JankariTechUG/GitTrustedTimestamps
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

Compare commits

base: JankariTechUG:4f911c69d454211d6433e51979d89f1b0d0d8c59
Branches Tags
JankariTechUG:main JankariTechUG:date-order JankariTechUG:respect-MAX_COMMITS_TO_CHECK JankariTechUG:limit-num-commits-validated JankariTechUG:validate-each-commit-once-only
...
compare: JankariTechUG:main
Branches Tags
JankariTechUG:main JankariTechUG:date-order JankariTechUG:respect-MAX_COMMITS_TO_CHECK JankariTechUG:limit-num-commits-validated JankariTechUG:validate-each-commit-once-only

28 Commits
4f911c69d4 ... main

Author SHA1 Message Date
Artur Neumann
093d283977 Merge pull request 'feature: validate commits in reverse date-time order when MAX_COMMITS_TO_CHECK is used' (#12) from date-order into main
All checks were successful
Validate Trusted Timestamps Actions Demo / Validate (push) Successful in 54m17s
Details 
Reviewed-on: #12
Reviewed-by: Artur Neumann <artur@jankaritech.eu>
 2025-06-04 03:16:25 +00:00
Phil Davis
d48097695b feature: validate commits in reverse date-time order when MAX_COMMITS_TO_CHECK is used
All checks were successful
Validate Trusted Timestamps Actions Demo / Validate (push) Successful in 28m9s
Details 
This ensures that the most recent commits are the ones that are validated.
 2025-06-03 17:21:42 +05:45
phil
1622c1244f Merge pull request 'fix: stop correctly when MAX_COMMITS_TO_CHECK is reached' (#10) from respect-MAX_COMMITS_TO_CHECK into main
All checks were successful
Validate Trusted Timestamps Actions Demo / Validate (push) Successful in 22m53s
Details 
Reviewed-on: #10
Reviewed-by: Artur Neumann <artur@jankaritech.eu>
 2025-06-02 11:40:09 +00:00
Phil Davis
f712aa0822 chore: adjust comment about MAX_COMMITS_TO_CHECK
All checks were successful
Validate Trusted Timestamps Actions Demo / Validate (push) Successful in 14m39s
Details
2025-06-02 15:32:48 +05:45
Phil Davis
8aba6e98d1 fix: stop correctly when MAX_COMMITS_TO_CHECK is reached
All checks were successful
Validate Trusted Timestamps Actions Demo / Validate (push) Successful in 11m40s
Details
2025-06-02 14:32:23 +05:45
phil
31e44f9b70 Merge pull request 'feature: limit the number of commits to be validated' (#9) from limit-num-commits-validated into main
All checks were successful
Validate Trusted Timestamps Actions Demo / Validate (push) Successful in 14m5s
Details 
Reviewed-on: #9
Reviewed-by: Artur Neumann <artur@jankaritech.eu>
 2025-06-02 04:10:47 +00:00
Phil Davis
4437b66f67 feature: default to checking all commits
All checks were successful
Validate Trusted Timestamps Actions Demo / Validate (push) Successful in 13m47s
Details
2025-05-29 09:55:57 +05:45
Phil Davis
aabd314dde feature: limit the number of commits to be validated
All checks were successful
Validate Trusted Timestamps Actions Demo / Validate (push) Successful in 49s
Details 
Signed-off-by: Phil Davis <phil@jankaritech.com>
 2025-05-28 10:56:06 +05:45
Artur Neumann
ac5e6a6a89 Merge pull request 'only validate each commit once' (#7) from validate-each-commit-once-only into main
All checks were successful
Validate Trusted Timestamps Actions Demo / Validate (push) Successful in 2m59s
Details 
Reviewed-on: #7
Reviewed-by: Artur Neumann <artur@jankaritech.eu>
 2025-03-19 03:55:52 +00:00
Phil Davis
2976a241af only validate each commit once
All checks were successful
Validate Trusted Timestamps Actions Demo / Validate (push) Successful in 2m8s
Details
2025-03-18 13:47:27 +05:45
Artur Neumann
0d1494003c Merge pull request 'follow redirects when downloading certificates' (#6) from follow into main
All checks were successful
Validate Trusted Timestamps Actions Demo / Validate (push) Successful in 25m42s
Details 
Reviewed-on: #6
Reviewed-by: phil <phil@jankaritech.eu>
 2025-02-17 03:37:10 +00:00
Artur Neumann
06b6d255e8 -----TIMESTAMP COMMIT-----
All checks were successful
Validate Trusted Timestamps Actions Demo / Validate (push) Successful in 13m36s
Details 
Version: 1

Algorithm: sha1

Preimage: version:1,parent:d5c7b22b53192ffed685f3b8362ff8e8076c290c,tree:86b28882e4cf79c90690ac82831ddf06a10e55ad

Digest: 0050ab353bfbdc4f0faf1d555d19787eaf6a6913

Timestamp: https://freetsa.org/tsr
 Info: Timestamp generated with GitTrustedTimestamps by Mabulous GmbH

 Version: 1
 Policy OID: tsa_policy1
 Hash Algorithm: sha1
 Message data:
     0000 - 00 50 ab 35 3b fb dc 4f-0f af 1d 55 5d 19 78 7e   .P.5;..O...U].x~
     0010 - af 6a 69 13                                       .ji.
 Serial number: 0x05806698
 Time stamp: Feb 13 06:24:31 2025 GMT
 Accuracy: unspecified
 Ordering: yes
 Nonce: 0x9BFC14C8020EB66B
 TSA: DirName:/O=Free TSA/OU=TSA/description=This certificate digitally signs documents and time stamp requests made using the freetsa.org online services/CN=www.freetsa.org/emailAddress=busilezas@gmail.com/L=Wuerzburg/C=DE/ST=Bayern
 Extensions:

 -----BEGIN RFC3161 TOKEN-----
 MIIFOAYJKoZIhvcNAQcCoIIFKTCCBSUCAQMxDzANBglghkgBZQMEAgMFADCCAX8G
 CyqGSIb3DQEJEAEEoIIBbgSCAWowggFmAgEBBgQqAwQBMCEwCQYFKw4DAhoFAAQU
 AFCrNTv73E8Prx1VXRl4fq9qaRMCBAWAZpgYDzIwMjUwMjEzMDYyNDMxWgEB/wIJ
 AJv8FMgCDrZroIIBEaSCAQ0wggEJMREwDwYDVQQKEwhGcmVlIFRTQTEMMAoGA1UE
 CxMDVFNBMXYwdAYDVQQNE21UaGlzIGNlcnRpZmljYXRlIGRpZ2l0YWxseSBzaWdu
 cyBkb2N1bWVudHMgYW5kIHRpbWUgc3RhbXAgcmVxdWVzdHMgbWFkZSB1c2luZyB0
 aGUgZnJlZXRzYS5vcmcgb25saW5lIHNlcnZpY2VzMRgwFgYDVQQDEw93d3cuZnJl
 ZXRzYS5vcmcxIjAgBgkqhkiG9w0BCQEWE2J1c2lsZXphc0BnbWFpbC5jb20xEjAQ
 BgNVBAcTCVd1ZXJ6YnVyZzELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJheWVybjGC
 A4owggOGAgEBMIGjMIGVMREwDwYDVQQKEwhGcmVlIFRTQTEQMA4GA1UECxMHUm9v
 dCBDQTEYMBYGA1UEAxMPd3d3LmZyZWV0c2Eub3JnMSIwIAYJKoZIhvcNAQkBFhNi
 dXNpbGV6YXNAZ21haWwuY29tMRIwEAYDVQQHEwlXdWVyemJ1cmcxDzANBgNVBAgT
 BkJheWVybjELMAkGA1UEBhMCREUCCQDB6YYWDajpgjANBglghkgBZQMEAgMFAKCB
 uDAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQwHAYJKoZIhvcNAQkFMQ8XDTI1
 MDIxMzA2MjQzMVowKwYLKoZIhvcNAQkQAgwxHDAaMBgwFgQUkW2j2GDsyoLjS8Wd
 F5Pn6WiHXxQwTwYJKoZIhvcNAQkEMUIEQB52HUI0c2GSPHMEZ06bBC1B3c44YNNd
 ZAX5WaBuXq67HV+nlNcnY2HUtBEfDt0gjx9g8mXfVCB/hVpC+EN2bf8wDQYJKoZI
 hvcNAQEBBQAEggIAg3ZRGvOLTqX6ulk4dwjYRcj+nKK8hh2vyohA8OMq/+4VgYG+
 Ujgqe29V4APXQ3SsCtotSufOqWifSvzzn/olaUYOn9d8aP24JiDcmNf6oFUnZHEJ
 TfbQ0SUDeAYNodNMVxjG3IrVu0TYqjTLPmjYxvjeipnshUvfNDFzW87QILYT/ChB
 GNAv8p91z41/D+vMjtOUoSsyWDMUhrbxRWqsxHTDiBqAmWeGPVONxFpZDaRJpHlR
 pqkY/Cgs2JONw+o3AKCiSm9Hleue3liHxR0N6wixuZUl1eYge/19VluxeMLNS2IP
 Lx7vELITLpGsmtSCUKAhWgRd77xUrrfpQif1dIiZvHOIXF702swKuvsQ8jcXheQn
 1jBSLuiZbjLzpMGp59pN43ObhUeYwGmbgqlQaceP6C73iQogBU3N9uY5J3hwdYbx
 SgZUhyApjUIvhVKmSm9UU56dOYCxmb0innyxdDsWc3hdeDXAdIibPx+B6AcDlysr
 8QyEKgWogfEq+/NrFsc6xe+Jn6Td+p3+5izS6CgsHHA8S2nXfmQFNzMi2hnWVL5L
 f4zH0xoR+vD5vcQxo1K/FHh+6F6OxvAsjS2/KmmUjvj6yypVNqZGjTTvusGS9xKG
 r3jF1qbwWdKwhD0+LrdEia3TA5R+0eXc79aEeeoRrBGmY1O589cCYRJDPzE=
 -----END RFC3161 TOKEN-----

Timestamp: https://tsa.cesnet.cz:3162/tsa
 Info: Timestamp generated with GitTrustedTimestamps by Mabulous GmbH

 Version: 1
 Policy OID: 1.3.6.1.4.1.22408.1.2.3.45
 Hash Algorithm: sha1
 Message data:
     0000 - 00 50 ab 35 3b fb dc 4f-0f af 1d 55 5d 19 78 7e   .P.5;..O...U].x~
     0010 - af 6a 69 13                                       .ji.
 Serial number: 0x72F09E96316D97FF
 Time stamp: Feb 13 06:24:32 2025 GMT
 Accuracy: unspecified
 Ordering: no
 Nonce: 0xE050DA61DF1B13B1
 TSA: DirName:/DC=cz/DC=cesnet-ca/O=CESNET/CN=tsa.cesnet.cz
 Extensions:

