From 504286d2df7de0dd92930d0acb4ce1ea67d302ae Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 19 Jan 2023 16:12:06 +0000 Subject: [PATCH 01/12] Bump golangci/golangci-lint-action from 3.2.0 to 3.3.1 Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3.2.0 to 3.3.1. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/537aa1903e5d359d0b27dbc19ddd22c5087f3fbc...0ad9a0988b3973e851ab0a07adf248ec2e100376) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/pr_build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr_build.yml b/.github/workflows/pr_build.yml index e2dda21c..5367ca07 100644 --- a/.github/workflows/pr_build.yml +++ b/.github/workflows/pr_build.yml @@ -25,7 +25,7 @@ jobs: go-version-file: 'go.mod' - name: "Lint" - uses: golangci/golangci-lint-action@537aa1903e5d359d0b27dbc19ddd22c5087f3fbc # v3.2.0 + uses: golangci/golangci-lint-action@0ad9a0988b3973e851ab0a07adf248ec2e100376 # v3.3.1 with: version: v1.48 args: --timeout 3m0s From 83b6cbcd2f167336de782d73dfea40e03417e512 Mon Sep 17 00:00:00 2001 From: Victor Vieira Barros Leal da Silveira Date: Fri, 13 Jan 2023 14:56:11 -0300 Subject: [PATCH 02/12] feat: Introduzing Github workflow to automate build process generating provenance artifact with signature and sboms Signed-off-by: Victor Vieira Barros Leal da Silveira --- .github/workflows/codeql.yml | 8 +- .github/workflows/pr_build.yml | 4 +- .github/workflows/release.yml | 80 ++++++++++ .github/workflows/scorecards.yml | 6 +- .github/workflows/scripts/getHashes.sh | 9 ++ .github/workflows/trivy.yml | 6 +- .gitignore | 2 + .goreleaser.yml | 204 +++++++++++++++++++++++++ 8 files changed, 307 insertions(+), 12 deletions(-) create mode 100644 .github/workflows/release.yml create mode 100755 .github/workflows/scripts/getHashes.sh create mode 100644 .goreleaser.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 0d382001..fb60512c 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -25,7 +25,7 @@ permissions: read-all jobs: analyze: name: Analyze - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 permissions: actions: read contents: read @@ -45,13 +45,13 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Checkout repository - uses: actions/checkout@d0651293c4a5a52e711f25b41b05b2212f385d28 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@ed2594450415ba50c3df30cf2992ab1265c38941 + uses: github/codeql-action/init@ff3337ee1b38c9bcf43046bde6450e50c5e88ebb # v2.1.28 with: languages: ${{ matrix.language }} - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@ed2594450415ba50c3df30cf2992ab1265c38941 + uses: github/codeql-action/analyze@ff3337ee1b38c9bcf43046bde6450e50c5e88ebb # v2.1.28 diff --git a/.github/workflows/pr_build.yml b/.github/workflows/pr_build.yml index 5367ca07..07fb4d60 100644 --- a/.github/workflows/pr_build.yml +++ b/.github/workflows/pr_build.yml @@ -8,7 +8,7 @@ permissions: read-all jobs: analysis: name: PR Build - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 steps: - name: Harden Runner @@ -17,7 +17,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: "Checkout code" - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - name: "Setup Go" uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 00000000..60f4b350 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,80 @@ +name: release + +on: + push: + # run only against tags + tags: ['v[0-9].[0-9]+.[0-9]+'] + +permissions: # added using https://github.com/step-security/secure-workflows + contents: read + +jobs: + + goreleaser: + runs-on: ubuntu-22.04 + + permissions: + contents: write # for goreleaser/goreleaser-action to create a GitHub release + + outputs: + hashes: ${{ steps.hash.outputs.hashes }} + + steps: + + - name: Harden Runner + uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v2.1.0 + with: + egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs + + - name: Download syft + uses: anchore/sbom-action/download-syft@06e109483e6aa305a2b2395eabae554e51530e1d # v0.13.1 + + - name: Checkout + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 + with: + fetch-depth: 0 + + - name: Set up Go + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 + with: + go-version: '1.19' + cache: true + + - name: Import GPG key + id: import_gpg + uses: crazy-max/ghaction-import-gpg@111c56156bcc6918c056dbef52164cfa583dc549 # v5.2.0 + with: + gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} + passphrase: ${{ secrets.PASSPHRASE }} + + - name: Run GoReleaser + id: run-goreleaser + uses: goreleaser/goreleaser-action@8f67e590f2d095516493f017008adc464e63adb1 # v4.1.0 + with: + # either 'goreleaser' (default) or 'goreleaser-pro' + distribution: goreleaser + version: latest + args: release --rm-dist + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }} + # # Your GoReleaser Pro key, if you are using the 'goreleaser-pro' distribution + # # GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }} + + - name: Generate subject + id: hash + env: + ARTIFACTS: "${{ steps.run-goreleaser.outputs.artifacts }}" + run: ./.github/workflows/scripts/getHashes.sh + shell: bash + + provenance: + needs: [goreleaser] + permissions: + actions: read # To read the workflow path. + id-token: write # To sign the provenance. + contents: write # To add assets to a release. + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.4.0 # 68bad40844440577b33778c9f29077a3388838e9 + with: + base64-subjects: "${{ needs.goreleaser.outputs.hashes }}" + upload-assets: true # upload to a new release diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 30247928..8e0e1206 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -14,7 +14,7 @@ permissions: read-all jobs: analysis: name: Scorecards analysis - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 permissions: # Needed to upload the results to code-scanning dashboard. security-events: write @@ -31,7 +31,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: "Checkout code" - uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # v3.0.0 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 with: persist-credentials: false @@ -63,6 +63,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@5f532563584d71fdef14ee64d17bafb34f751ce5 # v1.0.26 + uses: github/codeql-action/upload-sarif@515828d97454b8354517688ddc5b48402b723750 # v2.1.38 with: sarif_file: results.sarif diff --git a/.github/workflows/scripts/getHashes.sh b/.github/workflows/scripts/getHashes.sh new file mode 100755 index 00000000..b6890c95 --- /dev/null +++ b/.github/workflows/scripts/getHashes.sh @@ -0,0 +1,9 @@ +set -euo pipefail + +hashes=$(echo $ARTIFACTS | jq --raw-output '.[] | {name, "digest": (.extra.Digest // .extra.Checksum)} | select(.digest) | {digest} + {name} | join(" ") | sub("^sha256:";"")' | base64 -w0) +if test "$hashes" = ""; then # goreleaser < v1.13.0 + checksum_file=$(echo "$ARTIFACTS" | jq -r '.[] | select (.type=="Checksum") | .path') + hashes=$(cat $checksum_file | base64 -w0) +fi + +echo "hashes=$hashes" >> $GITHUB_OUTPUT diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index c55ab74b..2f436dc2 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -10,7 +10,7 @@ permissions: jobs: build: name: Build - runs-on: "ubuntu-18.04" + runs-on: ubuntu-22.04 permissions: contents: read # for actions/checkout to fetch code security-events: write # for github/codeql-action/upload-sarif to upload SARIF results @@ -22,7 +22,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Checkout code - uses: actions/checkout@d0651293c4a5a52e711f25b41b05b2212f385d28 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@9ab158e8597f3b310480b9a69402b419bc03dbd5 @@ -35,6 +35,6 @@ jobs: severity: 'MEDIUM,CRITICAL,HIGH' - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@74e8f231851deb9b54c3e408f88638dd39727868 + uses: github/codeql-action/upload-sarif@ff3337ee1b38c9bcf43046bde6450e50c5e88ebb # v2.1.28 with: sarif_file: 'trivy-results.sarif' diff --git a/.gitignore b/.gitignore index d06a9343..88811fb1 100644 --- a/.gitignore +++ b/.gitignore @@ -36,3 +36,5 @@ cmd/server/server *~ # Linux trash folder which might appear on any partition or disk .Trash-* + +dist/ diff --git a/.goreleaser.yml b/.goreleaser.yml new file mode 100644 index 00000000..84386893 --- /dev/null +++ b/.goreleaser.yml @@ -0,0 +1,204 @@ +# This is an example .goreleaser.yml file with some sensible defaults. +# Make sure to check the documentation at https://goreleaser.com +before: + hooks: + # You may remove this if you don't use go modules. + - go mod tidy + # # you may remove this if you don't need go generate + # - go generate ./... + +# Documentation Reference: https://goreleaser.com/customization/build/#builds +builds: + - id: "server-cli" + main: ./cmd/server/ + binary: server_cli + env: + - CGO_ENABLED=0 + goos: + - linux + # - windows + # - darwin + + + - id: "harvester-cli" + main: ./cmd/harvester/ + binary: harvester_cli + env: + - CGO_ENABLED=0 + goos: + - linux + # - windows + # - darwin + + +archives: + - format: tar.gz + # this name template makes the OS and Arch compatible with the results of uname. + name_template: >- + {{ .ProjectName }}_ + {{- title .Os }}_ + {{- if eq .Arch "amd64" }}x86_64 + {{- else if eq .Arch "386" }}i386 + {{- else }}{{ .Arch }}{{ end }} + {{- if .Arm }}v{{ .Arm }}{{ end }} + # use zip for windows archives + format_overrides: + - goos: windows + format: zip +checksum: + name_template: 'checksums.txt' +snapshot: + name_template: "{{ incpatch .Version }}-next" +changelog: + sort: asc + filters: + exclude: + - '^docs:' + - '^test:' + +# The lines beneath this are called `modelines`. See `:help modeline` +# Feel free to remove those if you don't want/use them. +# yaml-language-server: $schema=https://goreleaser.com/static/schema.json +# vim: set ts=2 sw=2 tw=0 fo=cnqoj + +signs: + - # Which artifacts to sign + # + # all: all artifacts + # none: no signing + # checksum: only checksum file(s) + # source: source archive + # package: linux packages (deb, rpm, apk) + # archive: archives from archive pipe + # binary: binaries if archiving format is set to binary + # sbom: any Software Bill of Materials generated for other artifacts + # + # Defaults to `none` + artifacts: checksum + + # ID of the sign config, must be unique. + # + # Defaults to "default". + id: default + + # Name/template of the signature file. + # + # Defaults to `${artifact}.sig`. + signature: "${artifact}.sig" + + # Path to the signature command + # + # Defaults to `gpg` + cmd: gpg2 + + # Command line templateable arguments for the command + # + # to sign with a specific key use + # args: ["-u", "", "--output", "${signature}", "--detach-sign", "${artifact}"] + # + # Defaults to `["--output", "${signature}", "--detach-sign", "${artifact}"]` + args: ["--batch", "-u", "{{ .Env.GPG_FINGERPRINT }}", "--output", "${signature}", "--detach-sign", "${artifact}"] + + # IDs of the artifacts to sign. + # + # If `artifacts` is checksum or source, this fields has no effect. + # + # Defaults to empty (which implies no filtering). + ids: [] + + # Stdin data template to be given to the signature command as stdin. + # + # Defaults to empty + # stdin: '{{ .Env.GPG_PASSWORD }}' + + # StdinFile file to be given to the signature command as stdin. + # + # Defaults to empty + # stdin_file: ./.password + + # Sets a certificate that your signing command should write to. + # You can later use `${certificate}` or `.Env.certificate` in the `args` section. + # This is particularly useful for keyless signing (for instance, with cosign). + # Note that this should be a name, not a path. + # + # Defaults to empty. + # certificate: '{{ trimsuffix .Env.artifact ".tar.gz" }}.pem' + + # List of environment variables that will be passed to the signing command as well as the templates. + # + # Defaults to empty + env: [] + + # By default, the stdout and stderr of the signing cmd are discarded unless + # GoReleaser is running with `--debug` set. + # You can set this to true if you want them to be displayed regardless. + # + # Default: false. + # Since: v1.2. + output: false + + +sboms: + - + # ID of the sbom config, must be unique. + # + # Defaults to "default". + id: default + + # List of Names/templates of the SBOM documents created at this step + # (relative to the dist dir). + # + # Each element configured is made available as variables. For example: + # documents: ["foo", "bar"] + # + # would make the following variables that can be referenced as template keys: + # document0: "foo" + # document1: "bar" + # + # Default value is conditional based on the value of "artifacts" + # - "binary": ["{{ .Binary }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}.sbom"] + # - "any": [] + # - otherwise: ["{{ .ArtifactName }}.sbom"] + # + # Note that multiple sbom values are only allowed if the value of + # "artifacts" is "any". + documents: + - "${artifact}.spdx.sbom" + + # Path to the SBOM generator command + # + # Note: the process CWD will be set to the same location as "dist" + # + # Defaults to `syft` + cmd: syft + + # Command line templateable arguments for the command + # + # Defaults to `["$artifact", "--file", "$document", "--output", "spdx-json"]` + args: ["$artifact", "--file", "$document", "--output", "spdx-json"] + + # List of environment variables that will be passed to the SBOM command as + # well as the templates. + # + # Defaults to [ "SYFT_FILE_METADATA_CATALOGER_ENABLED=true" ] + env: + - SYFT_FILE_METADATA_CATALOGER_ENABLED=true + + # Which artifacts to catalog + # + # any: let the SBOM tool decide what artifacts available in the cwd + # should be cataloged + # source: source archive + # package: linux packages (deb, rpm, apk) + # archive: archives from archive pipe + # binary: binaries output from the build stage + # + # Defaults to `archive` + artifacts: archive + + # IDs of the artifacts to catalog. + # + # If `artifacts` is "source" or "any" then this fields has no effect. + # + # Defaults to empty (which implies no filtering). + ids: [] From 407de97be724d2e41fa99a434caab814bb32e8a2 Mon Sep 17 00:00:00 2001 From: Victor Vieira Barros Leal da Silveira Date: Fri, 20 Jan 2023 10:36:46 -0300 Subject: [PATCH 03/12] feat: Updating demo dependencies --- demo/greeter/go.mod | 27 +++++++++++++++------------ demo/greeter/go.sum | 32 ++++++++++++++++++++++++++++++++ 2 files changed, 47 insertions(+), 12 deletions(-) diff --git a/demo/greeter/go.mod b/demo/greeter/go.mod index 62b93d4c..50c01c5d 100644 --- a/demo/greeter/go.mod +++ b/demo/greeter/go.mod @@ -1,21 +1,24 @@ module greeter -go 1.17 +go 1.19 require ( - github.com/spiffe/go-spiffe/v2 v2.0.0-beta.10 - google.golang.org/grpc v1.50.1 - google.golang.org/grpc/examples v0.0.0-20211001222728-09970207abb5 + github.com/spiffe/go-spiffe/v2 v2.1.2 + google.golang.org/grpc v1.52.0 + google.golang.org/grpc/examples v0.0.0-20230120001647-bc9728f98bdc ) require ( + github.com/Microsoft/go-winio v0.6.0 // indirect github.com/golang/protobuf v1.5.2 // indirect - github.com/zeebo/errs v1.2.2 // indirect - golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 // indirect - golang.org/x/net v0.0.0-20201021035429-f5854403a974 // indirect - golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4 // indirect - golang.org/x/text v0.3.3 // indirect - google.golang.org/genproto v0.0.0-20200806141610-86f49bd18e98 // indirect - google.golang.org/protobuf v1.27.1 // indirect - gopkg.in/square/go-jose.v2 v2.4.1 // indirect + github.com/zeebo/errs v1.3.0 // indirect + golang.org/x/crypto v0.5.0 // indirect + golang.org/x/mod v0.7.0 // indirect + golang.org/x/net v0.5.0 // indirect + golang.org/x/sys v0.4.0 // indirect + golang.org/x/text v0.6.0 // indirect + golang.org/x/tools v0.5.0 // indirect + google.golang.org/genproto v0.0.0-20230119192704-9d59e20e5cd1 // indirect + google.golang.org/protobuf v1.28.1 // indirect + gopkg.in/square/go-jose.v2 v2.6.0 // indirect ) diff --git a/demo/greeter/go.sum b/demo/greeter/go.sum index ebd012dc..744b717b 100644 --- a/demo/greeter/go.sum +++ b/demo/greeter/go.sum @@ -1,12 +1,15 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= +github.com/Microsoft/go-winio v0.6.0 h1:slsWYD/zyx7lCXoZVlvQrj0hPTM1HI4+v1sIda2yDvg= +github.com/Microsoft/go-winio v0.6.0/go.mod h1:cTAf44im0RAYeL23bpB+fzCyDH2MJiz2BO69KH/soAE= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= @@ -35,24 +38,34 @@ github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ= +github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/spiffe/go-spiffe/v2 v2.0.0-beta.10 h1:UXfGMp27MlQcYCAVRl21+cZrbKXMLsFmMXam5W3qBIA= github.com/spiffe/go-spiffe/v2 v2.0.0-beta.10/go.mod h1:TEfgrEcyFhuSuvqohJt6IxENUNeHfndWCCV1EX7UaVk= +github.com/spiffe/go-spiffe/v2 v2.1.2 h1:nfNwopOP7q0qsWU6AUASqmbtYViwHA6vuHyAtqFJtNc= +github.com/spiffe/go-spiffe/v2 v2.1.2/go.mod h1:cbQmFrxsOpbm5tWURAYip9ZK0dOSFeoFG3/5Ub9Hvy0= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.5.1 h1:nOGnQDM7FYENwehXlg/kFVnos3rEvtKTjRvOWSzb6H4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= +github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk= github.com/zeebo/errs v1.2.2 h1:5NFypMTuSdoySVTqlNs1dEoU21QVamMQJxW/Fii5O7g= github.com/zeebo/errs v1.2.2/go.mod h1:sgbWHsvVuTPHcqJJGQ1WhI5KbWlHYz+2+2C/LSEtCw4= +github.com/zeebo/errs v1.3.0 h1:hmiaKqgYZzcVgRL1Vkc1Mn2914BbzB0IBxs+ebeutGs= +github.com/zeebo/errs v1.3.0/go.mod h1:sgbWHsvVuTPHcqJJGQ1WhI5KbWlHYz+2+2C/LSEtCw4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 h1:psW17arqaxU48Z5kZ0CQnkZWQJsqcURM6tKiBApRjXI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.5.0 h1:U/0M97KRkSFvyD/3FSmdP5W5swImpNgle/EHFhOsQPE= +golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/mod v0.7.0 h1:LapD9S96VoQRhi/GrNTqeBJFrUjs5UHCAtTlgwA5oZA= +golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -61,6 +74,8 @@ golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20201021035429-f5854403a974 h1:IX6qOQeG5uLjB/hjjwjedwfjND0hgjPMMyO1RoIXQNI= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.5.0 h1:GyT4nK/YDHSqa1c4753ouYCDajOYKTja9Xb/OHtgvSw= +golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -73,14 +88,20 @@ golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4 h1:myAQVi0cGEoqQVR5POX+8RR2mrocKqNN1hmeMqhX27k= golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.4.0 h1:Zr2JFtRQNX3BCZ8YtxRE9hNJYC8J6I1MVbMg6owUp18= +golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.6.0 h1:3XmdazWV+ubf7QgHSTWeykHOci5oeekaGJBLkrkaw4k= +golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= +golang.org/x/tools v0.5.0 h1:+bSpV5HIeWkuvgaMfI3UmKRThoTA5ODJTUd8T17NO+4= +golang.org/x/tools v0.5.0/go.mod h1:N+Kgy78s5I24c24dU8OfWNEotWjutIs8SnJvn5IDq+k= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= @@ -90,6 +111,8 @@ google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= google.golang.org/genproto v0.0.0-20200806141610-86f49bd18e98 h1:LCO0fg4kb6WwkXQXRQQgUYsFeFb5taTX5WAx5O/Vt28= google.golang.org/genproto v0.0.0-20200806141610-86f49bd18e98/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20230119192704-9d59e20e5cd1 h1:wSjSSQW7LuPdv3m1IrSN33nVxH/kID6OIKy+FMwGB2k= +google.golang.org/genproto v0.0.0-20230119192704-9d59e20e5cd1/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= @@ -99,9 +122,13 @@ google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.50.1 h1:DS/BukOZWp8s6p4Dt/tOaJaTQyPyOoCcrjroHuCeLzY= google.golang.org/grpc v1.50.1/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= +google.golang.org/grpc v1.52.0 h1:kd48UiU7EHsV4rnLyOJRuP/Il/UHE7gdDAQ+SZI7nZk= +google.golang.org/grpc v1.52.0/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5vorUY= google.golang.org/grpc/examples v0.0.0-20201130180447-c456688b1860/go.mod h1:Ly7ZA/ARzg8fnPU9TyZIxoz33sEUuWX7txiqs8lPTgE= google.golang.org/grpc/examples v0.0.0-20211001222728-09970207abb5 h1:k1HwCrvyzmToHY1nDSfCGU63gsShFOG46m7dks5rdRw= google.golang.org/grpc/examples v0.0.0-20211001222728-09970207abb5/go.mod h1:gID3PKrg7pWKntu9Ss6zTLJ0ttC0X9IHgREOCZwbCVU= +google.golang.org/grpc/examples v0.0.0-20230120001647-bc9728f98bdc h1:QtNVh8LWmDMgiHn8C7m+LjPcXyqQVEX30uuOGwl778A= +google.golang.org/grpc/examples v0.0.0-20230120001647-bc9728f98bdc/go.mod h1:Nr5H8+MlGWr5+xX/STzdoEqJrO+YteqFbMyCsrb6mH0= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -116,10 +143,15 @@ google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp0 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.27.1 h1:SnqbnDw1V7RiZcXPx5MEeqPv2s79L9i7BJUlG/+RurQ= google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= +google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w= +google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/square/go-jose.v2 v2.4.1 h1:H0TmLt7/KmzlrDOpa1F+zr0Tk90PbJYBfsVUmRLrf9Y= gopkg.in/square/go-jose.v2 v2.4.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= +gopkg.in/square/go-jose.v2 v2.6.0 h1:NGk74WTnPKBNUhNzQX7PYcTLUjoq7mzKk2OKbvwk2iI= +gopkg.in/square/go-jose.v2 v2.6.