDVFNBMXYwdAYDVQQNE21UaGlzIGNlcnRpZmljYXRlIGRpZ2l0YWxseSBzaWdu cyBkb2N1bWVudHMgYW5kIHRpbWUgc3RhbXAgcmVxdWVzdHMgbWFkZSB1c2luZyB0 aGUgZnJlZXRzYS5vcmcgb25saW5lIHNlcnZpY2VzMRgwFgYDVQQDEw93d3cuZnJl ZXRzYS5vcmcxIjAgBgkqhkiG9w0BCQEWE2J1c2lsZXphc0BnbWFpbC5jb20xEjAQ BgNVBAcTCVd1ZXJ6YnVyZzELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJheWVybjGC A4owggOGAgEBMIGjMIGVMREwDwYDVQQKEwhGcmVlIFRTQTEQMA4GA1UECxMHUm9v dCBDQTEYMBYGA1UEAxMPd3d3LmZyZWV0c2Eub3JnMSIwIAYJKoZIhvcNAQkBFhNi dXNpbGV6YXNAZ21haWwuY29tMRIwEAYDVQQHEwlXdWVyemJ1cmcxDzANBgNVBAgT BkJheWVybjELMAkGA1UEBhMCREUCCQDB6YYWDajpgjANBglghkgBZQMEAgMFAKCB uDAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQwHAYJKoZIhvcNAQkFMQ8XDTI1 MDEyNDA3NTc1NlowKwYLKoZIhvcNAQkQAgwxHDAaMBgwFgQUkW2j2GDsyoLjS8Wd F5Pn6WiHXxQwTwYJKoZIhvcNAQkEMUIEQPeVDoOWvx/xfL2roIlwOifjPctlsWCF PWngjJJGdXQwuT2n3/KkTXQ+D6AMVRV0Jvj6fKEtx9LEvH4EIQ2XnG4wDQYJKoZI hvcNAQEBBQAEggIAm/KiZ2o9EG98tkVm0h5xAUVqDwLaBFlRxz7W6600iiJNZPd3 yBW0JbZ1thRT/AyUgGEc2M27I57EDLkHEmWGhA1Dh/HMhL9lNtsLhM5GJQuOD/2S SQjS72ySVcZYnLqRK8z4tR8+Q7san0oxT6UhQGmzOu08pjjs+E9BxZVNhMu7MSGu gSmg1qtAPQs7dXeAX+WKrxaFMSgz3COn9xSWhubwhE+9YKYIO0V7iEu/aimd9syr WxYhzcmmpqe+TNnAIEICqf/8Loj7NlJT6EZiErUBi19f4rnbKjae2wgWdon/901m vcTGgEpCGeWWnP2uMgibYeMfmo8PqAowOCmbbtb4ImvsXtJ+w12cE77eBVvHkOtd 9c4pzwrBDdWf9rDaEGvmytsn9hiUOqNUJqy7X0RokgZAhKBiwnWwj0tcBSVRymMH P2OKQqPW5QmIEnN4l9cXxI1jjzR9DuGLOXN/HFHetE6Q9J7svTvb2ojHAy9Vu6op MKgD36kmLB2BoDFKWWsNRah2rcR7JBq8AwHvR3wjFrjBK3bcmKrkHPbZLQM1Xrhy 8pDWJtLE7qUVjT5peAV+HJTL79l1ayBwPyl5EU9lWSxRjrHqHlesKH70u47u5JNi PAt9wgoQ4LWnFWqujtv4dZWDc5yNWq0sUmoII9WIO+HfiOJ1Ue+2nYkP9Xw= -----END RFC3161 TOKEN----- Timestamp: https://tsa.cesnet.cz:3162/tsa Info: Timestamp generated with GitTrustedTimestamps by Mabulous GmbH Version: 1 Policy OID: 1.3.6.1.4.1.22408.1.2.3.45 Hash Algorithm: sha1 Message data: 0000 - 94 ca 5c 45 f9 86 51 11-99 fd a7 11 cd 83 da e7 ..\E..Q......... 0010 - 9b 27 ea f5 .'