 -----BEGIN RFC3161 TOKEN-----
 MIID1QYJKoZIhvcNAQcCoIIDxjCCA8ICAQMxDzANBglghkgBZQMEAgEFADCBzgYL
 KoZIhvcNAQkQAQSggb4EgbswgbgCAQEGDCsGAQQBga8IAQIDLTAhMAkGBSsOAwIa
 BQAEFABQqzU7+9xPD68dVV0ZeH6vamkTAghy8J6WMW2X/xgPMjAyNTAyMTMwNjI0
 MzJaAgkA4FDaYd8bE7GgXKRaMFgxEjAQBgoJkiaJk/IsZAEZFgJjejEZMBcGCgmS
 JomT8ixkARkWCWNlc25ldC1jYTEPMA0GA1UECgwGQ0VTTkVUMRYwFAYDVQQDDA10
 c2EuY2VzbmV0LmN6MYIC2TCCAtUCAQEwbDBgMRIwEAYKCZImiZPyLGQBGRYCY3ox
 GTAXBgoJkiaJk/IsZAEZFgljZXNuZXQtY2ExEjAQBgNVBAoMCUNFU05FVCBDQTEb
 MBkGA1UEAwwSUGVyc29uYWwgU2lnbmluZyAyAghq94ZoOsDXcDANBglghkgBZQME
 AgEFAKCCAT4wGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEEMBwGCSqGSIb3DQEJ
 BTEPFw0yNTAyMTMwNjI0MzJaMC0GCSqGSIb3DQEJNDEgMB4wDQYJYIZIAWUDBAIB
 BQChDQYJKoZIhvcNAQELBQAwLwYJKoZIhvcNAQkEMSIEIBOM1Xd1ny1/Cn2qwXnV
 uTCuRE5ISmPDMJ66d0bTQKmzMIGhBgsqhkiG9w0BCRACDDGBkTCBjjCBizCBiAQU
 UCTsC5lLIjDwCg+Qpg0dKB0bP74wcDBkpGIwYDESMBAGCgmSJomT8ixkARkWAmN6
 MRkwFwYKCZImiZPyLGQBGRYJY2VzbmV0LWNhMRIwEAYDVQQKDAlDRVNORVQgQ0Ex
 GzAZBgNVBAMMElBlcnNvbmFsIFNpZ25pbmcgMgIIaveGaDrA13AwDQYJKoZIhvcN
 AQELBQAEggEArnIdS1TSpOveavo2Y83DKcRVh73cD5uykpY6R0OFFxY/NprrYnT/
 AHl+skRF0k5zcsVCbhH/BoWujj4Y+Oz5fSk29P/etC5kxTz9gMfmgSbKvV04vGjY
 n99Pb+ubx2xUFFQ4QeG43Esja4E37kt1H9VWuYBy+kNnExhQOW0/SwZXHJ3RV2N6
 bvIHeTjXYopgAdUn9Nvr70FS9QYgr/D/gIrx6YEOoWcra8fA/ze2s6kIeO2KgTMO
 7yt51tcjOtKvn/0amvHAazS4fnSDKoPWdQB33ZQQBcAI+luVGCpMYo5dHRQirOef
 VGE4bjPCkyXj9vuyQslf+yMw4VJ0Ur9yUw==
 -----END RFC3161 TOKEN-----
 2025-02-13 12:09:32 +05:45
Artur Neumann
d5c7b22b53 follow redirects when downloading certificate 2025-02-13 12:09:11 +05:45
Artur Neumann
0e07bab508 Merge pull request 'automatically validate all timestamps in CI' (#5) from validate-timestamps-in-ci into main
All checks were successful
Validate Trusted Timestamps Actions Demo / Validate (push) Successful in 13m35s
Details 
Reviewed-on: #5
Reviewed-by: phil <phil@jankaritech.eu>
 2025-01-31 05:52:10 +00:00
Artur Neumann
b1a1cdd088 -----TIMESTAMP COMMIT-----
All checks were successful
Validate Trusted Timestamps Actions Demo / Validate (push) Successful in 7m30s
Details 
Version: 1

Algorithm: sha1

Preimage: version:1,parent:e1d1c5e26ee291018cd217af3f734066af67e1c2,tree:6bb692a51b515326489d4f5cda9f6de455bf71bb

Digest: a45bc2719ce0c445cf7aaec3549ae8e8297c45a3

Timestamp: https://freetsa.org/tsr
 Info: Timestamp generated with GitTrustedTimestamps by Mabulous GmbH

 Version: 1
 Policy OID: tsa_policy1
 Hash Algorithm: sha1
 Message data:
     0000 - a4 5b c2 71 9c e0 c4 45-cf 7a ae c3 54 9a e8 e8   .[.q...E.z..T...
     0010 - 29 7c 45 a3                                       )|E.
 Serial number: 0x0527B7D9
 Time stamp: Jan 24 10:27:32 2025 GMT
 Accuracy: unspecified
 Ordering: yes
 Nonce: 0x301EF3AF455AF2B2
 TSA: DirName:/O=Free TSA/OU=TSA/description=This certificate digitally signs documents and time stamp requests made using the freetsa.org online services/CN=www.freetsa.org/emailAddress=busilezas@gmail.com/L=Wuerzburg/C=DE/ST=Bayern
 Extensions:

 -----BEGIN RFC3161 TOKEN-----
 MIIFNwYJKoZIhvcNAQcCoIIFKDCCBSQCAQMxDzANBglghkgBZQMEAgMFADCCAX4G
 CyqGSIb3DQEJEAEEoIIBbQSCAWkwggFlAgEBBgQqAwQBMCEwCQYFKw4DAhoFAAQU
 pFvCcZzgxEXPeq7DVJro6Cl8RaMCBAUnt9kYDzIwMjUwMTI0MTAyNzMyWgEB/wII
 MB7zr0Va8rKgggERpIIBDTCCAQkxETAPBgNVBAoTCEZyZWUgVFNBMQwwCgYDVQQL
 EwNUU0ExdjB0BgNVBA0TbVRoaXMgY2VydGlmaWNhdGUgZGlnaXRhbGx5IHNpZ25z
 IGRvY3VtZW50cyBhbmQgdGltZSBzdGFtcCByZXF1ZXN0cyBtYWRlIHVzaW5nIHRo
 ZSBmcmVldHNhLm9yZyBvbmxpbmUgc2VydmljZXMxGDAWBgNVBAMTD3d3dy5mcmVl
 dHNhLm9yZzEiMCAGCSqGSIb3DQEJARYTYnVzaWxlemFzQGdtYWlsLmNvbTESMBAG
 A1UEBxMJV3VlcnpidXJnMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmF5ZXJuMYID
 ijCCA4YCAQEwgaMwgZUxETAPBgNVBAoTCEZyZWUgVFNBMRAwDgYDVQQLEwdSb290
 IENBMRgwFgYDVQQDEw93d3cuZnJlZXRzYS5vcmcxIjAgBgkqhkiG9w0BCQEWE2J1
 c2lsZXphc0BnbWFpbC5jb20xEjAQBgNVBAcTCVd1ZXJ6YnVyZzEPMA0GA1UECBMG
 QmF5ZXJuMQswCQYDVQQGEwJERQIJAMHphhYNqOmCMA0GCWCGSAFlAwQCAwUAoIG4
 MBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRABBDAcBgkqhkiG9w0BCQUxDxcNMjUw
 MTI0MTAyNzMyWjArBgsqhkiG9w0BCRACDDEcMBowGDAWBBSRbaPYYOzKguNLxZ0X
 k+fpaIdfFDBPBgkqhkiG9w0BCQQxQgRAOhGsL1oQELPv80v31i69i6cmzAjZZQHN
 HJa/S4qmj6B6+larLZDPHJpIBcuBn1yXxEUylN6O5wjBy4Bt1OfVOzANBgkqhkiG
 9w0BAQEFAASCAgA22duKRnJngnpVAjqex7dIDOleDMlwL97U5BaYrCHKJfUEwIH8
 M3Q2HmiYEIFBXwnifxQxY4zZXJIAx7VIhwW82Yyt9c5SlPAWRKTZ8tllJQy0gUiL
 fFcn+tj0iKJEcBTHM5rxRlIJkP2S0nu0FPC3/lUsx0MLSL7gA11h2lsQhPMdehHx
 yp5JMuSg/+fiqfmwwSFBd9LPlxmwcyBu/6sBKSoPBnL9DJiKl9GZYKrxoUiGJF9s
 6N+wkbp5qgusAnsEOnb8rd1+BYn74wyXtY+8z3nmO/qTV6DJWFe94NMYRvilGf3F
 9hqpXAVF0LCrUWbwNpWsUlE/+V5OiDgs4mRWLNFIXvcHySOkPmM1y7xDvUUIcvsw
 uwDUwPmwpAHSTXgakcfkhLdxev6H4yPUO0LjzGfL5U7Rwzjt/SygJRgZhLO3cDI0
 94sbBMiNUbnjSOCTW9AJ4FAHJchzDWjHo6EHPq/VZBm5dhlc6nLLjb4glL7nTQ6B
 j1ceJhZ/1P4n9Ht7tXHNjysKd5kRkstMecsC8XkeTHyzcCpH4MnnkDlY0yY8imAp
 Bvk5M0kpeE0CX1X15TRNHCKoLhuBHGj6CS2CaPwhsSzR5Iemt0eIIiIUNNWAQ97z
 vRZ+wF7EefGsf3MNyl5UqaTdWyBReNbllSTasN4zlo1NJBv6k7xNI8QfdQ==
 -----END RFC3161 TOKEN-----

Timestamp: https://tsa.cesnet.cz:3162/tsa
 Info: Timestamp generated with GitTrustedTimestamps by Mabulous GmbH

 Version: 1
 Policy OID: 1.3.6.1.4.1.22408.1.2.3.45
 Hash Algorithm: sha1
 Message data:
     0000 - a4 5b c2 71 9c e0 c4 45-cf 7a ae c3 54 9a e8 e8   .[.q...E.z..T...
     0010 - 29 7c 45 a3                                       )|E.
 Serial number: 0x27AA2B6CB2AEA0CE
 Time stamp: Jan 24 10:27:33 2025 GMT
 Accuracy: unspecified
 Ordering: no
 Nonce: 0xEB2CD76043666DEA
 TSA: DirName:/DC=cz/DC=cesnet-ca/O=CESNET/CN=tsa.cesnet.cz
 Extensions:

 -----BEGIN RFC3161 TOKEN-----
 MIID1QYJKoZIhvcNAQcCoIIDxjCCA8ICAQMxDzANBglghkgBZQMEAgEFADCBzgYL
 KoZIhvcNAQkQAQSggb4EgbswgbgCAQEGDCsGAQQBga8IAQIDLTAhMAkGBSsOAwIa
 BQAEFKRbwnGc4MRFz3quw1Sa6OgpfEWjAggnqitssq6gzhgPMjAyNTAxMjQxMDI3
 MzNaAgkA6yzXYENmbeqgXKRaMFgxEjAQBgoJkiaJk/IsZAEZFgJjejEZMBcGCgmS
 JomT8ixkARkWCWNlc25ldC1jYTEPMA0GA1UECgwGQ0VTTkVUMRYwFAYDVQQDDA10
 c2EuY2VzbmV0LmN6MYIC2TCCAtUCAQEwbDBgMRIwEAYKCZImiZPyLGQBGRYCY3ox
 GTAXBgoJkiaJk/IsZAEZFgljZXNuZXQtY2ExEjAQBgNVBAoMCUNFU05FVCBDQTEb
 MBkGA1UEAwwSUGVyc29uYWwgU2lnbmluZyAyAghq94ZoOsDXcDANBglghkgBZQME
 AgEFAKCCAT4wGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEEMBwGCSqGSIb3DQEJ
 BTEPFw0yNTAxMjQxMDI3MzNaMC0GCSqGSIb3DQEJNDEgMB4wDQYJYIZIAWUDBAIB
 BQChDQYJKoZIhvcNAQELBQAwLwYJKoZIhvcNAQkEMSIEIODM6KO3/ht6dWauUKQT
 N3BJKLMYAmo+GyAN5hfHC80lMIGhBgsqhkiG9w0BCRACDDGBkTCBjjCBizCBiAQU
 UCTsC5lLIjDwCg+Qpg0dKB0bP74wcDBkpGIwYDESMBAGCgmSJomT8ixkARkWAmN6
 MRkwFwYKCZImiZPyLGQBGRYJY2VzbmV0LWNhMRIwEAYDVQQKDAlDRVNORVQgQ0Ex
 GzAZBgNVBAMMElBlcnNvbmFsIFNpZ25pbmcgMgIIaveGaDrA13AwDQYJKoZIhvcN
 AQELBQAEggEAW8YhIhKvAEroACSgC1XB/fGemF9KUAYz9RAVMzCzNqvCJlut56Wc
 ynCl7NG7b+cR8OEtecp9VvzqHoVH1B0YpOWglkIYYRWEy3sWuYjQLiTBwTxvmTUC
 NQXn4khbngiZboXHnF8c/y2qxBwENra4TPt4JT5HdfNdkOhf7UhGH3FrgpHDpgPN
 Qsh3oXZz9140D9oT5DB/uXDRGkhCJ/9aWrP3VgIraFZ/LBJMYA1KAdc+wLsMMMUx
 nQzto8K2t4OMKVW731Z+43lY/GQECDWgvi5KXnT7r5wYGh5QaAziOf/XnalvtohN
 /Y2Cda6fjivYNFbyjkvsJJzOTFf6W+XE+g==
 -----END RFC3161 TOKEN-----
 2025-01-24 16:12:33 +05:45
Artur Neumann
e1d1c5e26e automatically validate all timestamps 
any time a change is proposed or incrporated int the archive (main
branch) this check runs and
1. checks if all certificates of the Time-stamping authorities are as
   expected
2. all new and historic time-stamps are valid
 2025-01-24 16:12:22 +05:45
Artur Neumann
9eb12b9101 Merge pull request 'script to validate whether the hash of the trustanchors folder changed' (#4) from validate_trustanchors_hash into main 
Reviewed-on: #4
Reviewed-by: phil <phil@jankaritech.eu>
 2025-01-24 07:58:27 +00:00
Artur Neumann
49f05d35b8 -----TIMESTAMP COMMIT----- 
Version: 1

Algorithm: sha1

Preimage: version:1,parent:d22f203ab5b04e04de0dbcdf0fce3ec6a18dbf51,tree:e70e876f915fa2d63bdf7d405fb48ca1a9e50096

Digest: 94ca5c45f986511199fda711cd83dae79b27eaf5

Timestamp: https://freetsa.org/tsr
 Info: Timestamp generated with GitTrustedTimestamps by Mabulous GmbH

 Version: 1
 Policy OID: tsa_policy1
 Hash Algorithm: sha1
 Message data:
     0000 - 94 ca 5c 45 f9 86 51 11-99 fd a7 11 cd 83 da e7   ..\E..Q.........
     0010 - 9b 27 ea f5                                       .'..
 Serial number: 0x052729E1
 Time stamp: Jan 24 07:57:56 2025 GMT
 Accuracy: unspecified
 Ordering: yes
 Nonce: 0x95B6DC184C0090F2
 TSA: DirName:/O=Free TSA/OU=TSA/description=This certificate digitally signs documents and time stamp requests made using the freetsa.org online services/CN=www.freetsa.org/emailAddress=busilezas@gmail.com/L=Wuerzburg/C=DE/ST=Bayern
 Extensions:

 -----BEGIN RFC3161 TOKEN-----
 MIIFOAYJKoZIhvcNAQcCoIIFKTCCBSUCAQMxDzANBglghkgBZQMEAgMFADCCAX8G
 CyqGSIb3DQEJEAEEoIIBbgSCAWowggFmAgEBBgQqAwQBMCEwCQYFKw4DAhoFAAQU
 lMpcRfmGURGZ/acRzYPa55sn6vUCBAUnKeEYDzIwMjUwMTI0MDc1NzU2WgEB/wIJ
 AJW23BhMAJDyoIIBEaSCAQ0wggEJMREwDwYDVQQKEwhGcmVlIFRTQTEMMAoGA1UE
 CxMDVFNBMXYwdAYDVQQNE21UaGlzIGNlcnRpZmljYXRlIGRpZ2l0YWxseSBzaWdu
 cyBkb2N1bWVudHMgYW5kIHRpbWUgc3RhbXAgcmVxdWVzdHMgbWFkZSB1c2luZyB0
 aGUgZnJlZXRzYS5vcmcgb25saW5lIHNlcnZpY2VzMRgwFgYDVQQDEw93d3cuZnJl
 ZXRzYS5vcmcxIjAgBgkqhkiG9w0BCQEWE2J1c2lsZXphc0BnbWFpbC5jb20xEjAQ
 BgNVBAcTCVd1ZXJ6YnVyZzELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJheWVybjGC
 A4owggOGAgEBMIGjMIGVMREwDwYDVQQKEwhGcmVlIFRTQTEQMA4GA1UECxMHUm9v
 dCBDQTEYMBYGA1UEAxMPd3d3LmZyZWV0c2Eub3JnMSIwIAYJKoZIhvcNAQkBFhNi
 dXNpbGV6YXNAZ21haWwuY29tMRIwEAYDVQQHEwlXdWVyemJ1cmcxDzANBgNVBAgT
 BkJheWVybjELMAkGA1UEBhMCREUCCQDB6YYWDajpgjANBglghkgBZQMEAgMFAKCB
 uDAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQwHAYJKoZIhvcNAQkFMQ8XDTI1
 MDEyNDA3NTc1NlowKwYLKoZIhvcNAQkQAgwxHDAaMBgwFgQUkW2j2GDsyoLjS8Wd
 F5Pn6WiHXxQwTwYJKoZIhvcNAQkEMUIEQPeVDoOWvx/xfL2roIlwOifjPctlsWCF
 PWngjJJGdXQwuT2n3/KkTXQ+D6AMVRV0Jvj6fKEtx9LEvH4EIQ2XnG4wDQYJKoZI
 hvcNAQEBBQAEggIAm/KiZ2o9EG98tkVm0h5xAUVqDwLaBFlRxz7W6600iiJNZPd3
 yBW0JbZ1thRT/AyUgGEc2M27I57EDLkHEmWGhA1Dh/HMhL9lNtsLhM5GJQuOD/2S
 SQjS72ySVcZYnLqRK8z4tR8+Q7san0oxT6UhQGmzOu08pjjs+E9BxZVNhMu7MSGu
 gSmg1qtAPQs7dXeAX+WKrxaFMSgz3COn9xSWhubwhE+9YKYIO0V7iEu/aimd9syr
 WxYhzcmmpqe+TNnAIEICqf/8Loj7NlJT6EZiErUBi19f4rnbKjae2wgWdon/901m
 vcTGgEpCGeWWnP2uMgibYeMfmo8PqAowOCmbbtb4ImvsXtJ+w12cE77eBVvHkOtd
 9c4pzwrBDdWf9rDaEGvmytsn9hiUOqNUJqy7X0RokgZAhKBiwnWwj0tcBSVRymMH
 P2OKQqPW5QmIEnN4l9cXxI1jjzR9DuGLOXN/HFHetE6Q9J7svTvb2ojHAy9Vu6op
 MKgD36kmLB2BoDFKWWsNRah2rcR7JBq8AwHvR3wjFrjBK3bcmKrkHPbZLQM1Xrhy
 8pDWJtLE7qUVjT5peAV+HJTL79l1ayBwPyl5EU9lWSxRjrHqHlesKH70u47u5JNi
 PAt9wgoQ4LWnFWqujtv4dZWDc5yNWq0sUmoII9WIO+HfiOJ1Ue+2nYkP9Xw=
 -----END RFC3161 TOKEN-----

Timestamp: https://tsa.cesnet.cz:3162/tsa
 Info: Timestamp generated with GitTrustedTimestamps by Mabulous GmbH

 Version: 1
 Policy OID: 1.3.6.1.4.1.22408.1.2.3.45
 Hash Algorithm: sha1
 Message data:
     0000 - 94 ca 5c 45 f9 86 51 11-99 fd a7 11 cd 83 da e7   ..\E..Q.........
     0010 - 9b 27 ea f5                                       .'..
 Serial number: 0x6B11456390A4A52C
 Time stamp: Jan 24 07:57:57 2025 GMT
 Accuracy: unspecified
 Ordering: no
 Nonce: 0xBCDBFCA8C45E6309
 TSA: DirName:/DC=cz/DC=cesnet-ca/O=CESNET/CN=tsa.cesnet.cz
 Extensions:

 -----BEGIN RFC3161 TOKEN-----
 MIID1QYJKoZIhvcNAQcCoIIDxjCCA8ICAQMxDzANBglghkgBZQMEAgEFADCBzgYL
 KoZIhvcNAQkQAQSggb4EgbswgbgCAQEGDCsGAQQBga8IAQIDLTAhMAkGBSsOAwIa
 BQAEFJTKXEX5hlERmf2nEc2D2uebJ+r1AghrEUVjkKSlLBgPMjAyNTAxMjQwNzU3
 NTdaAgkAvNv8qMReYwmgXKRaMFgxEjAQBgoJkiaJk/IsZAEZFgJjejEZMBcGCgmS
 JomT8ixkARkWCWNlc25ldC1jYTEPMA0GA1UECgwGQ0VTTkVUMRYwFAYDVQQDDA10
 c2EuY2VzbmV0LmN6MYIC2TCCAtUCAQEwbDBgMRIwEAYKCZImiZPyLGQBGRYCY3ox
 GTAXBgoJkiaJk/IsZAEZFgljZXNuZXQtY2ExEjAQBgNVBAoMCUNFU05FVCBDQTEb
 MBkGA1UEAwwSUGVyc29uYWwgU2lnbmluZyAyAghq94ZoOsDXcDANBglghkgBZQME
 AgEFAKCCAT4wGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEEMBwGCSqGSIb3DQEJ
 BTEPFw0yNTAxMjQwNzU3NTdaMC0GCSqGSIb3DQEJNDEgMB4wDQYJYIZIAWUDBAIB
 BQChDQYJKoZIhvcNAQELBQAwLwYJKoZIhvcNAQkEMSIEIArVkoHd0fkRZmDW1bjL
 /QcSZHQ1HshoIG5TlCmiC3C5MIGhBgsqhkiG9w0BCRACDDGBkTCBjjCBizCBiAQU
 UCTsC5lLIjDwCg+Qpg0dKB0bP74wcDBkpGIwYDESMBAGCgmSJomT8ixkARkWAmN6
 MRkwFwYKCZImiZPyLGQBGRYJY2VzbmV0LWNhMRIwEAYDVQQKDAlDRVNORVQgQ0Ex
 GzAZBgNVBAMMElBlcnNvbmFsIFNpZ25pbmcgMgIIaveGaDrA13AwDQYJKoZIhvcN
 AQELBQAEggEAIkPQW/pDRhf5wP0wgXVK/fkxQSZHxws0PsmeWoYXe+4qOZZnBp6w
 KCemSSlaB6Eru2pZmQlbD/4gHvoZvZqk/J3d2zCGcDZwwnPC/dfo6YpCDXZ3hYnk
 gH5N+U2KjA9io3BdTNQ/Xt3aMCubV81nE+/O1vWtQEWwKVvuc6pzXAn9TivOaoX/
 tpvQZI68lDH4sz1kN+TjkVVGllVERag8z4lBPWqWO1/bAAU90xT9oFyAOOd+0ERW
 ScEOVBVPaRw8C+EqiDmxAWhzoe+Bxi1KME/XX+JD40J5TnXTDVGXMx3sBKvl7uZl
 Xt012A1KyoWs+99V/ixgeeiiQQtphcYE4A==
 -----END RFC3161 TOKEN-----
 2025-01-24 13:42:57 +05:45
Artur Neumann
d22f203ab5 script to validate whether the hash of the trustanchors folder changed 
this is useful to make sure the same set of TSA are used on different
machines and that they haven't been changed.
E.g. I want to make sure I use the same TSA on my local machine as in CI
and I want to make sure the imported certificates in CI are the same as
in my local machine, so that I can trust them.
 2025-01-24 13:42:46 +05:45
Artur Neumann
f2bddae3f9 Merge pull request 'set execute permission on hooks' (#3) from xPerm into main 
Reviewed-on: #3
Reviewed-by: phil <phil@jankaritech.eu>
 2025-01-24 07:50:31 +00:00
Artur Neumann
0d7c3d324c -----TIMESTAMP COMMIT----- 
Version: 1