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= From ae1cb498c6343d4881e35a9b4f7afe7a840a2534 Mon Sep 17 00:00:00 2001 From: Victor Vieira Barros Leal da Silveira Date: Fri, 20 Jan 2023 10:39:56 -0300 Subject: [PATCH 04/12] feat: Updating go.sum --- demo/greeter/go.sum | 118 +------------------------------------------- 1 file changed, 1 insertion(+), 117 deletions(-) diff --git a/demo/greeter/go.sum b/demo/greeter/go.sum index 744b717b..3841d9ca 100644 --- a/demo/greeter/go.sum +++ b/demo/greeter/go.sum @@ -1,157 +1,41 @@ -cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/Microsoft/go-winio v0.6.0 h1:slsWYD/zyx7lCXoZVlvQrj0hPTM1HI4+v1sIda2yDvg= github.com/Microsoft/go-winio v0.6.0/go.mod h1:cTAf44im0RAYeL23bpB+fzCyDH2MJiz2BO69KH/soAE= -github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= -github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8= -github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= -github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= -github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= -github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= -github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= -github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= -github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= -github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= -github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= -github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= -github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= -github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= -github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ= github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= -github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= -github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/spiffe/go-spiffe/v2 v2.0.0-beta.10 h1:UXfGMp27MlQcYCAVRl21+cZrbKXMLsFmMXam5W3qBIA= -github.com/spiffe/go-spiffe/v2 v2.0.0-beta.10/go.mod h1:TEfgrEcyFhuSuvqohJt6IxENUNeHfndWCCV1EX7UaVk= github.com/spiffe/go-spiffe/v2 v2.1.2 h1:nfNwopOP7q0qsWU6AUASqmbtYViwHA6vuHyAtqFJtNc= github.com/spiffe/go-spiffe/v2 v2.1.2/go.mod h1:cbQmFrxsOpbm5tWURAYip9ZK0dOSFeoFG3/5Ub9Hvy0= -github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/testify v1.5.1 h1:nOGnQDM7FYENwehXlg/kFVnos3rEvtKTjRvOWSzb6H4= -github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk= -github.com/zeebo/errs v1.2.2 h1:5NFypMTuSdoySVTqlNs1dEoU21QVamMQJxW/Fii5O7g= -github.com/zeebo/errs v1.2.2/go.mod h1:sgbWHsvVuTPHcqJJGQ1WhI5KbWlHYz+2+2C/LSEtCw4= github.com/zeebo/errs v1.3.0 h1:hmiaKqgYZzcVgRL1Vkc1Mn2914BbzB0IBxs+ebeutGs= github.com/zeebo/errs v1.3.0/go.mod h1:sgbWHsvVuTPHcqJJGQ1WhI5KbWlHYz+2+2C/LSEtCw4= -golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 h1:psW17arqaxU48Z5kZ0CQnkZWQJsqcURM6tKiBApRjXI= -golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.5.0 h1:U/0M97KRkSFvyD/3FSmdP5W5swImpNgle/EHFhOsQPE= golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU= -golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= -golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/mod v0.7.0 h1:LapD9S96VoQRhi/GrNTqeBJFrUjs5UHCAtTlgwA5oZA= golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20201021035429-f5854403a974 h1:IX6qOQeG5uLjB/hjjwjedwfjND0hgjPMMyO1RoIXQNI= -golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.5.0 h1:GyT4nK/YDHSqa1c4753ouYCDajOYKTja9Xb/OHtgvSw= golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= -golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4 h1:myAQVi0cGEoqQVR5POX+8RR2mrocKqNN1hmeMqhX27k= -golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= golang.org/x/sys v0.4.0 h1:Zr2JFtRQNX3BCZ8YtxRE9hNJYC8J6I1MVbMg6owUp18= golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k= -golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.6.0 h1:3XmdazWV+ubf7QgHSTWeykHOci5oeekaGJBLkrkaw4k= golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= -golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.5.0 h1:+bSpV5HIeWkuvgaMfI3UmKRThoTA5ODJTUd8T17NO+4= golang.org/x/tools v0.5.0/go.mod h1:N+Kgy78s5I24c24dU8OfWNEotWjutIs8SnJvn5IDq+k= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE= -google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= -google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20200806141610-86f49bd18e98 h1:LCO0fg4kb6WwkXQXRQQgUYsFeFb5taTX5WAx5O/Vt28= -google.golang.org/genproto v0.0.0-20200806141610-86f49bd18e98/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20230119192704-9d59e20e5cd1 h1:wSjSSQW7LuPdv3m1IrSN33nVxH/kID6OIKy+FMwGB2k= google.golang.org/genproto v0.0.0-20230119192704-9d59e20e5cd1/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= -google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= -google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= -google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= -google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -google.golang.org/grpc v1.50.1 h1:DS/BukOZWp8s6p4Dt/tOaJaTQyPyOoCcrjroHuCeLzY= -google.golang.org/grpc v1.50.1/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= google.golang.org/grpc v1.52.0 h1:kd48UiU7EHsV4rnLyOJRuP/Il/UHE7gdDAQ+SZI7nZk= google.golang.org/grpc v1.52.0/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5vorUY= -google.golang.org/grpc/examples v0.0.0-20201130180447-c456688b1860/go.mod h1:Ly7ZA/ARzg8fnPU9TyZIxoz33sEUuWX7txiqs8lPTgE= -google.golang.org/grpc/examples v0.0.0-20211001222728-09970207abb5 h1:k1HwCrvyzmToHY1nDSfCGU63gsShFOG46m7dks5rdRw= -google.golang.org/grpc/examples v0.0.0-20211001222728-09970207abb5/go.mod h1:gID3PKrg7pWKntu9Ss6zTLJ0ttC0X9IHgREOCZwbCVU= google.golang.org/grpc/examples v0.0.0-20230120001647-bc9728f98bdc h1:QtNVh8LWmDMgiHn8C7m+LjPcXyqQVEX30uuOGwl778A= google.golang.org/grpc/examples v0.0.0-20230120001647-bc9728f98bdc/go.mod h1:Nr5H8+MlGWr5+xX/STzdoEqJrO+YteqFbMyCsrb6mH0= -google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= -google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= -google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= -google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= -google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= -google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= -google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.27.1 h1:SnqbnDw1V7RiZcXPx5MEeqPv2s79L9i7BJUlG/+RurQ= -google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/square/go-jose.v2 v2.4.1 h1:H0TmLt7/KmzlrDOpa1F+zr0Tk90PbJYBfsVUmRLrf9Y= -gopkg.in/square/go-jose.v2 v2.4.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/square/go-jose.v2 v2.6.0 h1:NGk74WTnPKBNUhNzQX7PYcTLUjoq7mzKk2OKbvwk2iI= gopkg.in/square/go-jose.v2 v2.6.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= -gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw= -gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= -honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= From b0d9bb637737f297c82b1ca3438bf62d5ab00f60 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Jan 2023 16:18:41 +0000 Subject: [PATCH 05/12] Bump golangci/golangci-lint-action from 3.3.1 to 3.4.0 Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3.3.1 to 3.4.0. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/0ad9a0988b3973e851ab0a07adf248ec2e100376...08e2f20817b15149a52b5b3ebe7de50aff2ba8c5) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/pr_build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr_build.yml b/.github/workflows/pr_build.yml index 07fb4d60..900fe9ca 100644 --- a/.github/workflows/pr_build.yml +++ b/.github/workflows/pr_build.yml @@ -25,7 +25,7 @@ jobs: go-version-file: 'go.mod' - name: "Lint" - uses: golangci/golangci-lint-action@0ad9a0988b3973e851ab0a07adf248ec2e100376 # v3.3.1 + uses: golangci/golangci-lint-action@08e2f20817b15149a52b5b3ebe7de50aff2ba8c5 # v3.4.0 with: version: v1.48 args: --timeout 3m0s From e6cbf6c605a3a200bc90519e2fd8dda5ea5c58c4 Mon Sep 17 00:00:00 2001 From: Cole Kennedy Date: Tue, 18 Apr 2023 03:53:54 -0500 Subject: [PATCH 06/12] add witness --- .githooks/post-commit | 2 + .github/workflows/codeql.yml | 57 ---- .github/workflows/pr_build.yml | 34 --- .github/workflows/release.yml | 225 ++++++++++++---- .github/workflows/scorecard.policy | 71 +++++ .github/workflows/scorecards.yml | 46 ++-- .github/workflows/scripts/getHashes.sh | 9 - .github/workflows/trivy.yml | 47 ++-- .gitignore | 1 + .goreleaser.yml | 150 +++++------ .witness/intermediate.pem | 14 + .witness/policy-bin-signed.json | 1 + .witness/policy-bin.json | 184 +++++++++++++ .witness/policy-signed.json | 1 + .witness/policy.json | 194 ++++++++++++++ .witness/policy.pub | 9 + .witness/root.pem | 15 ++ .witness/sticky.yaml | 16 ++ LICENSE | 202 -------------- Makefile | 5 + README.md | 357 ++++++++++++++++++++++--- get_certs.sh | 38 +++ script.sh | 64 +++++ 23 files changed, 1234 insertions(+), 508 deletions(-) create mode 100755 .githooks/post-commit delete mode 100644 .github/workflows/codeql.yml delete mode 100644 .github/workflows/pr_build.yml create mode 100644 .github/workflows/scorecard.policy delete mode 100755 .github/workflows/scripts/getHashes.sh create mode 100644 .witness/intermediate.pem create mode 100644 .witness/policy-bin-signed.json create mode 100644 .witness/policy-bin.json create mode 100644 .witness/policy-signed.json create mode 100644 .witness/policy.json create mode 100644 .witness/policy.pub create mode 100644 .witness/root.pem create mode 100644 .witness/sticky.yaml delete mode 100644 LICENSE create mode 100755 get_certs.sh create mode 100755 script.sh diff --git a/.githooks/post-commit b/.githooks/post-commit new file mode 100755 index 00000000..bc53503f --- /dev/null +++ b/.githooks/post-commit @@ -0,0 +1,2 @@ + +exec < /dev/tty && witness run -s commit -a git --fulcio=https://v1.fulcio.sigstore.dev --fulcio-oidc-client-id=https://oauth2.sigstore.dev/auth --fulcio-oidc-issuer=sigstore --enable-archivista --timestamp-servers https://freetsa.org/tsr -o /dev/null \ No newline at end of file diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml deleted file mode 100644 index fb60512c..00000000 --- a/.github/workflows/codeql.yml +++ /dev/null @@ -1,57 +0,0 @@ -# For most projects, this workflow file will not need changing; you simply need -# to commit it to your repository. -# -# You may wish to alter this file to override the set of languages analyzed, -# or to provide custom queries or build logic. -# -# ******** NOTE ******** -# We have attempted to detect the languages in your repository. Please check -# the `language` matrix defined below to confirm you have the correct set of -# supported CodeQL languages. -# -name: "CodeQL" - -on: - push: - branches: [ "main" ] - pull_request: - # The branches below must be a subset of the branches above - branches: [ "main" ] - schedule: - - cron: '41 2 * * 2' - -permissions: read-all - -jobs: - analyze: - name: Analyze - runs-on: ubuntu-22.04 - permissions: - actions: read - contents: read - security-events: write - - strategy: - fail-fast: false - matrix: - language: [ 'go' ] - # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] - # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support - - steps: - - name: Harden Runner - uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - name: Checkout repository - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@ff3337ee1b38c9bcf43046bde6450e50c5e88ebb # v2.1.28 - with: - languages: ${{ matrix.language }} - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@ff3337ee1b38c9bcf43046bde6450e50c5e88ebb # v2.1.28 diff --git a/.github/workflows/pr_build.yml b/.github/workflows/pr_build.yml deleted file mode 100644 index 900fe9ca..00000000 --- a/.github/workflows/pr_build.yml +++ /dev/null @@ -1,34 +0,0 @@ -name: PR Build - -on: - pull_request: {} - -permissions: read-all - -jobs: - analysis: - name: PR Build - runs-on: ubuntu-22.04 - - steps: - - name: Harden Runner - uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - name: "Checkout code" - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - - - name: "Setup Go" - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 - with: - go-version-file: 'go.mod' - - - name: "Lint" - uses: golangci/golangci-lint-action@08e2f20817b15149a52b5b3ebe7de50aff2ba8c5 # v3.4.0 - with: - version: v1.48 - args: --timeout 3m0s - - - name: "Unit test" - run: make test diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 60f4b350..d9c1b1e2 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,31 +1,19 @@ +permissions: + id-token: write # This is required for requesting the JWT + contents: read # This is required for actions/checkout + name: release on: push: - # run only against tags - tags: ['v[0-9].[0-9]+.[0-9]+'] - -permissions: # added using https://github.com/step-security/secure-workflows - contents: read + branches: + - cole/witness jobs: - - goreleaser: - runs-on: ubuntu-22.04 - - permissions: - contents: write # for goreleaser/goreleaser-action to create a GitHub release - - outputs: - hashes: ${{ steps.hash.outputs.hashes }} + build-binaries: + runs-on: "ubuntu-22.04" steps: - - - name: Harden Runner - uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v2.1.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - name: Download syft uses: anchore/sbom-action/download-syft@06e109483e6aa305a2b2395eabae554e51530e1d # v0.13.1 @@ -37,44 +25,177 @@ jobs: - name: Set up Go uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: - go-version: '1.19' + go-version: "1.19" cache: true - - name: Import GPG key - id: import_gpg - uses: crazy-max/ghaction-import-gpg@111c56156bcc6918c056dbef52164cfa583dc549 # v5.2.0 - with: - gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} - passphrase: ${{ secrets.PASSPHRASE }} + - name: Download GoReleaser + run: go install github.com/goreleaser/goreleaser@v1.17.1 - name: Run GoReleaser - id: run-goreleaser - uses: goreleaser/goreleaser-action@8f67e590f2d095516493f017008adc464e63adb1 # v4.1.0 + uses: testifysec/witness-run-action@v0.1.2 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_REPOSITORY_OWNER: ${{ github.repository_owner }} + with: + enable-sigstore: true + enable-archivista: true + trace: true + step: "build" + command: goreleaser release --clean --snapshot + + - name: "Upload artifact" + uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 with: - # either 'goreleaser' (default) or 'goreleaser-pro' - distribution: goreleaser - version: latest - args: release --rm-dist + name: binaries + path: dist/ + retention-days: 5 + + build-docker-server: + runs-on: "ubuntu-22.04" + + steps: + - name: Checkout + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 + with: + fetch-depth: 0 + + - name: Setup KO + uses: imjasonh/setup-ko@v0.6 + env: + KO_DOCKER_REPO: ghcr.io/github.com/testifysec/galadriel + - name: Login to GHCR + env: + AUTH_TOKEN: ${{ secrets.AUTH_TOKEN }} + run: | + echo "${AUTH_TOKEN}" | ko login ghcr.io --username dummy --password-stdin + + - name: Build Server + uses: testifysec/witness-run-action@v0.1.2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }} - # # Your GoReleaser Pro key, if you are using the 'goreleaser-pro' distribution - # # GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }} + GITHUB_REPOSITORY_OWNER: ${{ github.repository_owner }} + KO_DOCKER_REPO: ghcr.io/github.com/testifysec/galadriel + with: + enable-sigstore: true + enable-archivista: true + trace: true + step: "build" + attestations: "git github oci" + command: ko build --tarball server.tar --sbom-dir . ./cmd/server + + - name: "Upload Server artifact" + uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 + with: + name: server + path: server.tar + retention-days: 5 + + + build-docker-harvestor: + runs-on: "ubuntu-22.04" + + steps: + - name: Checkout + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 + with: + fetch-depth: 0 + + - name: Setup KO + uses: imjasonh/setup-ko@v0.6 + env: + KO_DOCKER_REPO: ghcr.io/github.com/testifysec/galadriel + - name: Login to GHCR + env: + AUTH_TOKEN: ${{ secrets.AUTH_TOKEN }} + run: | + echo "${AUTH_TOKEN}" | ko login ghcr.io --username dummy --password-stdin - - name: Generate subject - id: hash + - name: Build Harvestor + uses: testifysec/witness-run-action@v0.1.2 env: - ARTIFACTS: "${{ steps.run-goreleaser.outputs.artifacts }}" - run: ./.github/workflows/scripts/getHashes.sh - shell: bash - - provenance: - needs: [goreleaser] - permissions: - actions: read # To read the workflow path. - id-token: write # To sign the provenance. - contents: write # To add assets to a release. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.4.0 # 68bad40844440577b33778c9f29077a3388838e9 - with: - base64-subjects: "${{ needs.goreleaser.outputs.hashes }}" - upload-assets: true # upload to a new release + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_REPOSITORY_OWNER: ${{ github.repository_owner }} + KO_DOCKER_REPO: ghcr.io/github.com/testifysec/galadriel + + with: + enable-sigstore: true + enable-archivista: true + trace: true + step: "build" + attestations: "git github oci" + command: ko build --tarball harvestor.tar --sbom-dir . ./cmd/harvester + + - name: "Upload Harvestor artifact" + uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 + with: + name: harvestor + path: harvestor.tar + retention-days: 5 + + - name: "Upload Signed Policy and Public Key" + uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 + with: + name: witness + path: | + .witness/policy-signed.json + .witness/policy-bin-signed.json + .witness/policy.pub + retention-days: 90 + + + verify-artifacts: + needs: [build-binaries, build-docker-server, build-docker-harvestor] + runs-on: "ubuntu-22.04" + + steps: + + - name: Download Server artifact + uses: actions/download-artifact@v3.0.2 + with: + name: server + path: . + + - name: Download Harvestor artifact + uses: actions/download-artifact@v3.0.2 + with: + name: harvestor + path: . + + - name: Download Signed Policy and Public Key + uses: actions/download-artifact@v3.0.2 + with: + name: witness + path: .witness + + - name: Download binaries + uses: actions/download-artifact@v3.0.2 + with: + name: binaries + path: dist + + + - name: InstallWitness + uses: jaxxstorm/action-install-gh-release@v1.10.0 + with: # Grab the latest version + repo: testifysec/witness + tag: v0.1.13 + + - name: Verify Server Container + run: witness verify -f server.tar -p .witness/policy-signed.json -k .witness/policy.pub --enable-archivista + + - name: Verify Harvestor Container + run: witness verify -f harvestor.tar -p .witness/policy-signed.json -k .witness/policy.pub --enable-archivista + + - name: Verify dist folder + run: |- + find ./dist -type f | while read FILE + do + # Exclude config.yaml since it is common + if [[ $FILE == *"config.yaml"* ]]; then + continue + fi + + # Run witness verify on the file + echo "Verifying $FILE" + witness verify -f $FILE -p .witness/policy-bin-signed.json -k .witness/policy.pub --enable-archivista + done diff --git a/.github/workflows/scorecard.policy b/.github/workflows/scorecard.policy new file mode 100644 index 00000000..dd6bdc88 --- /dev/null +++ b/.github/workflows/scorecard.policy @@ -0,0 +1,71 @@ +# Copyright 2021 Security Scorecard Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +version: 1 +policies: + Token-Permissions: + score: 10 + mode: enforced + Branch-Protection: + score: 10 + mode: enforced + Code-Review: + score: 10 + mode: enforced + Dangerous-Workflow: + score: 10 + mode: enforced + License: + score: 10 + mode: enforced + Pinned-Dependencies: + score: 10 + mode: enforced + Security-Policy: + score: 10 + mode: enforced + SAST: + score: 10 + mode: enforced + Contributors: + score: 10 + mode: disabled + Packaging: + score: 10 + mode: enforced + Binary-Artifacts: + score: 10 + mode: enforced + Signed-Releases: + score: 10 + mode: disabled + Dependency-Update-Tool: + score: 10 + mode: enforced + Fuzzing: + score: 10 + mode: enforced + CII-Best-Practices: + # passing score + score: 5 + mode: enforced + Vulnerabilities: + score: 10 + mode: enforced + CI-Tests: + score: 10 + mode: enforced + Maintained: + score: 1 + mode: enforced \ No newline at end of file diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 8e0e1206..862456f7 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -1,12 +1,10 @@ name: Scorecards supply-chain security + on: - # Only the default branch is supported. - branch_protection_rule: - schedule: - - cron: '0 8 * * *' - pull_request: {} push: - branches: [ "main" ] + branches: + - cole/witness + # Declare default permissions as read only. permissions: read-all @@ -25,33 +23,25 @@ jobs: actions: read steps: - - name: Harden Runner - uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - name: "Checkout code" uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 with: - persist-credentials: false + fetch-depth: 0 - - name: "Run analysis" - uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2 + - name: Scorecard + uses: testifysec/witness-run-action@v0.1.2 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_REPOSITORY_OWNER: ${{ github.repository_owner }} + KO_DOCKER_REPO: ghcr.io/github.com/testifysec/galadriel with: - results_file: results.sarif - results_format: sarif - # (Optional) Read-only PAT token. Uncomment the `repo_token` line below if: - # - you want to enable the Branch-Protection check on a *public* repository, or - # - you are installing Scorecards on a *private* repository - # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat. - # repo_token: ${{ secrets.SCORECARD_READ_TOKEN }} - - # Publish the results for public repositories to enable scorecard badges. For more details, see - # https://github.com/ossf/scorecard-action#publishing-results. - # For private repositories, `publish_results` will automatically be set to `false`, regardless - # of the value entered here. - publish_results: true - + enable-sigstore: true + enable-archivista: true + trace: false + step: "build" + attestations: "environment git sarif" + command: docker run -v $PWD:/repo -e GITHUB_AUTH_TOKEN=$GITHUB_TOKEN -e ENABLE_SARIF=true gcr.io/openssf/scorecard@sha256:8201c5b7706459cac1d67484dda85cb2fe7ec7492f07012c0be99c12a96f4b8e --repo=github.com/testifysec/galadriel --show-details --policy /repo/.github/workflows/scorecard.policy --format=sarif > results.sarif + # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" diff --git a/.github/workflows/scripts/getHashes.sh b/.github/workflows/scripts/getHashes.sh deleted file mode 100755 index b6890c95..00000000 --- a/.github/workflows/scripts/getHashes.sh +++ /dev/null @@ -1,9 +0,0 @@ -set -euo pipefail - -hashes=$(echo $ARTIFACTS | jq --raw-output '.[] | {name, "digest": (.extra.Digest // .extra.Checksum)} | select(.digest) | {digest} + {name} | join(" ") | sub("^sha256:";"")' | base64 -w0) -if test "$hashes" = ""; then # goreleaser < v1.13.0 - checksum_file=$(echo "$ARTIFACTS" | jq -r '.