.. Serial number: 0x6B11456390A4A52C Time stamp: Jan 24 07:57:57 2025 GMT Accuracy: unspecified Ordering: no Nonce: 0xBCDBFCA8C45E6309 TSA: DirName:/DC=cz/DC=cesnet-ca/O=CESNET/CN=tsa.cesnet.cz Extensions: -----BEGIN RFC3161 TOKEN----- MIID1QYJKoZIhvcNAQcCoIIDxjCCA8ICAQMxDzANBglghkgBZQMEAgEFADCBzgYL KoZIhvcNAQkQAQSggb4EgbswgbgCAQEGDCsGAQQBga8IAQIDLTAhMAkGBSsOAwIa BQAEFJTKXEX5hlERmf2nEc2D2uebJ+r1AghrEUVjkKSlLBgPMjAyNTAxMjQwNzU3 NTdaAgkAvNv8qMReYwmgXKRaMFgxEjAQBgoJkiaJk/IsZAEZFgJjejEZMBcGCgmS JomT8ixkARkWCWNlc25ldC1jYTEPMA0GA1UECgwGQ0VTTkVUMRYwFAYDVQQDDA10 c2EuY2VzbmV0LmN6MYIC2TCCAtUCAQEwbDBgMRIwEAYKCZImiZPyLGQBGRYCY3ox GTAXBgoJkiaJk/IsZAEZFgljZXNuZXQtY2ExEjAQBgNVBAoMCUNFU05FVCBDQTEb MBkGA1UEAwwSUGVyc29uYWwgU2lnbmluZyAyAghq94ZoOsDXcDANBglghkgBZQME AgEFAKCCAT4wGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEEMBwGCSqGSIb3DQEJ BTEPFw0yNTAxMjQwNzU3NTdaMC0GCSqGSIb3DQEJNDEgMB4wDQYJYIZIAWUDBAIB BQChDQYJKoZIhvcNAQELBQAwLwYJKoZIhvcNAQkEMSIEIArVkoHd0fkRZmDW1bjL /QcSZHQ1HshoIG5TlCmiC3C5MIGhBgsqhkiG9w0BCRACDDGBkTCBjjCBizCBiAQU UCTsC5lLIjDwCg+Qpg0dKB0bP74wcDBkpGIwYDESMBAGCgmSJomT8ixkARkWAmN6 MRkwFwYKCZImiZPyLGQBGRYJY2VzbmV0LWNhMRIwEAYDVQQKDAlDRVNORVQgQ0Ex GzAZBgNVBAMMElBlcnNvbmFsIFNpZ25pbmcgMgIIaveGaDrA13AwDQYJKoZIhvcN AQELBQAEggEAIkPQW/pDRhf5wP0wgXVK/fkxQSZHxws0PsmeWoYXe+4qOZZnBp6w KCemSSlaB6Eru2pZmQlbD/4gHvoZvZqk/J3d2zCGcDZwwnPC/dfo6YpCDXZ3hYnk gH5N+U2KjA9io3BdTNQ/Xt3aMCubV81nE+/O1vWtQEWwKVvuc6pzXAn9TivOaoX/ tpvQZI68lDH4sz1kN+TjkVVGllVERag8z4lBPWqWO1/bAAU90xT9oFyAOOd+0ERW ScEOVBVPaRw8C+EqiDmxAWhzoe+Bxi1KME/XX+JD40J5TnXTDVGXMx3sBKvl7uZl Xt012A1KyoWs+99V/ixgeeiiQQtphcYE4A== -----END RFC3161 TOKEN-----	2025-01-24 13:42:57 +05:45
Artur Neumann	d22f203ab5	script to validate whether the hash of the trustanchors folder changed this is useful to make sure the same set of TSA are used on different machines and that they haven't been changed. E.g. I want to make sure I use the same TSA on my local machine as in CI and I want to make sure the imported certificates in CI are the same as in my local machine, so that I can trust them.	2025-01-24 13:42:46 +05:45
Artur Neumann	f2bddae3f9	Merge pull request 'set execute permission on hooks' (#3 ) from xPerm into main Reviewed-on: #3 Reviewed-by: phil <phil@jankaritech.eu>	2025-01-24 07:50:31 +00:00