Algorithm: sha1

Preimage: version:1,parent:f397c5f7fd7cb224b29013e62bb44b99419edae4,tree:995421f50bc3b688e00ec304e4ace3b8ba811cc8

Digest: 92c69a749fd29e1aa57f40372c2544965334a713

Timestamp: https://freetsa.org/tsr
 Info: Timestamp generated with GitTrustedTimestamps by Mabulous GmbH

 Version: 1
 Policy OID: tsa_policy1
 Hash Algorithm: sha1
 Message data:
     0000 - 92 c6 9a 74 9f d2 9e 1a-a5 7f 40 37 2c 25 44 96   ...t......@7,%D.
     0010 - 53 34 a7 13                                       S4..
 Serial number: 0x052722F5
 Time stamp: Jan 24 07:49:57 2025 GMT
 Accuracy: unspecified
 Ordering: yes
 Nonce: 0xE85EEE82A965CA94
 TSA: DirName:/O=Free TSA/OU=TSA/description=This certificate digitally signs documents and time stamp requests made using the freetsa.org online services/CN=www.freetsa.org/emailAddress=busilezas@gmail.com/L=Wuerzburg/C=DE/ST=Bayern
 Extensions:

 -----BEGIN RFC3161 TOKEN-----
 MIIFOAYJKoZIhvcNAQcCoIIFKTCCBSUCAQMxDzANBglghkgBZQMEAgMFADCCAX8G
 CyqGSIb3DQEJEAEEoIIBbgSCAWowggFmAgEBBgQqAwQBMCEwCQYFKw4DAhoFAAQU
 ksaadJ/Snhqlf0A3LCVEllM0pxMCBAUnIvUYDzIwMjUwMTI0MDc0OTU3WgEB/wIJ
 AOhe7oKpZcqUoIIBEaSCAQ0wggEJMREwDwYDVQQKEwhGcmVlIFRTQTEMMAoGA1UE
 CxMDVFNBMXYwdAYDVQQNE21UaGlzIGNlcnRpZmljYXRlIGRpZ2l0YWxseSBzaWdu
 cyBkb2N1bWVudHMgYW5kIHRpbWUgc3RhbXAgcmVxdWVzdHMgbWFkZSB1c2luZyB0
 aGUgZnJlZXRzYS5vcmcgb25saW5lIHNlcnZpY2VzMRgwFgYDVQQDEw93d3cuZnJl
 ZXRzYS5vcmcxIjAgBgkqhkiG9w0BCQEWE2J1c2lsZXphc0BnbWFpbC5jb20xEjAQ
 BgNVBAcTCVd1ZXJ6YnVyZzELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJheWVybjGC
 A4owggOGAgEBMIGjMIGVMREwDwYDVQQKEwhGcmVlIFRTQTEQMA4GA1UECxMHUm9v
 dCBDQTEYMBYGA1UEAxMPd3d3LmZyZWV0c2Eub3JnMSIwIAYJKoZIhvcNAQkBFhNi
 dXNpbGV6YXNAZ21haWwuY29tMRIwEAYDVQQHEwlXdWVyemJ1cmcxDzANBgNVBAgT
 BkJheWVybjELMAkGA1UEBhMCREUCCQDB6YYWDajpgjANBglghkgBZQMEAgMFAKCB
 uDAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQwHAYJKoZIhvcNAQkFMQ8XDTI1
 MDEyNDA3NDk1N1owKwYLKoZIhvcNAQkQAgwxHDAaMBgwFgQUkW2j2GDsyoLjS8Wd
 F5Pn6WiHXxQwTwYJKoZIhvcNAQkEMUIEQD/0eFSexwTaY0Vw451juQACBAkVA1ye
 K5pkczEjpLjYsYftunhRVIYAcqcQ+tKmSQM5kb1jQSL7RcFeBKEE6vswDQYJKoZI
 hvcNAQEBBQAEggIApg6aguPKzLzk/FmIXsXxG3D2snV+ueQ4XDrWU6LKo0Ai3ny4
 kfLrU6Tq/aerh+ZMwZiBTZyfHtiDi6b7kncUWEeqY6LWKb6BLRZwX2Tp/zaxUUIF
 IXfM3B5hL/dG+F46weHu1Uxw+TvOkCZO4uoEW7+cBHcL4FD4w4hRHWEvZFuuwlWx
 Hfaw6E5fm+t7QqXSX6dqP6z+LLFQ4bpQ7pxvHSy+mjMC+SjB7GNKxJuSxPdKdstU
 W+A5HQ7r28f8z2ssDk/419eLcrecWP4p8tlpZEkbRtKAKEhcG4x3kbhchnShzp5/
 QbruBhoXTtLLgbZtzYJKZ43scqCJbYXaRzNnO+SFQHfFf+vkoVERXvqCZHWnk6Wb
 2RE5ztaGOQ4fpyCS8ImfEcVHpB2ZxO3UDyIv9nwXm6sWt8cK1eYnAyIpqzIUh7+7
 a3C6/zlAGSO450V1bWhPzMtaYLB+KIAy8ZZwEwYYIsNoa6V5Qw6CeAIz1hUK8qhl
 T491K5uYw5Oqn+uCX1nV1N99sXM5weQgv3eRF4xtdtwyBG2/rHaZRavJDekGRXt5
 iZCPnK6qpVZurJHji9kzNf05STbv24iiGuiuuH0mDPlcGAjD9RoOJ86R8WgRvwcS
 zuCOxKqDrckEXcIhXNV9+iMjppY5kTsDrjULG1ewxqqLknxiTT48b/eu1Bk=
 -----END RFC3161 TOKEN-----

Timestamp: https://tsa.cesnet.cz:3162/tsa
 Info: Timestamp generated with GitTrustedTimestamps by Mabulous GmbH

 Version: 1
 Policy OID: 1.3.6.1.4.1.22408.1.2.3.45
 Hash Algorithm: sha1
 Message data:
     0000 - 92 c6 9a 74 9f d2 9e 1a-a5 7f 40 37 2c 25 44 96   ...t......@7,%D.
     0010 - 53 34 a7 13                                       S4..
 Serial number: 0x7A8A2B44AC62950C
 Time stamp: Jan 24 07:49:58 2025 GMT
 Accuracy: unspecified
 Ordering: no
 Nonce: 0xDA6CF555C1DFAFE5
 TSA: DirName:/DC=cz/DC=cesnet-ca/O=CESNET/CN=tsa.cesnet.cz
 Extensions:

 -----BEGIN RFC3161 TOKEN-----
 MIID1QYJKoZIhvcNAQcCoIIDxjCCA8ICAQMxDzANBglghkgBZQMEAgEFADCBzgYL
 KoZIhvcNAQkQAQSggb4EgbswgbgCAQEGDCsGAQQBga8IAQIDLTAhMAkGBSsOAwIa
 BQAEFJLGmnSf0p4apX9ANywlRJZTNKcTAgh6iitErGKVDBgPMjAyNTAxMjQwNzQ5
 NThaAgkA2mz1VcHfr+WgXKRaMFgxEjAQBgoJkiaJk/IsZAEZFgJjejEZMBcGCgmS
 JomT8ixkARkWCWNlc25ldC1jYTEPMA0GA1UECgwGQ0VTTkVUMRYwFAYDVQQDDA10
 c2EuY2VzbmV0LmN6MYIC2TCCAtUCAQEwbDBgMRIwEAYKCZImiZPyLGQBGRYCY3ox
 GTAXBgoJkiaJk/IsZAEZFgljZXNuZXQtY2ExEjAQBgNVBAoMCUNFU05FVCBDQTEb
 MBkGA1UEAwwSUGVyc29uYWwgU2lnbmluZyAyAghq94ZoOsDXcDANBglghkgBZQME
 AgEFAKCCAT4wGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEEMBwGCSqGSIb3DQEJ
 BTEPFw0yNTAxMjQwNzQ5NThaMC0GCSqGSIb3DQEJNDEgMB4wDQYJYIZIAWUDBAIB
 BQChDQYJKoZIhvcNAQELBQAwLwYJKoZIhvcNAQkEMSIEIPy+31mLtwGGWfAlLvs4
 n1Aj3FmMKY3oYiITWP+zYrXNMIGhBgsqhkiG9w0BCRACDDGBkTCBjjCBizCBiAQU
 UCTsC5lLIjDwCg+Qpg0dKB0bP74wcDBkpGIwYDESMBAGCgmSJomT8ixkARkWAmN6
 MRkwFwYKCZImiZPyLGQBGRYJY2VzbmV0LWNhMRIwEAYDVQQKDAlDRVNORVQgQ0Ex
 GzAZBgNVBAMMElBlcnNvbmFsIFNpZ25pbmcgMgIIaveGaDrA13AwDQYJKoZIhvcN
 AQELBQAEggEAIUSByFz8bCvjsuHURClzt4bi4L/RTzjHOocrYUZXqx9h9ehyP/9X
 DEdw5NbSHinetUqFrLutvozINX64uXgVI2rHB3cFnwuGpJTAZb1+IHuatdAhDasO
 WBWpI51pD12pDNKaYCQYe5/a4ZLlWe/TwkEi5bx9lsaMSW6aWmoR66HMWJtyxUOs
 6GYzuxZsWsyIAgsbj7BdBDK/fMH/tbcNf/SpJ+DjdIirC7gSw839BlRv527Z2q6E
 V6mgIr+ldgItphV9/M0XWOv6PodaPeUh+JU76Cl5lEx2QV4A94TWGY1vhiVHIL81
 nljGBp9s16YNQX52XTTEcyUP0yRvWz10bA==
 -----END RFC3161 TOKEN-----
 2025-01-24 13:34:58 +05:45
Artur Neumann
f397c5f7fd set execute permission on hooks 
that way one does not need to remember to set the permissions after
copieng the hooks
 2025-01-24 13:34:46 +05:45
Artur Neumann
3a2668f7ad Merge pull request 'fix comparison' (#2) from fixComparison into main 
Reviewed-on: #2
Reviewed-by: phil <phil@jankaritech.eu>
 2025-01-24 06:55:07 +00:00
Artur Neumann
f635e0970c Merge pull request 'fix running validate with -v' (#1) from fixValidateVerbose into main 
Reviewed-on: #1
Reviewed-by: phil <phil@jankaritech.eu>
 2025-01-24 06:54:56 +00:00
Artur Neumann
24f4f7d071 -----TIMESTAMP COMMIT----- 
Version: 1

Algorithm: sha1

Preimage: version:1,parent:d134bc0c11b63ada9066cd74202b3c0c5ef84d2b,tree:baf5cc2f3b049ce7962af5ec9d89838b5a23f5a1

Digest: c73f263761221a420ea9708f4b0942c328d100d6

Timestamp: https://freetsa.org/tsr
 Info: Timestamp generated with GitTrustedTimestamps by Mabulous GmbH