[] | select (.type=="Checksum") | .path') - hashes=$(cat $checksum_file | base64 -w0) -fi - -echo "hashes=$hashes" >> $GITHUB_OUTPUT diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index 2f436dc2..5b97efd2 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -1,40 +1,47 @@ name: trivy on: - pull_request: - branches: [ "main" ] + push: + branches: + - cole/witness -permissions: - contents: read jobs: build: - name: Build + name: Scan runs-on: ubuntu-22.04 permissions: contents: read # for actions/checkout to fetch code security-events: write # for github/codeql-action/upload-sarif to upload SARIF results - - steps: - - name: Harden Runner - uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs + id-token: write # This is required for requesting the JWT + steps: - name: Checkout code uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 + with: + fetch-depth: 0 + + + - name: Setup Trivy + run: | + wget -qO- https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/trivy.gpg + echo "deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" | sudo tee -a /etc/apt/sources.list.d/trivy.list + sudo apt-get update + sudo apt-get install trivy -y - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@9ab158e8597f3b310480b9a69402b419bc03dbd5 + - name: Run Trivy vulnerability scanner with Witness + uses: testifysec/witness-run-action@v0.1.2 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_REPOSITORY_OWNER: ${{ github.repository_owner }} with: - scan-type: 'fs' - scan-ref: '.' - format: 'template' - template: '@/contrib/sarif.tpl' - output: 'trivy-results.sarif' - severity: 'MEDIUM,CRITICAL,HIGH' + enable-sigstore: true + enable-archivista: true + attestations: git github sarif + step: "scan" + command: trivy fs --format 'sarif' --output 'trivy-results.sarif' --severity 'MEDIUM,CRITICAL,HIGH' . - name: Upload Trivy scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@ff3337ee1b38c9bcf43046bde6450e50c5e88ebb # v2.1.28 with: - sarif_file: 'trivy-results.sarif' + sarif_file: 'trivy-results.sarif' \ No newline at end of file diff --git a/.gitignore b/.gitignore index 88811fb1..6487f011 100644 --- a/.gitignore +++ b/.gitignore @@ -9,6 +9,7 @@ *.swp *.log *.out +.witness/policy.key # Test binary, built with `go test -c` *.test diff --git a/.goreleaser.yml b/.goreleaser.yml index 84386893..06fdd98e 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -61,81 +61,81 @@ changelog: # yaml-language-server: $schema=https://goreleaser.com/static/schema.json # vim: set ts=2 sw=2 tw=0 fo=cnqoj -signs: - - # Which artifacts to sign - # - # all: all artifacts - # none: no signing - # checksum: only checksum file(s) - # source: source archive - # package: linux packages (deb, rpm, apk) - # archive: archives from archive pipe - # binary: binaries if archiving format is set to binary - # sbom: any Software Bill of Materials generated for other artifacts - # - # Defaults to `none` - artifacts: checksum - - # ID of the sign config, must be unique. - # - # Defaults to "default". - id: default - - # Name/template of the signature file. - # - # Defaults to `${artifact}.sig`. - signature: "${artifact}.sig" - - # Path to the signature command - # - # Defaults to `gpg` - cmd: gpg2 - - # Command line templateable arguments for the command - # - # to sign with a specific key use - # args: ["-u", "", "--output", "${signature}", "--detach-sign", "${artifact}"] - # - # Defaults to `["--output", "${signature}", "--detach-sign", "${artifact}"]` - args: ["--batch", "-u", "{{ .Env.GPG_FINGERPRINT }}", "--output", "${signature}", "--detach-sign", "${artifact}"] - - # IDs of the artifacts to sign. - # - # If `artifacts` is checksum or source, this fields has no effect. - # - # Defaults to empty (which implies no filtering). - ids: [] - - # Stdin data template to be given to the signature command as stdin. - # - # Defaults to empty - # stdin: '{{ .Env.GPG_PASSWORD }}' - - # StdinFile file to be given to the signature command as stdin. - # - # Defaults to empty - # stdin_file: ./.password - - # Sets a certificate that your signing command should write to. - # You can later use `${certificate}` or `.Env.certificate` in the `args` section. - # This is particularly useful for keyless signing (for instance, with cosign). - # Note that this should be a name, not a path. - # - # Defaults to empty. - # certificate: '{{ trimsuffix .Env.artifact ".tar.gz" }}.pem' - - # List of environment variables that will be passed to the signing command as well as the templates. - # - # Defaults to empty - env: [] - - # By default, the stdout and stderr of the signing cmd are discarded unless - # GoReleaser is running with `--debug` set. - # You can set this to true if you want them to be displayed regardless. - # - # Default: false. - # Since: v1.2. - output: false +# signs: +# - # Which artifacts to sign +# # +# # all: all artifacts +# # none: no signing +# # checksum: only checksum file(s) +# # source: source archive +# # package: linux packages (deb, rpm, apk) +# # archive: archives from archive pipe +# # binary: binaries if archiving format is set to binary +# # sbom: any Software Bill of Materials generated for other artifacts +# # +# # Defaults to `none` +# artifacts: checksum + +# # ID of the sign config, must be unique. +# # +# # Defaults to "default". +# id: default + +# # Name/template of the signature file. +# # +# # Defaults to `${artifact}.sig`. +# signature: "${artifact}.sig" + +# # Path to the signature command +# # +# # Defaults to `gpg` +# cmd: gpg2 + +# # Command line templateable arguments for the command +# # +# # to sign with a specific key use +# # args: ["-u", "", "--output", "${signature}", "--detach-sign", "${artifact}"] +# # +# # Defaults to `["--output", "${signature}", "--detach-sign", "${artifact}"]` +# args: ["--batch", "-u", "{{ .Env.GPG_FINGERPRINT }}", "--output", "${signature}", "--detach-sign", "${artifact}"] + +# # IDs of the artifacts to sign. +# # +# # If `artifacts` is checksum or source, this fields has no effect. +# # +# # Defaults to empty (which implies no filtering). +# ids: [] + +# # Stdin data template to be given to the signature command as stdin. +# # +# # Defaults to empty +# # stdin: '{{ .Env.GPG_PASSWORD }}' + +# # StdinFile file to be given to the signature command as stdin. +# # +# # Defaults to empty +# # stdin_file: ./.password + +# # Sets a certificate that your signing command should write to. +# # You can later use `${certificate}` or `.Env.certificate` in the `args` section. +# # This is particularly useful for keyless signing (for instance, with cosign). +# # Note that this should be a name, not a path. +# # +# # Defaults to empty. +# # certificate: '{{ trimsuffix .Env.artifact ".tar.gz" }}.pem' + +# # List of environment variables that will be passed to the signing command as well as the templates. +# # +# # Defaults to empty +# env: [] + +# # By default, the stdout and stderr of the signing cmd are discarded unless +# # GoReleaser is running with `--debug` set. +# # You can set this to true if you want them to be displayed regardless. +# # +# # Default: false. +# # Since: v1.2. +# output: false sboms: diff --git a/.witness/intermediate.pem b/.witness/intermediate.pem new file mode 100644 index 00000000..d22fece8 --- /dev/null +++ b/.witness/intermediate.pem @@ -0,0 +1,14 @@ + +-----BEGIN CERTIFICATE----- +MIIB9zCCAXygAwIBAgIUALZNAPFdxHPwjeDloDwyYChAO/4wCgYIKoZIzj0EAwMw +KjEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MREwDwYDVQQDEwhzaWdzdG9yZTAeFw0y +MTEwMDcxMzU2NTlaFw0zMTEwMDUxMzU2NThaMCoxFTATBgNVBAoTDHNpZ3N0b3Jl +LmRldjERMA8GA1UEAxMIc2lnc3RvcmUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAT7 +XeFT4rb3PQGwS4IajtLk3/OlnpgangaBclYpsYBr5i+4ynB07ceb3LP0OIOZdxex +X69c5iVuyJRQ+Hz05yi+UF3uBWAlHpiS5sh0+H2GHE7SXrk1EC5m1Tr19L9gg92j +YzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRY +wB5fkUWlZql6zJChkyLQKsXF+jAfBgNVHSMEGDAWgBRYwB5fkUWlZql6zJChkyLQ +KsXF+jAKBggqhkjOPQQDAwNpADBmAjEAj1nHeXZp+13NWBNa+EDsDP8G1WWg1tCM +WP/WHPqpaVo0jhsweNFZgSs0eE7wYI4qAjEA2WB9ot98sIkoF3vZYdd3/VtWB5b9 +TNMea7Ix/stJ5TfcLLeABLE4BNJOsQ4vnBHJ +-----END CERTIFICATE----- diff --git a/.witness/policy-bin-signed.json b/.witness/policy-bin-signed.json new file mode 100644 index 00000000..418ea6f9 --- /dev/null +++ b/.witness/policy-bin-signed.json @@ -0,0 +1 @@ +{"payload":"ewogICJleHBpcmVzIjogIjIwMjMtMDQtMTlUMDM6MTY6MzMuNDk2NTAyMzcxLTA1OjAwIiwKICAicm9vdHMiOiB7CiAgICAiMzhmZTI0MDEyYzNmM2VkMTkwNzIzMmVlODRjNDUwMDI1OTdmZTEzMmQyMjQxMzFkYTA4ZTk5YjY2NWYxMTExNyI6IHsKICAgICAgImNlcnRpZmljYXRlIjogIkNpMHRMUzB0UWtWSFNVNGdRMFZTVkVsR1NVTkJWRVV0TFMwdExRcE5TVWxEUjJwRFEwRmhSMmRCZDBsQ1FXZEpWVUZNYmxacFZtWnVWVEJpY2twaGMyMVNhMGh5Ymk5VmJtWmhVWGREWjFsSlMyOWFTWHBxTUVWQmQwMTNDa3RxUlZaTlFrMUhRVEZWUlVOb1RVMWpNbXh1WXpOU2RtTnRWWFZhUjFZeVRWSkZkMFIzV1VSV1VWRkVSWGRvZW1GWFpIcGtSemw1V2xSQlpVWjNNSGtLVFdwQk1FMVVUWGxOUkVFeVRWUldZVVozTUhwTlZFVjNUVVJWZUUxNlZUSk9WR2hoVFVSamVFWlVRVlJDWjA1V1FrRnZWRVJJVG5CYU0wNHdZak5LYkFwTWJWSnNaR3BGWlUxQ2QwZEJNVlZGUVhoTlZtTXliRzVqTTFKMlkyMVZkR0ZYTlRCYVdFcDBXbGRTY0ZsWVVteE5TRmwzUlVGWlNFdHZXa2w2YWpCRENrRlJXVVpMTkVWRlFVTkpSRmxuUVVVNFVsWlRMM2x6U0N0T1QzWjFSRnA1VUVsYWRHbHNaMVZHT1U1c1lYSlpjRUZrT1VoUU1YWkNRa2d4VlRWRFZqY0tOMHhUVXpkek1GcHBTRFJ1UlRkSWRqZHdkRk0yVEhaMlVpOVRWR3MzT1RoTVZtZE5la3hzU2pSSVpVbG1Sak4wU0ZOaFpYaE1ZMWx3VTBGVGNqRnJVd293VGk5U1owSktlaTg1YWxkRGFWaHViek56ZDJWVVFVOUNaMDVXU0ZFNFFrRm1PRVZDUVUxRFFWRlpkMFYzV1VSV1VqQnNRa0YzZDBObldVbExkMWxDQ2tKUlZVaEJkMDEzUldkWlJGWlNNRlJCVVVndlFrRm5kMEpuUlVJdmQwbENRVVJCWkVKblRsWklVVFJGUm1kUlZUTTVVSEI2TVZsclJWcGlOWEZPYW5BS1MwWlhhWGhwTkZsYVJEaDNTSGRaUkZaU01HcENRbWQzUm05QlZWZE5RV1ZZTlVaR2NGZGhjR1Z6ZVZGdldrMXBNRU55Um5obWIzZERaMWxKUzI5YVNRcDZhakJGUVhkTlJGcDNRWGRhUVVsM1VFTnpVVXMwUkZscFdsbEVVRWxoUkdrMVNFWkxibVo0V0hnMlFWTlRWbTFGVW1aemVXNVpRbWxZTWxnMlUwcFNDbTVhVlRnMEx6bEVXbVJ1Um5aMmVHMUJha0pQZERaUmNFSnNZelJLTHpCRWVIWnJWRU54Y0dOc2RucHBURFpDUTBOUWJtcGtiRWxDTTFCMU0wSjRjMUFLYlhsblZWazNTV2t5ZW1Ka1EyUnNhV2x2ZHowS0xTMHRMUzFGVGtRZ1EwVlNWRWxHU1VOQlZFVXRMUzB0TFFvPSIsCiAgICAgICJpbnRlcm1lZGlhdGVzIjogWwogICAgICAgICJDaTB0TFMwdFFrVkhTVTRnUTBWU1ZFbEdTVU5CVkVVdExTMHRMUXBOU1VsQ09YcERRMEZZZVdkQmQwbENRV2RKVlVGTVdrNUJVRVprZUVoUWQycGxSR3h2UkhkNVdVTm9RVTh2TkhkRFoxbEpTMjlhU1hwcU1FVkJkMDEzQ2t0cVJWWk5RazFIUVRGVlJVTm9UVTFqTW14dVl6TlNkbU50VlhWYVIxWXlUVkpGZDBSM1dVUldVVkZFUlhkb2VtRlhaSHBrUnpsNVdsUkJaVVozTUhrS1RWUkZkMDFFWTNoTmVsVXlUbFJzWVVaM01IcE5WRVYzVFVSVmVFMTZWVEpPVkdoaFRVTnZlRVpVUVZSQ1owNVdRa0Z2VkVSSVRuQmFNMDR3WWpOS2JBcE1iVkpzWkdwRlVrMUJPRWRCTVZWRlFYaE5TV015Ykc1ak0xSjJZMjFWZDJScVFWRkNaMk54YUd0cVQxQlJTVUpDWjFWeVoxRlJRVWxuVG1sQlFWUTNDbGhsUmxRMGNtSXpVRkZIZDFNMFNXRnFkRXhyTXk5UGJHNXdaMkZ1WjJGQ1kyeFpjSE5aUW5JMWFTczBlVzVDTURkalpXSXpURkF3VDBsUFdtUjRaWGdLV0RZNVl6VnBWblY1U2xKUkswaDZNRFY1YVN0VlJqTjFRbGRCYkVod2FWTTFjMmd3SzBneVIwaEZOMU5ZY21zeFJVTTFiVEZVY2pFNVREbG5aemt5YWdwWmVrSm9UVUUwUjBFeFZXUkVkMFZDTDNkUlJVRjNTVUpDYWtGUVFtZE9Wa2hTVFVKQlpqaEZRbFJCUkVGUlNDOU5RakJIUVRGVlpFUm5VVmRDUWxKWkNuZENOV1pyVlZkc1duRnNObnBLUTJocmVVeFJTM05ZUml0cVFXWkNaMDVXU0ZOTlJVZEVRVmRuUWxKWmQwSTFabXRWVjJ4YWNXdzJla3BEYUd0NVRGRUtTM05ZUml0cVFVdENaMmR4YUd0cVQxQlJVVVJCZDA1d1FVUkNiVUZxUlVGcU1XNUlaVmhhY0NzeE0wNVhRazVoSzBWRWMwUlFPRWN4VjFkbk1YUkRUUXBYVUM5WFNGQnhjR0ZXYnpCcWFITjNaVTVHV21kVGN6QmxSVGQzV1VrMGNVRnFSVUV5VjBJNWIzUTVPSE5KYTI5R00zWmFXV1JrTXk5V2RGZENOV0k1Q2xST1RXVmhOMGw0TDNOMFNqVlVabU5NVEdWQlFreEZORUpPU2s5elVUUjJia0pJU2dvdExTMHRMVVZPUkNCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2c9PSIKICAgICAgXQogICAgfQogIH0sCiAgInRpbWVzdGFtcGF1dGhvcml0aWVzIjogewogICAgIjIxNTFiNjExMzdmZmE4NmJmNjY0NjkxYmE2N2U3ZGEwYjE5Zjk4Yzc1OGUzZDIyOGQ1ZDhlYmYyN2UwNDQ0MzgiOiB7CiAgICAgICJjZXJ0aWZpY2F0ZSI6ICJMUzB0TFMxQ1JVZEpUaUJEUlZKVVNVWkpRMEZVUlMwdExTMHRDazFKU1VndmVrTkRRbVZsWjBGM1NVSkJaMGxLUVUxSWNHaG9XVTV4VDIxQlRVRXdSME5UY1VkVFNXSXpSRkZGUWtSUlZVRk5TVWRXVFZKRmQwUjNXVVFLVmxGUlMwVjNhRWRqYlZac1NVWlNWRkZVUlZGTlFUUkhRVEZWUlVONFRVaFZiVGwyWkVOQ1JGRlVSVmxOUWxsSFFURlZSVUY0VFZCa00yUXpURzFhZVFwYVYxWXdZekpGZFdJelNtNU5VMGwzU1VGWlNrdHZXa2xvZG1OT1FWRnJRa1pvVG1sa1dFNXdZa2RXTmxsWVRrRmFNakZvWVZkM2RWa3lPWFJOVWtsM0NrVkJXVVJXVVZGSVJYZHNXR1JYVm5sbGJVb3hZMjFqZUVSNlFVNUNaMDVXUWtGblZFSnJTbWhsVjFaNVltcEZURTFCYTBkQk1WVkZRbWhOUTFKRlZYY0tTR2hqVGsxVVdYZE5la1Y2VFVSRk1VMXFSWHBYYUdOT1RrUkZkMDE2UVROTlJFVXhUV3BGZWxkcVEwSnNWRVZTVFVFNFIwRXhWVVZEYUUxSlVtNUtiQXBhVTBKVlZUQkZlRVZFUVU5Q1owNVdRa0Z6VkVJeFNuWmlNMUZuVVRCRmVFZEVRVmRDWjA1V1FrRk5WRVF6WkROa2VUVnRZMjFXYkdSSVRtaE1iVGw1Q2xwNlJXbE5RMEZIUTFOeFIxTkpZak5FVVVWS1FWSlpWRmx1Vm5waFYzaHNaVzFHZWxGSFpIUlpWMnh6VEcxT2RtSlVSVk5OUWtGSFFURlZSVUo0VFVvS1ZqTldiR051Y0dsa1dFcHVUVkU0ZDBSUldVUldVVkZKUlhkYVExbFliR3hqYlRSNFEzcEJTa0puVGxaQ1FWbFVRV3RTUmsxSlNVTkpha0ZPUW1kcmNRcG9hMmxIT1hjd1FrRlJSVVpCUVU5RFFXYzRRVTFKU1VORFowdERRV2RGUVhSblMwOUVha0Y1T0ZKRlVUSlhWRTV4VlhWa1FXNXFhR3hEY25CRk5uRnNDbTFSWms1d2NHVlViVloyV25KSU5IcDFkRzRyVG5kVVlVaEJSM0JxVTBkMk5DOVhVbkJhTVhkYU0wSlNXalZ0VUZWQ1dubE1aM0V3V1hKSlpsRTFSbmdLTUhNdlRWSmFVSHBqTVhJemJFdFhjazFTT1hOQlVYZzBiVTQwZWpFeGVFWkZUelV5T1V3d1pFWkthbEJHT1UxRU9FZHdaREptWlZkNlIzbHdkR3hsYkFwaUsxQnhWQ3NySzJaUFlUSnZXVEFyVG1GTlRUZHNMM2hqVGtoUVQyRk5lakF2TW05c2F6QnBNakpvWWt0bFZtaDJiMnRRUTNGb1JtaDZjM1ZvUzNOdENuRTBUMll2Ynl0ME5tUkpOM040Tldnd2JsQk5iVFJuUjFOU2FHWnhLM28yUWxSU1owTnljVkZITWtaUFRHOVdSbWQwTm1sSmJTOUNiazVtWmxWeU4xWUtSRmxrTTNwYWJVbDNSazlxTDBnelJFdEliMGRwYXk5NFN6TkZPREpaUVRKYWRXeFdUMFpTVnk5NmFqUkJjR3BRWVRWUFJtSndTV3RrTUhCdGVuaDZaQXBGWTB3ME56bG9VMEU1WkVacGVWWnRVM2hRZEZrMWVtVXhVQ3RDUlRsaVRWVXhVRk5qY0ZKNmR6aE5TRVpZZUhsTGNWY3hNMUYyTjB4WGR6UnpZbXN6Q2xOamFVSTNSMEZEWWxGcFZrZDZaMnQyV0VjMmVUZzFTRTkxZGxkT2RrTTFSMHhUYVhsUU9VZHNVRUl3VmpZNGRHSjRlalJLVmxSU1pIY3ZXRzR2V0ZRS1JrNTZVa0pOTTJOeE9HeENUMEZXZEM5UVFWZzFLM1ZHWTNZeFV6bDNSa1U0V1dwaFFtWlhRMUF4YW1SQ2FXd3JZelJsS3pCMFpIbDNWREp2U20xWlFncENSaTlyUlhReGQyMUhkMDF0U0hWdVRrVjFVVTU2YURGR2RFcFpOVFJvWWxWbWFWZHBNemh0UVZORk4zaE5kRTFvWm1vdlF6UlRkbUZ3YVVST09ETTNDbWRaWVZCbWN6aDRNMHRhZUdKWU4wTXpXVUZ6Um01S2FXNXNkMEZWYzNNeFptUkxZWEk0VVM5WlZuTTNTQzl1VlRSak5FbDRlSGg2TkdZMk4yWmpWbkVLVFRKSlZFdGxiblJpUTAxRFFYZEZRVUZoVDBOQmF6UjNaMmRLUzAxQmQwZEJNVlZrUlhkUlJrMUJUVUpCWmpoM1JHZFpSRlpTTUZCQlVVZ3ZRa0ZSUkFwQlowaEhUVUl3UjBFeFZXUkVaMUZYUWtKVU5sWlJNazFPUjFwU1VUQjZNelUzVDI1aVNsZDJaWFZoYTJ4NlEwSjVaMWxFVmxJd2FrSkpTRU5OU1VjdkNtZENWRFpXVVRKTlRrZGFVbEV3ZWpNMU4wOXVZa3BYZG1WMVlXdHNOa2RDYlRaVFFtMUVRMEpzVkVWU1RVRTRSMEV4VlVWRGFFMUpVbTVLYkZwVFFsVUtWVEJGZUVWRVFVOUNaMDVXUWtGelZFSXhTblppTTFGblVUQkZlRWRFUVZkQ1owNVdRa0ZOVkVRelpETmtlVFZ0WTIxV2JHUklUbWhNYlRsNVducEZhUXBOUTBGSFExTnhSMU5KWWpORVVVVktRVkpaVkZsdVZucGhWM2hzWlcxR2VsRkhaSFJaVjJ4elRHMU9kbUpVUlZOTlFrRkhRVEZWUlVKNFRVcFdNMVpzQ21OdWNHbGtXRXB1VFZFNGQwUlJXVVJXVVZGSlJYZGFRMWxZYkd4amJUUjRRM3BCU2tKblRsWkNRVmxVUVd0U1JtZG5hMEYzWlcxSFJtY3lielpaUVhjS1RYZFpSRlpTTUdaQ1EzZDNTMnBCYjI5RFlXZEtTVmxwWVVoU01HTkViM1pNTTJRelpIazFiV050Vm14a1NFNW9URzA1ZVZwNU9YbGlNamt3V0RKT2FBcE1iVTU1WWtSRFFucDNXVVJXVWpCblFrbElTRTFKU0VWTlNVaENRbWR2Y2tKblJVVkJXVWg1U2tGRlFrMUpSM2xOUkUxSFEwTnpSMEZSVlVaQ2QwbENDa1pwWkc5a1NGSjNUMms0ZG1RelpETk1iVnA1V2xkV01HTXlSWFZpTTBwdVRESmFlVnBYVmpCak1rWm1XVE5DZWt4dGFEQmlWM2QzVFdkWlNVdDNXVUlLUWxGVlNFRm5SVmRLYldnd1pFaEJOa3g1T1ROa00yTjFXbTVLYkZwWVVucFpVelYyWTIxamRscHVTbXhhV0ZKNldWWTVhbU5JVFhWalIxSnRUVVZqUndwRFEzTkhRVkZWUmtKM1NVTk5SSE5oVDFWYWVWcFhWbFZWTUVWblpFaEtNV016VW14YVEwSXdZVmN4YkdNelVtaGlXRUp3WW0xaloxVXlPVzFrU0dSb0NtTnRWV2RaV0UxbldWTkNWRnBZU2pKaFYwNXNTVU5vVkZsWFJsUkxWRUV6UW1kbmNrSm5SVVpDVVdOQ1FWRlJjazFEYTNkS2QxbEpTM2RaUWtKUlZVZ0tUVUZIUjBjeWFEQmtTRUUyVEhrNU0yUXpZM1ZhYmtwc1dsaFNlbGxUTlhaamJXTTJUV3BWTWsxRVFVNUNaMnR4YUd0cFJ6bDNNRUpCVVRCR1FVRlBRd3BCWjBWQllVczVLM1kxVDBaWmRUbE5ObnAwV1VNclREWTVjM2N4YjIxa2VXeHBPRGxzV2tGbWNGZE5UV2c1UTFKdFNtaE5Oa3RDY1UwdmFYQjNiMHgwQ201NGVYaEhjMkpEVUdoalVXcDFWSFo2YlN0NWJFNDJWbmRVVFcxSmJGWjVWbE5NUzFsYVkyUlRhblF2WlVOVlRpczBNVXMzYzBRM1IxWnRlRnBDUVVZS1NVeHVRa1J0VkVkS2JVeHJjbFV3UzNWMVNYQnFPR3hKTDBVMldqWk9ibTExVURJclVrRlJVMGh6WmtKUmFUWnpjM051V0Uxdk5FaFBWelZuZEZCUE53cG5SSEpWY0ZaWVNVUXJLekZRTkZodVpHdHZTMjQzVTNaM05XNHdlbE01Wm5ZeGFIaENZMWxKU0ZCUVVWVjZaVEoxTXpCaVFWRjBNRzR3YVVsNVVreDZDbUZYZFdoMGNFRjBaRGRtWm5kRllrRlRaM3BDTjBVclRrZEdOSFJ3VmpNM1pUaExhVUV5ZUdsSFUxSnhWRFZ1WkhVeU9HWm5jRTlaT0RkblJETkJjbG9LUkdOMFduWjJWRU5tU0dSQlV6VnJSVTh6WjI1SFIyVmFSVlpNUkcxbVJYTjJPRlJIU21FelFXeHFWbUUxUlRRd1NWRkVjMVZZY0ZGTWFUaEhLMVZETkFveFJGZGFkVGhGVmxRMGNtNVpZVU4zTVZaWU4xTm9UMUl4VUU1RFEzWnFZamhUT0hSbVpIVmtaRGw2YUZVelowVkNNSEo0WkdWVWVURjBWbUpPVEZoWENqazVlVGt3ZUdOM2NqRmFTVVJWZDAwdmVGRXZibTlQT0VaU2FHMHdURzlRUXpjelJXWXJTalJhUW1SeWRsZDNZWFZHTTNwS1pUTXpaRFJwWW5oRlkySUtPQzl3ZWpWWGVrWnJaV2w0V1UweWJuTklhSEZJYzBKTGR6ZEtVRzkxUzA1WVVtNXNOVWxCUlRGbFJtMXhSSGxETjBjdlZsUTNUMFkyTmpsNFRUWm9ZZ3BWZERWSE1qRktSVFJqVGtzMlRrNTFZMU1yWm5wbk1VcFFXREFyTTFab2MxbGFhbW8zUkRWMWJHcFNkbEZZY2tvNGFVaG5jaTlOTm1veWIweElkbFJCQ2treVRVeGtjVEp4YWxwR1JFOURXSE40UW5oS2NHSnRURWRDZURsdmR6WmFaWEpzVlhoNmQzTXlRVmQyTW5CclBRb3RMUzB0TFVWT1JDQkRSVkpVU1VaSlEwRlVSUzB0TFMwdENnPT0iCiAgICB9CiAgfSwKICAic3RlcHMiOiB7CiAgICAiYnVpbGQiOiB7CiAgICAgICJuYW1lIjogImJ1aWxkIiwKICAgICAgImZ1bmN0aW9uYXJpZXMiOiBbCiAgICAgICAgewogICAgICAgICAgInR5cGUiOiAicm9vdCIsCiAgICAgICAgICAiY2VydENvbnN0cmFpbnQiOiB7CiAgICAgICAgICAgICJjb21tb25uYW1lIjogIioiLAogICAgICAgICAgICAiZG5zbmFtZXMiOiBbCiAgICAgICAgICAgICAgIioiCiAgICAgICAgICAgIF0sCiAgICAgICAgICAgICJlbWFpbHMiOiBbCiAgICAgICAgICAgICAgIioiCiAgICAgICAgICAgIF0sCiAgICAgICAgICAgICJvcmdhbml6YXRpb25zIjogWwogICAgICAgICAgICAgICIqIgogICAgICAgICAgICBdLAogICAgICAgICAgICAidXJpcyI6IFsKICAgICAgICAgICAgICAiKiIKICAgICAgICAgICAgXSwKICAgICAgICAgICAgInJvb3RzIjogWwogICAgICAgICAgICAgICIzOGZlMjQwMTJjM2YzZWQxOTA3MjMyZWU4NGM0NTAwMjU5N2ZlMTMyZDIyNDEzMWRhMDhlOTliNjY1ZjExMTE3IgogICAgICAgICAgICBdCiAgICAgICAgICB9CiAgICAgICAgfSwKICAgICAgICB7CiAgICAgICAgICAidHlwZSI6ICJyb290IiwKICAgICAgICAgICJjZXJ0Q29uc3RyYWludCI6IHsKICAgICAgICAgICAgImNvbW1vbm5hbWUiOiAiKiIsCiAgICAgICAgICAgICJkbnNuYW1lcyI6IFsKICAgICAgICAgICAgICAiKiIKICAgICAgICAgICAgXSwKICAgICAgICAgICAgImVtYWlscyI6IFsKICAgICAgICAgICAgICAiKiIKICAgICAgICAgICAgXSwKICAgICAgICAgICAgIm9yZ2FuaXphdGlvbnMiOiBbCiAgICAgICAgICAgICAgIioiCiAgICAgICAgICAgIF0sCiAgICAgICAgICAgICJ1cmlzIjogWwogICAgICAgICAgICAgICIqIgogICAgICAgICAgICBdLAogICAgICAgICAgICAicm9vdHMiOiBbCiAgICAgICAgICAgICAgIjM4ZmUyNDAxMmMzZjNlZDE5MDcyMzJlZTg0YzQ1MDAyNTk3ZmUxMzJkMjI0MTMxZGEwOGU5OWI2NjVmMTExMTciLAogICAgICAgICAgICAgICIzOGZlMjQwMTJjM2YzZWQxOTA3MjMyZWU4NGM0NTAwMjU5N2ZlMTMyZDIyNDEzMWRhMDhlOTliNjY1ZjExMTE3IgogICAgICAgICAgICBdCiAgICAgICAgICB9CiAgICAgICAgfQogICAgICBdLAogICAgICAiYXR0ZXN0YXRpb25zIjogWwogICAgICAgIHsKICAgICAgICAgICJ0eXBlIjogImh0dHBzOi8vd2l0bmVzcy5kZXYvYXR0ZXN0YXRpb25zL2Vudmlyb25tZW50L3YwLjEiLAogICAgICAgICAgInJlZ29wb2xpY2llcyI6IFtdCiAgICAgICAgfSwKICAgICAgICB7CiAgICAgICAgICAidHlwZSI6ICJodHRwczovL3dpdG5lc3MuZGV2L2F0dGVzdGF0aW9ucy9naXQvdjAuMSIsCiAgICAgICAgICAicmVnb3BvbGljaWVzIjogW10KICAgICAgICB9LAogICAgICAgIHsKICAgICAgICAgICJ0eXBlIjogImh0dHBzOi8vd2l0bmVzcy5kZXYvYXR0ZXN0YXRpb25zL2dpdGh1Yi92MC4xIiwKICAgICAgICAgICJyZWdvcG9saWNpZXMiOiBbXQogICAgICAgIH0sCiAgICAgICAgewogICAgICAgICAgInR5cGUiOiAiaHR0cHM6Ly93aXRuZXNzLmRldi9hdHRlc3RhdGlvbnMvbWF0ZXJpYWwvdjAuMSIsCiAgICAgICAgICAicmVnb3BvbGljaWVzIjogW10KICAgICAgICB9LAogICAgICAgIHsKICAgICAgICAgICJ0eXBlIjogImh0dHBzOi8vd2l0bmVzcy5kZXYvYXR0ZXN0YXRpb25zL2NvbW1hbmQtcnVuL3YwLjEiLAogICAgICAgICAgInJlZ29wb2xpY2llcyI6IFtdCiAgICAgICAgfSwKICAgICAgICB7CiAgICAgICAgICAidHlwZSI6ICJodHRwczovL3dpdG5lc3MuZGV2L2F0dGVzdGF0aW9ucy9wcm9kdWN0L3YwLjEiLAogICAgICAgICAgInJlZ29wb2xpY2llcyI6IFtdCiAgICAgICAgfQogICAgICBdCiAgICB9LAogICAgImNvbW1pdCI6IHsKICAgICAgIm5hbWUiOiAiY29tbWl0IiwKICAgICAgImZ1bmN0aW9uYXJpZXMiOiBbCiAgICAgICAgewogICAgICAgICAgInR5cGUiOiAicm9vdCIsCiAgICAgICAgICAiY2VydENvbnN0cmFpbnQiOiB7CiAgICAgICAgICAgICJjb21tb25uYW1lIjogIioiLAogICAgICAgICAgICAiZG5zbmFtZXMiOiBbCiAgICAgICAgICAgICAgIioiCiAgICAgICAgICAgIF0sCiAgICAgICAgICAgICJlbWFpbHMiOiBbCiAgICAgICAgICAgICAgImNvbGVrNDJAZ21haWwuY29tIgogICAgICAgICAgICBdLAogICAgICAgICAgICAib3JnYW5pemF0aW9ucyI6IFsKICAgICAgICAgICAgICAiKiIKICAgICAgICAgICAgXSwKICAgICAgICAgICAgInVyaXMiOiBbCiAgICAgICAgICAgICAgIioiCiAgICAgICAgICAgIF0sCiAgICAgICAgICAgICJyb290cyI6IFsKICAgICAgICAgICAgICAiMzhmZTI0MDEyYzNmM2VkMTkwNzIzMmVlODRjNDUwMDI1OTdmZTEzMmQyMjQxMzFkYTA4ZTk5YjY2NWYxMTExNyIKICAgICAgICAgICAgXQogICAgICAgICAgfQogICAgICAgIH0KICAgICAgXSwKICAgICAgImF0dGVzdGF0aW9ucyI6IFsKICAgICAgICB7CiAgICAgICAgICAidHlwZSI6ICJodHRwczovL3dpdG5lc3MuZGV2L2F0dGVzdGF0aW9ucy9naXQvdjAuMSIsCiAgICAgICAgICAicmVnb3BvbGljaWVzIjogW10KICAgICAgICB9LAogICAgICAgIHsKICAgICAgICAgICJ0eXBlIjogImh0dHBzOi8vd2l0bmVzcy5kZXYvYXR0ZXN0YXRpb25zL21hdGVyaWFsL3YwLjEiLAogICAgICAgICAgInJlZ29wb2xpY2llcyI6IFtdCiAgICAgICAgfSwKICAgICAgICB7CiAgICAgICAgICAidHlwZSI6ICJodHRwczovL3dpdG5lc3MuZGV2L2F0dGVzdGF0aW9ucy9wcm9kdWN0L3YwLjEiLAogICAgICAgICAgInJlZ29wb2xpY2llcyI6IFtdCiAgICAgICAgfQogICAgICBdCiAgICB9LAogICAgInNjYW4iOiB7CiAgICAgICJuYW1lIjogInNjYW4iLAogICAgICAiZnVuY3Rpb25hcmllcyI6IFsKICAgICAgICB7CiAgICAgICAgICAidHlwZSI6ICJyb290IiwKICAgICAgICAgICJjZXJ0Q29uc3RyYWludCI6IHsKICAgICAgICAgICAgImNvbW1vbm5hbWUiOiAiKiIsCiAgICAgICAgICAgICJkbnNuYW1lcyI6IFsKICAgICAgICAgICAgICAiKiIKICAgICAgICAgICAgXSwKICAgICAgICAgICAgImVtYWlscyI6IFsKICAgICAgICAgICAgICAiKiIKICAgICAgICAgICAgXSwKICAgICAgICAgICAgIm9yZ2FuaXphdGlvbnMiOiBbCiAgICAgICAgICAgICAgIioiCiAgICAgICAgICAgIF0sCiAgICAgICAgICAgICJ1cmlzIjogWwogICAgICAgICAgICAgICIqIgogICAgICAgICAgICBdLAogICAgICAgICAgICAicm9vdHMiOiBbCiAgICAgICAgICAgICAgIjM4ZmUyNDAxMmMzZjNlZDE5MDcyMzJlZTg0YzQ1MDAyNTk3ZmUxMzJkMjI0MTMxZGEwOGU5OWI2NjVmMTExMTciCiAgICAgICAgICAgIF0KICAgICAgICAgIH0KICAgICAgICB9CiAgICAgIF0sCiAgICAgICJhdHRlc3RhdGlvbnMiOiBbCiAgICAgICAgewogICAgICAgICAgInR5cGUiOiAiaHR0cHM6Ly93aXRuZXNzLmRldi9hdHRlc3RhdGlvbnMvZ2l0L3YwLjEiLAogICAgICAgICAgInJlZ29wb2xpY2llcyI6IFtdCiAgICAgICAgfSwKICAgICAgICB7CiAgICAgICAgICAidHlwZSI6ICJodHRwczovL3dpdG5lc3MuZGV2L2F0dGVzdGF0aW9ucy9naXRodWIvdjAuMSIsCiAgICAgICAgICAicmVnb3BvbGljaWVzIjogW10KICAgICAgICB9LAogICAgICAgIHsKICAgICAgICAgICJ0eXBlIjogImh0dHBzOi8vd2l0bmVzcy5kZXYvYXR0ZXN0YXRpb25zL21hdGVyaWFsL3YwLjEiLAogICAgICAgICAgInJlZ29wb2xpY2llcyI6IFtdCiAgICAgICAgfSwKICAgICAgICB7CiAgICAgICAgICAidHlwZSI6ICJodHRwczovL3dpdG5lc3MuZGV2L2F0dGVzdGF0aW9ucy9jb21tYW5kLXJ1bi92MC4xIiwKICAgICAgICAgICJyZWdvcG9saWNpZXMiOiBbXQogICAgICAgIH0sCiAgICAgICAgewogICAgICAgICAgInR5cGUiOiAiaHR0cHM6Ly93aXRuZXNzLmRldi9hdHRlc3RhdGlvbnMvcHJvZHVjdC92MC4xIiwKICAgICAgICAgICJyZWdvcG9saWNpZXMiOiBbXQogICAgICAgIH0sCiAgICAgICAgewogICAgICAgICAgInR5cGUiOiAiaHR0cHM6Ly93aXRuZXNzLmRldi9hdHRlc3RhdGlvbnMvc2FyaWYvdjAuMSIsCiAgICAgICAgICAicmVnb3BvbGljaWVzIjogW10KICAgICAgICB9CiAgICAgIF0KICAgIH0KICB9Cn0K","payloadType":"https://witness.testifysec.com/policy/v0.1","signatures":[{"keyid":"a0e98f1869e6730b02f80dc5d2ddd7149d0dcba3ecb2f4cbf1aeaa6ef8bb069d","sig":"Nrx84H+OK7kcBsTrOA72v2nVU9ryLvXFSCACKmOohLn1DALM+FUTiHkJM7oaPdJ0CFlUNIfPCWO7Lj8E43zQvmvNiDULxjwIANJ0R5NlD5CCtwozq7aHRNdvNCLJKMznVa2yI0dsodmvslMckYY1QbASlyNf1TM9h21LQQZfnQ5RFscQ0p8ulI1+cZHpyK6znLZpAYq/y3BkaYFwt1+Y9en/KELbrecgNkD4ri9u1SWYOzRm07pg9skQk5jl969zdO+fpZDcfdGImX/26m512su2qjplNHlHKkUllVHfU26lgnmNSr8oZsGoCTfOOJZLnZzBk0hRZ4jTZO2uSdQy6g=="}]} diff --git a/.witness/policy-bin.json b/.witness/policy-bin.json new file mode 100644 index 00000000..ad3a996c --- /dev/null +++ b/.witness/policy-bin.json @@ -0,0 +1,184 @@ +{ + "expires": "2023-04-19T03:16:33.496502371-05:00", + "roots": { + "38fe24012c3f3ed1907232ee84c45002597fe132d224131da08e99b665f11117": { + "certificate": "Ci0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQpNSUlDR2pDQ0FhR2dBd0lCQWdJVUFMblZpVmZuVTBickphc21Sa0hybi9VbmZhUXdDZ1lJS29aSXpqMEVBd013CktqRVZNQk1HQTFVRUNoTU1jMmxuYzNSdmNtVXVaR1YyTVJFd0R3WURWUVFERXdoemFXZHpkRzl5WlRBZUZ3MHkKTWpBME1UTXlNREEyTVRWYUZ3MHpNVEV3TURVeE16VTJOVGhhTURjeEZUQVRCZ05WQkFvVERITnBaM04wYjNKbApMbVJsZGpFZU1Cd0dBMVVFQXhNVmMybG5jM1J2Y21VdGFXNTBaWEp0WldScFlYUmxNSFl3RUFZSEtvWkl6ajBDCkFRWUZLNEVFQUNJRFlnQUU4UlZTL3lzSCtOT3Z1RFp5UEladGlsZ1VGOU5sYXJZcEFkOUhQMXZCQkgxVTVDVjcKN0xTUzdzMFppSDRuRTdIdjdwdFM2THZ2Ui9TVGs3OThMVmdNekxsSjRIZUlmRjN0SFNhZXhMY1lwU0FTcjFrUwowTi9SZ0JKei85aldDaVhubzNzd2VUQU9CZ05WSFE4QkFmOEVCQU1DQVFZd0V3WURWUjBsQkF3d0NnWUlLd1lCCkJRVUhBd013RWdZRFZSMFRBUUgvQkFnd0JnRUIvd0lCQURBZEJnTlZIUTRFRmdRVTM5UHB6MVlrRVpiNXFOanAKS0ZXaXhpNFlaRDh3SHdZRFZSMGpCQmd3Rm9BVVdNQWVYNUZGcFdhcGVzeVFvWk1pMENyRnhmb3dDZ1lJS29aSQp6ajBFQXdNRFp3QXdaQUl3UENzUUs0RFlpWllEUElhRGk1SEZLbmZ4WHg2QVNTVm1FUmZzeW5ZQmlYMlg2U0pSCm5aVTg0LzlEWmRuRnZ2eG1BakJPdDZRcEJsYzRKLzBEeHZrVENxcGNsdnppTDZCQ0NQbmpkbElCM1B1M0J4c1AKbXlnVVk3SWkyemJkQ2RsaWlvdz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=", + "intermediates": [ + "Ci0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQpNSUlCOXpDQ0FYeWdBd0lCQWdJVUFMWk5BUEZkeEhQd2plRGxvRHd5WUNoQU8vNHdDZ1lJS29aSXpqMEVBd013CktqRVZNQk1HQTFVRUNoTU1jMmxuYzNSdmNtVXVaR1YyTVJFd0R3WURWUVFERXdoemFXZHpkRzl5WlRBZUZ3MHkKTVRFd01EY3hNelUyTlRsYUZ3MHpNVEV3TURVeE16VTJOVGhhTUNveEZUQVRCZ05WQkFvVERITnBaM04wYjNKbApMbVJsZGpFUk1BOEdBMVVFQXhNSWMybG5jM1J2Y21Vd2RqQVFCZ2NxaGtqT1BRSUJCZ1VyZ1FRQUlnTmlBQVQ3ClhlRlQ0cmIzUFFHd1M0SWFqdExrMy9PbG5wZ2FuZ2FCY2xZcHNZQnI1aSs0eW5CMDdjZWIzTFAwT0lPWmR4ZXgKWDY5YzVpVnV5SlJRK0h6MDV5aStVRjN1QldBbEhwaVM1c2gwK0gyR0hFN1NYcmsxRUM1bTFUcjE5TDlnZzkyagpZekJoTUE0R0ExVWREd0VCL3dRRUF3SUJCakFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQjBHQTFVZERnUVdCQlJZCndCNWZrVVdsWnFsNnpKQ2hreUxRS3NYRitqQWZCZ05WSFNNRUdEQVdnQlJZd0I1ZmtVV2xacWw2ekpDaGt5TFEKS3NYRitqQUtCZ2dxaGtqT1BRUURBd05wQURCbUFqRUFqMW5IZVhacCsxM05XQk5hK0VEc0RQOEcxV1dnMXRDTQpXUC9XSFBxcGFWbzBqaHN3ZU5GWmdTczBlRTd3WUk0cUFqRUEyV0I5b3Q5OHNJa29GM3ZaWWRkMy9WdFdCNWI5ClROTWVhN0l4L3N0SjVUZmNMTGVBQkxFNEJOSk9zUTR2bkJISgotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==" + ] + } + }, + "timestampauthorities": { + "2151b61137ffa86bf664691ba67e7da0b19f98c758e3d228d5d8ebf27e044438": { + "certificate": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUgvekNDQmVlZ0F3SUJBZ0lKQU1IcGhoWU5xT21BTUEwR0NTcUdTSWIzRFFFQkRRVUFNSUdWTVJFd0R3WUQKVlFRS0V3aEdjbVZsSUZSVFFURVFNQTRHQTFVRUN4TUhVbTl2ZENCRFFURVlNQllHQTFVRUF4TVBkM2QzTG1aeQpaV1YwYzJFdWIzSm5NU0l3SUFZSktvWklodmNOQVFrQkZoTmlkWE5wYkdWNllYTkFaMjFoYVd3dVkyOXRNUkl3CkVBWURWUVFIRXdsWGRXVnllbUoxY21jeER6QU5CZ05WQkFnVEJrSmhlV1Z5YmpFTE1Ba0dBMVVFQmhNQ1JFVXcKSGhjTk1UWXdNekV6TURFMU1qRXpXaGNOTkRFd016QTNNREUxTWpFeldqQ0JsVEVSTUE4R0ExVUVDaE1JUm5KbApaU0JVVTBFeEVEQU9CZ05WQkFzVEIxSnZiM1FnUTBFeEdEQVdCZ05WQkFNVEQzZDNkeTVtY21WbGRITmhMbTl5Clp6RWlNQ0FHQ1NxR1NJYjNEUUVKQVJZVFluVnphV3hsZW1GelFHZHRZV2xzTG1OdmJURVNNQkFHQTFVRUJ4TUoKVjNWbGNucGlkWEpuTVE4d0RRWURWUVFJRXdaQ1lYbGxjbTR4Q3pBSkJnTlZCQVlUQWtSRk1JSUNJakFOQmdrcQpoa2lHOXcwQkFRRUZBQU9DQWc4QU1JSUNDZ0tDQWdFQXRnS09EakF5OFJFUTJXVE5xVXVkQW5qaGxDcnBFNnFsCm1RZk5wcGVUbVZ2WnJINHp1dG4rTndUYUhBR3BqU0d2NC9XUnBaMXdaM0JSWjVtUFVCWnlMZ3EwWXJJZlE1RngKMHMvTVJaUHpjMXIzbEtXck1SOXNBUXg0bU40ejExeEZFTzUyOUwwZEZKalBGOU1EOEdwZDJmZVd6R3lwdGxlbApiK1BxVCsrK2ZPYTJvWTArTmFNTTdsL3hjTkhQT2FNejAvMm9sazBpMjJoYktlVmh2b2tQQ3FoRmh6c3VoS3NtCnE0T2Yvbyt0NmRJN3N4NWgwblBNbTRnR1NSaGZxK3o2QlRSZ0NycVFHMkZPTG9WRmd0NmlJbS9Cbk5mZlVyN1YKRFlkM3pabUl3Rk9qL0gzREtIb0dpay94SzNFODJZQTJadWxWT0ZSVy96ajRBcGpQYTVPRmJwSWtkMHBtenh6ZApFY0w0NzloU0E5ZEZpeVZtU3hQdFk1emUxUCtCRTliTVUxUFNjcFJ6dzhNSEZYeHlLcVcxM1F2N0xXdzRzYmszClNjaUI3R0FDYlFpVkd6Z2t2WEc2eTg1SE91dldOdkM1R0xTaXlQOUdsUEIwVjY4dGJ4ejRKVlRSZHcvWG4vWFQKRk56UkJNM2NxOGxCT0FWdC9QQVg1K3VGY3YxUzl3RkU4WWphQmZXQ1AxamRCaWwrYzRlKzB0ZHl3VDJvSm1ZQgpCRi9rRXQxd21Hd01tSHVuTkV1UU56aDFGdEpZNTRoYlVmaVdpMzhtQVNFN3hNdE1oZmovQzRTdmFwaUROODM3CmdZYVBmczh4M0taeGJYN0MzWUFzRm5KaW5sd0FVc3MxZmRLYXI4US9ZVnM3SC9uVTRjNEl4eHh6NGY2N2ZjVnEKTTJJVEtlbnRiQ01DQXdFQUFhT0NBazR3Z2dKS01Bd0dBMVVkRXdRRk1BTUJBZjh3RGdZRFZSMFBBUUgvQkFRRApBZ0hHTUIwR0ExVWREZ1FXQkJUNlZRMk1OR1pSUTB6MzU3T25iSld2ZXVha2x6Q0J5Z1lEVlIwakJJSENNSUcvCmdCVDZWUTJNTkdaUlEwejM1N09uYkpXdmV1YWtsNkdCbTZTQm1EQ0JsVEVSTUE4R0ExVUVDaE1JUm5KbFpTQlUKVTBFeEVEQU9CZ05WQkFzVEIxSnZiM1FnUTBFeEdEQVdCZ05WQkFNVEQzZDNkeTVtY21WbGRITmhMbTl5WnpFaQpNQ0FHQ1NxR1NJYjNEUUVKQVJZVFluVnphV3hsZW1GelFHZHRZV2xzTG1OdmJURVNNQkFHQTFVRUJ4TUpWM1ZsCmNucGlkWEpuTVE4d0RRWURWUVFJRXdaQ1lYbGxjbTR4Q3pBSkJnTlZCQVlUQWtSRmdna0F3ZW1HRmcybzZZQXcKTXdZRFZSMGZCQ3d3S2pBb29DYWdKSVlpYUhSMGNEb3ZMM2QzZHk1bWNtVmxkSE5oTG05eVp5OXliMjkwWDJOaApMbU55YkRDQnp3WURWUjBnQklISE1JSEVNSUhCQmdvckJnRUVBWUh5SkFFQk1JR3lNRE1HQ0NzR0FRVUZCd0lCCkZpZG9kSFJ3T2k4dmQzZDNMbVp5WldWMGMyRXViM0puTDJaeVpXVjBjMkZmWTNCekxtaDBiV3d3TWdZSUt3WUIKQlFVSEFnRVdKbWgwZEhBNkx5OTNkM2N1Wm5KbFpYUnpZUzV2Y21jdlpuSmxaWFJ6WVY5amNITXVjR1JtTUVjRwpDQ3NHQVFVRkJ3SUNNRHNhT1VaeVpXVlVVMEVnZEhKMWMzUmxaQ0IwYVcxbGMzUmhiWEJwYm1jZ1UyOW1kSGRoCmNtVWdZWE1nWVNCVFpYSjJhV05sSUNoVFlXRlRLVEEzQmdnckJnRUZCUWNCQVFRck1Da3dKd1lJS3dZQkJRVUgKTUFHR0cyaDBkSEE2THk5M2QzY3VabkpsWlhSellTNXZjbWM2TWpVMk1EQU5CZ2txaGtpRzl3MEJBUTBGQUFPQwpBZ0VBYUs5K3Y1T0ZZdTlNNnp0WUMrTDY5c3cxb21keWxpODlsWkFmcFdNTWg5Q1JtSmhNNktCcU0vaXB3b0x0Cm54eXhHc2JDUGhjUWp1VHZ6bSt5bE42VndUTW1JbFZ5VlNMS1laY2RTanQvZUNVTis0MUs3c0Q3R1ZteFpCQUYKSUxuQkRtVEdKbUxrclUwS3V1SXBqOGxJL0U2WjZObm11UDIrUkFRU0hzZkJRaTZzc3NuWE1vNEhPVzVndFBPNwpnRHJVcFZYSUQrKzFQNFhuZGtvS243U3Z3NW4welM5ZnYxaHhCY1lJSFBQUVV6ZTJ1MzBiQVF0MG4waUl5Ukx6CmFXdWh0cEF0ZDdmZndFYkFTZ3pCN0UrTkdGNHRwVjM3ZThLaUEyeGlHU1JxVDVuZHUyOGZncE9ZODdnRDNBcloKRGN0WnZ2VENmSGRBUzVrRU8zZ25HR2VaRVZMRG1mRXN2OFRHSmEzQWxqVmE1RTQwSVFEc1VYcFFMaThHK1VDNAoxRFdadThFVlQ0cm5ZYUN3MVZYN1NoT1IxUE5DQ3ZqYjhTOHRmZHVkZDl6aFUzZ0VCMHJ4ZGVUeTF0VmJOTFhXCjk5eTkweGN3cjFaSURVd00veFEvbm9POEZSaG0wTG9QQzczRWYrSjRaQmRydld3YXVGM3pKZTMzZDRpYnhFY2IKOC9wejVXekZrZWl4WU0ybnNIaHFIc0JLdzdKUG91S05YUm5sNUlBRTFlRm1xRHlDN0cvVlQ3T0Y2Njl4TTZoYgpVdDVHMjFKRTRjTks2Tk51Y1MrZnpnMUpQWDArM1Zoc1laamo3RDV1bGpSdlFYcko4aUhnci9NNmoyb0xIdlRBCkkyTUxkcTJxalpGRE9DWHN4QnhKcGJtTEdCeDlvdzZaZXJsVXh6d3MyQVd2MnBrPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==" + } + }, + "steps": { + "build": { + "name": "build", + "functionaries": [ + { + "type": "root", + "certConstraint": { + "commonname": "*", + "dnsnames": [ + "*" + ], + "emails": [ + "*" + ], + "organizations": [ + "*" + ], + "uris": [ + "*" + ], + "roots": [ + "38fe24012c3f3ed1907232ee84c45002597fe132d224131da08e99b665f11117" + ] + } + }, + { + "type": "root", + "certConstraint": { + "commonname": "*", + "dnsnames": [ + "*" + ], + "emails": [ + "*" + ], + "organizations": [ + "*" + ], + "uris": [ + "*" + ], + "roots": [ + "38fe24012c3f3ed1907232ee84c45002597fe132d224131da08e99b665f11117", + "38fe24012c3f3ed1907232ee84c45002597fe132d224131da08e99b665f11117" + ] + } + } + ], + "attestations": [ + { + "type": "https://witness.dev/attestations/environment/v0.1", + "regopolicies": [] + }, + { + "type": "https://witness.dev/attestations/git/v0.1", + "regopolicies": [] + }, + { + "type": "https://witness.dev/attestations/github/v0.1", + "regopolicies": [] + }, + { + "type": "https://witness.dev/attestations/material/v0.1", + "regopolicies": [] + }, + { + "type": "https://witness.dev/attestations/command-run/v0.1", + "regopolicies": [] + }, + { + "type": "https://witness.dev/attestations/product/v0.1", + "regopolicies": [] + } + ] + }, + "commit": { + "name": "commit", + "functionaries": [ + { + "type": "root", + "certConstraint": { + "commonname": "*", + "dnsnames": [ + "*" + ], + "emails": [ + "colek42@gmail.com" + ], + "organizations": [ + "*" + ], + "uris": [ + "*" + ], + "roots": [ + "38fe24012c3f3ed1907232ee84c45002597fe132d224131da08e99b665f11117" + ] + } + } + ], + "attestations": [ + { + "type": "https://witness.dev/attestations/git/v0.1", + "regopolicies": [] + }, + { + "type": "https://witness.dev/attestations/material/v0.1", + "regopolicies": [] + }, + { + "type": "https://witness.dev/attestations/product/v0.1", + "regopolicies": [] + } + ] + }, + "scan": { + "name": "scan", + "functionaries": [ + { + "type": "root", + "certConstraint": { + "commonname": "*", + "dnsnames": [ + "*" + ], + "emails": [ + "*" + ], + "organizations": [ + "*" + ], + "uris": [ + "*" + ], + "roots": [ + "38fe24012c3f3ed1907232ee84c45002597fe132d224131da08e99b665f11117" + ] + } + } + ], + "attestations": [ + { + "type": "https://witness.dev/attestations/git/v0.1", + "regopolicies": [] + }, + { + "type": "https://witness.dev/attestations/github/v0.1", + "regopolicies": [] + }, + { + "type": "https://witness.dev/attestations/material/v0.1", + "regopolicies": [] + }, + { + "type": "https://witness.dev/attestations/command-run/v0.1", + "regopolicies": [] + }, + { + "type": "https://witness.dev/attestations/product/v0.1", + "regopolicies": [] + }, + { + "type": "https://witness.dev/attestations/sarif/v0.1", + "regopolicies": [] + } + ] + } + } +} diff --git a/.witness/policy-signed.json b/.witness/policy-signed.json new file mode 100644 index 00000000..2c7c28c2 --- /dev/null +++ b/.witness/policy-signed.json @@ -0,0 +1 @@ +{"payload":"ewogICJleHBpcmVzIjogIjIwMjMtMDQtMTlUMDM6MTY6MjkuOTM0MDM3OTktMDU6MDAiLAogICJyb290cyI6IHsKICAgICIzOGZlMjQwMTJjM2YzZWQxOTA3MjMyZWU4NGM0NTAwMjU5N2ZlMTMyZDIyNDEzMWRhMDhlOTliNjY1ZjExMTE3IjogewogICAgICAiY2VydGlmaWNhdGUiOiAiQ2kwdExTMHRRa1ZIU1U0Z1EwVlNWRWxHU1VOQlZFVXRMUzB0TFFwTlNVbERSMnBEUTBGaFIyZEJkMGxDUVdkSlZVRk1ibFpwVm1adVZUQmlja3BoYzIxU2EwaHliaTlWYm1aaFVYZERaMWxKUzI5YVNYcHFNRVZCZDAxM0NrdHFSVlpOUWsxSFFURlZSVU5vVFUxak1teHVZek5TZG1OdFZYVmFSMVl5VFZKRmQwUjNXVVJXVVZGRVJYZG9lbUZYWkhwa1J6bDVXbFJCWlVaM01Ia0tUV3BCTUUxVVRYbE5SRUV5VFZSV1lVWjNNSHBOVkVWM1RVUlZlRTE2VlRKT1ZHaGhUVVJqZUVaVVFWUkNaMDVXUWtGdlZFUklUbkJhTTA0d1lqTktiQXBNYlZKc1pHcEZaVTFDZDBkQk1WVkZRWGhOVm1NeWJHNWpNMUoyWTIxVmRHRlhOVEJhV0VwMFdsZFNjRmxZVW14TlNGbDNSVUZaU0V0dldrbDZhakJEQ2tGUldVWkxORVZGUVVOSlJGbG5RVVU0VWxaVEwzbHpTQ3RPVDNaMVJGcDVVRWxhZEdsc1oxVkdPVTVzWVhKWmNFRmtPVWhRTVhaQ1FrZ3hWVFZEVmpjS04weFRVemR6TUZwcFNEUnVSVGRJZGpkd2RGTTJUSFoyVWk5VFZHczNPVGhNVm1kTmVreHNTalJJWlVsbVJqTjBTRk5oWlhoTVkxbHdVMEZUY2pGclV3b3dUaTlTWjBKS2VpODVhbGREYVZodWJ6TnpkMlZVUVU5Q1owNVdTRkU0UWtGbU9FVkNRVTFEUVZGWmQwVjNXVVJXVWpCc1FrRjNkME5uV1VsTGQxbENDa0pSVlVoQmQwMTNSV2RaUkZaU01GUkJVVWd2UWtGbmQwSm5SVUl2ZDBsQ1FVUkJaRUpuVGxaSVVUUkZSbWRSVlRNNVVIQjZNVmxyUlZwaU5YRk9hbkFLUzBaWGFYaHBORmxhUkRoM1NIZFpSRlpTTUdwQ1FtZDNSbTlCVlZkTlFXVllOVVpHY0ZkaGNHVnplVkZ2V2sxcE1FTnlSbmhtYjNkRFoxbEpTMjlhU1FwNmFqQkZRWGROUkZwM1FYZGFRVWwzVUVOelVVczBSRmxwV2xsRVVFbGhSR2sxU0VaTGJtWjRXSGcyUVZOVFZtMUZVbVp6ZVc1WlFtbFlNbGcyVTBwU0NtNWFWVGcwTHpsRVdtUnVSbloyZUcxQmFrSlBkRFpSY0VKc1l6UktMekJFZUhaclZFTnhjR05zZG5wcFREWkNRME5RYm1wa2JFbENNMUIxTTBKNGMxQUtiWGxuVlZrM1NXa3llbUprUTJSc2FXbHZkejBLTFMwdExTMUZUa1FnUTBWU1ZFbEdTVU5CVkVVdExTMHRMUW89IiwKICAgICAgImludGVybWVkaWF0ZXMiOiBbCiAgICAgICAgIkNpMHRMUzB0UWtWSFNVNGdRMFZTVkVsR1NVTkJWRVV0TFMwdExRcE5TVWxDT1hwRFEwRlllV2RCZDBsQ1FXZEpWVUZNV2s1QlVFWmtlRWhRZDJwbFJHeHZSSGQ1V1VOb1FVOHZOSGREWjFsSlMyOWFTWHBxTUVWQmQwMTNDa3RxUlZaTlFrMUhRVEZWUlVOb1RVMWpNbXh1WXpOU2RtTnRWWFZhUjFZeVRWSkZkMFIzV1VSV1VWRkVSWGRvZW1GWFpIcGtSemw1V2xSQlpVWjNNSGtLVFZSRmQwMUVZM2hOZWxVeVRsUnNZVVozTUhwTlZFVjNUVVJWZUUxNlZUSk9WR2hoVFVOdmVFWlVRVlJDWjA1V1FrRnZWRVJJVG5CYU0wNHdZak5LYkFwTWJWSnNaR3BGVWsxQk9FZEJNVlZGUVhoTlNXTXliRzVqTTFKMlkyMVZkMlJxUVZGQ1oyTnhhR3RxVDFCUlNVSkNaMVZ5WjFGUlFVbG5UbWxCUVZRM0NsaGxSbFEwY21JelVGRkhkMU0wU1dGcWRFeHJNeTlQYkc1d1oyRnVaMkZDWTJ4WmNITlpRbkkxYVNzMGVXNUNNRGRqWldJelRGQXdUMGxQV21SNFpYZ0tXRFk1WXpWcFZuVjVTbEpSSzBoNk1EVjVhU3RWUmpOMVFsZEJiRWh3YVZNMWMyZ3dLMGd5UjBoRk4xTlljbXN4UlVNMWJURlVjakU1VERsblp6a3lhZ3BaZWtKb1RVRTBSMEV4VldSRWQwVkNMM2RSUlVGM1NVSkNha0ZRUW1kT1ZraFNUVUpCWmpoRlFsUkJSRUZSU0M5TlFqQkhRVEZWWkVSblVWZENRbEpaQ25kQ05XWnJWVmRzV25Gc05ucEtRMmhyZVV4UlMzTllSaXRxUVdaQ1owNVdTRk5OUlVkRVFWZG5RbEpaZDBJMVptdFZWMnhhY1d3MmVrcERhR3Q1VEZFS1MzTllSaXRxUVV0Q1oyZHhhR3RxVDFCUlVVUkJkMDV3UVVSQ2JVRnFSVUZxTVc1SVpWaGFjQ3N4TTA1WFFrNWhLMFZFYzBSUU9FY3hWMWRuTVhSRFRRcFhVQzlYU0ZCeGNHRldiekJxYUhOM1pVNUdXbWRUY3pCbFJUZDNXVWswY1VGcVJVRXlWMEk1YjNRNU9ITkphMjlHTTNaYVdXUmtNeTlXZEZkQ05XSTVDbFJPVFdWaE4wbDRMM04wU2pWVVptTk1UR1ZCUWt4Rk5FSk9Tazl6VVRSMmJrSklTZ290TFMwdExVVk9SQ0JEUlZKVVNVWkpRMEZVUlMwdExTMHRDZz09IgogICAgICBdCiAgICB9CiAgfSwKICAidGltZXN0YW1wYXV0aG9yaXRpZXMiOiB7CiAgICAiMjE1MWI2MTEzN2ZmYTg2YmY2NjQ2OTFiYTY3ZTdkYTBiMTlmOThjNzU4ZTNkMjI4ZDVkOGViZjI3ZTA0NDQzOCI6IHsKICAgICAgImNlcnRpZmljYXRlIjogIkxTMHRMUzFDUlVkSlRpQkRSVkpVU1VaSlEwRlVSUzB0TFMwdENrMUpTVWd2ZWtORFFtVmxaMEYzU1VKQlowbEtRVTFJY0dob1dVNXhUMjFCVFVFd1IwTlRjVWRUU1dJelJGRkZRa1JSVlVGTlNVZFdUVkpGZDBSM1dVUUtWbEZSUzBWM2FFZGpiVlpzU1VaU1ZGRlVSVkZOUVRSSFFURlZSVU40VFVoVmJUbDJaRU5DUkZGVVJWbE5RbGxIUVRGVlJVRjRUVkJrTTJRelRHMWFlUXBhVjFZd1l6SkZkV0l6U201TlUwbDNTVUZaU2t0dldrbG9kbU5PUVZGclFrWm9UbWxrV0U1d1lrZFdObGxZVGtGYU1qRm9ZVmQzZFZreU9YUk5Va2wzQ2tWQldVUldVVkZJUlhkc1dHUlhWbmxsYlVveFkyMWplRVI2UVU1Q1owNVdRa0ZuVkVKclNtaGxWMVo1WW1wRlRFMUJhMGRCTVZWRlFtaE5RMUpGVlhjS1NHaGpUazFVV1hkTmVrVjZUVVJGTVUxcVJYcFhhR05PVGtSRmQwMTZRVE5OUkVVeFRXcEZlbGRxUTBKc1ZFVlNUVUU0UjBFeFZVVkRhRTFKVW01S2JBcGFVMEpWVlRCRmVFVkVRVTlDWjA1V1FrRnpWRUl4U25aaU0xRm5VVEJGZUVkRVFWZENaMDVXUWtGTlZFUXpaRE5rZVRWdFkyMVdiR1JJVG1oTWJUbDVDbHA2UldsTlEwRkhRMU54UjFOSllqTkVVVVZLUVZKWlZGbHVWbnBoVjNoc1pXMUdlbEZIWkhSWlYyeHpURzFPZG1KVVJWTk5Ra0ZIUVRGVlJVSjRUVW9LVmpOV2JHTnVjR2xrV0VwdVRWRTRkMFJSV1VSV1VWRkpSWGRhUTFsWWJHeGpiVFI0UTNwQlNrSm5UbFpDUVZsVVFXdFNSazFKU1VOSmFrRk9RbWRyY1Fwb2EybEhPWGN3UWtGUlJVWkJRVTlEUVdjNFFVMUpTVU5EWjB0RFFXZEZRWFJuUzA5RWFrRjVPRkpGVVRKWFZFNXhWWFZrUVc1cWFHeERjbkJGTm5Gc0NtMVJaazV3Y0dWVWJWWjJXbkpJTkhwMWRHNHJUbmRVWVVoQlIzQnFVMGQyTkM5WFVuQmFNWGRhTTBKU1dqVnRVRlZDV25sTVozRXdXWEpKWmxFMVJuZ0tNSE12VFZKYVVIcGpNWEl6YkV0WGNrMVNPWE5CVVhnMGJVNDBlakV4ZUVaRlR6VXlPVXd3WkVaS2FsQkdPVTFFT0Vkd1pESm1aVmQ2UjNsd2RHeGxiQXBpSzFCeFZDc3JLMlpQWVRKdldUQXJUbUZOVFRkc0wzaGpUa2hRVDJGTmVqQXZNbTlzYXpCcE1qSm9Za3RsVm1oMmIydFFRM0ZvUm1oNmMzVm9TM050Q25FMFQyWXZieXQwTm1SSk4zTjROV2d3YmxCTmJUUm5SMU5TYUdaeEszbzJRbFJTWjBOeWNWRkhNa1pQVEc5V1JtZDBObWxKYlM5Q2JrNW1abFZ5TjFZS1JGbGtNM3BhYlVsM1JrOXFMMGd6UkV0SWIwZHBheTk0U3pORk9ESlpRVEphZFd4V1QwWlNWeTk2YWpSQmNHcFFZVFZQUm1Kd1NXdGtNSEJ0ZW5oNlpBcEZZMHcwTnpsb1UwRTVaRVpwZVZadFUzaFFkRmsxZW1VeFVDdENSVGxpVFZVeFVGTmpjRko2ZHpoTlNFWlllSGxMY1ZjeE0xRjJOMHhYZHpSelltc3pDbE5qYVVJM1IwRkRZbEZwVmtkNloydDJXRWMyZVRnMVNFOTFkbGRPZGtNMVIweFRhWGxRT1Vkc1VFSXdWalk0ZEdKNGVqUktWbFJTWkhjdldHNHZXRlFLUms1NlVrSk5NMk54T0d4Q1QwRldkQzlRUVZnMUszVkdZM1l4VXpsM1JrVTRXV3BoUW1aWFExQXhhbVJDYVd3cll6UmxLekIwWkhsM1ZESnZTbTFaUWdwQ1JpOXJSWFF4ZDIxSGQwMXRTSFZ1VGtWMVVVNTZhREZHZEVwWk5UUm9ZbFZtYVZkcE16aHRRVk5GTjNoTmRFMW9abW92UXpSVGRtRndhVVJPT0RNM0NtZFpZVkJtY3poNE0wdGFlR0pZTjBNeldVRnpSbTVLYVc1c2QwRlZjM014Wm1STFlYSTRVUzlaVm5NM1NDOXVWVFJqTkVsNGVIaDZOR1kyTjJaalZuRUtUVEpKVkV0bGJuUmlRMDFEUVhkRlFVRmhUME5CYXpSM1oyZEtTMDFCZDBkQk1WVmtSWGRSUmsxQlRVSkJaamgzUkdkWlJGWlNNRkJCVVVndlFrRlJSQXBCWjBoSFRVSXdSMEV4VldSRVoxRlhRa0pVTmxaUk1rMU9SMXBTVVRCNk16VTNUMjVpU2xkMlpYVmhhMng2UTBKNVoxbEVWbEl3YWtKSlNFTk5TVWN2Q21kQ1ZEWldVVEpOVGtkYVVsRXdlak0xTjA5dVlrcFhkbVYxWVd0c05rZENiVFpUUW0xRVEwSnNWRVZTVFVFNFIwRXhWVVZEYUUxSlVtNUtiRnBUUWxVS1ZUQkZlRVZFUVU5Q1owNVdRa0Z6VkVJeFNuWmlNMUZuVVRCRmVFZEVRVmRDWjA1V1FrRk5WRVF6WkROa2VUVnRZMjFXYkdSSVRtaE1iVGw1V25wRmFRcE5RMEZIUTFOeFIxTkpZak5FVVVWS1FWSlpWRmx1Vm5waFYzaHNaVzFHZWxGSFpIUlpWMnh6VEcxT2RtSlVSVk5OUWtGSFFURlZSVUo0VFVwV00xWnNDbU51Y0dsa1dFcHVUVkU0ZDBSUldVUldVVkZKUlhkYVExbFliR3hqYlRSNFEzcEJTa0puVGxaQ1FWbFVRV3RTUm1kbmEwRjNaVzFIUm1jeWJ6WlpRWGNLVFhkWlJGWlNNR1pDUTNkM1MycEJiMjlEWVdkS1NWbHBZVWhTTUdORWIzWk1NMlF6WkhrMWJXTnRWbXhrU0U1b1RHMDVlVnA1T1hsaU1qa3dXREpPYUFwTWJVNTVZa1JEUW5wM1dVUldVakJuUWtsSVNFMUpTRVZOU1VoQ1FtZHZja0puUlVWQldVaDVTa0ZGUWsxSlIzbE5SRTFIUTBOelIwRlJWVVpDZDBsQ0NrWnBaRzlrU0ZKM1QyazRkbVF6WkROTWJWcDVXbGRXTUdNeVJYVmlNMHB1VERKYWVWcFhWakJqTWtabVdUTkNla3h0YURCaVYzZDNUV2RaU1V0M1dVSUtRbEZWU0VGblJWZEtiV2d3WkVoQk5reDVPVE5rTTJOMVdtNUtiRnBZVW5wWlV6VjJZMjFqZGxwdVNteGFXRko2V1ZZNWFtTklUWFZqUjFKdFRVVmpSd3BEUTNOSFFWRlZSa0ozU1VOTlJITmhUMVZhZVZwWFZsVlZNRVZuWkVoS01XTXpVbXhhUTBJd1lWY3hiR016VW1oaVdFSndZbTFqWjFVeU9XMWtTR1JvQ21OdFZXZFpXRTFuV1ZOQ1ZGcFlTakpoVjA1c1NVTm9WRmxYUmxSTFZFRXpRbWRuY2tKblJVWkNVV05DUVZGUmNrMURhM2RLZDFsSlMzZFpRa0pSVlVnS1RVRkhSMGN5YURCa1NFRTJUSGs1TTJRelkzVmFia3BzV2xoU2VsbFROWFpqYldNMlRXcFZNazFFUVU1Q1oydHhhR3RwUnpsM01FSkJVVEJHUVVGUFF3cEJaMFZCWVVzNUszWTFUMFpaZFRsTk5ucDBXVU1yVERZNWMzY3hiMjFrZVd4cE9EbHNXa0ZtY0ZkTlRXZzVRMUp0U21oTk5rdENjVTB2YVhCM2IweDBDbTU0ZVhoSGMySkRVR2hqVVdwMVZIWjZiU3Q1YkU0MlZuZFVUVzFKYkZaNVZsTk1TMWxhWTJSVGFuUXZaVU5WVGlzME1VczNjMFEzUjFadGVGcENRVVlLU1V4dVFrUnRWRWRLYlV4cmNsVXdTM1YxU1hCcU9HeEpMMFUyV2paT2JtMTFVRElyVWtGUlUwaHpaa0pSYVRaemMzTnVXRTF2TkVoUFZ6Vm5kRkJQTndwblJISlZjRlpZU1VRckt6RlFORmh1Wkd0dlMyNDNVM1ozTlc0d2VsTTVabll4YUhoQ1kxbEpTRkJRVVZWNlpUSjFNekJpUVZGME1HNHdhVWw1VWt4NkNtRlhkV2gwY0VGMFpEZG1abmRGWWtGVFozcENOMFVyVGtkR05IUndWak0zWlRoTGFVRXllR2xIVTFKeFZEVnVaSFV5T0dabmNFOVpPRGRuUkROQmNsb0tSR04wV25aMlZFTm1TR1JCVXpWclJVOHpaMjVIUjJWYVJWWk1SRzFtUlhOMk9GUkhTbUV6UVd4cVZtRTFSVFF3U1ZGRWMxVlljRkZNYVRoSEsxVkROQW94UkZkYWRUaEZWbFEwY201WllVTjNNVlpZTjFOb1QxSXhVRTVEUTNacVlqaFRPSFJtWkhWa1pEbDZhRlV6WjBWQ01ISjRaR1ZVZVRGMFZtSk9URmhYQ2prNWVUa3dlR04zY2pGYVNVUlZkMDB2ZUZFdmJtOVBPRVpTYUcwd1RHOVFRemN6UldZclNqUmFRbVJ5ZGxkM1lYVkdNM3BLWlRNelpEUnBZbmhGWTJJS09DOXdlalZYZWtaclpXbDRXVTB5Ym5OSWFIRkljMEpMZHpkS1VHOTFTMDVZVW01c05VbEJSVEZsUm0xeFJIbEROMGN2VmxRM1QwWTJOamw0VFRab1lncFZkRFZITWpGS1JUUmpUa3MyVGs1MVkxTXJabnBuTVVwUVdEQXJNMVpvYzFsYWFtbzNSRFYxYkdwU2RsRllja280YVVobmNpOU5ObW95YjB4SWRsUkJDa2t5VFV4a2NUSnhhbHBHUkU5RFdITjRRbmhLY0dKdFRFZENlRGx2ZHpaYVpYSnNWWGg2ZDNNeVFWZDJNbkJyUFFvdExTMHRMVVZPUkNCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2c9PSIKICAgIH0KICB9LAogICJzdGVwcyI6IHsKICAgICJidWlsZCI6IHsKICAgICAgIm5hbWUiOiAiYnVpbGQiLAogICAgICAiZnVuY3Rpb25hcmllcyI6IFsKICAgICAgICB7CiAgICAgICAgICAidHlwZSI6ICJyb290IiwKICAgICAgICAgICJjZXJ0Q29uc3RyYWludCI6IHsKICAgICAgICAgICAgImNvbW1vbm5hbWUiOiAiKiIsCiAgICAgICAgICAgICJkbnNuYW1lcyI6IFsKICAgICAgICAgICAgICAiKiIKICAgICAgICAgICAgXSwKICAgICAgICAgICAgImVtYWlscyI6IFsKICAgICAgICAgICAgICAiKiIKICAgICAgICAgICAgXSwKICAgICAgICAgICAgIm9yZ2FuaXphdGlvbnMiOiBbCiAgICAgICAgICAgICAgIioiCiAgICAgICAgICAgIF0sCiAgICAgICAgICAgICJ1cmlzIjogWwogICAgICAgICAgICAgICIqIgogICAgICAgICAgICBdLAogICAgICAgICAgICAicm9vdHMiOiBbCiAgICAgICAgICAgICAgIjM4ZmUyNDAxMmMzZjNlZDE5MDcyMzJlZTg0YzQ1MDAyNTk3ZmUxMzJkMjI0MTMxZGEwOGU5OWI2NjVmMTExMTciCiAgICAgICAgICAgIF0KICAgICAgICAgIH0KICAgICAgICB9LAogICAgICAgIHsKICAgICAgICAgICJ0eXBlIjogInJvb3QiLAogICAgICAgICAgImNlcnRDb25zdHJhaW50IjogewogICAgICAgICAgICAiY29tbW9ubmFtZSI6ICIqIiwKICAgICAgICAgICAgImRuc25hbWVzIjogWwogICAgICAgICAgICAgICIqIgogICAgICAgICAgICBdLAogICAgICAgICAgICAiZW1haWxzIjogWwogICAgICAgICAgICAgICIqIgogICAgICAgICAgICBdLAogICAgICAgICAgICAib3JnYW5pemF0aW9ucyI6IFsKICAgICAgICAgICAgICAiKiIKICAgICAgICAgICAgXSwKICAgICAgICAgICAgInVyaXMiOiBbCiAgICAgICAgICAgICAgIioiCiAgICAgICAgICAgIF0sCiAgICAgICAgICAgICJyb290cyI6IFsKICAgICAgICAgICAgICAiMzhmZTI0MDEyYzNmM2VkMTkwNzIzMmVlODRjNDUwMDI1OTdmZTEzMmQyMjQxMzFkYTA4ZTk5YjY2NWYxMTExNyIsCiAgICAgICAgICAgICAgIjM4ZmUyNDAxMmMzZjNlZDE5MDcyMzJlZTg0YzQ1MDAyNTk3ZmUxMzJkMjI0MTMxZGEwOGU5OWI2NjVmMTExMTciCiAgICAgICAgICAgIF0KICAgICAgICAgIH0KICAgICAgICB9CiAgICAgIF0sCiAgICAgICJhdHRlc3RhdGlvbnMiOiBbCiAgICAgICAgewogICAgICAgICAgInR5cGUiOiAiaHR0cHM6Ly93aXRuZXNzLmRldi9hdHRlc3RhdGlvbnMvZ2l0L3YwLjEiLAogICAgICAgICAgInJlZ29wb2xpY2llcyI6IFtdCiAgICAgICAgfSwKICAgICAgICB7CiAgICAgICAgICAidHlwZSI6ICJodHRwczovL3dpdG5lc3MuZGV2L2F0dGVzdGF0aW9ucy9naXRodWIvdjAuMSIsCiAgICAgICAgICAicmVnb3BvbGljaWVzIjogWwogICAgICAgICAgICB7CiAgICAgICAgICAgICAgIm1vZHVsZSI6ICJjR0ZqYTJGblpTQm5hWFJvZFdJS0NXUmxibmxiYlhOblhTQjdDZ2tKYVc1d2RYUXVhbmQwTG1Oc1lXbHRjeTVoZFdRZ0lUMGdJbmRwZEc1bGMzTWlDZ2xwYm5CMWRDNXFkM1F1WTJ4aGFXMXpMbWx6Y3lBaFBTQWlhSFIwY0hNNkx5OTBiMnRsYmk1aFkzUnBiMjV6TG1kcGRHaDFZblZ6WlhKamIyNTBaVzUwTG1OdmJTSUtDV2x1Y0hWMExtcDNkQzVqYkdGcGJYTXVjbVZ3YjNOcGRHOXllU0FoUFNBaWRHVnpkR2xtZVhObFl5OW5ZV3hoWkhKcFpXd2lDZ2xwYm5CMWRDNXFkM1F1WTJ4aGFXMXpMbkoxYm01bGNsOWxiblpwY205dWJXVnVkQ0FoUFNBaVoybDBhSFZpTFdodmMzUmxaQ0lLQ1dsdWNIVjBMbU5wWTI5dVptbG5jR0YwYUNBaFBTQWlJZ29KYVc1d2RYUXVhbmQwTG1Oc1lXbHRjeTV5WlhCdmMybDBiM0o1WDI5M2JtVnlJQ0U5SUNKMFpYTjBhV1o1YzJWaklnb0phVzV3ZFhRdWFuZDBMblpsY21sbWFXVmtRbmt1YW5kcmMxVnliQ0FoUFNBaWFIUjBjSE02THk5MGIydGxiaTVoWTNScGIyNXpMbWRwZEdoMVluVnpaWEpqYjI1MFpXNTBMbU52YlM4dWQyVnNiQzFyYm05M2JpOXFkMnR6SWdvSkNXMXpaeUE2UFNBaWRXNWxlSEJsWTNSbFpDQjJZV3gxWlNCbWIzSWdhMlY1S0hNcElHcDNkQzVqYkdGcGJYTXVZWFZrTENCcWQzUXVZMnhoYVcxekxtbHpjeXdnYW5kMExtTnNZV2x0Y3k1eVpYQnZjMmwwYjNKNUxDQnFkM1F1WTJ4aGFXMXpMbkoxYm01bGNsOWxiblpwY205dWJXVnVkQ3dnWTJsamIyNW1hV2R3WVhSb0xDQnFkM1F1WTJ4aGFXMXpMbkpsY0c5emFYUnZjbmxmYjNkdVpYSXNJR3AzZEM1MlpYSnBabWxsWkVKNUxtcDNhM05WY213Z2FXNGdZWFIwWlhOMFlYUnBiMjRnZEhsd1pTQm9kSFJ3Y3pvdkwzZHBkRzVsYzNNdVpHVjJMMkYwZEdWemRHRjBhVzl1Y3k5bmFYUm9kV0l2ZGpBdU1TSUtDWDA9IiwKICAgICAgICAgICAgICAibmFtZSI6ICJidWlsZC1odHRwczovL3dpdG5lc3MuZGV2L2F0dGVzdGF0aW9ucy9naXRodWIvdjAuMSIKICAgICAgICAgICAgfQogICAgICAgICAgXQogICAgICAgIH0sCiAgICAgICAgewogICAgICAgICAgInR5cGUiOiAiaHR0cHM6Ly93aXRuZXNzLmRldi9hdHRlc3RhdGlvbnMvbWF0ZXJpYWwvdjAuMSIsCiAgICAgICAgICAicmVnb3BvbGljaWVzIjogW10KICAgICAgICB9LAogICAgICAgIHsKICAgICAgICAgICJ0eXBlIjogImh0dHBzOi8vd2l0bmVzcy5kZXYvYXR0ZXN0YXRpb25zL2NvbW1hbmQtcnVuL3YwLjEiLAogICAgICAgICAgInJlZ29wb2xpY2llcyI6IFtdCiAgICAgICAgfSwKICAgICAgICB7CiAgICAgICAgICAidHlwZSI6ICJodHRwczovL3dpdG5lc3MuZGV2L2F0dGVzdGF0aW9ucy9wcm9kdWN0L3YwLjEiLAogICAgICAgICAgInJlZ29wb2xpY2llcyI6IFtdCiAgICAgICAgfSwKICAgICAgICB7CiAgICAgICAgICAidHlwZSI6ICJodHRwczovL3dpdG5lc3MuZGV2L2F0dGVzdGF0aW9ucy9vY2kvdjAuMSIsCiAgICAgICAgICAicmVnb3BvbGljaWVzIjogW10KICAgICAgICB9CiAgICAgIF0KICAgIH0sCiAgICAiY29tbWl0IjogewogICAgICAibmFtZSI6ICJjb21taXQiLAogICAgICAiZnVuY3Rpb25hcmllcyI6IFsKICAgICAgICB7CiAgICAgICAgICAidHlwZSI6ICJyb290IiwKICAgICAgICAgICJjZXJ0Q29uc3RyYWludCI6IHsKICAgICAgICAgICAgImNvbW1vbm5hbWUiOiAiKiIsCiAgICAgICAgICAgICJkbnNuYW1lcyI6IFsKICAgICAgICAgICAgICAiKiIKICAgICAgICAgICAgXSwKICAgICAgICAgICAgImVtYWlscyI6IFsKICAgICAgICAgICAgICAiY29sZWs0MkBnbWFpbC5jb20iCiAgICAgICAgICAgIF0sCiAgICAgICAgICAgICJvcmdhbml6YXRpb25zIjogWwogICAgICAgICAgICAgICIqIgogICAgICAgICAgICBdLAogICAgICAgICAgICAidXJpcyI6IFsKICAgICAgICAgICAgICAiKiIKICAgICAgICAgICAgXSwKICAgICAgICAgICAgInJvb3RzIjogWwogICAgICAgICAgICAgICIzOGZlMjQwMTJjM2YzZWQxOTA3MjMyZWU4NGM0NTAwMjU5N2ZlMTMyZDIyNDEzMWRhMDhlOTliNjY1ZjExMTE3IgogICAgICAgICAgICBdCiAgICAgICAgICB9CiAgICAgICAgfQogICAgICBdLAogICAgICAiYXR0ZXN0YXRpb25zIjogWwogICAgICAgIHsKICAgICAgICAgICJ0eXBlIjogImh0dHBzOi8vd2l0bmVzcy5kZXYvYXR0ZXN0YXRpb25zL2dpdC92MC4xIiwKICAgICAgICAgICJyZWdvcG9saWNpZXMiOiBbXQogICAgICAgIH0sCiAgICAgICAgewogICAgICAgICAgInR5cGUiOiAiaHR0cHM6Ly93aXRuZXNzLmRldi9hdHRlc3RhdGlvbnMvbWF0ZXJpYWwvdjAuMSIsCiAgICAgICAgICAicmVnb3BvbGljaWVzIjogW10KICAgICAgICB9LAogICAgICAgIHsKICAgICAgICAgICJ0eXBlIjogImh0dHBzOi8vd2l0bmVzcy5kZXYvYXR0ZXN0YXRpb25zL3Byb2R1Y3QvdjAuMSIsCiAgICAgICAgICAicmVnb3BvbGljaWVzIjogW10KICAgICAgICB9CiAgICAgIF0KICAgIH0sCiAgICAic2NhbiI6IHsKICAgICAgIm5hbWUiOiAic2NhbiIsCiAgICAgICJmdW5jdGlvbmFyaWVzIjogWwogICAgICAgIHsKICAgICAgICAgICJ0eXBlIjogInJvb3QiLAogICAgICAgICAgImNlcnRDb25zdHJhaW50IjogewogICAgICAgICAgICAiY29tbW9ubmFtZSI6ICIqIiwKICAgICAgICAgICAgImRuc25hbWVzIjogWwogICAgICAgICAgICAgICIqIgogICAgICAgICAgICBdLAogICAgICAgICAgICAiZW1haWxzIjogWwogICAgICAgICAgICAgICIqIgogICAgICAgICAgICBdLAogICAgICAgICAgICAib3JnYW5pemF0aW9ucyI6IFsKICAgICAgICAgICAgICAiKiIKICAgICAgICAgICAgXSwKICAgICAgICAgICAgInVyaXMiOiBbCiAgICAgICAgICAgICAgIioiCiAgICAgICAgICAgIF0sCiAgICAgICAgICAgICJyb290cyI6IFsKICAgICAgICAgICAgICAiMzhmZTI0MDEyYzNmM2VkMTkwNzIzMmVlODRjNDUwMDI1OTdmZTEzMmQyMjQxMzFkYTA4ZTk5YjY2NWYxMTExNyIKICAgICAgICAgICAgXQogICAgICAgICAgfQogICAgICAgIH0KICAgICAgXSwKICAgICAgImF0dGVzdGF0aW9ucyI6IFsKICAgICAgICB7CiAgICAgICAgICAidHlwZSI6ICJodHRwczovL3dpdG5lc3MuZGV2L2F0dGVzdGF0aW9ucy9naXQvdjAuMSIsCiAgICAgICAgICAicmVnb3BvbGljaWVzIjogW10KICAgICAgICB9LAogICAgICAgIHsKICAgICAgICAgICJ0eXBlIjogImh0dHBzOi8vd2l0bmVzcy5kZXYvYXR0ZXN0YXRpb25zL2dpdGh1Yi92MC4xIiwKICAgICAgICAgICJyZWdvcG9saWNpZXMiOiBbCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAibW9kdWxlIjogImNHRmphMkZuWlNCbmFYUm9kV0lLQ1dSbGJubGJiWE5uWFNCN0Nna0phVzV3ZFhRdWFuZDBMbU5zWVdsdGN5NWhkV1FnSVQwZ0luZHBkRzVsYzNNaUNnbHBibkIxZEM1cWQzUXVZMnhoYVcxekxtbHpjeUFoUFNBaWFIUjBjSE02THk5MGIydGxiaTVoWTNScGIyNXpMbWRwZEdoMVluVnpaWEpqYjI1MFpXNTBMbU52YlNJS0NXbHVjSFYwTG1wM2RDNWpiR0ZwYlhNdWNtVndiM05wZEc5eWVTQWhQU0FpZEdWemRHbG1lWE5sWXk5bllXeGhaSEpwWld3aUNnbHBibkIxZEM1cWQzUXVZMnhoYVcxekxuSjFibTVsY2w5bGJuWnBjbTl1YldWdWRDQWhQU0FpWjJsMGFIVmlMV2h2YzNSbFpDSUtDV2x1Y0hWMExtTnBZMjl1Wm1sbmNHRjBhQ0FoUFNBaUlnb0phVzV3ZFhRdWFuZDBMbU5zWVdsdGN5NXlaWEJ2YzJsMGIzSjVYMjkzYm1WeUlDRTlJQ0owWlhOMGFXWjVjMlZqSWdvSmFXNXdkWFF1YW5kMExuWmxjbWxtYVdWa1Fua3VhbmRyYzFWeWJDQWhQU0FpYUhSMGNITTZMeTkwYjJ0bGJpNWhZM1JwYjI1ekxtZHBkR2gxWW5WelpYSmpiMjUwWlc1MExtTnZiUzh1ZDJWc2JDMXJibTkzYmk5cWQydHpJZ29KQ1cxelp5QTZQU0FpZFc1bGVIQmxZM1JsWkNCMllXeDFaU0JtYjNJZ2EyVjVLSE1wSUdwM2RDNWpiR0ZwYlhNdVlYVmtMQ0JxZDNRdVkyeGhhVzF6TG1semN5d2dhbmQwTG1Oc1lXbHRjeTV5WlhCdmMybDBiM0o1TENCcWQzUXVZMnhoYVcxekxuSjFibTVsY2w5bGJuWnBjbTl1YldWdWRDd2dZMmxqYjI1bWFXZHdZWFJvTENCcWQzUXVZMnhoYVcxekxuSmxjRzl6YVhSdmNubGZiM2R1WlhJc0lHcDNkQzUyWlhKcFptbGxaRUo1TG1wM2EzTlZjbXdnYVc0Z1lYUjBaWE4wWVhScGIyNGdkSGx3WlNCb2RIUndjem92TDNkcGRHNWxjM011WkdWMkwyRjBkR1Z6ZEdGMGFXOXVjeTluYVhSb2RXSXZkakF1TVNJS0NYMD0iLAogICAgICAgICAgICAgICJuYW1lIjogInNjYW4taHR0cHM6Ly93aXRuZXNzLmRldi9hdHRlc3RhdGlvbnMvZ2l0aHViL3YwLjEiCiAgICAgICAgICAgIH0KICAgICAgICAgIF0KICAgICAgICB9LAogICAgICAgIHsKICAgICAgICAgICJ0eXBlIjogImh0dHBzOi8vd2l0bmVzcy5kZXYvYXR0ZXN0YXRpb25zL21hdGVyaWFsL3YwLjEiLAogICAgICAgICAgInJlZ29wb2xpY2llcyI6IFtdCiAgICAgICAgfSwKICAgICAgICB7CiAgICAgICAgICAidHlwZSI6ICJodHRwczovL3dpdG5lc3MuZGV2L2F0dGVzdGF0aW9ucy9jb21tYW5kLXJ1bi92MC4xIiwKICAgICAgICAgICJyZWdvcG9saWNpZXMiOiBbXQogICAgICAgIH0sCiAgICAgICAgewogICAgICAgICAgInR5cGUiOiAiaHR0cHM6Ly93aXRuZXNzLmRldi9hdHRlc3RhdGlvbnMvcHJvZHVjdC92MC4xIiwKICAgICAgICAgICJyZWdvcG9saWNpZXMiOiBbXQogICAgICAgIH0sCiAgICAgICAgewogICAgICAgICAgInR5cGUiOiAiaHR0cHM6Ly93aXRuZXNzLmRldi9hdHRlc3RhdGlvbnMvc2FyaWYvdjAuMSIsCiAgICAgICAgICAicmVnb3BvbGljaWVzIjogW10KICAgICAgICB9CiAgICAgIF0KICAgIH0KICB9Cn0K","payloadType":"https://witness.testifysec.com/policy/v0.1","signatures":[{"keyid":"a0e98f1869e6730b02f80dc5d2ddd7149d0dcba3ecb2f4cbf1aeaa6ef8bb069d","sig":"Id+sEVgrb6Unes3R1s1Z7nZDmZ8cEhfHJQxI9DyRkxx52KgcQ6c2vjs9m3y8wxSpRmwNbV7zIzEd4Opp9eMAk3bX2qrJXg38cQo0G6f5hIpkyhwmTjWbvPlJ3sRP6vBiw0DnrvBCLgc9UZpZgL7p43sXA/3ctwl2t/O8nVzqaNz8lVoe75oMt5sdRg+XlEq3AE9YSMitt+yDtztp5ZiAzLE2+scg2zLb1hPsuiQkHPp5lrrqPhDD7x2QhhM0hn8vl4CRrU8IPK6A9q2XzZmrQy4lgcX1+X0b8ojWiLEUidMUjQv4R3WCHy9UeOk0As+nFB1ylqveRxmMSuPP0ZfX9A=="}]} diff --git a/.witness/policy.json b/.witness/policy.json new file mode 100644 index 00000000..631b0066 --- /dev/null +++ b/.witness/policy.json @@ -0,0 +1,194 @@ +{ + "expires": "2023-04-19T03:16:29.93403799-05:00", + "roots": { + "38fe24012c3f3ed1907232ee84c45002597fe132d224131da08e99b665f11117": { + "certificate": "Ci0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQpNSUlDR2pDQ0FhR2dBd0lCQWdJVUFMblZpVmZuVTBickphc21Sa0hybi9VbmZhUXdDZ1lJS29aSXpqMEVBd013CktqRVZNQk1HQTFVRUNoTU1jMmxuYzNSdmNtVXVaR1YyTVJFd0R3WURWUVFERXdoemFXZHpkRzl5WlRBZUZ3MHkKTWpBME1UTXlNREEyTVRWYUZ3MHpNVEV3TURVeE16VTJOVGhhTURjeEZUQVRCZ05WQkFvVERITnBaM04wYjNKbApMbVJsZGpFZU1Cd0dBMVVFQXhNVmMybG5jM1J2Y21VdGFXNTBaWEp0WldScFlYUmxNSFl3RUFZSEtvWkl6ajBDCkFRWUZLNEVFQUNJRFlnQUU4UlZTL3lzSCtOT3Z1RFp5UEladGlsZ1VGOU5sYXJZcEFkOUhQMXZCQkgxVTVDVjcKN0xTUzdzMFppSDRuRTdIdjdwdFM2THZ2Ui9TVGs3OThMVmdNekxsSjRIZUlmRjN0SFNhZXhMY1lwU0FTcjFrUwowTi9SZ0JKei85aldDaVhubzNzd2VUQU9CZ05WSFE4QkFmOEVCQU1DQVFZd0V3WURWUjBsQkF3d0NnWUlLd1lCCkJRVUhBd013RWdZRFZSMFRBUUgvQkFnd0JnRUIvd0lCQURBZEJnTlZIUTRFRmdRVTM5UHB6MVlrRVpiNXFOanAKS0ZXaXhpNFlaRDh3SHdZRFZSMGpCQmd3Rm9BVVdNQWVYNUZGcFdhcGVzeVFvWk1pMENyRnhmb3dDZ1lJS29aSQp6ajBFQXdNRFp3QXdaQUl3UENzUUs0RFlpWllEUElhRGk1SEZLbmZ4WHg2QVNTVm1FUmZzeW5ZQmlYMlg2U0pSCm5aVTg0LzlEWmRuRnZ2eG1BakJPdDZRcEJsYzRKLzBEeHZrVENxcGNsdnppTDZCQ0NQbmpkbElCM1B1M0J4c1AKbXlnVVk3SWkyemJkQ2RsaWlvdz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=", + "intermediates": [ + "Ci0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQpNSUlCOXpDQ0FYeWdBd0lCQWdJVUFMWk5BUEZkeEhQd2plRGxvRHd5WUNoQU8vNHdDZ1lJS29aSXpqMEVBd013CktqRVZNQk1HQTFVRUNoTU1jMmxuYzNSdmNtVXVaR1YyTVJFd0R3WURWUVFERXdoemFXZHpkRzl5WlRBZUZ3MHkKTVRFd01EY3hNelUyTlRsYUZ3MHpNVEV3TURVeE16VTJOVGhhTUNveEZUQVRCZ05WQkFvVERITnBaM04wYjNKbApMbVJsZGpFUk1BOEdBMVVFQXhNSWMybG5jM1J2Y21Vd2RqQVFCZ2NxaGtqT1BRSUJCZ1VyZ1FRQUlnTmlBQVQ3ClhlRlQ0cmIzUFFHd1M0SWFqdExrMy9PbG5wZ2FuZ2FCY2xZcHNZQnI1aSs0eW5CMDdjZWIzTFAwT0lPWmR4ZXgKWDY5YzVpVnV5SlJRK0h6MDV5aStVRjN1QldBbEhwaVM1c2gwK0gyR0hFN1NYcmsxRUM1bTFUcjE5TDlnZzkyagpZekJoTUE0R0ExVWREd0VCL3dRRUF3SUJCakFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQjBHQTFVZERnUVdCQlJZCndCNWZrVVdsWnFsNnpKQ2hreUxRS3NYRitqQWZCZ05WSFNNRUdEQVdnQlJZd0I1ZmtVV2xacWw2ekpDaGt5TFEKS3NYRitqQUtCZ2dxaGtqT1BRUURBd05wQURCbUFqRUFqMW5IZVhacCsxM05XQk5hK0VEc0RQOEcxV1dnMXRDTQpXUC9XSFBxcGFWbzBqaHN3ZU5GWmdTczBlRTd3WUk0cUFqRUEyV0I5b3Q5OHNJa29GM3ZaWWRkMy9WdFdCNWI5ClROTWVhN0l4L3N0SjVUZmNMTGVBQkxFNEJOSk9zUTR2bkJISgotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==" + ] + } + }, + "timestampauthorities": { + "2151b61137ffa86bf664691ba67e7da0b19f98c758e3d228d5d8ebf27e044438": { + "certificate": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUgvekNDQmVlZ0F3SUJBZ0lKQU1IcGhoWU5xT21BTUEwR0NTcUdTSWIzRFFFQkRRVUFNSUdWTVJFd0R3WUQKVlFRS0V3aEdjbVZsSUZSVFFURVFNQTRHQTFVRUN4TUhVbTl2ZENCRFFURVlNQllHQTFVRUF4TVBkM2QzTG1aeQpaV1YwYzJFdWIzSm5NU0l3SUFZSktvWklodmNOQVFrQkZoTmlkWE5wYkdWNllYTkFaMjFoYVd3dVkyOXRNUkl3CkVBWURWUVFIRXdsWGRXVnllbUoxY21jeER6QU5CZ05WQkFnVEJrSmhlV1Z5YmpFTE1Ba0dBMVVFQmhNQ1JFVXcKSGhjTk1UWXdNekV6TURFMU1qRXpXaGNOTkRFd016QTNNREUxTWpFeldqQ0JsVEVSTUE4R0ExVUVDaE1JUm5KbApaU0JVVTBFeEVEQU9CZ05WQkFzVEIxSnZiM1FnUTBFeEdEQVdCZ05WQkFNVEQzZDNkeTVtY21WbGRITmhMbTl5Clp6RWlNQ0FHQ1NxR1NJYjNEUUVKQVJZVFluVnphV3hsZW1GelFHZHRZV2xzTG1OdmJURVNNQkFHQTFVRUJ4TUoKVjNWbGNucGlkWEpuTVE4d0RRWURWUVFJRXdaQ1lYbGxjbTR4Q3pBSkJnTlZCQVlUQWtSRk1JSUNJakFOQmdrcQpoa2lHOXcwQkFRRUZBQU9DQWc4QU1JSUNDZ0tDQWdFQXRnS09EakF5OFJFUTJXVE5xVXVkQW5qaGxDcnBFNnFsCm1RZk5wcGVUbVZ2WnJINHp1dG4rTndUYUhBR3BqU0d2NC9XUnBaMXdaM0JSWjVtUFVCWnlMZ3EwWXJJZlE1RngKMHMvTVJaUHpjMXIzbEtXck1SOXNBUXg0bU40ejExeEZFTzUyOUwwZEZKalBGOU1EOEdwZDJmZVd6R3lwdGxlbApiK1BxVCsrK2ZPYTJvWTArTmFNTTdsL3hjTkhQT2FNejAvMm9sazBpMjJoYktlVmh2b2tQQ3FoRmh6c3VoS3NtCnE0T2Yvbyt0NmRJN3N4NWgwblBNbTRnR1NSaGZxK3o2QlRSZ0NycVFHMkZPTG9WRmd0NmlJbS9Cbk5mZlVyN1YKRFlkM3pabUl3Rk9qL0gzREtIb0dpay94SzNFODJZQTJadWxWT0ZSVy96ajRBcGpQYTVPRmJwSWtkMHBtenh6ZApFY0w0NzloU0E5ZEZpeVZtU3hQdFk1emUxUCtCRTliTVUxUFNjcFJ6dzhNSEZYeHlLcVcxM1F2N0xXdzRzYmszClNjaUI3R0FDYlFpVkd6Z2t2WEc2eTg1SE91dldOdkM1R0xTaXlQOUdsUEIwVjY4dGJ4ejRKVlRSZHcvWG4vWFQKRk56UkJNM2NxOGxCT0FWdC9QQVg1K3VGY3YxUzl3RkU4WWphQmZXQ1AxamRCaWwrYzRlKzB0ZHl3VDJvSm1ZQgpCRi9rRXQxd21Hd01tSHVuTkV1UU56aDFGdEpZNTRoYlVmaVdpMzhtQVNFN3hNdE1oZmovQzRTdmFwaUROODM3CmdZYVBmczh4M0taeGJYN0MzWUFzRm5KaW5sd0FVc3MxZmRLYXI4US9ZVnM3SC9uVTRjNEl4eHh6NGY2N2ZjVnEKTTJJVEtlbnRiQ01DQXdFQUFhT0NBazR3Z2dKS01Bd0dBMVVkRXdRRk1BTUJBZjh3RGdZRFZSMFBBUUgvQkFRRApBZ0hHTUIwR0ExVWREZ1FXQkJUNlZRMk1OR1pSUTB6MzU3T25iSld2ZXVha2x6Q0J5Z1lEVlIwakJJSENNSUcvCmdCVDZWUTJNTkdaUlEwejM1N09uYkpXdmV1YWtsNkdCbTZTQm1EQ0JsVEVSTUE4R0ExVUVDaE1JUm5KbFpTQlUKVTBFeEVEQU9CZ05WQkFzVEIxSnZiM1FnUTBFeEdEQVdCZ05WQkFNVEQzZDNkeTVtY21WbGRITmhMbTl5WnpFaQpNQ0FHQ1NxR1NJYjNEUUVKQVJZVFluVnphV3hsZW1GelFHZHRZV2xzTG1OdmJURVNNQkFHQTFVRUJ4TUpWM1ZsCmNucGlkWEpuTVE4d0RRWURWUVFJRXdaQ1lYbGxjbTR4Q3pBSkJnTlZCQVlUQWtSRmdna0F3ZW1HRmcybzZZQXcKTXdZRFZSMGZCQ3d3S2pBb29DYWdKSVlpYUhSMGNEb3ZMM2QzZHk1bWNtVmxkSE5oTG05eVp5OXliMjkwWDJOaApMbU55YkRDQnp3WURWUjBnQklISE1JSEVNSUhCQmdvckJnRUVBWUh5SkFFQk1JR3lNRE1HQ0NzR0FRVUZCd0lCCkZpZG9kSFJ3T2k4dmQzZDNMbVp5WldWMGMyRXViM0puTDJaeVpXVjBjMkZmWTNCekxtaDBiV3d3TWdZSUt3WUIKQlFVSEFnRVdKbWgwZEhBNkx5OTNkM2N1Wm5KbFpYUnpZUzV2Y21jdlpuSmxaWFJ6WVY5amNITXVjR1JtTUVjRwpDQ3NHQVFVRkJ3SUNNRHNhT1VaeVpXVlVVMEVnZEhKMWMzUmxaQ0IwYVcxbGMzUmhiWEJwYm1jZ1UyOW1kSGRoCmNtVWdZWE1nWVNCVFpYSjJhV05sSUNoVFlXRlRLVEEzQmdnckJnRUZCUWNCQVFRck1Da3dKd1lJS3dZQkJRVUgKTUFHR0cyaDBkSEE2THk5M2QzY3VabkpsWlhSellTNXZjbWM2TWpVMk1EQU5CZ2txaGtpRzl3MEJBUTBGQUFPQwpBZ0VBYUs5K3Y1T0ZZdTlNNnp0WUMrTDY5c3cxb21keWxpODlsWkFmcFdNTWg5Q1JtSmhNNktCcU0vaXB3b0x0Cm54eXhHc2JDUGhjUWp1VHZ6bSt5bE42VndUTW1JbFZ5VlNMS1laY2RTanQvZUNVTis0MUs3c0Q3R1ZteFpCQUYKSUxuQkRtVEdKbUxrclUwS3V1SXBqOGxJL0U2WjZObm11UDIrUkFRU0hzZkJRaTZzc3NuWE1vNEhPVzVndFBPNwpnRHJVcFZYSUQrKzFQNFhuZGtvS243U3Z3NW4welM5ZnYxaHhCY1lJSFBQUVV6ZTJ1MzBiQVF0MG4waUl5Ukx6CmFXdWh0cEF0ZDdmZndFYkFTZ3pCN0UrTkdGNHRwVjM3ZThLaUEyeGlHU1JxVDVuZHUyOGZncE9ZODdnRDNBcloKRGN0WnZ2VENmSGRBUzVrRU8zZ25HR2VaRVZMRG1mRXN2OFRHSmEzQWxqVmE1RTQwSVFEc1VYcFFMaThHK1VDNAoxRFdadThFVlQ0cm5ZYUN3MVZYN1NoT1IxUE5DQ3ZqYjhTOHRmZHVkZDl6aFUzZ0VCMHJ4ZGVUeTF0VmJOTFhXCjk5eTkweGN3cjFaSURVd00veFEvbm9POEZSaG0wTG9QQzczRWYrSjRaQmRydld3YXVGM3pKZTMzZDRpYnhFY2IKOC9wejVXekZrZWl4WU0ybnNIaHFIc0JLdzdKUG91S05YUm5sNUlBRTFlRm1xRHlDN0cvVlQ3T0Y2Njl4TTZoYgpVdDVHMjFKRTRjTks2Tk51Y1MrZnpnMUpQWDArM1Zoc1laamo3RDV1bGpSdlFYcko4aUhnci9NNmoyb0xIdlRBCkkyTUxkcTJxalpGRE9DWHN4QnhKcGJtTEdCeDlvdzZaZXJsVXh6d3MyQVd2MnBrPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==" + } + }, + "steps": { + "build": { + "name": "build", + "functionaries": [ + { + "type": "root", + "certConstraint": { + "commonname": "*", + "dnsnames": [ + "*" + ], + "emails": [ + "*" + ], + "organizations": [ + "*" + ], + "uris": [ + "*" + ], + "roots": [ + "38fe24012c3f3ed1907232ee84c45002597fe132d224131da08e99b665f11117" + ] + } + }, + { + "type": "root", + "certConstraint": { + "commonname": "*", + "dnsnames": [ + "*" + ], + "emails": [ + "*" + ], + "organizations": [ + "*" + ], + "uris": [ + "*" + ], + "roots": [ + "38fe24012c3f3ed1907232ee84c45002597fe132d224131da08e99b665f11117", + "38fe24012c3f3ed1907232ee84c45002597fe132d224131da08e99b665f11117" + ] + } + } + ], + "attestations": [ + { + "type": "https://witness.dev/attestations/git/v0.1", + "regopolicies": [] + }, + { + "type": "https://witness.dev/attestations/github/v0.1", + "regopolicies": [ + { + "module": "cGFja2FnZSBnaXRodWIKCWRlbnlbbXNnXSB7CgkJaW5wdXQuand0LmNsYWltcy5hdWQgIT0gIndpdG5lc3MiCglpbnB1dC5qd3QuY2xhaW1zLmlzcyAhPSAiaHR0cHM6Ly90b2tlbi5hY3Rpb25zLmdpdGh1YnVzZXJjb250ZW50LmNvbSIKCWlucHV0Lmp3dC5jbGFpbXMucmVwb3NpdG9yeSAhPSAidGVzdGlmeXNlYy9nYWxhZHJpZWwiCglpbnB1dC5qd3QuY2xhaW1zLnJ1bm5lcl9lbnZpcm9ubWVudCAhPSAiZ2l0aHViLWhvc3RlZCIKCWlucHV0LmNpY29uZmlncGF0aCAhPSAiIgoJaW5wdXQuand0LmNsYWltcy5yZXBvc2l0b3J5X293bmVyICE9ICJ0ZXN0aWZ5c2VjIgoJaW5wdXQuand0LnZlcmlmaWVkQnkuandrc1VybCAhPSAiaHR0cHM6Ly90b2tlbi5hY3Rpb25zLmdpdGh1YnVzZXJjb250ZW50LmNvbS8ud2VsbC1rbm93bi9qd2tzIgoJCW1zZyA6PSAidW5leHBlY3RlZCB2YWx1ZSBmb3Iga2V5KHMpIGp3dC5jbGFpbXMuYXVkLCBqd3QuY2xhaW1zLmlzcywgand0LmNsYWltcy5yZXBvc2l0b3J5LCBqd3QuY2xhaW1zLnJ1bm5lcl9lbnZpcm9ubWVudCwgY2ljb25maWdwYXRoLCBqd3QuY2xhaW1zLnJlcG9zaXRvcnlfb3duZXIsIGp3dC52ZXJpZmllZEJ5Lmp3a3NVcmwgaW4gYXR0ZXN0YXRpb24gdHlwZSBodHRwczovL3dpdG5lc3MuZGV2L2F0dGVzdGF0aW9ucy9naXRodWIvdjAuMSIKCX0=", + "name": "build-https://witness.dev/attestations/github/v0.1" + } + ] + }, + { + "type": "https://witness.dev/attestations/material/v0.1", + "regopolicies": [] + }, + { + "type": "https://witness.dev/attestations/command-run/v0.1", + "regopolicies": [] + }, + { + "type": "https://witness.dev/attestations/product/v0.1", + "regopolicies": [] + }, + { + "type": "https://witness.dev/attestations/oci/v0.1", + "regopolicies": [] + } + ] + }, + "commit": { + "name": "commit", + "functionaries": [ + { + "type": "root", + "certConstraint": { + "commonname": "*", + "dnsnames": [ + "*" + ], + "emails": [ + "colek42@gmail.com" + ], + "organizations": [ + "*" + ], + "uris": [ + "*" + ], + "roots": [ + "38fe24012c3f3ed1907232ee84c45002597fe132d224131da08e99b665f11117" + ] + } + } + ], + "attestations": [ + { + "type": "https://witness.dev/attestations/git/v0.1", + "regopolicies": [] + }, + { + "type": "https://witness.dev/attestations/material/v0.1", + "regopolicies": [] + }, + { + "type": "https://witness.dev/attestations/product/v0.1", + "regopolicies": [] + } + ] + }, + "scan": { + "name": "scan", + "functionaries": [ + { + "type": "root", + "certConstraint": { + "commonname": "*", + "dnsnames": [ + "*" + ], + "emails": [ + "*" + ], + "organizations": [ + "*" + ], + "uris": [ + "*" + ], + "roots": [ + "38fe24012c3f3ed1907232ee84c45002597fe132d224131da08e99b665f11117" + ] + } + } + ], + "attestations": [ + { + "type": "https://witness.dev/attestations/git/v0.1", + "regopolicies": [] + }, + { + "type": "https://witness.dev/attestations/github/v0.1", + "regopolicies": [ + { + "module": "cGFja2FnZSBnaXRodWIKCWRlbnlbbXNnXSB7CgkJaW5wdXQuand0LmNsYWltcy5hdWQgIT0gIndpdG5lc3MiCglpbnB1dC5qd3QuY2xhaW1zLmlzcyAhPSAiaHR0cHM6Ly90b2tlbi5hY3Rpb25zLmdpdGh1YnVzZXJjb250ZW50LmNvbSIKCWlucHV0Lmp3dC5jbGFpbXMucmVwb3NpdG9yeSAhPSAidGVzdGlmeXNlYy9nYWxhZHJpZWwiCglpbnB1dC5qd3QuY2xhaW1zLnJ1bm5lcl9lbnZpcm9ubWVudCAhPSAiZ2l0aHViLWhvc3RlZCIKCWlucHV0LmNpY29uZmlncGF0aCAhPSAiIgoJaW5wdXQuand0LmNsYWltcy5yZXBvc2l0b3J5X293bmVyICE9ICJ0ZXN0aWZ5c2VjIgoJaW5wdXQuand0LnZlcmlmaWVkQnkuandrc1VybCAhPSAiaHR0cHM6Ly90b2tlbi5hY3Rpb25zLmdpdGh1YnVzZXJjb250ZW50LmNvbS8ud2VsbC1rbm93bi9qd2tzIgoJCW1zZyA6PSAidW5leHBlY3RlZCB2YWx1ZSBmb3Iga2V5KHMpIGp3dC5jbGFpbXMuYXVkLCBqd3QuY2xhaW1zLmlzcywgand0LmNsYWltcy5yZXBvc2l0b3J5LCBqd3QuY2xhaW1zLnJ1bm5lcl9lbnZpcm9ubWVudCwgY2ljb25maWdwYXRoLCBqd3QuY2xhaW1zLnJlcG9zaXRvcnlfb3duZXIsIGp3dC52ZXJpZmllZEJ5Lmp3a3NVcmwgaW4gYXR0ZXN0YXRpb24gdHlwZSBodHRwczovL3dpdG5lc3MuZGV2L2F0dGVzdGF0aW9ucy9naXRodWIvdjAuMSIKCX0=", + "name": "scan-https://witness.dev/attestations/github/v0.1" + } + ] + }, + { + "type": "https://witness.dev/attestations/material/v0.1", + "regopolicies": [] + }, + { + "type": "https://witness.dev/attestations/command-run/v0.1", + "regopolicies": [] + }, + { + "type": "https://witness.dev/attestations/product/v0.1", + "regopolicies": [] + }, + { + "type": "https://witness.dev/attestations/sarif/v0.1", + "regopolicies": [] + } + ] + } + } +} diff --git a/.witness/policy.pub b/.witness/policy.pub new file mode 100644 index 00000000..4b0bcffb --- /dev/null +++ b/.witness/policy.pub @@ -0,0 +1,9 @@ +-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi10OxJeW7mg9qwIeyIXa +dHmwJcTK8DkqY4Tep45C9FmEJE5OjuItSPzplFvJpI5NcVQbfuK3/EtYWRQiqPki +GUzKa2cx3Epzt7k36JCVB3oFcQjLRUETs9m6EJkLdPW23XvExdtqWsy5aP9Itubj +f88H4zSXGYbt3aCq73k/jy87f4ZseTCdL7HGmaSbWoO9jlxXG61N/IHnrj0ey+zB +4PBxVSZK3/hb8aj7l3ElBct+mSA7b1FbFjl5LNUqK0YhxDtSeTXWkB5xgfwf4AfY +nyDji8G++3QUhYOAcUjOou1vgMEfgv+OTJf26GNKUbhi5kNsrH+BMDPGyltCB4uQ +mQIDAQAB +-----END PUBLIC KEY----- diff --git a/.witness/root.pem b/.witness/root.pem new file mode 100644 index 00000000..f3c4b18c --- /dev/null +++ b/.witness/root.pem @@ -0,0 +1,15 @@ + +-----BEGIN CERTIFICATE----- +MIICGjCCAaGgAwIBAgIUALnViVfnU0brJasmRkHrn/UnfaQwCgYIKoZIzj0EAwMw +KjEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MREwDwYDVQQDEwhzaWdzdG9yZTAeFw0y +MjA0MTMyMDA2MTVaFw0zMTEwMDUxMzU2NThaMDcxFTATBgNVBAoTDHNpZ3N0b3Jl +LmRldjEeMBwGA1UEAxMVc2lnc3RvcmUtaW50ZXJtZWRpYXRlMHYwEAYHKoZIzj0C +AQYFK4EEACIDYgAE8RVS/ysH+NOvuDZyPIZtilgUF9NlarYpAd9HP1vBBH1U5CV7 +7LSS7s0ZiH4nE7Hv7ptS6LvvR/STk798LVgMzLlJ4HeIfF3tHSaexLcYpSASr1kS +0N/RgBJz/9jWCiXno3sweTAOBgNVHQ8BAf8EBAMCAQYwEwYDVR0lBAwwCgYIKwYB +BQUHAwMwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQU39Ppz1YkEZb5qNjp +KFWixi4YZD8wHwYDVR0jBBgwFoAUWMAeX5FFpWapesyQoZMi0CrFxfowCgYIKoZI +zj0EAwMDZwAwZAIwPCsQK4DYiZYDPIaDi5HFKnfxXx6ASSVmERfsynYBiX2X6SJR +nZU84/9DZdnFvvxmAjBOt6QpBlc4J/0DxvkTCqpclvziL6BCCPnjdlIB3Pu3BxsP +mygUY7Ii2zbdCdliiow= +-----END CERTIFICATE----- diff --git a/.witness/sticky.yaml b/.witness/sticky.yaml new file mode 100644 index 00000000..28a1bf92 --- /dev/null +++ b/.witness/sticky.yaml @@ -0,0 +1,16 @@ +https://witness.dev/attestations/github/v0.1: + - jwt.claims.aud + - jwt.claims.iss + - jwt.claims.repository + - jwt.claims.runner_environment + - ciconfigpath + - jwt.claims.repository_owner + - jwt.verifiedBy.jwksUrl + + + +# COMMIT=c5d150f01c8f0fb7152ec8ee0a1d890d9c006a307d5f55ed340aaa096d61598e +# SCORE=71df3d92c453f688d25075bea2bf4e632674dfea211854f67923a0cc706d953a +# TRIVY=58bd574fbb89bb0846d04e949e5aa4dcd0c02e76ebef9230665774a464a7e0e6 +# BUILD=62281f16adc269dbcc0e1fbb6f1ad46871dd38a544ef8c632485b7e5c35f0656 +# policy-tool create -x $SCORE -r root.pem -t intermediate.pem -x $TRIVY -r root.pem -t intermediate.pem -y sticky.yaml -x $BUILD -r root.pem -t intermediate.pem -y sticky.yaml \ No newline at end of file diff --git a/LICENSE b/LICENSE deleted file mode 100644 index bc63103a..00000000 --- a/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright 2022 Hewlett Packard Enterprise - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. \ No newline at end of file diff --git a/Makefile b/Makefile index 9e701a55..dc830662 100644 --- a/Makefile +++ b/Makefile @@ -148,6 +148,9 @@ docker-build-harvester: ## Builds all docker images. docker-build: docker-build-server docker-build-harvester +copy-hook: + cp -f .githooks/post-commit .git/hooks/post-commit + #------------------------------------------------------------------------ # Document file #------------------------------------------------------------------------ @@ -183,3 +186,5 @@ help: } \ } \ { lastLine = $$0 }' $(MAKEFILE_LIST) + + diff --git a/README.md b/README.md index 7ea7420a..269c0312 100644 --- a/README.md +++ b/README.md @@ -1,47 +1,342 @@ -# Galadriel -[![CodeQL](https://github.com/HewlettPackard/galadriel/actions/workflows/codeql.yml/badge.svg)](https://github.com/HewlettPackard/galadriel/actions/workflows/codeql.yml) -[![PR Build](https://github.com/HewlettPackard/galadriel/actions/workflows/pr_build.yml/badge.svg)](https://github.com/HewlettPackard/galadriel/actions/workflows/pr_build.yml) -[![Scorecards supply-chain security](https://github.com/HewlettPackard/galadriel/actions/workflows/scorecards.yml/badge.svg)](https://github.com/HewlettPackard/galadriel/actions/workflows/scorecards.yml) -[![trivy](https://github.com/HewlettPackard/galadriel/actions/workflows/trivy.yml/badge.svg)](https://github.com/HewlettPackard/galadriel/actions/workflows/trivy.yml) +[![OpenSSF +-Scorecard](https://api.securityscorecards.dev/projects/github.com/testifysec/witness/badge)](https://api.securityscorecards.dev/projects/github.com/testifysec/witness) ---- +

+ +
+ Witness is a pluggable framework for supply chain security +