 Version: 1
 Policy OID: tsa_policy1
 Hash Algorithm: sha1
 Message data:
     0000 - c7 3f 26 37 61 22 1a 42-0e a9 70 8f 4b 09 42 c3   .?&7a".B..p.K.B.
     0010 - 28 d1 00 d6                                       (...
 Serial number: 0x04F6F4C0
 Time stamp: Jan 10 10:40:57 2025 GMT
 Accuracy: unspecified
 Ordering: yes
 Nonce: 0x063214AB522ED97C
 TSA: DirName:/O=Free TSA/OU=TSA/description=This certificate digitally signs documents and time stamp requests made using the freetsa.org online services/CN=www.freetsa.org/emailAddress=busilezas@gmail.com/L=Wuerzburg/C=DE/ST=Bayern
 Extensions:

 -----BEGIN RFC3161 TOKEN-----
 MIIFNwYJKoZIhvcNAQcCoIIFKDCCBSQCAQMxDzANBglghkgBZQMEAgMFADCCAX4G
 CyqGSIb3DQEJEAEEoIIBbQSCAWkwggFlAgEBBgQqAwQBMCEwCQYFKw4DAhoFAAQU
 xz8mN2EiGkIOqXCPSwlCwyjRANYCBAT29MAYDzIwMjUwMTEwMTA0MDU3WgEB/wII
 BjIUq1Iu2XygggERpIIBDTCCAQkxETAPBgNVBAoTCEZyZWUgVFNBMQwwCgYDVQQL
 EwNUU0ExdjB0BgNVBA0TbVRoaXMgY2VydGlmaWNhdGUgZGlnaXRhbGx5IHNpZ25z
 IGRvY3VtZW50cyBhbmQgdGltZSBzdGFtcCByZXF1ZXN0cyBtYWRlIHVzaW5nIHRo
 ZSBmcmVldHNhLm9yZyBvbmxpbmUgc2VydmljZXMxGDAWBgNVBAMTD3d3dy5mcmVl
 dHNhLm9yZzEiMCAGCSqGSIb3DQEJARYTYnVzaWxlemFzQGdtYWlsLmNvbTESMBAG
 A1UEBxMJV3VlcnpidXJnMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmF5ZXJuMYID
 ijCCA4YCAQEwgaMwgZUxETAPBgNVBAoTCEZyZWUgVFNBMRAwDgYDVQQLEwdSb290
 IENBMRgwFgYDVQQDEw93d3cuZnJlZXRzYS5vcmcxIjAgBgkqhkiG9w0BCQEWE2J1
 c2lsZXphc0BnbWFpbC5jb20xEjAQBgNVBAcTCVd1ZXJ6YnVyZzEPMA0GA1UECBMG
 QmF5ZXJuMQswCQYDVQQGEwJERQIJAMHphhYNqOmCMA0GCWCGSAFlAwQCAwUAoIG4
 MBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRABBDAcBgkqhkiG9w0BCQUxDxcNMjUw
 MTEwMTA0MDU3WjArBgsqhkiG9w0BCRACDDEcMBowGDAWBBSRbaPYYOzKguNLxZ0X
 k+fpaIdfFDBPBgkqhkiG9w0BCQQxQgRA6Qbf3HNOUNu5/0pHPx5swXaNr4Etmobg
 QDDhrgdgqkw8DHLoiyD88z9XGkmOPVoSf469hXWV7c9GO36Aeha1qjANBgkqhkiG
 9w0BAQEFAASCAgBHXQyRkOkAVvMDazcZuE8wVNI9vUKdRmVr0fl6LXMq+5uTjjrC
 kciI5hJK83HCsnkeLzCZc4v3TKfpdItyalnJIrW6CDI82EzbkwvzkYO+UePlOhOw
 AS3Cr2PmzH1JDhb/1c7+6B2AEFRuCuBIRNk/D840VYadmPS7cJd6mL7zNq4VTDoh
 4VriA/TPWpPMkO4Kn6fQIL5LI/sYOU1q/9kpMhnJfTezJ1U4RPefuLKivVkm1JUp
 dh4sDBFQXN72inmNYYy/I0DJW7rUaabg+9IfPWjMKGfkG6Q84C42oXyw+TdQW7BF
 La+bbTOQ8+nFHr4qQdE11TiH5kf6omI4X/AWNqacuKyAN6FX6V1hSBxnMUgQcP0j
 QJT5Xz0EiGn9gXamFjDg9Y6YX7hy2OsmxwS0kFE4yNZwkrNjnel6b16ptivYjofc
 rEKbtOf442QR1nzTlg+SDt5eGMoF0ym7up3Yhyz/b0MG9sJzFu/83Q6tpYmr7fC1
 8TcZtMK4S+UuiWkAPO3NoEnPHsTiI1v5m/vQ9TsGs9NftBlQrZBrw+qmFRgS7wFm
 NaWfsZdu56bPDYVrhe/1fIpoV/JMlB7ywJt6pm8A0/MgyvKZ1YRuSqZqySpjxKjh
 uvUYnjQZG0WROBCOW1L7L9J+urrbky6TgR90SnAucAYgiXoOVYm7k31vHQ==
 -----END RFC3161 TOKEN-----
 2025-01-10 16:25:58 +05:45
Artur Neumann
d134bc0c11 fix comparison 
spaces are needed around the comparison operator.

See https://github.com/koalaman/shellcheck/wiki/SC2077

This fixes the issue that even `validate.sh` finds an issue the return
code is `0`
 2025-01-10 16:24:48 +05:45
Artur Neumann
1e605e2546 -----TIMESTAMP COMMIT----- 
Version: 1

Algorithm: sha1

Preimage: version:1,parent:0e523bd1eebd78ea32cbea9039430e524b03fdc7,tree:3ef134ca2565fbc752c0a64f70c7b5626180e9e3

Digest: 428d55f092cb5f9d755e71aec632bcdca3ac5a79

Timestamp: https://freetsa.org/tsr
 Info: Timestamp generated with GitTrustedTimestamps by Mabulous GmbH

 Version: 1
 Policy OID: tsa_policy1
 Hash Algorithm: sha1
 Message data:
     0000 - 42 8d 55 f0 92 cb 5f 9d-75 5e 71 ae c6 32 bc dc   B.U..._.u^q..2..
     0010 - a3 ac 5a 79                                       ..Zy
 Serial number: 0x04F6D723
 Time stamp: Jan 10 10:08:05 2025 GMT
 Accuracy: unspecified
 Ordering: yes
 Nonce: 0xC9B0B1E16D30B23C
 TSA: DirName:/O=Free TSA/OU=TSA/description=This certificate digitally signs documents and time stamp requests made using the freetsa.org online services/CN=www.freetsa.org/emailAddress=busilezas@gmail.com/L=Wuerzburg/C=DE/ST=Bayern
 Extensions:

 -----BEGIN RFC3161 TOKEN-----
 MIIFOAYJKoZIhvcNAQcCoIIFKTCCBSUCAQMxDzANBglghkgBZQMEAgMFADCCAX8G
 CyqGSIb3DQEJEAEEoIIBbgSCAWowggFmAgEBBgQqAwQBMCEwCQYFKw4DAhoFAAQU
 Qo1V8JLLX511XnGuxjK83KOsWnkCBAT21yMYDzIwMjUwMTEwMTAwODA1WgEB/wIJ
 AMmwseFtMLI8oIIBEaSCAQ0wggEJMREwDwYDVQQKEwhGcmVlIFRTQTEMMAoGA1UE
 CxMDVFNBMXYwdAYDVQQNE21UaGlzIGNlcnRpZmljYXRlIGRpZ2l0YWxseSBzaWdu
 cyBkb2N1bWVudHMgYW5kIHRpbWUgc3RhbXAgcmVxdWVzdHMgbWFkZSB1c2luZyB0
 aGUgZnJlZXRzYS5vcmcgb25saW5lIHNlcnZpY2VzMRgwFgYDVQQDEw93d3cuZnJl
 ZXRzYS5vcmcxIjAgBgkqhkiG9w0BCQEWE2J1c2lsZXphc0BnbWFpbC5jb20xEjAQ
 BgNVBAcTCVd1ZXJ6YnVyZzELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJheWVybjGC
 A4owggOGAgEBMIGjMIGVMREwDwYDVQQKEwhGcmVlIFRTQTEQMA4GA1UECxMHUm9v
 dCBDQTEYMBYGA1UEAxMPd3d3LmZyZWV0c2Eub3JnMSIwIAYJKoZIhvcNAQkBFhNi
 dXNpbGV6YXNAZ21haWwuY29tMRIwEAYDVQQHEwlXdWVyemJ1cmcxDzANBgNVBAgT
 BkJheWVybjELMAkGA1UEBhMCREUCCQDB6YYWDajpgjANBglghkgBZQMEAgMFAKCB
 uDAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQwHAYJKoZIhvcNAQkFMQ8XDTI1
 MDExMDEwMDgwNVowKwYLKoZIhvcNAQkQAgwxHDAaMBgwFgQUkW2j2GDsyoLjS8Wd
 F5Pn6WiHXxQwTwYJKoZIhvcNAQkEMUIEQKR4DpvUtZonK5BM7DykS6qcAH3E8gBj
 k8Vuox9uKuVN0d0ASvKm0FiSiErbpKYZ1UbGM7dGRqSN+UAfTvNS1oUwDQYJKoZI
 hvcNAQEBBQAEggIARq0Am0lVhNjpGocNEN9qB2Cg3s8Z6Mj3h8k7FmSutPKK/QrM
 FMhOWeMZonYpiKr7HGuOgwAeHbLkdhwJD3YBo9VyFtP+6p8YPattgr+HjHxlKQkE
 7klDimjw3HuCpbPXcd3PJBKIFdUCRiwSh+53O26oW5MTqPvEv7SitYeUEydOb/G+
 GbcmWkUnzrn6LYvsQuLCWtGb5Lpw2tbeeUZNOvD4ToBBz4ZFd7eoCyh6TWtv0Bix
 uakZ7WfNIeSOdmjPyQvBBOjDoD1J6qibYu83cOQzwKWXd6R+f7g2o89f8CtIdL4o
 1dTzokAtYTH/bobDk85Z/ZAPA7GFo6D6Za9lNMTMiQm3LeRKji5bZrQ8KiEVTLAW
 ycINQAuXrDOP+mydYbAnmyUmdvA3CoNgIh/0E8r/TQxdBKycnpwySyF4VxFjga59
 SO0yVZCflowTDz2BjZYfVhnWvSVbPV4x04QxaeRbP3tNHxinpdVj+Hor7is9emna
 O/sowOuh6rPZF7G3HligQVZRinxpiH7DJ1KDV9kvqeEuLVQDBICTRCgllTyqmrCL
 NnIxtAYbTfxAkoySxr0kbbWWFo9hcU2dAIbd1U6JlSvYV757fwBGw5Ayi+RgfkYP
 4Cmo2vCepmHhasz7pKAE7CoGW07xbCQ0Z0n6HFF9cJ7mlB44EtqlT8rQDto=
 -----END RFC3161 TOKEN-----
 2025-01-10 15:53:05 +05:45
Artur Neumann
0e523bd1ee fix running validate with -v 
running ./.git/hooks/validate.sh -v gives me

Assertion failed: Precondition: hash -v must have length 64.
Backtrace:
  [1]: ./.git/hooks/timestamping : extract_token_from_commit line 200
  [2]: ./.git/hooks/validate.sh : validate_commit line 97
  [3]: ./.git/hooks/validate.sh : validate_commit_and_parents line 300
  [4]: ./.git/hooks/validate.sh : main line 329

this commit fixes the issue
 2025-01-10 15:52:58 +05:45
10 changed files with 2568 additions and 63 deletions
Expand all files Collapse all files

32
.gitea/workflows/validate.yaml Normal file
View File

@@ -0,0 +1,32 @@
name: Validate Trusted Timestamps Actions Demo
run-name: ${{ gitea.actor }} is validating the trusted timestamps of all commits 🚀
on: [push]
variables:
EXPECTED_TRUSTANCHORS_HASH: "70a1c7e2fc62a0b62e44063f0e730b20b0f209d15c84b310ad06ce616c352829"
jobs:
Validate:
runs-on: ubuntu-latest
timeout-minutes: 2
steps:
- name: Install extra software
run: |
apt-get update
apt-get install -y xxd
- name: Check out repository code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Setup timestamping authorities
run: |
git config --local timestamping.tsa0.url https://freetsa.org/tsr
bash -c 'yes | ./hooks/trust.sh https://freetsa.org/tsr'
git config --local timestamping.tsa1.url https://tsa.cesnet.cz:3162/tsa
bash -c 'yes | ./hooks/trust.sh https://tsa.cesnet.cz:3162/tsa'
- name: Check hashes of all trustanchors
run: |
./hooks/validate_trustanchors_hash.sh .git/hoqoks/trustanchors ${{ EXPECTED_TRUSTANCHORS_HASH }}
- name: Validate timestamps of all commits
run: |
./hooks/validate.sh --minversion 0

89
.timestampltv/certs/5024EC0B994B2230F00A0F90A60D1D281D1B3FBE.cer Normal file
View File

@@ -0,0 +1,89 @@
subject=DC = cz, DC = cesnet-ca, O = CESNET, CN = tsa.cesnet.cz
issuer=DC = cz, DC = cesnet-ca, O = CESNET CA, CN = Personal Signing 2
-----BEGIN CERTIFICATE-----
MIIEDjCCAvagAwIBAgIIaveGaDrA13AwDQYJKoZIhvcNAQELBQAwYDESMBAGCgmS
JomT8ixkARkWAmN6MRkwFwYKCZImiZPyLGQBGRYJY2VzbmV0LWNhMRIwEAYDVQQK
DAlDRVNORVQgQ0ExGzAZBgNVBAMMElBlcnNvbmFsIFNpZ25pbmcgMjAeFw0yNDA4
MDcwOTQ3MDRaFw0yNzA4MDcwOTQ3MDRaMFgxEjAQBgoJkiaJk/IsZAEZFgJjejEZ
MBcGCgmSJomT8ixkARkWCWNlc25ldC1jYTEPMA0GA1UECgwGQ0VTTkVUMRYwFAYD
VQQDDA10c2EuY2VzbmV0LmN6MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvWLHcBAB3TKzSyP/EpZucr0fet3wqwYYcH8XRCPZNh1+yj858l5UvSp7QHje
LU8Twnx8/xrVZMteojL1RNaLUDm0TJD7tIkCkwILxY8qxQX8yYgFCQM9wgWzWiMN
NR9/+W/3pr8HMPwjVlAXvHSi2QIZbIcrVudKqVpkl9hBKWyEU/661M+MjPLuU4BF
ZCkU7nauf2B8QUSh8K0nKGkHPgZDeD8SNEVpvRcFow187AJz0BSvyOklX15Pr+rI
7SXxUmVZ03yVBduorqCXwrhbQWxqdc2K1tQ06do8VTIjxUAwe3HyISl98ZFnrT1B
/g4n+R8uV4QFxgNAPxjiD88BewIDAQABo4HTMIHQMAwGA1UdEwEB/wQCMAAwHwYD
VR0jBBgwFoAUwR67pD8OE9+Bm75MYrLZur7VtrswKQYDVR0RBCIwIIIOdHNhMS5j
ZXNuZXQuY3qCDnRzYTIuY2VzbmV0LmN6MBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMI
MD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6Ly9jcmwuY2VzbmV0LWNhLmN6L1BlcnNv
bmFsU2lnbmluZzIuY3JsMB0GA1UdDgQWBBRkK2hn4tgnpvS/JMiNhCqdneTm1zAN
BgkqhkiG9w0BAQsFAAOCAQEAYnzrqDcaln6O6uALwwMlgUHIp3u6crLITzKFbPPi
OKfzlmzsPNfU5kyi1vHS/ajReTNeJet02KGygIH4LB7pVwZKxx7xhQD6AK971Z6d
rwDVoEYE2SB7PMcWgh+/mV90qJqgBUrVLFVExe91BkQONbNF81tzQXknovr2yWe5
fYzYE6oJDGImoUmtN2lJRLZdS4TQbmfdSZDClwmraw2i4TAN6aCHrdST81GaIzwP
bFAKMkgUOD8ynwJTbk8lk9hnO/uf3BFkmPClAmOlRHYRPmsWe2M2eQpBrYNoH0vw
8SCFNE+MLMTzM1/dRjq9fnKb1pejxj3xqPF6WAojgAYnpw==
-----END CERTIFICATE-----
subject=DC = cz, DC = cesnet-ca, O = CESNET CA, CN = Personal Signing 2
issuer=DC = cz, DC = cesnet-ca, O = CESNET CA, CN = CESNET CA Root
-----BEGIN CERTIFICATE-----
MIIETTCCAzWgAwIBAgIHAPTqVoKaNDANBgkqhkiG9w0BAQsFADBcMRIwEAYKCZIm
iZPyLGQBGRYCY3oxGTAXBgoJkiaJk/IsZAEZFgljZXNuZXQtY2ExEjAQBgNVBAoT
CUNFU05FVCBDQTEXMBUGA1UEAxMOQ0VTTkVUIENBIFJvb3QwHhcNMTgwNDE4MDky
MDQ4WhcNMjgwNDIwMDkyMDQ4WjBgMRIwEAYKCZImiZPyLGQBGRYCY3oxGTAXBgoJ
kiaJk/IsZAEZFgljZXNuZXQtY2ExEjAQBgNVBAoMCUNFU05FVCBDQTEbMBkGA1UE
AwwSUGVyc29uYWwgU2lnbmluZyAyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEApKhbabfUBLMtC10PXFQe+hJI4wpJFNkYt3HRud0rZKmRqlcpPJvc4PLr
9kEjXS+CP6Ut0UUkDvl686Mi7PsdxYFgDCfj0P694UA2SsGvBShL0vlZVkH19YFJ
tyY1imP3B94r57+umqKEEr9qxu9nwToS8AB6Ead4zBPMSnHZvyFPuD9Lsc/WhcUb
HnUvZN9jrrV4D6AjyvaBFPPcDVLjgiGoEE50PVMHPT5ZHpwTBTpBgL3zjE5fmxI4
HU7aD0orO0pg0kmZrQa98bnnVb7Wp9HhYHc9tPhLMhi9UdTBb9zwQCaezJ0gnS5K
iEAT5ZCYRUYlg82R07Z8k8UnHjczYQIDAQABo4IBDjCCAQowDwYDVR0TAQH/BAUw
AwEB/zALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFMEeu6Q/DhPfgZu+TGKy2bq+1ba7
MB8GA1UdIwQYMBaAFJ5BMOPD1U6Mg46jPMl/o20TXYQlMG0GCCsGAQUFBwEBBGEw
XzAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AuY2VzbmV0LWNhLmN6LzA2BggrBgEF
BQcwAoYqaHR0cDovL2NydC5jZXNuZXQtY2EuY3ovQ0VTTkVUX0NBX1Jvb3QuY3J0
MDsGA1UdHwQ0MDIwMKAuoCyGKmh0dHA6Ly9jcmwuY2VzbmV0LWNhLmN6L0NFU05F
VF9DQV9Sb290LmNybDANBgkqhkiG9w0BAQsFAAOCAQEApoIA2/rStoUKnWC+qz3P
AZLtDiyuUqs4i4Lb18loxE67QdP9nDZEzwHrB9Cr4oxN9cTutdUiwDIBQKuLx3tH
r7TyuwcIYhHlW0+Ih+yUeyXEJlvSfR29M7SXY2axw4TWv4qOT2LKlFGxFqZx4OwN
aVMUDSFVr3E5J4doIB2u/pLd+LH1QdsUXF1VhIa+Is/HMhC2JvmdnFqOCypdQrSA
Ski6L8GRONF4SwzXg/glOQaw0QR69CjrYcogne1d/3Mxwr45MVkPwMJXscPKiRam
SSTj7AJpyic0xbFBwGu+T7BP0NujkY/CW96UoELgcPsKoTAg7j6BhrWsjrfEaqtu
7Q==
-----END CERTIFICATE-----
subject=DC = cz, DC = cesnet-ca, O = CESNET CA, CN = CESNET CA Root
issuer=DC = cz, DC = cesnet-ca, O = CESNET CA, CN = CESNET CA Root
-----BEGIN CERTIFICATE-----
MIIEDTCCAvWgAwIBAgIJAIf3+gBzaRRPMA0GCSqGSIb3DQEBBQUAMFwxEjAQBgoJ
kiaJk/IsZAEZFgJjejEZMBcGCgmSJomT8ixkARkWCWNlc25ldC1jYTESMBAGA1UE
ChMJQ0VTTkVUIENBMRcwFQYDVQQDEw5DRVNORVQgQ0EgUm9vdDAeFw0wOTAyMjQx
MzE2MDJaFw0yOTAyMjQxMzE2MDJaMFwxEjAQBgoJkiaJk/IsZAEZFgJjejEZMBcG
CgmSJomT8ixkARkWCWNlc25ldC1jYTESMBAGA1UEChMJQ0VTTkVUIENBMRcwFQYD
VQQDEw5DRVNORVQgQ0EgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPeL9R8QFCBHw/PlWt2wBnx0cCSiNAhlI7HInrzGmtHK/9MJQJpmcoToq91R
Y+hdo7sVddNqbz3F+oeiKavz3wpdCZJtaPI8Sv44OlCtnxeuw0LkSAAfG3maue7X
I4jFqCU7/NxcoursXHDMCRLqeKHkast0b4i7d1KOdoc6hMNVaVc1UY/wyimM+Pbh
XRW4+iwnmJXlIqCumWaVKF0b1F0WK2LV5TRonsoFNPdVHBU795ObAXRsXWfiKwNK
CX85l3AO37UN1wbQ7UvCzE88jYOanRxL1AKezCa1ca8AohqbqoVVtrRPUTMrlXG3
JOBfRaG0+LPXxHwQ9zCjvV/9kFcCAwEAAaOB0TCBzjAdBgNVHQ4EFgQUnkEw48PV
ToyDjqM8yX+jbRNdhCUwgY4GA1UdIwSBhjCBg4AUnkEw48PVToyDjqM8yX+jbRNd
hCWhYKReMFwxEjAQBgoJkiaJk/IsZAEZFgJjejEZMBcGCgmSJomT8ixkARkWCWNl
c25ldC1jYTESMBAGA1UEChMJQ0VTTkVUIENBMRcwFQYDVQQDEw5DRVNORVQgQ0Eg
Um9vdIIJAIf3+gBzaRRPMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMA0G
CSqGSIb3DQEBBQUAA4IBAQB+vy9hAwzjgjYTnTwfxK03Ze/07GnmulUxUIPOagHJ
vGQojnjN3BGnMoXNhQrhhCy1BfKt88sweN/ELkeOsgthbQ24lX7YdgPEPSwY2iIB
E0NWxG87+z5hmfo+M69Q9WS8b5aSd4v5pSzT4+s6UW2lsddbdpnI4OwEEVdmj4e1
w0trIAfPsFSKx5jMvC0KzoO04fSAjxTj2bn4orRVWlVGUYmQm/Gq0w//f84zox/g
/XjE+kQ+eFOpNeeJC2Tpl04BByskoOw4LybIZ6iSdrUjoLgrK3R1geXo86Sx8QWE
VVWM2+1UCVV3AMhYwQUbgasrEPkZ79od6exSUb+ZTpWc
-----END CERTIFICATE-----

2284
.timestampltv/crls/5024EC0B994B2230F00A0F90A60D1D281D1B3FBE.crl Normal file
View File

File diff suppressed because it is too large Load Diff

26
.timestampltv/crls/916DA3D860ECCA82E34BC59D1793E7E968875F14.crl
View File

@@ -2,17 +2,17 @@
MIIC8DCB2QIBATANBgkqhkiG9w0BAQ0FADCBlTERMA8GA1UEChMIRnJlZSBUU0Ex
EDAOBgNVBAsTB1Jvb3QgQ0ExGDAWBgNVBAMTD3d3dy5mcmVldHNhLm9yZzEiMCAG
CSqGSIb3DQEJARYTYnVzaWxlemFzQGdtYWlsLmNvbTESMBAGA1UEBxMJV3Vlcnpi
dXJnMQ8wDQYDVQQIEwZCYXllcm4xCzAJBgNVBAYTAkRFFw0yMDAzMjIyMDE4NDVa
Fw0yMTAzMjIyMDE4NDVaoA8wDTALBgNVHRQEBAICEAAwDQYJKoZIhvcNAQENBQAD
ggIBAHeOBgUbAkWJHJttPeW3ldH+im6LtMjCl+UnV55q9PbiWmAljmAWKP4KVy0p
SFULBybfUCZG+5yfyfst2zr9nrw45NSGR/BhMHsS/DrLl5BRcnPy6BpNy+1oQdUN
H+fPDeHt61wWb27wdbDbpVh7BkxijCLwIlRlbg6Lhom5wVXyGUucWEcppJVaNcic
lAJ+GgugQuCb1MWIlnMTGz9paOmcQ/cr/s3EqgqIaynaF1jgUpBDVX0NCOcYRuxk
T+kcyUzuE8i3dPzBNDxyBbCBRVdn5HZ0HJO9rH2MzMkRAwSuXK0A0VShPV4x1+Lg
74Feov5kMmSxnFMoOGxMOw/QibANSot92snqO27C3xdO/GUV3kVXe4lHo1boCViA
mTHz50li7oVbSEVnWn7THMWJ3KeYH28fQlvx48G8QPtnG0YHF6oIo/D+aCBKoFDB
FQegEwlVYvQHQTlbsX2uCwb5+zo8qLOtaoxBmPMKAXGr26Y81qg1O3ucMERKN4Ai
9ULWQZWF2k+Lfmct+E0EoffAaZYgipxGiUWhSeuOeOdhx31qRNOQ+s8QsTfUxWJs
XXhSKDqCMbqudPFOX2uezWOM5HiG5MQhib9K8pmPPdQ28/P4KizI2ChgF27XpQOJ
PUlemsxYjgXWhja5IU4VOGHljMFX1sHIAb6+XAlE3qwTEWcw
dXJnMQ8wDQYDVQQIEwZCYXllcm4xCzAJBgNVBAYTAkRFFw0yNDA5MTUxMjAwMzJa
Fw0yNTA5MTUxMjAwMzJaoA8wDTALBgNVHRQEBAICEAAwDQYJKoZIhvcNAQENBQAD
ggIBABv+d9oHtExwVq7wmfp6tKABBBvvIm1OHMpQM3Qv3rmv4GOSpeeHAiTC4JL5
M7c4qbq50Au3DteW/NimzK9yZ0xqpW7V3ivQbfRnt4zRk8md0r2aBDDQTd6ECRK/
wWkzu9je8snbO2ULC+T5tGto/E+bj2LJJ394+4tNCPlrAjFoYshfKXTv6smTVlrH
YQ2iCDfxwiEant0wEETAndia1gaTIYl8LJv2caO9kRrc+xiw965JoDvKmPhn9LaH
04IQrtpe7Wjd1RkAm2M3FTJpuvTEN1F7WwHora6xFkmbGQRfU5LsKAvT0IIw7B3j
ljA/cj16usIpf3rRPiw/IWFam3PDU8PgFS+XUCTqjYqHrkReDNfFJ+LhFNBTtF+t
B3eoU+s+3+DRjNcH9rMC1KcgUr6XeCK3vjFIRQl2aIkjcTgXe07gRJZcf9WNfsCq
R5+fjeIrSyMQpoXaowytFP8yEBDQZENG1hU6qERAp3wHRTOYtrQTYAyxdDS5iq8z
ZexnQW4+OcvwdWbYUAcWs3EUQCVVvWnnlRfg2yKmUO55+ctTmpAHRVrVLNUYWKA3
Oboa+rttZwHGq/tJoBhzSWLiJFsXyX0PAhKFWSCj4xQpl32PnCvHXfGTc9z5huki
jJpsDAOse7NS2B9x2ZGbBrla3Y8TjjcQ59l2mioo3suMJveZ
-----END X509 CRL-----

51
.timestampltv/crls/E1D782A8E191BEEF6BCA1691B5AAB494A6249BF3.crl
View File

@@ -1,41 +1,18 @@
-----BEGIN X509 CRL-----
MIIDuTCCAqECAQEwDQYJKoZIhvcNAQELBQAwcjELMAkGA1UEBhMCVVMxFTATBgNV
MIIC5jCCAc4CAQEwDQYJKoZIhvcNAQELBQAwcjELMAkGA1UEBhMCVVMxFTATBgNV
BAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTExMC8G
A1UEAxMoRGlnaUNlcnQgU0hBMiBBc3N1cmVkIElEIFRpbWVzdGFtcGluZyBDQRcN
MjEwMzE3MjAzMzIxWhcNMjEwMzI0MjAzMzIxWjCCAccwIQIQC9r9CykUM5qWEmas
NTpHRBcNMTYxMDI0MTc0MjQ5WjAhAhAB+NKDLSkZGXGzUMPbvKUAFw0xNjExMTEx
NTIxMzRaMCECEApSsGxG9esloIvVP9x7eIYXDTE4MDkwMzEyMTE0MlowIQIQDXcX
eXMvGcnSq56UflPayRcNMTkwNTEyMTAzMTMzWjAhAhAMxgIr56pDbDTITESzk3/L
Fw0xOTA5MjgxODAzNTJaMCECEArvSHyTAbnRz50UjFffg7AXDTE5MDkyODE4MTE1
NlowIQIQB+Vhknlt9fe4f+PFrqat9RcNMTkwOTI5MDcxNTEwWjAhAhAFlx7KSlmJ
invPTLfjd5doFw0xOTA5MzAwODE2MjRaMCECEAsbx6LoTjfZ86od8xhAl40XDTE5
MTAwNDA5MDMxM1owIQIQCkJscPi965iIOgI2+1ocBBcNMjAwMjIxMDMxMDE4WjAh
AhAMRZBJJkCwTpRIf4xMAniQFw0yMTAyMDkyMjM5NDJaMCECEATL51FUnePRC+2D
dMle4kQXDTIxMDIwOTIzMjMzN1owIQIQC5lK4cOWiwDVXrIGdI6bHhcNMjEwMjA5
MjMyNDIzWqAwMC4wHwYDVR0jBBgwFoAU9LbhIB3+Ka7S5GGlsqIlssgXNW4wCwYD
VR0UBAQCAgdjMA0GCSqGSIb3DQEBCwUAA4IBAQAP6Xpm/8VXcbmveUvvIGcTRDIH
cr+GO94ZLbcfLAWqD2T6b6Jr8uvPzo59+zGhjhhLETscrA/EEyZANSdxv9LxjYg1
DKBj4urWLjkesHuXCm8a4OP0nhW2xULFDnSExhAr1t62lX+ycuV7fi+oY8U4hYdG
MMO/+cYHs8hrchYzRcvn2jBewcnehhCX/GJ5OC2JXu9z1Om0efSfXb9oWlBkD1eh
hodUk96PgpkesATc7uoPC+XsyNrdz+wat+A97Y9aVs6WTTcONCPDlu7PP0or6sAw
Iuu3ziSzpeuS73bayTIMRSduvuhN4IRI86bXH/WJ13Dn+kKWoJEv96DEe3iY
-----END X509 CRL-----
-----BEGIN X509 CRL-----
MIIDCzCCAfMCAQEwDQYJKoZIhvcNAQELBQAwZTELMAkGA1UEBhMCVVMxFTATBgNV
BAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEkMCIG
A1UEAxMbRGlnaUNlcnQgQXNzdXJlZCBJRCBSb290IENBFw0yMTAzMTIwMTI5NDZa
Fw0yMTA0MDIwMTI5NDZaMIIBJjAvAhAMNtfIbq1n4/f4HXVg8i1TFw0xODEwMDkx
NTAwMTdaMAwwCgYDVR0VBAMKAQUwLwIQBoL7H4F3dqV5kSw+2RDv8RcNMjAwODEy
MTIzMzA5WjAMMAoGA1UdFQQDCgEFMC8CEApBOhYATfpyJADTJoDkJIkXDTE4MTAy
NTE2MTAzMlowDDAKBgNVHRUEAwoBBTAvAhACPHv+1hmOkW3l0EHImj0lFw0xODEw
MjUxNjA5MzNaMAwwCgYDVR0VBAMKAQUwLwIQBkoduoMprQURTuDY6pi+fBcNMjAw
NzIxMjAwMDAwWjAMMAoGA1UdFQQDCgEFMC8CEAER6Rdjkvpnl9JRx+xhVCoXDTIw
MTIyODE1MzY0MlowDDAKBgNVHRUEAwoBBaAwMC4wHwYDVR0jBBgwFoAUReuir/SS
y4IxLVGLp6chnfNtyA8wCwYDVR0UBAQCAgI1MA0GCSqGSIb3DQEBCwUAA4IBAQAN
yaEdhOnCRSHwu/3HZcM0wB1VfOI4sv6vPS0KQ3AJYn3sO08c+l1qwK5aH2eV65aH
U6bHGTthnbF/tTtMbi291vK98QdPgh+WFEKTo/HBGlrhxnE1Noh8flLoimx1K6Io
CuxayaUh7LC0RcgYwmVi7MnKQKpE2SHYqPTDkMokz+nQh1sibtTBHrS6fduKCItH
FZ8MbiabMuBH+vLNt76SDoRvxfKgawSKeYBEf+oYQrK/d3bI7njYfda/cKjHYJez
yXDurvnFOBBKrmpxUaf9LcbGKCjTCg5Fn9Bk02+mdJ4pOH8D1PNqaTmO5/B3AsuI
dw+Syb5bUgz8QGTqL+7W
MjUwMjEyMDUyMjQ1WhcNMjUwMjE5MDUyMjQ1WjCB9TAhAhAL2v0LKRQzmpYSZqw1
OkdEFw0xNjEwMjQxNzQyNDlaMCECEAH40oMtKRkZcbNQw9u8pQAXDTE2MTExMTE1
MjEzNFowIQIQClKwbEb16yWgi9U/3Ht4hhcNMTgwOTAzMTIxMTQyWjAhAhAFlx7K
SlmJinvPTLfjd5doFw0xOTA5MzAwODE2MjRaMCECEAxFkEkmQLBOlEh/jEwCeJAX
DTIxMDIwOTIyMzk0MlowIQIQBMvnUVSd49EL7YN0yV7iRBcNMjEwMjA5MjMyMzM3
WjAhAhALmUrhw5aLANVesgZ0jpseFw0yMTAyMDkyMzI0MjNaoDAwLjAfBgNVHSME
GDAWgBT0tuEgHf4prtLkYaWyoiWyyBc1bjALBgNVHRQEBAICDO8wDQYJKoZIhvcN
AQELBQADggEBALr4VopJYkMfQ97HiyqytcWRY/vgyU/LxOwlH0/1DBSeeObQB0Nj
uF7vcF2bhbpnxba7gvzOPryudwtbqquf2cl3CJG6MC2D8Nk1XzntDnpxCjVSfsAr
158zAWPevyiuj3yzFz04mYALt/ZmOJMTF0vyKN8cg5bwfLu3itV6b6vhpuloIhRc
Hmsbgr3BtCVHkf4vJWq/qKDEMcOhSrJ6wxGCzVyphenewSIbVcogj19cRZDFPWOC
3sAy/GY3Rz0qK30tDvNbE1uum8gy5ijXFmepJ/lEetRCvrIsxTsXJOj0tqVZfIIQ
E1YWUZ57TiBBrdS+dTgmRxkN/zaAfYVAIck=
-----END X509 CRL-----

0
hooks/post-commit Normal file → Executable file
View File

2
hooks/timestamping Normal file → Executable file
View File

@@ -553,7 +553,7 @@ download_crls_for_chain() {
local URL=$(openssl x509 -inform PEM -in $EXTRACTED_CERT -text -noout \
| awk '/CRL Distribution Points:/{f=1} f && /URI:/ {print; exit}' \
| sed 's/^.*URI://1')
if curl "$URL" --output "$CRL_TMP" &> "$OUT_STREAM"; then
if curl -L "$URL" --output "$CRL_TMP" &> "$OUT_STREAM"; then
if openssl crl -in "$CRL_TMP" -inform DER -noout &> "$OUT_STREAM"; then
openssl crl -in "$CRL_TMP" -inform DER >> "$OUTPUT_FILE"
elif openssl crl -in "$CRL_TMP" -inform PEM -noout &> "$OUT_STREAM"; then

0
hooks/trust.sh Normal file → Executable file
View File

121
hooks/validate.sh Normal file → Executable file
View File

@@ -42,8 +42,12 @@ if [[ ! -d "$DIR" ]]; then DIR="$PWD"; fi
. "$DIR/timestamping"
declare -i MINVERSION=$TIMESTAMPING_VERSION
declare -i MAX_COMMITS_TO_CHECK=0
declare -A PROCESSED_COMMIT
declare -A COMMITS
declare -A COMMIT_TIMES
while [[ $# -gt 1 ]]; do
while [[ $# -gt 0 ]]; do
KEY="$1"
case $KEY in
@@ -61,17 +65,27 @@ while [[ $# -gt 1 ]]; do
shift # past argument
shift # past value
;;
-max|--maxcommits)
INTEGER_REGEX='^[0-9]+$'
if ! [[ "$2" =~ $INTEGER_REGEX ]]; then
echo_error "$KEY: expected positive integer"
exit 1
fi
MAX_COMMITS_TO_CHECK="$2"
shift # past argument
shift # past value
;;
-v|--verbose)
OUT_STREAM=/dev/stdout
shift # past argument
;;
*) # unknown option
echo_error "Unknown argument: $KEY"
exit 1
OBJECT=$KEY
shift # past argument
;;
esac
done
OBJECT="$1"
if [ -z "$OBJECT" ]; then
OBJECT="HEAD"
fi
@@ -89,6 +103,10 @@ fi
# tokens, the function will return 0 but echo a warning about the invalid token.
validate_commit() {
local COMMIT_HASH="$1"
if [[ ${PROCESSED_COMMIT[$COMMIT_HASH]} ]]; then
log "validate_commit for $COMMIT_HASH has already been validated"
return 0
fi
log "validate_commit for $COMMIT_HASH"
local TIMESTAMP_COMMIT_VERSION
@@ -275,9 +293,11 @@ validate_commit() {
#assert that all extracted timestamps have been processed
assert "[ $NUM_PROCESSED -eq $NUM_EXTRACTED ]" "All extracted token must be processed."
PROCESSED_COMMIT[$COMMIT_HASH]=1
if [ $NUM_VALID -gt 0 ]; then
if [ $NUM_INVALID -gt 0 ]; then
echo_warning "Warning: While commit $COMMIT_HASH contains $NUM_VALID valid timestamp tokens and thus is considered proppely timestamped, it also contains $NUM_INVALID invalid timestamp tokens."
echo_warning "Warning: While commit $COMMIT_HASH contains $NUM_VALID valid timestamp tokens and thus is considered properly timestamped, it also contains $NUM_INVALID invalid timestamp tokens."
fi
DATE_STRING=$(date -d @"$EARLIEST_VALID_UNIX_TIME")
echo_info "Commit $COMMIT_HASH, which timestamps commit $PARENT_HASH at $DATE_STRING, contains $NUM_VALID valid timestamp tokens."
@@ -293,6 +313,13 @@ validate_commit() {
# param1: commit hash
# returns: 0 if the validation of the commit and all its ancestors succeeded
validate_commit_and_parents() {
# If MAX_COMMITS_TO_CHECK is zero (or a negative number) then that is understood as "infinity".
# So finish if we have reached the limit, and if the limit is not "infinity".
NUM_COMMITS_CHECKED=${#PROCESSED_COMMIT[@]}
if [[ ${NUM_COMMITS_CHECKED} -ge ${MAX_COMMITS_TO_CHECK} ]] && [[ ${MAX_COMMITS_TO_CHECK} -ge 1 ]]; then
# enough commits have already been checked, so return early
return 0;
fi
local COMMIT_HASH="$1"
log "validate_commit_and_parents for $COMMIT_HASH"
@@ -300,6 +327,7 @@ validate_commit_and_parents() {
if ! validate_commit "$COMMIT_HASH"; then
ALL_PASSED=false
fi
NUM_COMMITS_CHECKED=${#PROCESSED_COMMIT[@]}
local PARENTS=$(git cat-file -p "$COMMIT_HASH" | awk '/^$/{exit} /parent/ {print}' | sed 's/parent //')
#iterate over all parents of commit
if [ ! -z "$PARENTS" ]; then
@@ -309,7 +337,65 @@ validate_commit_and_parents() {
fi
done <<< $(printf "%s" "$PARENTS")
fi
if [ "$ALL_PASSED"=true ]; then
if [ "$ALL_PASSED" = true ]; then
return 0
fi
return 1
}
# Recursive function to find all ancestors of commit
# param1: commit hash
# creates an array COMMITS, key is the commit hash, value is the commit time (Unix epoch seconds)
# the array contains all commits found in all paths from the passed-in commit hash back to the root commit of the repo
# the array is global so it can be accessed after the function returns
find_all_commits() {
local COMMIT_HASH="$1"
log "find_all_commits for $COMMIT_HASH"
# git show "ct" format returns the commit time as Unix epoch seconds
COMMIT_TIME=$(git show --no-patch --format=%ct "$COMMIT_HASH")
COMMITS[$COMMIT_HASH]="${COMMIT_TIME}"
local PARENTS=$(git cat-file -p "$COMMIT_HASH" | awk '/^$/{exit} /parent/ {print}' | sed 's/parent //')
# iterate over all parents of commit
if [ ! -z "$PARENTS" ]; then
while read PARENT_HASH; do
if [[ ${COMMITS[$PARENT_HASH]} ]]; then
log "commit $PARENT_HASH has already been processed"
else
find_all_commits "$PARENT_HASH"
fi
done <<< $(printf "%s" "$PARENTS")
fi
}
# Validate the commits in the COMMITS array, up to MAX_COMMITS_TO_CHECK
# returns: 0 if the validation of the commits succeeded
validate_commits() {
ALL_PASSED=true
# create an associative array with keys using the Unix epoch commit time and value the commit hash
# this array can be easily used to sort in (forward or reverse) order of time
for HASH in "${!COMMITS[@]}"; do
UNIX_EPOCH_TIME="${COMMITS[$HASH]}"
# two commits could have the exact same Unix epoch in seconds
# so make that unique by appending an "x" and the hash
UNIQUE_KEY="${UNIX_EPOCH_TIME}x${HASH}"
COMMIT_TIMES[$UNIQUE_KEY]="${HASH}"
done
# sort into reverse order
SORTED_KEYS=($(printf "%s\n" "${!COMMIT_TIMES[@]}" | sort -r))
# process the commits from latest time to oldest time
ALL_PASSED=true
for ENTRY in "${SORTED_KEYS[@]}"; do
COMMIT_HASH=${COMMIT_TIMES[${ENTRY}]}
log "${ENTRY} has value ${COMMIT_HASH}"
NUM_COMMITS_CHECKED=${#PROCESSED_COMMIT[@]}
if [[ ${NUM_COMMITS_CHECKED} -lt ${MAX_COMMITS_TO_CHECK} ]]; then
if ! validate_commit "$COMMIT_HASH"; then
ALL_PASSED=false
fi
fi
done
if [ "$ALL_PASSED" = true ]; then
return 0
fi
return 1
@@ -326,10 +412,21 @@ echo ""
echo_info "Validating timestamps. This may take a while..."
echo ""
if validate_commit_and_parents "$COMMIT_HASH"; then
echo_success "Validation OK: All timestamped commits in the commit history of $COMMIT_HASH contain at least one valid timestamp."
exit 0
if [[ ${MAX_COMMITS_TO_CHECK} -ge 1 ]]; then
find_all_commits "$COMMIT_HASH"
if validate_commits; then
echo_success "Validation OK: ${NUM_COMMITS_CHECKED} timestamped commits in the commit history of $COMMIT_HASH contain at least one valid timestamp."
exit 0
else
echo_error "Validation Failed: There are timestamped commits in the commit history of $COMMIT_HASH which do not contain any valid timestamps."
exit 1
fi
else
echo_error "Validation Failed: There are timestamped commits in the commit history of $COMMIT_HASH which do not contain any valid timestamps."
exit 1
fi
if validate_commit_and_parents "$COMMIT_HASH"; then
echo_success "Validation OK: All timestamped commits in the commit history of $COMMIT_HASH contain at least one valid timestamp."
exit 0
else
echo_error "Validation Failed: There are timestamped commits in the commit history of $COMMIT_HASH which do not contain any valid timestamps."
exit 1
fi
fi

26
hooks/validate_trustanchors_hash.sh Executable file
View File

@@ -0,0 +1,26 @@
#!/bin/bash
# Copyright (c) 2024 JankariTech UG
# Authors: Artur Neumann
# Script to check if the trustanchors have been changed
TRUSTANCHOR_DIR="$1"
EXPECTED_COMMIT_HASH="$2"
if [[ $# -ne 2 ]]; then
echo "Usage: $0 <trustanchor_dir> <expected_commit_hash>"
exit 1
fi
if [ -z "$EXPECTED_COMMIT_HASH" ]; then
echo "No expected hash provided"
exit 1
fi
# get the sha256 hash of all files in the trustanchor directory
ACTUAL_COMMIT_HASH=$(find "$TRUSTANCHOR_DIR" -type f -exec sha256sum {} \; | sort | sha256sum | cut -d ' ' -f 1)
if [ "$EXPECTED_COMMIT_HASH" != "$ACTUAL_COMMIT_HASH" ]; then
echo "The trustanchors have been changed, please review the provided hash"
exit 1
fi