-Project Galadriel, or just Galadriel, is an open source project that enables scalable and easy configuration of Federation relationships among SPIRE Servers. It works as a central hub for managing and auditing Federation relationships. +[![asciicast](https://asciinema.org/a/2DZRRh8uzrzHcUVL8md86Zj4D.svg)](https://asciinema.org/a/2DZRRh8uzrzHcUVL8md86Zj4D) -### What Galadriel IS? -- **Alternative approach to SPIRE Federation**: it's built on top of SPIRE APIs to facilitate foreign Trust Bundles management. -- **Multi-tenant**: multiple organizations can leverage the same Galadriel deployment, while ensuring data and operations isolation. -- **Federation at scale**: configuring multiple SPIRE Server federation should be easy and secure by default, that is Galadriel's main focus. -- **Central hub**: it's a central place where federation relationships can be defined and audited. +# Witness - Secure Your Supply Chain -### What Galadriel IS NOT? -- **A replacement of SPIRE/SPIFFE Federation**: it doesn't replace SPIRE Federation, it leverages what's already built in there. -- **A SPIRE plugin**: it's deployed as a separate component, not as a SPIRE plugin. +Witness is a pluggable framework for supply chain security that creates an evidence trail of the entire software development life cycle (SDLC) to ensure the integrity of your software from source to target. It supports most major CI and infrastructure providers, and uses a secure PKI distribution system to enhance security and mitigate against software supply chain attack vectors. ---- +Witness works by wrapping commands executed in a continuous integration process, providing an evidence trail of every action in the software development life cycle (SDLC). This allows for a detailed and verifiable record of how the software was built, who built it, and what tools were used. This evidence can be used to evaluate policy compliance and detect any potential tampering or malicious activity and ensure only authorized users or machines completes a step of the process. Additionally, Witness's attestation system is pluggable and offers support for most major CI and infrastructure providers, making it a versatile and flexible solution for securing software supply chains. Furthermore, the use of a secure PKI distribution system and the ability to verify Witness metadata further enhances the security of the process and helps mitigate against many software supply chain attack vectors. -## Get started +**NOTE:** the attestor code has been split into repo https://github.com/testifysec/go-witness -- Learn how to run the Proof of Concept (v0.1.0) [here](https://github.com/HewlettPackard/galadriel/blob/v0.1.0/doc/INSTRUCTIONS.md) -- [Configuration and CLI Usage instructions](./doc/USAGE.md) +## Witness enables you to: -## Contribute +- Verify who built the software, how it was built and what tools were used +- Detect any potential tampering or malicious activity +- Ensure that only authorized users or machines complete each step of the process +- Distribute attestations and policy across air gaps -Project Galadriel is an open source project under the [Apache 2 license](./LICENSE), and as such, any kind of contribution is welcome, being documentation, new features, bugfixing, issues, etc. Check out our [Contributing guidelines](./CONTRIBUTING.md) to learn how we manage contributions, and the [Governance policy](./GOVERNANCE.md) to learn about the different roles in the project. +## Witness is a pluggable framework for supply chain security -## Roadmap + - It creates an evidence trail of the entire software development life cycle (SDLC) that can be used to evaluate policy compliance and detect any potential tampering or malicious activity. + - It is designed to run in both containerized and non-containerized environments and does not require elevated privileges. + - It supports most major CI and infrastructure providers, making it a versatile and flexible solution for securing software supply chains. + - It uses a secure PKI distribution system and allows for verification of Witness metadata to further enhance security and mitigate against software supply chain attack vectors. -Project Galadriel has currently reached the Proof of Concept milestone ([v0.1.0](https://github.com/HewlettPackard/galadriel/blob/v0.1.0/doc/INSTRUCTIONS.md)). Refer to the [Roadmap](./ROADMAP.md) to learn what's next. +## Key Features + - Implementation of the in-toto specification including ITE-5, ITE-6, and ITE-7, and an embedded rego policy engine for build policy enforcement. + - Support for keyless signing with Sigstore and SPIFFE/SPIRE, and uploading attestation evidence to the Archivista server. + - Support for RFC3161 compatible timestamp authorities + - Experimental support for process tracing and process tampering prevention. + - Verifies file integrity between CI steps and across air gap. + - Support for Darwin, Windows, and ARM architectures. + - Can use Archivista as an attestation store. + - Integrations with GitLab, GitHub, AWS, and GCP. -## Want to know more? +## How it works +- Witness wraps commands executed during a continuous integration process to create an evidence trail of the entire software development life cycle (SDLC) +- It records secure hashes of materials, artifacts, and events that occur during the CI process +- This evidence can be used to evaluate policy compliance, detect tampering or malicious activity, and ensure only authorized users or machines complete a step of the process +- Witness's attestation system is pluggable and supports most major CI and infrastructure providers +- It uses a secure PKI distribution system and can verify Witness metadata to enhance security and mitigate against many software supply chain attack vectors +- Witness is an implementation of the in-toto specification, including ITE-5, ITE-6, and ITE-7, and includes an embedded rego policy engine for build policy enforcement with Open Policy Agent +- It can run in both containerized and non-containerized environments without requiring elevated privileges +- It supports keyless signing with Sigstore and SPIFFE/SPIRE and uploading attestation evidence to the [Archivista](https://github.com/testifysec/archivista) server +- It offers experimental support for tracing and process tampering prevention and can verify file integrity between CI steps and across air gap +- It supports Darwin, Windows, and ARM architectures and can use [Archivista](https://github.com/testifysec/archivista) as an attestation store +- Overall, Witness acts as a comprehensive framework for automated governance, providing a robust solution for securing the software supply chain. -### Design document -Please feel free to check out our [Design Document](https://docs.google.com/document/d/1nkiJV4PAV8Wx1oNvx4CT3IDtDRvUFSL8/edit?usp=sharing&ouid=106690422347586185642&rtpof=true&sd=true), where you can find more information about the architecture and future plans for Galadriel. Comments and suggestions are welcome and highly appreciated. -### Community Presentations & Blog Posts -- SPIRE Bridge: an Alternative Approach to SPIFFE Federation - [Juliano Fantozzi](https://github.com/jufantozzi), [Maximiliano Churichi](https://github.com/mchurichi) / SPIFFE Community Day Fall 2022 (October 2022) / [video](https://www.youtube.com/watch?v=pHdOm4MdPHE), [slides](https://docs.google.com/presentation/d/1Cox9MNeZA1bD2aktg2HTMjcgGn_6Rbb0/edit?usp=sharing&ouid=106690422347586185642&rtpof=true&sd=true), [demo](https://github.com/HewlettPackard/galadriel/tree/v0.1.0/demos) -- Galadriel - A SPIRE Federation Alternative - [William Barrera Fuentes](https://github.com/wibarre) / HPE Developer Community (October 2022) / [blog post](https://developer.hpe.com/blog/galadriel-a-spire-federation-alternative/) +## Witness Examples -## Found a security issue? +- [Verify an Artifact Policy](https://github.com/testifysec/witness-examples/blob/main/keypair/README.md) +- [Using Fulcio as a Key Provider](https://github.com/testifysec/witness-examples/blob/main/keyless-fulcio/README.md) -Please refer to the [Security policy](./SECURITY.md) to learn more about security updates and reporting potential vulnerabilities. +## Media + +- [Blog/Video - Generating and Verifying Attestations With Witness](https://www.testifysec.com/blog/attestations-with-witness/) +- [Blog - What is a supply chain attestation, and why do I need it?](https://www.testifysec.com/blog/what-is-a-supply-chain-attestation/) +- [Talk - Securing the Software Supply Chain with the in-toto & SPIRE projects](https://www.youtube.com/watch?v=4lFbdkB62QI) +- [Talk - Securing the Software Supply Chain with SBOM and Attestation](https://www.youtube.com/watch?v=wX6aTZfpJv0) + +## Usage + +- [Run](docs/witness_run.md) - Runs the provided command and records attestations about the execution. +- [Sign](docs/witness_sign.md) - Signs the provided file with the provided key. +- [Verify](docs/witness_verify.md) - Verifies a witness policy. + +## TOC + +- [Witness - Secure Your Supply Chain](#witness---secure-your-supply-chain) + - [Witness enables you to:](#witness-enables-you-to) + - [Witness is a pluggable framework for supply chain security](#witness-is-a-pluggable-framework-for-supply-chain-security) + - [Key Features](#key-features) + - [How it works](#how-it-works) + - [Witness Examples](#witness-examples) + - [Media](#media) + - [Usage](#usage) + - [TOC](#toc) + - [Quick Start](#quick-start) + - [Download the Binary](#download-the-binary) + - [Create a Keypair](#create-a-keypair) + - [Create a Witness configuration](#create-a-witness-configuration) + - [Record attestations for a build step](#record-attestations-for-a-build-step) + - [View the attestation data in the signed DSSE Envelope](#view-the-attestation-data-in-the-signed-dsse-envelope) + - [Create a Policy File](#create-a-policy-file) + - [Replace the variables in the policy](#replace-the-variables-in-the-policy) + - [Sign The Policy File](#sign-the-policy-file) + - [Verify the Binary Meets Policy Requirements](#verify-the-binary-meets-policy-requirements) +- [Witness Attestors](#witness-attestors) + - [What is a witness attestor?](#what-is-a-witness-attestor) + - [Attestor Security Model](#attestor-security-model) + - [Attestor Life Cycle](#attestor-life-cycle) + - [Attestation Lifecycle](#attestation-lifecycle) + - [Attestor Types](#attestor-types) + - [Pre-material Attestors](#pre-material-attestors) + - [Material Attestors](#material-attestors) + - [Execute Attestors](#execute-attestors) + - [Product Attestors](#product-attestors) + - [Post-product Attestors](#post-product-attestors) + - [AttestationCollection](#attestationcollection) + - [Attestor Subjects](#attestor-subjects) + - [Witness Policy](#witness-policy) + - [What is a witness policy?](#what-is-a-witness-policy) + - [Witness Verification](#witness-verification) + - [Verification Lifecycle](#verification-lifecycle) + - [Using SPIRE for Keyless Signing](#using-spire-for-keyless-signing) + - [Support](#support) + +## Quick Start + +### Download the Binary +Download from the releases page or use the install script to download the latest release. + +[Releases](https://github.com/testifysec/witness/releases) +``` +bash <(curl -s https://raw.githubusercontent.com/testifysec/witness/main/install-witness.sh) +``` + + +### Create a Keypair + +> Witness supports keyless signing with [SPIRE](https://spiffe.io/)! + +``` +openssl genpkey -algorithm ed25519 -outform PEM -out testkey.pem +openssl pkey -in testkey.pem -pubout > testpub.pem +``` + +### Create a Witness configuration + +> - This file generally resides in your source code repository along with the public keys generated above. +> - `.witness yaml` is the default location for the configuration file +> - `witness help` will show all configuration options +> - command-line arguments overrides configuration file values. + +``` +## .witness.yaml + +run: + key: testkey.pem + trace: false +verify: + attestations: + - "test-att.json" + policy: policy-signed.json + publickey: testpub.pem +``` + +### Record attestations for a build step + +> - The `-a {attestor}` flag allows you to define which attestors run +> - ex. `-a maven -a gcp -a gitlab` would be used for a maven build running on a GitLab runner on GCP. +> - Defining step names is important, these will be used in the policy. +> - This should happen as a part of a CI step + +``` +witness run --step build -o test-att.json -- go build -o=testapp . +``` + +### View the attestation data in the signed DSSE Envelope + +> - This data can be stored and retrieved from Archivista +> - This is the data that is evaluated against the Rego policy + +``` +cat test-att.json | jq -r .payload | base64 -d | jq +``` + +### Create a Policy File + +Look [here](docs/policy.md) for full documentation on Witness Policies. + +> - Make sure to replace the keys in this file with the ones from the step above (sed command below). +> - Rego policies should be base64 encoded +> - Steps are bound to keys. Policy can be written to check the certificate data. For example, we can require a step is signed by a key with a specific `CN` attribute. +> - Witness will require all attestations to succeed +> - Witness will evaluate the rego policy against the JSON object in the corresponding attestor + +``` +## policy.json + +{ + "expires": "2023-12-17T23:57:40-05:00", + "steps": { + "build": { + "name": "build", + "attestations": [ + { + "type": "https://witness.dev/attestations/material/v0.1", + "regopolicies": [] + }, + { + "type": "https://witness.dev/attestations/command-run/v0.1", + "regopolicies": [] + }, + { + "type": "https://witness.dev/attestations/product/v0.1", + "regopolicies": [] + } + ], + "functionaries": [ + { + "publickeyid": "{{PUBLIC_KEY_ID}}" + } + ] + } + }, + "publickeys": { + "{{PUBLIC_KEY_ID}}": { + "keyid": "{{PUBLIC_KEY_ID}}", + "key": "{{B64_PUBLIC_KEY}}" + } + } +} +``` + +### Replace the variables in the policy + +``` +id=`sha256sum testpub.pem | awk '{print $1}'` && sed -i "s/{{PUBLIC_KEY_ID}}/$id/g" policy.json +pubb64=`cat testpub.pem | base64 -w 0` && sed -i "s/{{B64_PUBLIC_KEY}}/$pubb64/g" policy.json +``` + +### Sign The Policy File + +Keep this key safe, its owner will control the policy gates. + +``` +witness sign -f policy.json --key testkey.pem --outfile policy-signed.json +``` + +### Verify the Binary Meets Policy Requirements + +> This process works across air-gap as long as you have the signed policy file, correct binary, and public key or certificate authority corresponding to the private key that signed the policy. +> `witness verify` will return a `non-zero` exit and reason in the case of failure. Success will be silent with a `0` exit status +> for policies that require multiple steps, multiple attestations are required. + +``` +witness verify -f testapp -a test-att.json -p policy-signed.json -k testpub.pem +``` + +# Witness Attestors + +## What is a witness attestor? + +Witness attestors are pieces of code that assert facts about a system and store those facts in a versioned schema. Each attestor has a `Name`, `Type`, and `RunType`. The `Type` is a versioned string corresponding to the JSON schema of the attestation. For example, the AWS attestor is defined as follows: + +``` + Name = "aws" + Type = "https://witness.dev/attestations/aws/v0.1" + RunType = attestation.PreRunType +``` + +The attestation types are used when we evaluate policy against these attestations. + +## Attestor Security Model + +Attestations are only as secure as the data that feeds them. Where possible cryptographic material should be validated, evidence of validation should be included in the attestation for out-of-band validation. + +Examples of cryptographic validation is found in the [GCP](https://github.com/testifysec/witness/tree/main/pkg/attestation/gcp-iit), [AWS](https://github.com/testifysec/witness/blob/main/pkg/attestation/aws-iid/aws-iid.go), and [GitLab](https://github.com/testifysec/witness/tree/main/pkg/attestation/gitlab) attestors. + +## Attestor Life Cycle + +- **Pre-material:** Pre-material attestors run before any other attestors. These attestors generally collect information about the environment. + +- **Material:** Material attestors run after any prematerial attestors and prior to any execute attestors. Generally these collect information about state that may change after any execute attestors, such as file hashes. + +- **Execute:**: Execute attestors run after any material attestors and generally record information about some command or process that is to be executed. + +- **Product:** Product attestors run after any execute attestors and generally record information about what changed during the execute lifecycle step, such as changed or created files. + +- **Post-product:** Post-product attestors run after product attestors and generally record some additional information about specific products, such as OCI image information from a saved image tarball. + +### Attestation Lifecycle + +![](docs/assets/attestation.png) + +## Attestor Types + +### Pre-material Attestors +- [AWS](docs/attestors/aws-iid.md) - Attestor for AWS Instance Metadata +- [GCP](docs/attestors/gcp-iit.md) - Attestor for GCP Instance Identity Service +- [GitLab](docs/attestors/gitlab.md) - Attestor for GitLab Pipelines +- [Git](docs/attestors/git.md) - Attestor for Git Repository +- [Maven](docs/attestors/maven.md) Attestor for Maven Projects +- [Environment](docs/attestors/environment.md) - Attestor for environment variables (**_be careful with this - there is no way to mask values yet_**) +- [JWT](docs/attestors/jwt.md) - Attestor for JWT Tokens + +### Material Attestors +- [Material](docs/attestors/material.md) - Records secure hashes of files in current working directory + +### Execute Attestors +- [CommandRun](docs/attestors/commandrun.md) - Records traces and metadata about the actual process being run + +### Product Attestors +- [Product](docs/attestors/product.md) - Records secure hashes of files produced by commandrun attestor (only detects new files) + +### Post-product Attestors + +- [OCI](docs/attestors/oci.md) - Attestor for tar'd OCI images + +### AttestationCollection + +An `attestationCollection` is a collection of attestations that are cryptographically bound together. Because the attestations are bound together, we can trust that they all happened as part of the same attesation life cycle. Witness policy defines which attestations are required. + +### Attestor Subjects + +Attestors define subjects that act as lookup indexes. The attestationCollection can be looked up by any of the subjects defined by the attestors. + +## Witness Policy + +### What is a witness policy? + +A witness policy is a signed document that encodes the requirements for an artifact to be validated. A witness policy includes public keys for trusted functionaries, which attestations must be found, and rego policy to evaluate against the attestation meta-data. + +A witness policy allows administrators to trace the compliance status of an artifact at any point during its lifecycle. + +## Witness Verification + +### Verification Lifecycle + +![](docs/assets/verification.png) + +## Using [SPIRE](https://github.com/spiffe/spire) for Keyless Signing + +Witness can consume ephemeral keys from a [SPIRE](https://github.com/spiffe/spire) node agent. Configure witness with the flag `--spiffe-socket` to enable keyless signing. + +During the verification process witness will use a source of trusted time such as a timestamp from a timestamp authority to make a determination on certificate validity. The SPIRE certificate only needs to remain valid long enough for a timestamp to be created. + + +## Support + +[TestifySec](https://testifysec.com) Provides support for witness and other CI security tools. +[Contact Us](mailto:info@testifysec.com) diff --git a/get_certs.sh b/get_certs.sh new file mode 100755 index 00000000..890eece9 --- /dev/null +++ b/get_certs.sh @@ -0,0 +1,38 @@ +#!/bin/bash + +url="https://fulcio.sigstore.dev/api/v2/trustBundle" +response=$(curl -s "$url") +certs=$(echo "$response" | jq -r '.chains[].certificates[]') + +count=1 +buffer="" + +IFS=$'\n' +for line in $certs; do + if [[ $line == "-----BEGIN CERTIFICATE-----" ]]; then + if [ ! -z "$buffer" ]; then + echo -e "$buffer" > "certificate_$count.pem" + count=$((count+1)) + buffer="" + fi + fi + buffer="$buffer\n$line" +done + +if [ ! -z "$buffer" ]; then + echo -e "$buffer" > "certificate_$count.pem" +fi + +if [ -f "certificate_1.pem" ]; then + echo "Assuming certificate_1.pem is the root certificate." + mv "certificate_1.pem" "root.pem" +else + echo "Error: certificate_1.pem not found." +fi + +if [ -f "certificate_2.pem" ]; then + echo "Assuming certificate_2.pem is the intermediate certificate." + mv "certificate_2.pem" "intermediate.pem" +else + echo "Error: certificate_2.pem not found." +fi diff --git a/script.sh b/script.sh new file mode 100755 index 00000000..c56ab607 --- /dev/null +++ b/script.sh @@ -0,0 +1,64 @@ +#!/bin/bash + + +# ##Step Variables + +COMMIT=62a05fc10707785b3897204afe4945e57778cf2bbf9ce70e4399570b14e9e0c7 +SCORE=53ea1058003205b374f86a60785b34d571b76bf64883f8d4d966614a335b17fb +SCAN=353ed220f2edae7f0194c39818a795f8bb1555795fccbc691b79d7dd384656ff +CONTAINER_BUILD=cbff518f9c9fb1d215fa12122f1be87fbd418bb9c6cb67cb450c912b17dfa333 +BINARY_BUILD=4f2816f7dc0d8e21b4025cf0ff64b64e075c1edce0d85be3dc5a7c64ba38db35 + + +mkdir -p .witness + +SIGSTORE_ROOT=.witness/root.pem +SIGSTORE_INTERMEDIATE=.witness/intermediate.pem + +# Get Certs from Fulcio +./get_certs.sh && mv root.pem ${SIGSTORE_ROOT} && mv intermediate.pem ${SIGSTORE_INTERMEDIATE} + +# Create policy +policy-tool create -x=$COMMIT -r $SIGSTORE_ROOT -i $SIGSTORE_INTERMEDIATE --constraint-emails colek42@gmail.com -x $SCORE -r $SIGSTORE_ROOT -i $SIGSTORE_INTERMEDIATE -x $SCAN -r $SIGSTORE_ROOT -i $SIGSTORE_INTERMEDIATE -y .witness/sticky.yaml -x $CONTAINER_BUILD -r $SIGSTORE_ROOT -i $SIGSTORE_INTERMEDIATE -y .witness/sticky.yaml -t https://freetsa.org/files/cacert.pem > .witness/policy.json + +# Create RSA public-private key pair for policy signing +openssl genrsa -out .witness/policy.key 2048 +openssl rsa -in .witness/policy.key -pubout -out .witness/policy.pub + +# Sign policy +witness sign -f .witness/policy.json -k .witness/policy.key -o .witness/policy-signed.json + + +# Verify commit +echo "Verifying by the commit" +witness verify -s 1e64684f8230fe662c384d0b1108ed6ec5ac36ee -p .witness/policy-signed.json -k .witness/policy.pub --enable-archivista + +# Verify the container build by image ID +echo "Verifying by the container imageID" +witness verify -s 9efbee1c55fd477d97e8be2f625cdbf66ba5618c6797e7effdcfb56e56ef2adc -p .witness/policy-signed.json -k .witness/policy.pub --enable-archivista + +# # Create policy for binary build +policy-tool create -x $COMMIT -r $SIGSTORE_ROOT -i $SIGSTORE_INTERMEDIATE --constraint-emails colek42@gmail.com -x $SCORE -r $SIGSTORE_ROOT -i $SIGSTORE_INTERMEDIATE -x $SCAN -r $SIGSTORE_ROOT -i $SIGSTORE_INTERMEDIATE -x $BINARY_BUILD -r $SIGSTORE_ROOT -i $SIGSTORE_INTERMEDIATE -t https://freetsa.org/files/cacert.pem > .witness/policy-bin.json + +# # Sign policy for binary build +witness sign -f .witness/policy-bin.json -k .witness/policy.key -o .witness/policy-bin-signed.json + +if [[ ! -d "dist" ]]; then + echo "dist folder does not exist" + echo "Please download the binaries from release step and unzip them to dist folder" + echo "https://github.com/testifysec/galadriel/actions" + exit 1 +fi + +# # Recurse through dist folder and verify each binary without an extension +find ./dist -type f | while read FILE +do + # Exclude config.yaml since it is common + if [[ $FILE == *"config.yaml"* ]]; then + continue + fi + + # Run witness verify on the file + echo "Verifying $FILE" + witness verify -f $FILE -p .witness/policy-bin-signed.json -k .witness/policy.pub --enable-archivista +done \ No newline at end of file From caf267168b4f5bb6ad1e28af9c6c759ebcd159c7 Mon Sep 17 00:00:00 2001 From: Cole Kennedy Date: Wed, 19 Apr 2023 11:49:30 -0500 Subject: [PATCH 07/12] change policy expire --- .witness/policy-bin-signed.json | 2 +- .witness/policy-bin.json | 2 +- .witness/policy-signed.json | 2 +- .witness/policy.json | 2 +- .witness/policy.pub | 14 +++++++------- script.sh | 2 +- 6 files changed, 12 insertions(+), 12 deletions(-) diff --git a/.witness/policy-bin-signed.json b/.witness/policy-bin-signed.json index 418ea6f9..dd2cb63b 100644 --- a/.witness/policy-bin-signed.json +++ b/.witness/policy-bin-signed.json @@ -1 +1 @@ -{"payload":"ewogICJleHBpcmVzIjogIjIwMjMtMDQtMTlUMDM6MTY6MzMuNDk2NTAyMzcxLTA1OjAwIiwKICAicm9vdHMiOiB7CiAgICAiMzhmZTI0MDEyYzNmM2VkMTkwNzIzMmVlODRjNDUwMDI1OTdmZTEzMmQyMjQxMzFkYTA4ZTk5YjY2NWYxMTExNyI6IHsKICAgICAgImNlcnRpZmljYXRlIjogIkNpMHRMUzB0UWtWSFNVNGdRMFZTVkVsR1NVTkJWRVV0TFMwdExRcE5TVWxEUjJwRFEwRmhSMmRCZDBsQ1FXZEpWVUZNYmxacFZtWnVWVEJpY2twaGMyMVNhMGh5Ymk5VmJtWmhVWGREWjFsSlMyOWFTWHBxTUVWQmQwMTNDa3RxUlZaTlFrMUhRVEZWUlVOb1RVMWpNbXh1WXpOU2RtTnRWWFZhUjFZeVRWSkZkMFIzV1VSV1VWRkVSWGRvZW1GWFpIcGtSemw1V2xSQlpVWjNNSGtLVFdwQk1FMVVUWGxOUkVFeVRWUldZVVozTUhwTlZFVjNUVVJWZUUxNlZUSk9WR2hoVFVSamVFWlVRVlJDWjA1V1FrRnZWRVJJVG5CYU0wNHdZak5LYkFwTWJWSnNaR3BGWlUxQ2QwZEJNVlZGUVhoTlZtTXliRzVqTTFKMlkyMVZkR0ZYTlRCYVdFcDBXbGRTY0ZsWVVteE5TRmwzUlVGWlNFdHZXa2w2YWpCRENrRlJXVVpMTkVWRlFVTkpSRmxuUVVVNFVsWlRMM2x6U0N0T1QzWjFSRnA1VUVsYWRHbHNaMVZHT1U1c1lYSlpjRUZrT1VoUU1YWkNRa2d4VlRWRFZqY0tOMHhUVXpkek1GcHBTRFJ1UlRkSWRqZHdkRk0yVEhaMlVpOVRWR3MzT1RoTVZtZE5la3hzU2pSSVpVbG1Sak4wU0ZOaFpYaE1ZMWx3VTBGVGNqRnJVd293VGk5U1owSktlaTg1YWxkRGFWaHViek56ZDJWVVFVOUNaMDVXU0ZFNFFrRm1PRVZDUVUxRFFWRlpkMFYzV1VSV1VqQnNRa0YzZDBObldVbExkMWxDQ2tKUlZVaEJkMDEzUldkWlJGWlNNRlJCVVVndlFrRm5kMEpuUlVJdmQwbENRVVJCWkVKblRsWklVVFJGUm1kUlZUTTVVSEI2TVZsclJWcGlOWEZPYW5BS1MwWlhhWGhwTkZsYVJEaDNTSGRaUkZaU01HcENRbWQzUm05QlZWZE5RV1ZZTlVaR2NGZGhjR1Z6ZVZGdldrMXBNRU55Um5obWIzZERaMWxKUzI5YVNRcDZhakJGUVhkTlJGcDNRWGRhUVVsM1VFTnpVVXMwUkZscFdsbEVVRWxoUkdrMVNFWkxibVo0V0hnMlFWTlRWbTFGVW1aemVXNVpRbWxZTWxnMlUwcFNDbTVhVlRnMEx6bEVXbVJ1Um5aMmVHMUJha0pQZERaUmNFSnNZelJLTHpCRWVIWnJWRU54Y0dOc2RucHBURFpDUTBOUWJtcGtiRWxDTTFCMU0wSjRjMUFLYlhsblZWazNTV2t5ZW1Ka1EyUnNhV2x2ZHowS0xTMHRMUzFGVGtRZ1EwVlNWRWxHU1VOQlZFVXRMUzB0TFFvPSIsCiAgICAgICJpbnRlcm1lZGlhdGVzIjogWwogICAgICAgICJDaTB0TFMwdFFrVkhTVTRnUTBWU1ZFbEdTVU5CVkVVdExTMHRMUXBOU1VsQ09YcERRMEZZZVdkQmQwbENRV2RKVlVGTVdrNUJVRVprZUVoUWQycGxSR3h2UkhkNVdVTm9RVTh2TkhkRFoxbEpTMjlhU1hwcU1FVkJkMDEzQ2t0cVJWWk5RazFIUVRGVlJVTm9UVTFqTW14dVl6TlNkbU50VlhWYVIxWXlUVkpGZDBSM1dVUldVVkZFUlhkb2VtRlhaSHBrUnpsNVdsUkJaVVozTUhrS1RWUkZkMDFFWTNoTmVsVXlUbFJzWVVaM01IcE5WRVYzVFVSVmVFMTZWVEpPVkdoaFRVTnZlRVpVUVZSQ1owNVdRa0Z2VkVSSVRuQmFNMDR3WWpOS2JBcE1iVkpzWkdwRlVrMUJPRWRCTVZWRlFYaE5TV015Ykc1ak0xSjJZMjFWZDJScVFWRkNaMk54YUd0cVQxQlJTVUpDWjFWeVoxRlJRVWxuVG1sQlFWUTNDbGhsUmxRMGNtSXpVRkZIZDFNMFNXRnFkRXhyTXk5UGJHNXdaMkZ1WjJGQ1kyeFpjSE5aUW5JMWFTczBlVzVDTURkalpXSXpURkF3VDBsUFdtUjRaWGdLV0RZNVl6VnBWblY1U2xKUkswaDZNRFY1YVN0VlJqTjFRbGRCYkVod2FWTTFjMmd3SzBneVIwaEZOMU5ZY21zeFJVTTFiVEZVY2pFNVREbG5aemt5YWdwWmVrSm9UVUUwUjBFeFZXUkVkMFZDTDNkUlJVRjNTVUpDYWtGUVFtZE9Wa2hTVFVKQlpqaEZRbFJCUkVGUlNDOU5RakJIUVRGVlpFUm5VVmRDUWxKWkNuZENOV1pyVlZkc1duRnNObnBLUTJocmVVeFJTM05ZUml0cVFXWkNaMDVXU0ZOTlJVZEVRVmRuUWxKWmQwSTFabXRWVjJ4YWNXdzJla3BEYUd0NVRGRUtTM05ZUml0cVFVdENaMmR4YUd0cVQxQlJVVVJCZDA1d1FVUkNiVUZxUlVGcU1XNUlaVmhhY0NzeE0wNVhRazVoSzBWRWMwUlFPRWN4VjFkbk1YUkRUUXBYVUM5WFNGQnhjR0ZXYnpCcWFITjNaVTVHV21kVGN6QmxSVGQzV1VrMGNVRnFSVUV5VjBJNWIzUTVPSE5KYTI5R00zWmFXV1JrTXk5V2RGZENOV0k1Q2xST1RXVmhOMGw0TDNOMFNqVlVabU5NVEdWQlFreEZORUpPU2s5elVUUjJia0pJU2dvdExTMHRMVVZPUkNCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2c9PSIKICAgICAgXQogICAgfQogIH0sCiAgInRpbWVzdGFtcGF1dGhvcml0aWVzIjogewogICAgIjIxNTFiNjExMzdmZmE4NmJmNjY0NjkxYmE2N2U3ZGEwYjE5Zjk4Yzc1OGUzZDIyOGQ1ZDhlYmYyN2UwNDQ0MzgiOiB7CiAgICAgICJjZXJ0aWZpY2F0ZSI6ICJMUzB0TFMxQ1JVZEpUaUJEUlZKVVNVWkpRMEZVUlMwdExTMHRDazFKU1VndmVrTkRRbVZsWjBGM1NVSkJaMGxLUVUxSWNHaG9XVTV4VDIxQlRVRXdSME5UY1VkVFNXSXpSRkZGUWtSUlZVRk5TVWRXVFZKRmQwUjNXVVFLVmxGUlMwVjNhRWRqYlZac1NVWlNWRkZVUlZGTlFUUkhRVEZWUlVONFRVaFZiVGwyWkVOQ1JGRlVSVmxOUWxsSFFURlZSVUY0VFZCa00yUXpURzFhZVFwYVYxWXdZekpGZFdJelNtNU5VMGwzU1VGWlNrdHZXa2xvZG1OT1FWRnJRa1pvVG1sa1dFNXdZa2RXTmxsWVRrRmFNakZvWVZkM2RWa3lPWFJOVWtsM0NrVkJXVVJXVVZGSVJYZHNXR1JYVm5sbGJVb3hZMjFqZUVSNlFVNUNaMDVXUWtGblZFSnJTbWhsVjFaNVltcEZURTFCYTBkQk1WVkZRbWhOUTFKRlZYY0tTR2hqVGsxVVdYZE5la1Y2VFVSRk1VMXFSWHBYYUdOT1RrUkZkMDE2UVROTlJFVXhUV3BGZWxkcVEwSnNWRVZTVFVFNFIwRXhWVVZEYUUxSlVtNUtiQXBhVTBKVlZUQkZlRVZFUVU5Q1owNVdRa0Z6VkVJeFNuWmlNMUZuVVRCRmVFZEVRVmRDWjA1V1FrRk5WRVF6WkROa2VUVnRZMjFXYkdSSVRtaE1iVGw1Q2xwNlJXbE5RMEZIUTFOeFIxTkpZak5FVVVWS1FWSlpWRmx1Vm5waFYzaHNaVzFHZWxGSFpIUlpWMnh6VEcxT2RtSlVSVk5OUWtGSFFURlZSVUo0VFVvS1ZqTldiR051Y0dsa1dFcHVUVkU0ZDBSUldVUldVVkZKUlhkYVExbFliR3hqYlRSNFEzcEJTa0puVGxaQ1FWbFVRV3RTUmsxSlNVTkpha0ZPUW1kcmNRcG9hMmxIT1hjd1FrRlJSVVpCUVU5RFFXYzRRVTFKU1VORFowdERRV2RGUVhSblMwOUVha0Y1T0ZKRlVUSlhWRTV4VlhWa1FXNXFhR3hEY25CRk5uRnNDbTFSWms1d2NHVlViVloyV25KSU5IcDFkRzRyVG5kVVlVaEJSM0JxVTBkMk5DOVhVbkJhTVhkYU0wSlNXalZ0VUZWQ1dubE1aM0V3V1hKSlpsRTFSbmdLTUhNdlRWSmFVSHBqTVhJemJFdFhjazFTT1hOQlVYZzBiVTQwZWpFeGVFWkZUelV5T1V3d1pFWkthbEJHT1UxRU9FZHdaREptWlZkNlIzbHdkR3hsYkFwaUsxQnhWQ3NySzJaUFlUSnZXVEFyVG1GTlRUZHNMM2hqVGtoUVQyRk5lakF2TW05c2F6QnBNakpvWWt0bFZtaDJiMnRRUTNGb1JtaDZjM1ZvUzNOdENuRTBUMll2Ynl0ME5tUkpOM040Tldnd2JsQk5iVFJuUjFOU2FHWnhLM28yUWxSU1owTnljVkZITWtaUFRHOVdSbWQwTm1sSmJTOUNiazVtWmxWeU4xWUtSRmxrTTNwYWJVbDNSazlxTDBnelJFdEliMGRwYXk5NFN6TkZPREpaUVRKYWRXeFdUMFpTVnk5NmFqUkJjR3BRWVRWUFJtSndTV3RrTUhCdGVuaDZaQXBGWTB3ME56bG9VMEU1WkVacGVWWnRVM2hRZEZrMWVtVXhVQ3RDUlRsaVRWVXhVRk5qY0ZKNmR6aE5TRVpZZUhsTGNWY3hNMUYyTjB4WGR6UnpZbXN6Q2xOamFVSTNSMEZEWWxGcFZrZDZaMnQyV0VjMmVUZzFTRTkxZGxkT2RrTTFSMHhUYVhsUU9VZHNVRUl3VmpZNGRHSjRlalJLVmxSU1pIY3ZXRzR2V0ZRS1JrNTZVa0pOTTJOeE9HeENUMEZXZEM5UVFWZzFLM1ZHWTNZeFV6bDNSa1U0V1dwaFFtWlhRMUF4YW1SQ2FXd3JZelJsS3pCMFpIbDNWREp2U20xWlFncENSaTlyUlhReGQyMUhkMDF0U0hWdVRrVjFVVTU2YURGR2RFcFpOVFJvWWxWbWFWZHBNemh0UVZORk4zaE5kRTFvWm1vdlF6UlRkbUZ3YVVST09ETTNDbWRaWVZCbWN6aDRNMHRhZUdKWU4wTXpXVUZ6Um01S2FXNXNkMEZWYzNNeFptUkxZWEk0VVM5WlZuTTNTQzl1VlRSak5FbDRlSGg2TkdZMk4yWmpWbkVLVFRKSlZFdGxiblJpUTAxRFFYZEZRVUZoVDBOQmF6UjNaMmRLUzAxQmQwZEJNVlZrUlhkUlJrMUJUVUpCWmpoM1JHZFpSRlpTTUZCQlVVZ3ZRa0ZSUkFwQlowaEhUVUl3UjBFeFZXUkVaMUZYUWtKVU5sWlJNazFPUjFwU1VUQjZNelUzVDI1aVNsZDJaWFZoYTJ4NlEwSjVaMWxFVmxJd2FrSkpTRU5OU1VjdkNtZENWRFpXVVRKTlRrZGFVbEV3ZWpNMU4wOXVZa3BYZG1WMVlXdHNOa2RDYlRaVFFtMUVRMEpzVkVWU1RVRTRSMEV4VlVWRGFFMUpVbTVLYkZwVFFsVUtWVEJGZUVWRVFVOUNaMDVXUWtGelZFSXhTblppTTFGblVUQkZlRWRFUVZkQ1owNVdRa0ZOVkVRelpETmtlVFZ0WTIxV2JHUklUbWhNYlRsNVducEZhUXBOUTBGSFExTnhSMU5KWWpORVVVVktRVkpaVkZsdVZucGhWM2hzWlcxR2VsRkhaSFJaVjJ4elRHMU9kbUpVUlZOTlFrRkhRVEZWUlVKNFRVcFdNMVpzQ21OdWNHbGtXRXB1VFZFNGQwUlJXVVJXVVZGSlJYZGFRMWxZYkd4amJUUjRRM3BCU2tKblRsWkNRVmxVUVd0U1JtZG5hMEYzWlcxSFJtY3lielpaUVhjS1RYZFpSRlpTTUdaQ1EzZDNTMnBCYjI5RFlXZEtTVmxwWVVoU01HTkViM1pNTTJRelpIazFiV050Vm14a1NFNW9URzA1ZVZwNU9YbGlNamt3V0RKT2FBcE1iVTU1WWtSRFFucDNXVVJXVWpCblFrbElTRTFKU0VWTlNVaENRbWR2Y2tKblJVVkJXVWg1U2tGRlFrMUpSM2xOUkUxSFEwTnpSMEZSVlVaQ2QwbENDa1pwWkc5a1NGSjNUMms0ZG1RelpETk1iVnA1V2xkV01HTXlSWFZpTTBwdVRESmFlVnBYVmpCak1rWm1XVE5DZWt4dGFEQmlWM2QzVFdkWlNVdDNXVUlLUWxGVlNFRm5SVmRLYldnd1pFaEJOa3g1T1ROa00yTjFXbTVLYkZwWVVucFpVelYyWTIxamRscHVTbXhhV0ZKNldWWTVhbU5JVFhWalIxSnRUVVZqUndwRFEzTkhRVkZWUmtKM1NVTk5SSE5oVDFWYWVWcFhWbFZWTUVWblpFaEtNV016VW14YVEwSXdZVmN4YkdNelVtaGlXRUp3WW0xaloxVXlPVzFrU0dSb0NtTnRWV2RaV0UxbldWTkNWRnBZU2pKaFYwNXNTVU5vVkZsWFJsUkxWRUV6UW1kbmNrSm5SVVpDVVdOQ1FWRlJjazFEYTNkS2QxbEpTM2RaUWtKUlZVZ0tUVUZIUjBjeWFEQmtTRUUyVEhrNU0yUXpZM1ZhYmtwc1dsaFNlbGxUTlhaamJXTTJUV3BWTWsxRVFVNUNaMnR4YUd0cFJ6bDNNRUpCVVRCR1FVRlBRd3BCWjBWQllVczVLM1kxVDBaWmRUbE5ObnAwV1VNclREWTVjM2N4YjIxa2VXeHBPRGxzV2tGbWNGZE5UV2c1UTFKdFNtaE5Oa3RDY1UwdmFYQjNiMHgwQ201NGVYaEhjMkpEVUdoalVXcDFWSFo2YlN0NWJFNDJWbmRVVFcxSmJGWjVWbE5NUzFsYVkyUlRhblF2WlVOVlRpczBNVXMzYzBRM1IxWnRlRnBDUVVZS1NVeHVRa1J0VkVkS2JVeHJjbFV3UzNWMVNYQnFPR3hKTDBVMldqWk9ibTExVURJclVrRlJVMGh6WmtKUmFUWnpjM051V0Uxdk5FaFBWelZuZEZCUE53cG5SSEpWY0ZaWVNVUXJLekZRTkZodVpHdHZTMjQzVTNaM05XNHdlbE01Wm5ZeGFIaENZMWxKU0ZCUVVWVjZaVEoxTXpCaVFWRjBNRzR3YVVsNVVreDZDbUZYZFdoMGNFRjBaRGRtWm5kRllrRlRaM3BDTjBVclRrZEdOSFJ3VmpNM1pUaExhVUV5ZUdsSFUxSnhWRFZ1WkhVeU9HWm5jRTlaT0RkblJETkJjbG9LUkdOMFduWjJWRU5tU0dSQlV6VnJSVTh6WjI1SFIyVmFSVlpNUkcxbVJYTjJPRlJIU21FelFXeHFWbUUxUlRRd1NWRkVjMVZZY0ZGTWFUaEhLMVZETkFveFJGZGFkVGhGVmxRMGNtNVpZVU4zTVZaWU4xTm9UMUl4VUU1RFEzWnFZamhUT0hSbVpIVmtaRGw2YUZVelowVkNNSEo0WkdWVWVURjBWbUpPVEZoWENqazVlVGt3ZUdOM2NqRmFTVVJWZDAwdmVGRXZibTlQT0VaU2FHMHdURzlRUXpjelJXWXJTalJhUW1SeWRsZDNZWFZHTTNwS1pUTXpaRFJwWW5oRlkySUtPQzl3ZWpWWGVrWnJaV2w0V1UweWJuTklhSEZJYzBKTGR6ZEtVRzkxUzA1WVVtNXNOVWxCUlRGbFJtMXhSSGxETjBjdlZsUTNUMFkyTmpsNFRUWm9ZZ3BWZERWSE1qRktSVFJqVGtzMlRrNTFZMU1yWm5wbk1VcFFXREFyTTFab2MxbGFhbW8zUkRWMWJHcFNkbEZZY2tvNGFVaG5jaTlOTm1veWIweElkbFJCQ2treVRVeGtjVEp4YWxwR1JFOURXSE40UW5oS2NHSnRURWRDZURsdmR6WmFaWEpzVlhoNmQzTXlRVmQyTW5CclBRb3RMUzB0TFVWT1JDQkRSVkpVU1VaSlEwRlVSUzB0TFMwdENnPT0iCiAgICB9CiAgfSwKICAic3RlcHMiOiB7CiAgICAiYnVpbGQiOiB7CiAgICAgICJuYW1lIjogImJ1aWxkIiwKICAgICAgImZ1bmN0aW9uYXJpZXMiOiBbCiAgICAgICAgewogICAgICAgICAgInR5cGUiOiAicm9vdCIsCiAgICAgICAgICAiY2VydENvbnN0cmFpbnQiOiB7CiAgICAgICAgICAgICJjb21tb25uYW1lIjogIioiLAogICAgICAgICAgICAiZG5zbmFtZXMiOiBbCiAgICAgICAgICAgICAgIioiCiAgICAgICAgICAgIF0sCiAgICAgICAgICAgICJlbWFpbHMiOiBbCiAgICAgICAgICAgICAgIioiCiAgICAgICAgICAgIF0sCiAgICAgICAgICAgICJvcmdhbml6YXRpb25zIjogWwogICAgICAgICAgICAgICIqIgogICAgICAgICAgICBdLAogICAgICAgICAgICAidXJpcyI6IFsKICAgICAgICAgICAgICAiKiIKICAgICAgICAgICAgXSwKICAgICAgICAgICAgInJvb3RzIjogWwogICAgICAgICAgICAgICIzOGZlMjQwMTJjM2YzZWQxOTA3MjMyZWU4NGM0NTAwMjU5N2ZlMTMyZDIyNDEzMWRhMDhlOTliNjY1ZjExMTE3IgogICAgICAgICAgICBdCiAgICAgICAgICB9CiAgICAgICAgfSwKICAgICAgICB7CiAgICAgICAgICAidHlwZSI6ICJyb290IiwKICAgICAgICAgICJjZXJ0Q29uc3RyYWludCI6IHsKICAgICAgICAgICAgImNvbW1vbm5hbWUiOiAiKiIsCiAgICAgICAgICAgICJkbnNuYW1lcyI6IFsKICAgICAgICAgICAgICAiKiIKICAgICAgICAgICAgXSwKICAgICAgICAgICAgImVtYWlscyI6IFsKICAgICAgICAgICAgICAiKiIKICAgICAgICAgICAgXSwKICAgICAgICAgICAgIm9yZ2FuaXphdGlvbnMiOiBbCiAgICAgICAgICAgICAgIioiCiAgICAgICAgICAgIF0sCiAgICAgICAgICAgICJ1cmlzIjogWwogICAgICAgICAgICAgICIqIgogICAgICAgICAgICBdLAogICAgICAgICAgICAicm9vdHMiOiBbCiAgICAgICAgICAgICAgIjM4ZmUyNDAxMmMzZjNlZDE5MDcyMzJlZTg0YzQ1MDAyNTk3ZmUxMzJkMjI0MTMxZGEwOGU5OWI2NjVmMTExMTciLAogICAgICAgICAgICAgICIzOGZlMjQwMTJjM2YzZWQxOTA3MjMyZWU4NGM0NTAwMjU5N2ZlMTMyZDIyNDEzMWRhMDhlOTliNjY1ZjExMTE3IgogICAgICAgICAgICBdCiAgICAgICAgICB9CiAgICAgICAgfQogICAgICBdLAogICAgICAiYXR0ZXN0YXRpb25zIjogWwogICAgICAgIHsKICAgICAgICAgICJ0eXBlIjogImh0dHBzOi8vd2l0bmVzcy5kZXYvYXR0ZXN0YXRpb25zL2Vudmlyb25tZW50L3YwLjEiLAogICAgICAgICAgInJlZ29wb2xpY2llcyI6IFtdCiAgICAgICAgfSwKICAgICAgICB7CiAgICAgICAgICAidHlwZSI6ICJodHRwczovL3dpdG5lc3MuZGV2L2F0dGVzdGF0aW9ucy9naXQvdjAuMSIsCiAgICAgICAgICAicmVnb3BvbGljaWVzIjogW10KICAgICAgICB9LAogICAgICAgIHsKICAgICAgICAgICJ0eXBlIjogImh0dHBzOi8vd2l0bmVzcy5kZXYvYXR0ZXN0YXRpb25zL2dpdGh1Yi92MC4xIiwKICAgICAgICAgICJyZWdvcG9saWNpZXMiOiBbXQogICAgICAgIH0sCiAgICAgICAgewogICAgICAgICAgInR5cGUiOiAiaHR0cHM6Ly93aXRuZXNzLmRldi9hdHRlc3RhdGlvbnMvbWF0ZXJpYWwvdjAuMSIsCiAgICAgICAgICAicmVnb3BvbGljaWVzIjogW10KICAgICAgICB9LAogICAgICAgIHsKICAgICAgICAgICJ0eXBlIjogImh0dHBzOi8vd2l0bmVzcy5kZXYvYXR0ZXN0YXRpb25zL2NvbW1hbmQtcnVuL3YwLjEiLAogICAgICAgICAgInJlZ29wb2xpY2llcyI6IFtdCiAgICAgICAgfSwKICAgICAgICB7CiAgICAgICAgICAidHlwZSI6ICJodHRwczovL3dpdG5lc3MuZGV2L2F0dGVzdGF0aW9ucy9wcm9kdWN0L3YwLjEiLAogICAgICAgICAgInJlZ29wb2xpY2llcyI6IFtdCiAgICAgICAgfQogICAgICBdCiAgICB9LAogICAgImNvbW1pdCI6IHsKICAgICAgIm5hbWUiOiAiY29tbWl0IiwKICAgICAgImZ1bmN0aW9uYXJpZXMiOiBbCiAgICAgICAgewogICAgICAgICAgInR5cGUiOiAicm9vdCIsCiAgICAgICAgICAiY2VydENvbnN0cmFpbnQiOiB7CiAgICAgICAgICAgICJjb21tb25uYW1lIjogIioiLAogICAgICAgICAgICAiZG5zbmFtZXMiOiBbCiAgICAgICAgICAgICAgIioiCiAgICAgICAgICAgIF0sCiAgICAgICAgICAgICJlbWFpbHMiOiBbCiAgICAgICAgICAgICAgImNvbGVrNDJAZ21haWwuY29tIgogICAgICAgICAgICBdLAogICAgICAgICAgICAib3JnYW5pemF0aW9ucyI6IFsKICAgICAgICAgICAgICAiKiIKICAgICAgICAgICAgXSwKICAgICAgICAgICAgInVyaXMiOiBbCiAgICAgICAgICAgICAgIioiCiAgICAgICAgICAgIF0sCiAgICAgICAgICAgICJyb290cyI6IFsKICAgICAgICAgICAgICAiMzhmZTI0MDEyYzNmM2VkMTkwNzIzMmVlODRjNDUwMDI1OTdmZTEzMmQyMjQxMzFkYTA4ZTk5YjY2NWYxMTExNyIKICAgICAgICAgICAgXQogICAgICAgICAgfQogICAgICAgIH0KICAgICAgXSwKICAgICAgImF0dGVzdGF0aW9ucyI6IFsKICAgICAgICB7CiAgICAgICAgICAidHlwZSI6ICJodHRwczovL3dpdG5lc3MuZGV2L2F0dGVzdGF0aW9ucy9naXQvdjAuMSIsCiAgICAgICAgICAicmVnb3BvbGljaWVzIjogW10KICAgICAgICB9LAogICAgICAgIHsKICAgICAgICAgICJ0eXBlIjogImh0dHBzOi8vd2l0bmVzcy5kZXYvYXR0ZXN0YXRpb25zL21hdGVyaWFsL3YwLjEiLAogICAgICAgICAgInJlZ29wb2xpY2llcyI6IFtdCiAgICAgICAgfSwKICAgICAgICB7CiAgICAgICAgICAidHlwZSI6ICJodHRwczovL3dpdG5lc3MuZGV2L2F0dGVzdGF0aW9ucy9wcm9kdWN0L3YwLjEiLAogICAgICAgICAgInJlZ29wb2xpY2llcyI6IFtdCiAgICAgICAgfQogICAgICBdCiAgICB9LAogICAgInNjYW4iOiB7CiAgICAgICJuYW1lIjogInNjYW4iLAogICAgICAiZnVuY3Rpb25hcmllcyI6IFsKICAgICAgICB7CiAgICAgICAgICAidHlwZSI6ICJyb290IiwKICAgICAgICAgICJjZXJ0Q29uc3RyYWludCI6IHsKICAgICAgICAgICAgImNvbW1vbm5hbWUiOiAiKiIsCiAgICAgICAgICAgICJkbnNuYW1lcyI6IFsKICAgICAgICAgICAgICAiKiIKICAgICAgICAgICAgXSwKICAgICAgICAgICAgImVtYWlscyI6IFsKICAgICAgICAgICAgICAiKiIKICAgICAgICAgICAgXSwKICAgICAgICAgICAgIm9yZ2FuaXphdGlvbnMiOiBbCiAgICAgICAgICAgICAgIioiCiAgICAgICAgICAgIF0sCiAgICAgICAgICAgICJ1cmlzIjogWwogICAgICAgICAgICAgICIqIgogICAgICAgICAgICBdLAogICAgICAgICAgICAicm9vdHMiOiBbCiAgICAgICAgICAgICAgIjM4ZmUyNDAxMmMzZjNlZDE5MDcyMzJlZTg0YzQ1MDAyNTk3ZmUxMzJkMjI0MTMxZGEwOGU5OWI2NjVmMTExMTciCiAgICAgICAgICAgIF0KICAgICAgICAgIH0KICAgICAgICB9CiAgICAgIF0sCiAgICAgICJhdHRlc3RhdGlvbnMiOiBbCiAgICAgICAgewogICAgICAgICAgInR5cGUiOiAiaHR0cHM6Ly93aXRuZXNzLmRldi9hdHRlc3RhdGlvbnMvZ2l0L3YwLjEiLAogICAgICAgICAgInJlZ29wb2xpY2llcyI6IFtdCiAgICAgICAgfSwKICAgICAgICB7CiAgICAgICAgICAidHlwZSI6ICJodHRwczovL3dpdG5lc3MuZGV2L2F0dGVzdGF0aW9ucy9naXRodWIvdjAuMSIsCiAgICAgICAgICAicmVnb3BvbGljaWVzIjogW10KICAgICAgICB9LAogICAgICAgIHsKICAgICAgICAgICJ0eXBlIjogImh0dHBzOi8vd2l0bmVzcy5kZXYvYXR0ZXN0YXRpb25zL21hdGVyaWFsL3YwLjEiLAogICAgICAgICAgInJlZ29wb2xpY2llcyI6IFtdCiAgICAgICAgfSwKICAgICAgICB7CiAgICAgICAgICAidHlwZSI6ICJodHRwczovL3dpdG5lc3MuZGV2L2F0dGVzdGF0aW9ucy9jb21tYW5kLXJ1bi92MC4xIiwKICAgICAgICAgICJyZWdvcG9saWNpZXMiOiBbXQogICAgICAgIH0sCiAgICAgICAgewogICAgICAgICAgInR5cGUiOiAiaHR0cHM6Ly93aXRuZXNzLmRldi9hdHRlc3RhdGlvbnMvcHJvZHVjdC92MC4xIiwKICAgICAgICAgICJyZWdvcG9saWNpZXMiOiBbXQogICAgICAgIH0sCiAgICAgICAgewogICAgICAgICAgInR5cGUiOiAiaHR0cHM6Ly93aXRuZXNzLmRldi9hdHRlc3RhdGlvbnMvc2FyaWYvdjAuMSIsCiAgICAgICAgICAicmVnb3BvbGljaWVzIjogW10KICAgICAgICB9CiAgICAgIF0KICAgIH0KICB9Cn0K","payloadType":"https://witness.testifysec.com/policy/v0.1","signatures":[{"keyid":"a0e98f1869e6730b02f80dc5d2ddd7149d0dcba3ecb2f4cbf1aeaa6ef8bb069d","sig":"Nrx84H+OK7kcBsTrOA72v2nVU9ryLvXFSCACKmOohLn1DALM+FUTiHkJM7oaPdJ0CFlUNIfPCWO7Lj8E43zQvmvNiDULxjwIANJ0R5NlD5CCtwozq7aHRNdvNCLJKMznVa2yI0dsodmvslMckYY1QbASlyNf1TM9h21LQQZfnQ5RFscQ0p8ulI1+cZHpyK6znLZpAYq/y3BkaYFwt1+Y9en/KELbrecgNkD4ri9u1SWYOzRm07pg9skQk5jl969zdO+fpZDcfdGImX/26m512su2qjplNHlHKkUllVHfU26lgnmNSr8oZsGoCTfOOJZLnZzBk0hRZ4jTZO2uSdQy6g=="}]} +{"payload":"ewogICJleHBpcmVzIjogIjIwMjMtMDQtMjBUMTE6NDg6NDIuNDc3NzI3OTY5LTA1OjAwIiwKICAicm9vdHMiOiB7CiAgICAiMzhmZTI0MDEyYzNmM2VkMTkwNzIzMmVlODRjNDUwMDI1OTdmZTEzMmQyMjQxMzFkYTA4ZTk5YjY2NWYxMTExNyI6IHsKICAgICAgImNlcnRpZmljYXRlIjogIkNpMHRMUzB0UWtWSFNVNGdRMFZTVkVsR1NVTkJWRVV0TFMwdExRcE5TVWxEUjJwRFEwRmhSMmRCZDBsQ1FXZEpWVUZNYmxacFZtWnVWVEJpY2twaGMyMVNhMGh5Ymk5VmJtWmhVWGREWjFsSlMyOWFTWHBxTUVWQmQwMTNDa3RxUlZaTlFrMUhRVEZWUlVOb1RVMWpNbXh1WXpOU2RtTnRWWFZhUjFZeVRWSkZkMFIzV1VSV1VWRkVSWGRvZW1GWFpIcGtSemw1V2xSQlpVWjNNSGtLVFdwQk1FMVVUWGxOUkVFeVRWUldZVVozTUhwTlZFVjNUVVJWZUUxNlZUSk9WR2hoVFVSamVFWlVRVlJDWjA1V1FrRnZWRVJJVG5CYU0wNHdZak5LYkFwTWJWSnNaR3BGWlUxQ2QwZEJNVlZGUVhoTlZtTXliRzVqTTFKMlkyMVZkR0ZYTlRCYVdFcDBXbGRTY0ZsWVVteE5TRmwzUlVGWlNFdHZXa2w2YWpCRENrRlJXVVpMTkVWRlFVTkpSRmxuUVVVNFVsWlRMM2x6U0N0T1QzWjFSRnA1VUVsYWRHbHNaMVZHT1U1c1lYSlpjRUZrT1VoUU1YWkNRa2d4VlRWRFZqY0tOMHhUVXpkek1GcHBTRFJ1UlRkSWRqZHdkRk0yVEhaMlVpOVRWR3MzT1RoTVZtZE5la3hzU2pSSVpVbG1Sak4wU0ZOaFpYaE1ZMWx3VTBGVGNqRnJVd293VGk5U1owSktlaTg1YWxkRGFWaHViek56ZDJWVVFVOUNaMDVXU0ZFNFFrRm1PRVZDUVUxRFFWRlpkMFYzV1VSV1VqQnNRa0YzZDBObldVbExkMWxDQ2tKUlZVaEJkMDEzUldkWlJGWlNNRlJCVVVndlFrRm5kMEpuUlVJdmQwbENRVVJCWkVKblRsWklVVFJGUm1kUlZUTTVVSEI2TVZsclJWcGlOWEZPYW5BS1MwWlhhWGhwTkZsYVJEaDNTSGRaUkZaU01HcENRbWQzUm05QlZWZE5RV1ZZTlVaR2NGZGhjR1Z6ZVZGdldrMXBNRU55Um5obWIzZERaMWxKUzI5YVNRcDZhakJGUVhkTlJGcDNRWGRhUVVsM1VFTnpVVXMwUkZscFdsbEVVRWxoUkdrMVNFWkxibVo0V0hnMlFWTlRWbTFGVW1aemVXNVpRbWxZTWxnMlUwcFNDbTVhVlRnMEx6bEVXbVJ1Um5aMmVHMUJha0pQZERaUmNFSnNZelJLTHpCRWVIWnJWRU54Y0dOc2RucHBURFpDUTBOUWJtcGtiRWxDTTFCMU0wSjRjMUFLYlhsblZWazNTV2t5ZW1Ka1EyUnNhV2x2ZHowS0xTMHRMUzFGVGtRZ1EwVlNWRWxHU1VOQlZFVXRMUzB0TFFvPSIsCiAgICAgICJpbnRlcm1lZGlhdGVzIjogWwogICAgICAgICJDaTB0TFMwdFFrVkhTVTRnUTBWU1ZFbEdTVU5CVkVVdExTMHRMUXBOU1VsQ09YcERRMEZZZVdkQmQwbENRV2RKVlVGTVdrNUJVRVprZUVoUWQycGxSR3h2UkhkNVdVTm9RVTh2TkhkRFoxbEpTMjlhU1hwcU1FVkJkMDEzQ2t0cVJWWk5RazFIUVRGVlJVTm9UVTFqTW14dVl6TlNkbU50VlhWYVIxWXlUVkpGZDBSM1dVUldVVkZFUlhkb2VtRlhaSHBrUnpsNVdsUkJaVVozTUhrS1RWUkZkMDFFWTNoTmVsVXlUbFJzWVVaM01IcE5WRVYzVFVSVmVFMTZWVEpPVkdoaFRVTnZlRVpVUVZSQ1owNVdRa0Z2VkVSSVRuQmFNMDR3WWpOS2JBcE1iVkpzWkdwRlVrMUJPRWRCTVZWRlFYaE5TV015Ykc1ak0xSjJZMjFWZDJScVFWRkNaMk54YUd0cVQxQlJTVUpDWjFWeVoxRlJRVWxuVG1sQlFWUTNDbGhsUmxRMGNtSXpVRkZIZDFNMFNXRnFkRXhyTXk5UGJHNXdaMkZ1WjJGQ1kyeFpjSE5aUW5JMWFTczBlVzVDTURkalpXSXpURkF3VDBsUFdtUjRaWGdLV0RZNVl6VnBWblY1U2xKUkswaDZNRFY1YVN0VlJqTjFRbGRCYkVod2FWTTFjMmd3SzBneVIwaEZOMU5ZY21zeFJVTTFiVEZVY2pFNVREbG5aemt5YWdwWmVrSm9UVUUwUjBFeFZXUkVkMFZDTDNkUlJVRjNTVUpDYWtGUVFtZE9Wa2hTVFVKQlpqaEZRbFJCUkVGUlNDOU5RakJIUVRGVlpFUm5VVmRDUWxKWkNuZENOV1pyVlZkc1duRnNObnBLUTJocmVVeFJTM05ZUml0cVFXWkNaMDVXU0ZOTlJVZEVRVmRuUWxKWmQwSTFabXRWVjJ4YWNXdzJla3BEYUd0NVRGRUtTM05ZUml0cVFVdENaMmR4YUd0cVQxQlJVVVJCZDA1d1FVUkNiVUZxUlVGcU1XNUlaVmhhY0NzeE0wNVhRazVoSzBWRWMwUlFPRWN4VjFkbk1YUkRUUXBYVUM5WFNGQnhjR0ZXYnpCcWFITjNaVTVHV21kVGN6QmxSVGQzV1VrMGNVRnFSVUV5VjBJNWIzUTVPSE5KYTI5R00zWmFXV1JrTXk5V2RGZENOV0k1Q2xST1RXVmhOMGw0TDNOMFNqVlVabU5NVEdWQlFreEZORUpPU2s5elVUUjJia0pJU2dvdExTMHRMVVZPUkNCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2c9PSIKICAgICAgXQogICAgfQogIH0sCiAgInRpbWVzdGFtcGF1dGhvcml0aWVzIjogewogICAgIjIxNTFiNjExMzdmZmE4NmJmNjY0NjkxYmE2N2U3ZGEwYjE5Zjk4Yzc1OGUzZDIyOGQ1ZDhlYmYyN2UwNDQ0MzgiOiB7CiAgICAgICJjZXJ0aWZpY2F0ZSI6ICJMUzB0TFMxQ1JVZEpUaUJEUlZKVVNVWkpRMEZVUlMwdExTMHRDazFKU1VndmVrTkRRbVZsWjBGM1NVSkJaMGxLUVUxSWNHaG9XVTV4VDIxQlRVRXdSME5UY1VkVFNXSXpSRkZGUWtSUlZVRk5TVWRXVFZKRmQwUjNXVVFLVmxGUlMwVjNhRWRqYlZac1NVWlNWRkZVUlZGTlFUUkhRVEZWUlVONFRVaFZiVGwyWkVOQ1JGRlVSVmxOUWxsSFFURlZSVUY0VFZCa00yUXpURzFhZVFwYVYxWXdZekpGZFdJelNtNU5VMGwzU1VGWlNrdHZXa2xvZG1OT1FWRnJRa1pvVG1sa1dFNXdZa2RXTmxsWVRrRmFNakZvWVZkM2RWa3lPWFJOVWtsM0NrVkJXVVJXVVZGSVJYZHNXR1JYVm5sbGJVb3hZMjFqZUVSNlFVNUNaMDVXUWtGblZFSnJTbWhsVjFaNVltcEZURTFCYTBkQk1WVkZRbWhOUTFKRlZYY0tTR2hqVGsxVVdYZE5la1Y2VFVSRk1VMXFSWHBYYUdOT1RrUkZkMDE2UVROTlJFVXhUV3BGZWxkcVEwSnNWRVZTVFVFNFIwRXhWVVZEYUUxSlVtNUtiQXBhVTBKVlZUQkZlRVZFUVU5Q1owNVdRa0Z6VkVJeFNuWmlNMUZuVVRCRmVFZEVRVmRDWjA1V1FrRk5WRVF6WkROa2VUVnRZMjFXYkdSSVRtaE1iVGw1Q2xwNlJXbE5RMEZIUTFOeFIxTkpZak5FVVVWS1FWSlpWRmx1Vm5waFYzaHNaVzFHZWxGSFpIUlpWMnh6VEcxT2RtSlVSVk5OUWtGSFFURlZSVUo0VFVvS1ZqTldiR051Y0dsa1dFcHVUVkU0ZDBSUldVUldVVkZKUlhkYVExbFliR3hqYlRSNFEzcEJTa0puVGxaQ1FWbFVRV3RTUmsxSlNVTkpha0ZPUW1kcmNRcG9hMmxIT1hjd1FrRlJSVVpCUVU5RFFXYzRRVTFKU1VORFowdERRV2RGUVhSblMwOUVha0Y1T0ZKRlVUSlhWRTV4VlhWa1FXNXFhR3hEY25CRk5uRnNDbTFSWms1d2NHVlViVloyV25KSU5IcDFkRzRyVG5kVVlVaEJSM0JxVTBkMk5DOVhVbkJhTVhkYU0wSlNXalZ0VUZWQ1dubE1aM0V3V1hKSlpsRTFSbmdLTUhNdlRWSmFVSHBqTVhJemJFdFhjazFTT1hOQlVYZzBiVTQwZWpFeGVFWkZUelV5T1V3d1pFWkthbEJHT1UxRU9FZHdaREptWlZkNlIzbHdkR3hsYkFwaUsxQnhWQ3NySzJaUFlUSnZXVEFyVG1GTlRUZHNMM2hqVGtoUVQyRk5lakF2TW05c2F6QnBNakpvWWt0bFZtaDJiMnRRUTNGb1JtaDZjM1ZvUzNOdENuRTBUMll2Ynl0ME5tUkpOM040Tldnd2JsQk5iVFJuUjFOU2FHWnhLM28yUWxSU1owTnljVkZITWtaUFRHOVdSbWQwTm1sSmJTOUNiazVtWmxWeU4xWUtSRmxrTTNwYWJVbDNSazlxTDBnelJFdEliMGRwYXk5NFN6TkZPREpaUVRKYWRXeFdUMFpTVnk5NmFqUkJjR3BRWVRWUFJtSndTV3RrTUhCdGVuaDZaQXBGWTB3ME56bG9VMEU1WkVacGVWWnRVM2hRZEZrMWVtVXhVQ3RDUlRsaVRWVXhVRk5qY0ZKNmR6aE5TRVpZZUhsTGNWY3hNMUYyTjB4WGR6UnpZbXN6Q2xOamFVSTNSMEZEWWxGcFZrZDZaMnQyV0VjMmVUZzFTRTkxZGxkT2RrTTFSMHhUYVhsUU9VZHNVRUl3VmpZNGRHSjRlalJLVmxSU1pIY3ZXRzR2V0ZRS1JrNTZVa0pOTTJOeE9HeENUMEZXZEM5UVFWZzFLM1ZHWTNZeFV6bDNSa1U0V1dwaFFtWlhRMUF4YW1SQ2FXd3JZelJsS3pCMFpIbDNWREp2U20xWlFncENSaTlyUlhReGQyMUhkMDF0U0hWdVRrVjFVVTU2YURGR2RFcFpOVFJvWWxWbWFWZHBNemh0UVZORk4zaE5kRTFvWm1vdlF6UlRkbUZ3YVVST09ETTNDbWRaWVZCbWN6aDRNMHRhZUdKWU4wTXpXVUZ6Um01S2FXNXNkMEZWYzNNeFptUkxZWEk0VVM5WlZuTTNTQzl1VlRSak5FbDRlSGg2TkdZMk4yWmpWbkVLVFRKSlZFdGxiblJpUTAxRFFYZEZRVUZoVDBOQmF6UjNaMmRLUzAxQmQwZEJNVlZrUlhkUlJrMUJUVUpCWmpoM1JHZFpSRlpTTUZCQlVVZ3ZRa0ZSUkFwQlowaEhUVUl3UjBFeFZXUkVaMUZYUWtKVU5sWlJNazFPUjFwU1VUQjZNelUzVDI1aVNsZDJaWFZoYTJ4NlEwSjVaMWxFVmxJd2FrSkpTRU5OU1VjdkNtZENWRFpXVVRKTlRrZGFVbEV3ZWpNMU4wOXVZa3BYZG1WMVlXdHNOa2RDYlRaVFFtMUVRMEpzVkVWU1RVRTRSMEV4VlVWRGFFMUpVbTVLYkZwVFFsVUtWVEJGZUVWRVFVOUNaMDVXUWtGelZFSXhTblppTTFGblVUQkZlRWRFUVZkQ1owNVdRa0ZOVkVRelpETmtlVFZ0WTIxV2JHUklUbWhNYlRsNVducEZhUXBOUTBGSFExTnhSMU5KWWpORVVVVktRVkpaVkZsdVZucGhWM2hzWlcxR2VsRkhaSFJaVjJ4elRHMU9kbUpVUlZOTlFrRkhRVEZWUlVKNFRVcFdNMVpzQ21OdWNHbGtXRXB1VFZFNGQwUlJXVVJXVVZGSlJYZGFRMWxZYkd4amJUUjRRM3BCU2tKblRsWkNRVmxVUVd0U1JtZG5hMEYzWlcxSFJtY3lielpaUVhjS1RYZFpSRlpTTUdaQ1EzZDNTMnBCYjI5RFlXZEtTVmxwWVVoU01HTkViM1pNTTJRelpIazFiV050Vm14a1NFNW9URzA1ZVZwNU9YbGlNamt3V0RKT2FBcE1iVTU1WWtSRFFucDNXVVJXVWpCblFrbElTRTFKU0VWTlNVaENRbWR2Y2tKblJVVkJXVWg1U2tGRlFrMUpSM2xOUkUxSFEwTnpSMEZSVlVaQ2QwbENDa1pwWkc5a1NGSjNUMms0ZG1RelpETk1iVnA1V2xkV01HTXlSWFZpTTBwdVRESmFlVnBYVmpCak1rWm1XVE5DZWt4dGFEQmlWM2QzVFdkWlNVdDNXVUlLUWxGVlNFRm5SVmRLYldnd1pFaEJOa3g1T1ROa00yTjFXbTVLYkZwWVVucFpVelYyWTIxamRscHVTbXhhV0ZKNldWWTVhbU5JVFhWalIxSnRUVVZqUndwRFEzTkhRVkZWUmtKM1NVTk5SSE5oVDFWYWVWcFhWbFZWTUVWblpFaEtNV016VW14YVEwSXdZVmN4YkdNelVtaGlXRUp3WW0xaloxVXlPVzFrU0dSb0NtTnRWV2RaV0UxbldWTkNWRnBZU2pKaFYwNXNTVU5vVkZsWFJsUkxWRUV6UW1kbmNrSm5SVVpDVVdOQ1FWRlJjazFEYTNkS2QxbEpTM2RaUWtKUlZVZ0tUVUZIUjBjeWFEQmtTRUUyVEhrNU0yUXpZM1ZhYmtwc1dsaFNlbGxUTlhaamJXTTJUV3BWTWsxRVFVNUNaMnR4YUd0cFJ6bDNNRUpCVVRCR1FVRlBRd3BCWjBWQllVczVLM1kxVDBaWmRUbE5ObnAwV1VNclREWTVjM2N4YjIxa2VXeHBPRGxzV2tGbWNGZE5UV2c1UTFKdFNtaE5Oa3RDY1UwdmFYQjNiMHgwQ201NGVYaEhjMkpEVUdoalVXcDFWSFo2YlN0NWJFNDJWbmRVVFcxSmJGWjVWbE5NUzFsYVkyUlRhblF2WlVOVlRpczBNVXMzYzBRM1IxWnRlRnBDUVVZS1NVeHVRa1J0VkVkS2JVeHJjbFV3UzNWMVNYQnFPR3hKTDBVMldqWk9ibTExVURJclVrRlJVMGh6WmtKUmFUWnpjM051V0Uxdk5FaFBWelZuZEZCUE53cG5SSEpWY0ZaWVNVUXJLekZRTkZodVpHdHZTMjQzVTNaM05XNHdlbE01Wm5ZeGFIaENZMWxKU0ZCUVVWVjZaVEoxTXpCaVFWRjBNRzR3YVVsNVVreDZDbUZYZFdoMGNFRjBaRGRtWm5kRllrRlRaM3BDTjBVclRrZEdOSFJ3VmpNM1pUaExhVUV5ZUdsSFUxSnhWRFZ1WkhVeU9HWm5jRTlaT0RkblJETkJjbG9LUkdOMFduWjJWRU5tU0dSQlV6VnJSVTh6WjI1SFIyVmFSVlpNUkcxbVJYTjJPRlJIU21FelFXeHFWbUUxUlRRd1NWRkVjMVZZY0ZGTWFUaEhLMVZETkFveFJGZGFkVGhGVmxRMGNtNVpZVU4zTVZaWU4xTm9UMUl4VUU1RFEzWnFZamhUT0hSbVpIVmtaRGw2YUZVelowVkNNSEo0WkdWVWVURjBWbUpPVEZoWENqazVlVGt3ZUdOM2NqRmFTVVJWZDAwdmVGRXZibTlQT0VaU2FHMHdURzlRUXpjelJXWXJTalJhUW1SeWRsZDNZWFZHTTNwS1pUTXpaRFJwWW5oRlkySUtPQzl3ZWpWWGVrWnJaV2w0V1UweWJuTklhSEZJYzBKTGR6ZEtVRzkxUzA1WVVtNXNOVWxCUlRGbFJtMXhSSGxETjBjdlZsUTNUMFkyTmpsNFRUWm9ZZ3BWZERWSE1qRktSVFJqVGtzMlRrNTFZMU1yWm5wbk1VcFFXREFyTTFab2MxbGFhbW8zUkRWMWJHcFNkbEZZY2tvNGFVaG5jaTlOTm1veWIweElkbFJCQ2treVRVeGtjVEp4YWxwR1JFOURXSE40UW5oS2NHSnRURWRDZURsdmR6WmFaWEpzVlhoNmQzTXlRVmQyTW5CclBRb3RMUzB0TFVWT1JDQkRSVkpVU1VaSlEwRlVSUzB0TFMwdENnPT0iCiAgICB9CiAgfSwKICAic3RlcHMiOiB7CiAgICAiYnVpbGQiOiB7CiAgICAgICJuYW1lIjogImJ1aWxkIiwKICAgICAgImZ1bmN0aW9uYXJpZXMiOiBbCiAgICAgICAgewogICAgICAgICAgInR5cGUiOiAicm9vdCIsCiAgICAgICAgICAiY2VydENvbnN0cmFpbnQiOiB7CiAgICAgICAgICAgICJjb21tb25uYW1lIjogIioiLAogICAgICAgICAgICAiZG5zbmFtZXMiOiBbCiAgICAgICAgICAgICAgIioiCiAgICAgICAgICAgIF0sCiAgICAgICAgICAgICJlbWFpbHMiOiBbCiAgICAgICAgICAgICAgIioiCiAgICAgICAgICAgIF0sCiAgICAgICAgICAgICJvcmdhbml6YXRpb25zIjogWwogICAgICAgICAgICAgICIqIgogICAgICAgICAgICBdLAogICAgICAgICAgICAidXJpcyI6IFsKICAgICAgICAgICAgICAiKiIKICAgICAgICAgICAgXSwKICAgICAgICAgICAgInJvb3RzIjogWwogICAgICAgICAgICAgICIzOGZlMjQwMTJjM2YzZWQxOTA3MjMyZWU4NGM0NTAwMjU5N2ZlMTMyZDIyNDEzMWRhMDhlOTliNjY1ZjExMTE3IgogICAgICAgICAgICBdCiAgICAgICAgICB9CiAgICAgICAgfSwKICAgICAgICB7CiAgICAgICAgICAidHlwZSI6ICJyb290IiwKICAgICAgICAgICJjZXJ0Q29uc3RyYWludCI6IHsKICAgICAgICAgICAgImNvbW1vbm5hbWUiOiAiKiIsCiAgICAgICAgICAgICJkbnNuYW1lcyI6IFsKICAgICAgICAgICAgICAiKiIKICAgICAgICAgICAgXSwKICAgICAgICAgICAgImVtYWlscyI6IFsKICAgICAgICAgICAgICAiKiIKICAgICAgICAgICAgXSwKICAgICAgICAgICAgIm9yZ2FuaXphdGlvbnMiOiBbCiAgICAgICAgICAgICAgIioiCiAgICAgICAgICAgIF0sCiAgICAgICAgICAgICJ1cmlzIjogWwogICAgICAgICAgICAgICIqIgogICAgICAgICAgICBdLAogICAgICAgICAgICAicm9vdHMiOiBbCiAgICAgICAgICAgICAgIjM4ZmUyNDAxMmMzZjNlZDE5MDcyMzJlZTg0YzQ1MDAyNTk3ZmUxMzJkMjI0MTMxZGEwOGU5OWI2NjVmMTExMTciLAogICAgICAgICAgICAgICIzOGZlMjQwMTJjM2YzZWQxOTA3MjMyZWU4NGM0NTAwMjU5N2ZlMTMyZDIyNDEzMWRhMDhlOTliNjY1ZjExMTE3IgogICAgICAgICAgICBdCiAgICAgICAgICB9CiAgICAgICAgfQogICAgICBdLAogICAgICAiYXR0ZXN0YXRpb25zIjogWwogICAgICAgIHsKICAgICAgICAgICJ0eXBlIjogImh0dHBzOi8vd2l0bmVzcy5kZXYvYXR0ZXN0YXRpb25zL2Vudmlyb25tZW50L3YwLjEiLAogICAgICAgICAgInJlZ29wb2xpY2llcyI6IFtdCiAgICAgICAgfSwKICAgICAgICB7CiAgICAgICAgICAidHlwZSI6ICJodHRwczovL3dpdG5lc3MuZGV2L2F0dGVzdGF0aW9ucy9naXQvdjAuMSIsCiAgICAgICAgICAicmVnb3BvbGljaWVzIjogW10KICAgICAgICB9LAogICAgICAgIHsKICAgICAgICAgICJ0eXBlIjogImh0dHBzOi8vd2l0bmVzcy5kZXYvYXR0ZXN0YXRpb25zL2dpdGh1Yi92MC4xIiwKICAgICAgICAgICJyZWdvcG9saWNpZXMiOiBbXQogICAgICAgIH0sCiAgICAgICAgewogICAgICAgICAgInR5cGUiOiAiaHR0cHM6Ly93aXRuZXNzLmRldi9hdHRlc3RhdGlvbnMvbWF0ZXJpYWwvdjAuMSIsCiAgICAgICAgICAicmVnb3BvbGljaWVzIjogW10KICAgICAgICB9LAogICAgICAgIHsKICAgICAgICAgICJ0eXBlIjogImh0dHBzOi8vd2l0bmVzcy5kZXYvYXR0ZXN0YXRpb25zL2NvbW1hbmQtcnVuL3YwLjEiLAogICAgICAgICAgInJlZ29wb2xpY2llcyI6IFtdCiAgICAgICAgfSwKICAgICAgICB7CiAgICAgICAgICAidHlwZSI6ICJodHRwczovL3dpdG5lc3MuZGV2L2F0dGVzdGF0aW9ucy9wcm9kdWN0L3YwLjEiLAogICAgICAgICAgInJlZ29wb2xpY2llcyI6IFtdCiAgICAgICAgfQogICAgICBdCiAgICB9LAogICAgImNvbW1pdCI6IHsKICAgICAgIm5hbWUiOiAiY29tbWl0IiwKICAgICAgImZ1bmN0aW9uYXJpZXMiOiBbCiAgICAgICAgewogICAgICAgICAgInR5cGUiOiAicm9vdCIsCiAgICAgICAgICAiY2VydENvbnN0cmFpbnQiOiB7CiAgICAgICAgICAgICJjb21tb25uYW1lIjogIioiLAogICAgICAgICAgICAiZG5zbmFtZXMiOiBbCiAgICAgICAgICAgICAgIioiCiAgICAgICAgICAgIF0sCiAgICAgICAgICAgICJlbWFpbHMiOiBbCiAgICAgICAgICAgICAgImNvbGVrNDJAZ21haWwuY29tIgogICAgICAgICAgICBdLAogICAgICAgICAgICAib3JnYW5pemF0aW9ucyI6IFsKICAgICAgICAgICAgICAiKiIKICAgICAgICAgICAgXSwKICAgICAgICAgICAgInVyaXMiOiBbCiAgICAgICAgICAgICAgIioiCiAgICAgICAgICAgIF0sCiAgICAgICAgICAgICJyb290cyI6IFsKICAgICAgICAgICAgICAiMzhmZTI0MDEyYzNmM2VkMTkwNzIzMmVlODRjNDUwMDI1OTdmZTEzMmQyMjQxMzFkYTA4ZTk5YjY2NWYxMTExNyIKICAgICAgICAgICAgXQogICAgICAgICAgfQogICAgICAgIH0KICAgICAgXSwKICAgICAgImF0dGVzdGF0aW9ucyI6IFsKICAgICAgICB7CiAgICAgICAgICAidHlwZSI6ICJodHRwczovL3dpdG5lc3MuZGV2L2F0dGVzdGF0aW9ucy9naXQvdjAuMSIsCiAgICAgICAgICAicmVnb3BvbGljaWVzIjogW10KICAgICAgICB9LAogICAgICAgIHsKICAgICAgICAgICJ0eXBlIjogImh0dHBzOi8vd2l0bmVzcy5kZXYvYXR0ZXN0YXRpb25zL21hdGVyaWFsL3YwLjEiLAogICAgICAgICAgInJlZ29wb2xpY2llcyI6IFtdCiAgICAgICAgfSwKICAgICAgICB7CiAgICAgICAgICAidHlwZSI6ICJodHRwczovL3dpdG5lc3MuZGV2L2F0dGVzdGF0aW9ucy9wcm9kdWN0L3YwLjEiLAogICAgICAgICAgInJlZ29wb2xpY2llcyI6IFtdCiAgICAgICAgfQogICAgICBdCiAgICB9LAogICAgInNjYW4iOiB7CiAgICAgICJuYW1lIjogInNjYW4iLAogICAgICAiZnVuY3Rpb25hcmllcyI6IFsKICAgICAgICB7CiAgICAgICAgICAidHlwZSI6ICJyb290IiwKICAgICAgICAgICJjZXJ0Q29uc3RyYWludCI6IHsKICAgICAgICAgICAgImNvbW1vbm5hbWUiOiAiKiIsCiAgICAgICAgICAgICJkbnNuYW1lcyI6IFsKICAgICAgICAgICAgICAiKiIKICAgICAgICAgICAgXSwKICAgICAgICAgICAgImVtYWlscyI6IFsKICAgICAgICAgICAgICAiKiIKICAgICAgICAgICAgXSwKICAgICAgICAgICAgIm9yZ2FuaXphdGlvbnMiOiBbCiAgICAgICAgICAgICAgIioiCiAgICAgICAgICAgIF0sCiAgICAgICAgICAgICJ1cmlzIjogWwogICAgICAgICAgICAgICIqIgogICAgICAgICAgICBdLAogICAgICAgICAgICAicm9vdHMiOiBbCiAgICAgICAgICAgICAgIjM4ZmUyNDAxMmMzZjNlZDE5MDcyMzJlZTg0YzQ1MDAyNTk3ZmUxMzJkMjI0MTMxZGEwOGU5OWI2NjVmMTExMTciCiAgICAgICAgICAgIF0KICAgICAgICAgIH0KICAgICAgICB9CiAgICAgIF0sCiAgICAgICJhdHRlc3RhdGlvbnMiOiBbCiAgICAgICAgewogICAgICAgICAgInR5cGUiOiAiaHR0cHM6Ly93aXRuZXNzLmRldi9hdHRlc3RhdGlvbnMvZ2l0L3YwLjEiLAogICAgICAgICAgInJlZ29wb2xpY2llcyI6IFtdCiAgICAgICAgfSwKICAgICAgICB7CiAgICAgICAgICAidHlwZSI6ICJodHRwczovL3dpdG5lc3MuZGV2L2F0dGVzdGF0aW9ucy9naXRodWIvdjAuMSIsCiAgICAgICAgICAicmVnb3BvbGljaWVzIjogW10KICAgICAgICB9LAogICAgICAgIHsKICAgICAgICAgICJ0eXBlIjogImh0dHBzOi8vd2l0bmVzcy5kZXYvYXR0ZXN0YXRpb25zL21hdGVyaWFsL3YwLjEiLAogICAgICAgICAgInJlZ29wb2xpY2llcyI6IFtdCiAgICAgICAgfSwKICAgICAgICB7CiAgICAgICAgICAidHlwZSI6ICJodHRwczovL3dpdG5lc3MuZGV2L2F0dGVzdGF0aW9ucy9jb21tYW5kLXJ1bi92MC4xIiwKICAgICAgICAgICJyZWdvcG9saWNpZXMiOiBbXQogICAgICAgIH0sCiAgICAgICAgewogICAgICAgICAgInR5cGUiOiAiaHR0cHM6Ly93aXRuZXNzLmRldi9hdHRlc3RhdGlvbnMvcHJvZHVjdC92MC4xIiwKICAgICAgICAgICJyZWdvcG9saWNpZXMiOiBbXQogICAgICAgIH0sCiAgICAgICAgewogICAgICAgICAgInR5cGUiOiAiaHR0cHM6Ly93aXRuZXNzLmRldi9hdHRlc3RhdGlvbnMvc2FyaWYvdjAuMSIsCiAgICAgICAgICAicmVnb3BvbGljaWVzIjogW10KICAgICAgICB9CiAgICAgIF0KICAgIH0KICB9Cn0K","payloadType":"https://witness.testifysec.com/policy/v0.1","signatures":[{"keyid":"c782efdc719b444e0e04801f9c2fa733408536afac088c007c543295c4614ea1","sig":"DjIxqBtyCNvQGN8mB7gBvzQOAZUETjm7QMhxgcLnP4NWVo70uFGTe9hWYlrUXa2Kp7kAzIt4tu1Tt0inMFOCmvRIYzG687bu5IwSHegVUTSyLPxFn9X5knGm7rtQL5DwUgRNJ7rlNh5GTHjV6Smvwen8UX2cS8QgCAnb0RtaNrT8NDqMJzJ4rxNnMw15TPZ663l04GIg9poNfD7Avjg7u/vzhZ8NmCMh3NaTE4/WI42P2XM8XuyrtBRYr3wVjI7QBPP+1UIsmwdENMHWqW0Noy9IDOqTZ7m66PYjIXHsB5VwG7AdvVwbiRcXGD/jefTAj+Xccfa0ka5E+yPoh7tIww=="}]} diff --git a/.witness/policy-bin.json b/.witness/policy-bin.json index ad3a996c..1ac7c8e6 100644 --- a/.witness/policy-bin.json +++ b/.witness/policy-bin.json @@ -1,5 +1,5 @@ { - "expires": "2023-04-19T03:16:33.496502371-05:00", + "expires": "2023-04-20T11:48:42.477727969-05:00", "roots": { "38fe24012c3f3ed1907232ee84c45002597fe132d224131da08e99b665f11117": { "certificate": "Ci0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQpNSUlDR2pDQ0FhR2dBd0lCQWdJVUFMblZpVmZuVTBickphc21Sa0hybi9VbmZhUXdDZ1lJS29aSXpqMEVBd013CktqRVZNQk1HQTFVRUNoTU1jMmxuYzNSdmNtVXVaR1YyTVJFd0R3WURWUVFERXdoemFXZHpkRzl5WlRBZUZ3MHkKTWpBME1UTXlNREEyTVRWYUZ3MHpNVEV3TURVeE16VTJOVGhhTURjeEZUQVRCZ05WQkFvVERITnBaM04wYjNKbApMbVJsZGpFZU1Cd0dBMVVFQXhNVmMybG5jM1J2Y21VdGFXNTBaWEp0WldScFlYUmxNSFl3RUFZSEtvWkl6ajBDCkFRWUZLNEVFQUNJRFlnQUU4UlZTL3lzSCtOT3Z1RFp5UEladGlsZ1VGOU5sYXJZcEFkOUhQMXZCQkgxVTVDVjcKN0xTUzdzMFppSDRuRTdIdjdwdFM2THZ2Ui9TVGs3OThMVmdNekxsSjRIZUlmRjN0SFNhZXhMY1lwU0FTcjFrUwowTi9SZ0JKei85aldDaVhubzNzd2VUQU9CZ05WSFE4QkFmOEVCQU1DQVFZd0V3WURWUjBsQkF3d0NnWUlLd1lCCkJRVUhBd013RWdZRFZSMFRBUUgvQkFnd0JnRUIvd0lCQURBZEJnTlZIUTRFRmdRVTM5UHB6MVlrRVpiNXFOanAKS0ZXaXhpNFlaRDh3SHdZRFZSMGpCQmd3Rm9BVVdNQWVYNUZGcFdhcGVzeVFvWk1pMENyRnhmb3dDZ1lJS29aSQp6ajBFQXdNRFp3QXdaQUl3UENzUUs0RFlpWllEUElhRGk1SEZLbmZ4WHg2QVNTVm1FUmZzeW5ZQmlYMlg2U0pSCm5aVTg0LzlEWmRuRnZ2eG1BakJPdDZRcEJsYzRKLzBEeHZrVENxcGNsdnppTDZCQ0NQbmpkbElCM1B1M0J4c1AKbXlnVVk3SWkyemJkQ2RsaWlvdz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=", diff --git a/.witness/policy-signed.json b/.witness/policy-signed.json index 2c7c28c2..66f6b4a0 100644 --- a/.witness/policy-signed.json +++ b/.witness/policy-signed.json @@ -1 +1 @@ -{"payload":"ewogICJleHBpcmVzIjogIjIwMjMtMDQtMTlUMDM6MTY6MjkuOTM0MDM3OTktMDU6MDAiLAogICJyb290cyI6IHsKICAgICIzOGZlMjQwMTJjM2YzZWQxOTA3MjMyZWU4NGM0NTAwMjU5N2ZlMTMyZDIyNDEzMWRhMDhlOTliNjY1ZjExMTE3IjogewogICAgICAiY2VydGlmaWNhdGUiOiAiQ2kwdExTMHRRa1ZIU1U0Z1EwVlNWRWxHU1VOQlZFVXRMUzB0TFFwTlNVbERSMnBEUTBGaFIyZEJkMGxDUVdkSlZVRk1ibFpwVm1adVZUQmlja3BoYzIxU2EwaHliaTlWYm1aaFVYZERaMWxKUzI5YVNYcHFNRVZCZDAxM0NrdHFSVlpOUWsxSFFURlZSVU5vVFUxak1teHVZek5TZG1OdFZYVmFSMVl5VFZKRmQwUjNXVVJXVVZGRVJYZG9lbUZYWkhwa1J6bDVXbFJCWlVaM01Ia0tUV3BCTUUxVVRYbE5SRUV5VFZSV1lVWjNNSHBOVkVWM1RVUlZlRTE2VlRKT1ZHaGhUVVJqZUVaVVFWUkNaMDVXUWtGdlZFUklUbkJhTTA0d1lqTktiQXBNYlZKc1pHcEZaVTFDZDBkQk1WVkZRWGhOVm1NeWJHNWpNMUoyWTIxVmRHRlhOVEJhV0VwMFdsZFNjRmxZVW14TlNGbDNSVUZaU0V0dldrbDZhakJEQ2tGUldVWkxORVZGUVVOSlJGbG5RVVU0VWxaVEwzbHpTQ3RPVDNaMVJGcDVVRWxhZEdsc1oxVkdPVTVzWVhKWmNFRmtPVWhRTVhaQ1FrZ3hWVFZEVmpjS04weFRVemR6TUZwcFNEUnVSVGRJZGpkd2RGTTJUSFoyVWk5VFZHczNPVGhNVm1kTmVreHNTalJJWlVsbVJqTjBTRk5oWlhoTVkxbHdVMEZUY2pGclV3b3dUaTlTWjBKS2VpODVhbGREYVZodWJ6TnpkMlZVUVU5Q1owNVdTRkU0UWtGbU9FVkNRVTFEUVZGWmQwVjNXVVJXVWpCc1FrRjNkME5uV1VsTGQxbENDa0pSVlVoQmQwMTNSV2RaUkZaU01GUkJVVWd2UWtGbmQwSm5SVUl2ZDBsQ1FVUkJaRUpuVGxaSVVUUkZSbWRSVlRNNVVIQjZNVmxyUlZwaU5YRk9hbkFLUzBaWGFYaHBORmxhUkRoM1NIZFpSRlpTTUdwQ1FtZDNSbTlCVlZkTlFXVllOVVpHY0ZkaGNHVnplVkZ2V2sxcE1FTnlSbmhtYjNkRFoxbEpTMjlhU1FwNmFqQkZRWGROUkZwM1FYZGFRVWwzVUVOelVVczBSRmxwV2xsRVVFbGhSR2sxU0VaTGJtWjRXSGcyUVZOVFZtMUZVbVp6ZVc1WlFtbFlNbGcyVTBwU0NtNWFWVGcwTHpsRVdtUnVSbloyZUcxQmFrSlBkRFpSY0VKc1l6UktMekJFZUhaclZFTnhjR05zZG5wcFREWkNRME5RYm1wa2JFbENNMUIxTTBKNGMxQUtiWGxuVlZrM1NXa3llbUprUTJSc2FXbHZkejBLTFMwdExTMUZUa1FnUTBWU1ZFbEdTVU5CVkVVdExTMHRMUW89IiwKICAgICAgImludGVybWVkaWF0ZXMiOiBbCiAgICAgICAgIkNpMHRMUzB0UWtWSFNVNGdRMFZTVkVsR1NVTkJWRVV0TFMwdExRcE5TVWxDT1hwRFEwRlllV2RCZDBsQ1FXZEpWVUZNV2s1QlVFWmtlRWhRZDJwbFJHeHZSSGQ1V1VOb1FVOHZOSGREWjFsSlMyOWFTWHBxTUVWQmQwMTNDa3RxUlZaTlFrMUhRVEZWUlVOb1RVMWpNbXh1WXpOU2RtTnRWWFZhUjFZeVRWSkZkMFIzV1VSV1VWRkVSWGRvZW1GWFpIcGtSemw1V2xSQlpVWjNNSGtLVFZSRmQwMUVZM2hOZWxVeVRsUnNZVVozTUhwTlZFVjNUVVJWZUUxNlZUSk9WR2hoVFVOdmVFWlVRVlJDWjA1V1FrRnZWRVJJVG5CYU0wNHdZak5LYkFwTWJWSnNaR3BGVWsxQk9FZEJNVlZGUVhoTlNXTXliRzVqTTFKMlkyMVZkMlJxUVZGQ1oyTnhhR3RxVDFCUlNVSkNaMVZ5WjFGUlFVbG5UbWxCUVZRM0NsaGxSbFEwY21JelVGRkhkMU0wU1dGcWRFeHJNeTlQYkc1d1oyRnVaMkZDWTJ4WmNITlpRbkkxYVNzMGVXNUNNRGRqWldJelRGQXdUMGxQV21SNFpYZ0tXRFk1WXpWcFZuVjVTbEpSSzBoNk1EVjVhU3RWUmpOMVFsZEJiRWh3YVZNMWMyZ3dLMGd5UjBoRk4xTlljbXN4UlVNMWJURlVjakU1VERsblp6a3lhZ3BaZWtKb1RVRTBSMEV4VldSRWQwVkNMM2RSUlVGM1NVSkNha0ZRUW1kT1ZraFNUVUpCWmpoRlFsUkJSRUZSU0M5TlFqQkhRVEZWWkVSblVWZENRbEpaQ25kQ05XWnJWVmRzV25Gc05ucEtRMmhyZVV4UlMzTllSaXRxUVdaQ1owNVdTRk5OUlVkRVFWZG5RbEpaZDBJMVptdFZWMnhhY1d3MmVrcERhR3Q1VEZFS1MzTllSaXRxUVV0Q1oyZHhhR3RxVDFCUlVVUkJkMDV3UVVSQ2JVRnFSVUZxTVc1SVpWaGFjQ3N4TTA1WFFrNWhLMFZFYzBSUU9FY3hWMWRuTVhSRFRRcFhVQzlYU0ZCeGNHRldiekJxYUhOM1pVNUdXbWRUY3pCbFJUZDNXVWswY1VGcVJVRXlWMEk1YjNRNU9ITkphMjlHTTNaYVdXUmtNeTlXZEZkQ05XSTVDbFJPVFdWaE4wbDRMM04wU2pWVVptTk1UR1ZCUWt4Rk5FSk9Tazl6VVRSMmJrSklTZ290TFMwdExVVk9SQ0JEUlZKVVNVWkpRMEZVUlMwdExTMHRDZz09IgogICAgICBdCiAgICB9CiAgfSwKICAidGltZXN0YW1wYXV0aG9yaXRpZXMiOiB7CiAgICAiMjE1MWI2MTEzN2ZmYTg2YmY2NjQ2OTFiYTY3ZTdkYTBiMTlmOThjNzU4ZTNkMjI4ZDVkOGViZjI3ZTA0NDQzOCI6IHsKICAgICAgImNlcnRpZmljYXRlIjogIkxTMHRMUzFDUlVkSlRpQkRSVkpVU1VaSlEwRlVSUzB0TFMwdENrMUpTVWd2ZWtORFFtVmxaMEYzU1VKQlowbEtRVTFJY0dob1dVNXhUMjFCVFVFd1IwTlRjVWRUU1dJelJGRkZRa1JSVlVGTlNVZFdUVkpGZDBSM1dVUUtWbEZSUzBWM2FFZGpiVlpzU1VaU1ZGRlVSVkZOUVRSSFFURlZSVU40VFVoVmJUbDJaRU5DUkZGVVJWbE5RbGxIUVRGVlJVRjRUVkJrTTJRelRHMWFlUXBhVjFZd1l6SkZkV0l6U201TlUwbDNTVUZaU2t0dldrbG9kbU5PUVZGclFrWm9UbWxrV0U1d1lrZFdObGxZVGtGYU1qRm9ZVmQzZFZreU9YUk5Va2wzQ2tWQldVUldVVkZJUlhkc1dHUlhWbmxsYlVveFkyMWplRVI2UVU1Q1owNVdRa0ZuVkVKclNtaGxWMVo1WW1wRlRFMUJhMGRCTVZWRlFtaE5RMUpGVlhjS1NHaGpUazFVV1hkTmVrVjZUVVJGTVUxcVJYcFhhR05PVGtSRmQwMTZRVE5OUkVVeFRXcEZlbGRxUTBKc1ZFVlNUVUU0UjBFeFZVVkRhRTFKVW01S2JBcGFVMEpWVlRCRmVFVkVRVTlDWjA1V1FrRnpWRUl4U25aaU0xRm5VVEJGZUVkRVFWZENaMDVXUWtGTlZFUXpaRE5rZVRWdFkyMVdiR1JJVG1oTWJUbDVDbHA2UldsTlEwRkhRMU54UjFOSllqTkVVVVZLUVZKWlZGbHVWbnBoVjNoc1pXMUdlbEZIWkhSWlYyeHpURzFPZG1KVVJWTk5Ra0ZIUVRGVlJVSjRUVW9LVmpOV2JHTnVjR2xrV0VwdVRWRTRkMFJSV1VSV1VWRkpSWGRhUTFsWWJHeGpiVFI0UTNwQlNrSm5UbFpDUVZsVVFXdFNSazFKU1VOSmFrRk9RbWRyY1Fwb2EybEhPWGN3UWtGUlJVWkJRVTlEUVdjNFFVMUpTVU5EWjB0RFFXZEZRWFJuUzA5RWFrRjVPRkpGVVRKWFZFNXhWWFZrUVc1cWFHeERjbkJGTm5Gc0NtMVJaazV3Y0dWVWJWWjJXbkpJTkhwMWRHNHJUbmRVWVVoQlIzQnFVMGQyTkM5WFVuQmFNWGRhTTBKU1dqVnRVRlZDV25sTVozRXdXWEpKWmxFMVJuZ0tNSE12VFZKYVVIcGpNWEl6YkV0WGNrMVNPWE5CVVhnMGJVNDBlakV4ZUVaRlR6VXlPVXd3WkVaS2FsQkdPVTFFT0Vkd1pESm1aVmQ2UjNsd2RHeGxiQXBpSzFCeFZDc3JLMlpQWVRKdldUQXJUbUZOVFRkc0wzaGpUa2hRVDJGTmVqQXZNbTlzYXpCcE1qSm9Za3RsVm1oMmIydFFRM0ZvUm1oNmMzVm9TM050Q25FMFQyWXZieXQwTm1SSk4zTjROV2d3YmxCTmJUUm5SMU5TYUdaeEszbzJRbFJTWjBOeWNWRkhNa1pQVEc5V1JtZDBObWxKYlM5Q2JrNW1abFZ5TjFZS1JGbGtNM3BhYlVsM1JrOXFMMGd6UkV0SWIwZHBheTk0U3pORk9ESlpRVEphZFd4V1QwWlNWeTk2YWpSQmNHcFFZVFZQUm1Kd1NXdGtNSEJ0ZW5oNlpBcEZZMHcwTnpsb1UwRTVaRVpwZVZadFUzaFFkRmsxZW1VeFVDdENSVGxpVFZVeFVGTmpjRko2ZHpoTlNFWlllSGxMY1ZjeE0xRjJOMHhYZHpSelltc3pDbE5qYVVJM1IwRkRZbEZwVmtkNloydDJXRWMyZVRnMVNFOTFkbGRPZGtNMVIweFRhWGxRT1Vkc1VFSXdWalk0ZEdKNGVqUktWbFJTWkhjdldHNHZXRlFLUms1NlVrSk5NMk54T0d4Q1QwRldkQzlRUVZnMUszVkdZM1l4VXpsM1JrVTRXV3BoUW1aWFExQXhhbVJDYVd3cll6UmxLekIwWkhsM1ZESnZTbTFaUWdwQ1JpOXJSWFF4ZDIxSGQwMXRTSFZ1VGtWMVVVNTZhREZHZEVwWk5UUm9ZbFZtYVZkcE16aHRRVk5GTjNoTmRFMW9abW92UXpSVGRtRndhVVJPT0RNM0NtZFpZVkJtY3poNE0wdGFlR0pZTjBNeldVRnpSbTVLYVc1c2QwRlZjM014Wm1STFlYSTRVUzlaVm5NM1NDOXVWVFJqTkVsNGVIaDZOR1kyTjJaalZuRUtUVEpKVkV0bGJuUmlRMDFEUVhkRlFVRmhUME5CYXpSM1oyZEtTMDFCZDBkQk1WVmtSWGRSUmsxQlRVSkJaamgzUkdkWlJGWlNNRkJCVVVndlFrRlJSQXBCWjBoSFRVSXdSMEV4VldSRVoxRlhRa0pVTmxaUk1rMU9SMXBTVVRCNk16VTNUMjVpU2xkMlpYVmhhMng2UTBKNVoxbEVWbEl3YWtKSlNFTk5TVWN2Q21kQ1ZEWldVVEpOVGtkYVVsRXdlak0xTjA5dVlrcFhkbVYxWVd0c05rZENiVFpUUW0xRVEwSnNWRVZTVFVFNFIwRXhWVVZEYUUxSlVtNUtiRnBUUWxVS1ZUQkZlRVZFUVU5Q1owNVdRa0Z6VkVJeFNuWmlNMUZuVVRCRmVFZEVRVmRDWjA1V1FrRk5WRVF6WkROa2VUVnRZMjFXYkdSSVRtaE1iVGw1V25wRmFRcE5RMEZIUTFOeFIxTkpZak5FVVVWS1FWSlpWRmx1Vm5waFYzaHNaVzFHZWxGSFpIUlpWMnh6VEcxT2RtSlVSVk5OUWtGSFFURlZSVUo0VFVwV00xWnNDbU51Y0dsa1dFcHVUVkU0ZDBSUldVUldVVkZKUlhkYVExbFliR3hqYlRSNFEzcEJTa0puVGxaQ1FWbFVRV3RTUm1kbmEwRjNaVzFIUm1jeWJ6WlpRWGNLVFhkWlJGWlNNR1pDUTNkM1MycEJiMjlEWVdkS1NWbHBZVWhTTUdORWIzWk1NMlF6WkhrMWJXTnRWbXhrU0U1b1RHMDVlVnA1T1hsaU1qa3dXREpPYUFwTWJVNTVZa1JEUW5wM1dVUldVakJuUWtsSVNFMUpTRVZOU1VoQ1FtZHZja0puUlVWQldVaDVTa0ZGUWsxSlIzbE5SRTFIUTBOelIwRlJWVVpDZDBsQ0NrWnBaRzlrU0ZKM1QyazRkbVF6WkROTWJWcDVXbGRXTUdNeVJYVmlNMHB1VERKYWVWcFhWakJqTWtabVdUTkNla3h0YURCaVYzZDNUV2RaU1V0M1dVSUtRbEZWU0VGblJWZEtiV2d3WkVoQk5reDVPVE5rTTJOMVdtNUtiRnBZVW5wWlV6VjJZMjFqZGxwdVNteGFXRko2V1ZZNWFtTklUWFZqUjFKdFRVVmpSd3BEUTNOSFFWRlZSa0ozU1VOTlJITmhUMVZhZVZwWFZsVlZNRVZuWkVoS01XTXpVbXhhUTBJd1lWY3hiR016VW1oaVdFSndZbTFqWjFVeU9XMWtTR1JvQ21OdFZXZFpXRTFuV1ZOQ1ZGcFlTakpoVjA1c1NVTm9WRmxYUmxSTFZFRXpRbWRuY2tKblJVWkNVV05DUVZGUmNrMURhM2RLZDFsSlMzZFpRa0pSVlVnS1RVRkhSMGN5YURCa1NFRTJUSGs1TTJRelkzVmFia3BzV2xoU2VsbFROWFpqYldNMlRXcFZNazFFUVU1Q1oydHhhR3RwUnpsM01FSkJVVEJHUVVGUFF3cEJaMFZCWVVzNUszWTFUMFpaZFRsTk5ucDBXVU1yVERZNWMzY3hiMjFrZVd4cE9EbHNXa0ZtY0ZkTlRXZzVRMUp0U21oTk5rdENjVTB2YVhCM2IweDBDbTU0ZVhoSGMySkRVR2hqVVdwMVZIWjZiU3Q1YkU0MlZuZFVUVzFKYkZaNVZsTk1TMWxhWTJSVGFuUXZaVU5WVGlzME1VczNjMFEzUjFadGVGcENRVVlLU1V4dVFrUnRWRWRLYlV4cmNsVXdTM1YxU1hCcU9HeEpMMFUyV2paT2JtMTFVRElyVWtGUlUwaHpaa0pSYVRaemMzTnVXRTF2TkVoUFZ6Vm5kRkJQTndwblJISlZjRlpZU1VRckt6RlFORmh1Wkd0dlMyNDNVM1ozTlc0d2VsTTVabll4YUhoQ1kxbEpTRkJRVVZWNlpUSjFNekJpUVZGME1HNHdhVWw1VWt4NkNtRlhkV2gwY0VGMFpEZG1abmRGWWtGVFozcENOMFVyVGtkR05IUndWak0zWlRoTGFVRXllR2xIVTFKeFZEVnVaSFV5T0dabmNFOVpPRGRuUkROQmNsb0tSR04wV25aMlZFTm1TR1JCVXpWclJVOHpaMjVIUjJWYVJWWk1SRzFtUlhOMk9GUkhTbUV6UVd4cVZtRTFSVFF3U1ZGRWMxVlljRkZNYVRoSEsxVkROQW94UkZkYWRUaEZWbFEwY201WllVTjNNVlpZTjFOb1QxSXhVRTVEUTNacVlqaFRPSFJtWkhWa1pEbDZhRlV6WjBWQ01ISjRaR1ZVZVRGMFZtSk9URmhYQ2prNWVUa3dlR04zY2pGYVNVUlZkMDB2ZUZFdmJtOVBPRVpTYUcwd1RHOVFRemN6UldZclNqUmFRbVJ5ZGxkM1lYVkdNM3BLWlRNelpEUnBZbmhGWTJJS09DOXdlalZYZWtaclpXbDRXVTB5Ym5OSWFIRkljMEpMZHpkS1VHOTFTMDVZVW01c05VbEJSVEZsUm0xeFJIbEROMGN2VmxRM1QwWTJOamw0VFRab1lncFZkRFZITWpGS1JUUmpUa3MyVGs1MVkxTXJabnBuTVVwUVdEQXJNMVpvYzFsYWFtbzNSRFYxYkdwU2RsRllja280YVVobmNpOU5ObW95YjB4SWRsUkJDa2t5VFV4a2NUSnhhbHBHUkU5RFdITjRRbmhLY0dKdFRFZENlRGx2ZHpaYVpYSnNWWGg2ZDNNeVFWZDJNbkJyUFFvdExTMHRMVVZPUkNCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2c9PSIKICAgIH0KICB9LAogICJzdGVwcyI6IHsKICAgICJidWlsZCI6IHsKICAgICAgIm5hbWUiOiAiYnVpbGQiLAogICAgICAiZnVuY3Rpb25hcmllcyI6IFsKICAgICAgICB7CiAgICAgICAgICAidHlwZSI6ICJyb290IiwKICAgICAgICAgICJjZXJ0Q29uc3RyYWludCI6IHsKICAgICAgICAgICAgImNvbW1vbm5hbWUiOiAiKiIsCiAgICAgICAgICAgICJkbnNuYW1lcyI6IFsKICAgICAgICAgICAgICAiKiIKICAgICAgICAgICAgXSwKICAgICAgICAgICAgImVtYWlscyI6IFsKICAgICAgICAgICAgICAiKiIKICAgICAgICAgICAgXSwKICAgICAgICAgICAgIm9yZ2FuaXphdGlvbnMiOiBbCiAgICAgICAgICAgICAgIioiCiAgICAgICAgICAgIF0sCiAgICAgICAgICAgICJ1cmlzIjogWwogICAgICAgICAgICAgICIqIgogICAgICAgICAgICBdLAogICAgICAgICAgICAicm9vdHMiOiBbCiAgICAgICAgICAgICAgIjM4ZmUyNDAxMmMzZjNlZDE5MDcyMzJlZTg0YzQ1MDAyNTk3ZmUxMzJkMjI0MTMxZGEwOGU5OWI2NjVmMTExMTciCiAgICAgICAgICAgIF0KICAgICAgICAgIH0KICAgICAgICB9LAogICAgICAgIHsKICAgICAgICAgICJ0eXBlIjogInJvb3QiLAogICAgICAgICAgImNlcnRDb25zdHJhaW50IjogewogICAgICAgICAgICAiY29tbW9ubmFtZSI6ICIqIiwKICAgICAgICAgICAgImRuc25hbWVzIjogWwogICAgICAgICAgICAgICIqIgogICAgICAgICAgICBdLAogICAgICAgICAgICAiZW1haWxzIjogWwogICAgICAgICAgICAgICIqIgogICAgICAgICAgICBdLAogICAgICAgICAgICAib3JnYW5pemF0aW9ucyI6IFsKICAgICAgICAgICAgICAiKiIKICAgICAgICAgICAgXSwKICAgICAgICAgICAgInVyaXMiOiBbCiAgICAgICAgICAgICAgIioiCiAgICAgICAgICAgIF0sCiAgICAgICAgICAgICJyb290cyI6IFsKICAgICAgICAgICAgICAiMzhmZTI0MDEyYzNmM2VkMTkwNzIzMmVlODRjNDUwMDI1OTdmZTEzMmQyMjQxMzFkYTA4ZTk5YjY2NWYxMTExNyIsCiAgICAgICAgICAgICAgIjM4ZmUyNDAxMmMzZjNlZDE5MDcyMzJlZTg0YzQ1MDAyNTk3ZmUxMzJkMjI0MTMxZGEwOGU5OWI2NjVmMTExMTciCiAgICAgICAgICAgIF0KICAgICAgICAgIH0KICAgICAgICB9CiAgICAgIF0sCiAgICAgICJhdHRlc3RhdGlvbnMiOiBbCiAgICAgICAgewogICAgICAgICAgInR5cGUiOiAiaHR0cHM6Ly93aXRuZXNzLmRldi9hdHRlc3RhdGlvbnMvZ2l0L3YwLjEiLAogICAgICAgICAgInJlZ29wb2xpY2llcyI6IFtdCiAgICAgICAgfSwKICAgICAgICB7CiAgICAgICAgICAidHlwZSI6ICJodHRwczovL3dpdG5lc3MuZGV2L2F0dGVzdGF0aW9ucy9naXRodWIvdjAuMSIsCiAgICAgICAgICAicmVnb3BvbGljaWVzIjogWwogICAgICAgICAgICB7CiAgICAgICAgICAgICAgIm1vZHVsZSI6ICJjR0ZqYTJGblpTQm5hWFJvZFdJS0NXUmxibmxiYlhOblhTQjdDZ2tKYVc1d2RYUXVhbmQwTG1Oc1lXbHRjeTVoZFdRZ0lUMGdJbmRwZEc1bGMzTWlDZ2xwYm5CMWRDNXFkM1F1WTJ4aGFXMXpMbWx6Y3lBaFBTQWlhSFIwY0hNNkx5OTBiMnRsYmk1aFkzUnBiMjV6TG1kcGRHaDFZblZ6WlhKamIyNTBaVzUwTG1OdmJTSUtDV2x1Y0hWMExtcDNkQzVqYkdGcGJYTXVjbVZ3YjNOcGRHOXllU0FoUFNBaWRHVnpkR2xtZVhObFl5OW5ZV3hoWkhKcFpXd2lDZ2xwYm5CMWRDNXFkM1F1WTJ4aGFXMXpMbkoxYm01bGNsOWxiblpwY205dWJXVnVkQ0FoUFNBaVoybDBhSFZpTFdodmMzUmxaQ0lLQ1dsdWNIVjBMbU5wWTI5dVptbG5jR0YwYUNBaFBTQWlJZ29KYVc1d2RYUXVhbmQwTG1Oc1lXbHRjeTV5WlhCdmMybDBiM0o1WDI5M2JtVnlJQ0U5SUNKMFpYTjBhV1o1YzJWaklnb0phVzV3ZFhRdWFuZDBMblpsY21sbWFXVmtRbmt1YW5kcmMxVnliQ0FoUFNBaWFIUjBjSE02THk5MGIydGxiaTVoWTNScGIyNXpMbWRwZEdoMVluVnpaWEpqYjI1MFpXNTBMbU52YlM4dWQyVnNiQzFyYm05M2JpOXFkMnR6SWdvSkNXMXpaeUE2UFNBaWRXNWxlSEJsWTNSbFpDQjJZV3gxWlNCbWIzSWdhMlY1S0hNcElHcDNkQzVqYkdGcGJYTXVZWFZrTENCcWQzUXVZMnhoYVcxekxtbHpjeXdnYW5kMExtTnNZV2x0Y3k1eVpYQnZjMmwwYjNKNUxDQnFkM1F1WTJ4aGFXMXpMbkoxYm01bGNsOWxiblpwY205dWJXVnVkQ3dnWTJsamIyNW1hV2R3WVhSb0xDQnFkM1F1WTJ4aGFXMXpMbkpsY0c5emFYUnZjbmxmYjNkdVpYSXNJR3AzZEM1MlpYSnBabWxsWkVKNUxtcDNhM05WY213Z2FXNGdZWFIwWlhOMFlYUnBiMjRnZEhsd1pTQm9kSFJ3Y3pvdkwzZHBkRzVsYzNNdVpHVjJMMkYwZEdWemRHRjBhVzl1Y3k5bmFYUm9kV0l2ZGpBdU1TSUtDWDA9IiwKICAgICAgICAgICAgICAibmFtZSI6ICJidWlsZC1odHRwczovL3dpdG5lc3MuZGV2L2F0dGVzdGF0aW9ucy9naXRodWIvdjAuMSIKICAgICAgICAgICAgfQogICAgICAgICAgXQogICAgICAgIH0sCiAgICAgICAgewogICAgICAgICAgInR5cGUiOiAiaHR0cHM6Ly93aXRuZXNzLmRldi9hdHRlc3RhdGlvbnMvbWF0ZXJpYWwvdjAuMSIsCiAgICAgICAgICAicmVnb3BvbGljaWVzIjogW10KICAgICAgICB9LAogICAgICAgIHsKICAgICAgICAgICJ0eXBlIjogImh0dHBzOi8vd2l0bmVzcy5kZXYvYXR0ZXN0YXRpb25zL2NvbW1hbmQtcnVuL3YwLjEiLAogICAgICAgICAgInJlZ29wb2xpY2llcyI6IFtdCiAgICAgICAgfSwKICAgICAgICB7CiAgICAgICAgICAidHlwZSI6ICJodHRwczovL3dpdG5lc3MuZGV2L2F0dGVzdGF0aW9ucy9wcm9kdWN0L3YwLjEiLAogICAgICAgICAgInJlZ29wb2xpY2llcyI6IFtdCiAgICAgICAgfSwKICAgICAgICB7CiAgICAgICAgICAidHlwZSI6ICJodHRwczovL3dpdG5lc3MuZGV2L2F0dGVzdGF0aW9ucy9vY2kvdjAuMSIsCiAgICAgICAgICAicmVnb3BvbGljaWVzIjogW10KICAgICAgICB9CiAgICAgIF0KICAgIH0sCiAgICAiY29tbWl0IjogewogICAgICAibmFtZSI6ICJjb21taXQiLAogICAgICAiZnVuY3Rpb25hcmllcyI6IFsKICAgICAgICB7CiAgICAgICAgICAidHlwZSI6ICJyb290IiwKICAgICAgICAgICJjZXJ0Q29uc3RyYWludCI6IHsKICAgICAgICAgICAgImNvbW1vbm5hbWUiOiAiKiIsCiAgICAgICAgICAgICJkbnNuYW1lcyI6IFsKICAgICAgICAgICAgICAiKiIKICAgICAgICAgICAgXSwKICAgICAgICAgICAgImVtYWlscyI6IFsKICAgICAgICAgICAgICAiY29sZWs0MkBnbWFpbC5jb20iCiAgICAgICAgICAgIF0sCiAgICAgICAgICAgICJvcmdhbml6YXRpb25zIjogWwogICAgICAgICAgICAgICIqIgogICAgICAgICAgICBdLAogICAgICAgICAgICAidXJpcyI6IFsKICAgICAgICAgICAgICAiKiIKICAgICAgICAgICAgXSwKICAgICAgICAgICAgInJvb3RzIjogWwogICAgICAgICAgICAgICIzOGZlMjQwMTJjM2YzZWQxOTA3MjMyZWU4NGM0NTAwMjU5N2ZlMTMyZDIyNDEzMWRhMDhlOTliNjY1ZjExMTE3IgogICAgICAgICAgICBdCiAgICAgICAgICB9CiAgICAgICAgfQogICAgICBdLAogICAgICAiYXR0ZXN0YXRpb25zIjogWwogICAgICAgIHsKICAgICAgICAgICJ0eXBlIjogImh0dHBzOi8vd2l0bmVzcy5kZXYvYXR0ZXN0YXRpb25zL2dpdC92MC4xIiwKICAgICAgICAgICJyZWdvcG9saWNpZXMiOiBbXQogICAgICAgIH0sCiAgICAgICAgewogICAgICAgICAgInR5cGUiOiAiaHR0cHM6Ly93aXRuZXNzLmRldi9hdHRlc3RhdGlvbnMvbWF0ZXJpYWwvdjAuMSIsCiAgICAgICAgICAicmVnb3BvbGljaWVzIjogW10KICAgICAgICB9LAogICAgICAgIHsKICAgICAgICAgICJ0eXBlIjogImh0dHBzOi8vd2l0bmVzcy5kZXYvYXR0ZXN0YXRpb25zL3Byb2R1Y3QvdjAuMSIsCiAgICAgICAgICAicmVnb3BvbGljaWVzIjogW10KICAgICAgICB9CiAgICAgIF0KICAgIH0sCiAgICAic2NhbiI6IHsKICAgICAgIm5hbWUiOiAic2NhbiIsCiAgICAgICJmdW5jdGlvbmFyaWVzIjogWwogICAgICAgIHsKICAgICAgICAgICJ0eXBlIjogInJvb3QiLAogICAgICAgICAgImNlcnRDb25zdHJhaW50IjogewogICAgICAgICAgICAiY29tbW9ubmFtZSI6ICIqIiwKICAgICAgICAgICAgImRuc25hbWVzIjogWwogICAgICAgICAgICAgICIqIgogICAgICAgICAgICBdLAogICAgICAgICAgICAiZW1haWxzIjogWwogICAgICAgICAgICAgICIqIgogICAgICAgICAgICBdLAogICAgICAgICAgICAib3JnYW5pemF0aW9ucyI6IFsKICAgICAgICAgICAgICAiKiIKICAgICAgICAgICAgXSwKICAgICAgICAgICAgInVyaXMiOiBbCiAgICAgICAgICAgICAgIioiCiAgICAgICAgICAgIF0sCiAgICAgICAgICAgICJyb290cyI6IFsKICAgICAgICAgICAgICAiMzhmZTI0MDEyYzNmM2VkMTkwNzIzMmVlODRjNDUwMDI1OTdmZTEzMmQyMjQxMzFkYTA4ZTk5YjY2NWYxMTExNyIKICAgICAgICAgICAgXQogICAgICAgICAgfQogICAgICAgIH0KICAgICAgXSwKICAgICAgImF0dGVzdGF0aW9ucyI6IFsKICAgICAgICB7CiAgICAgICAgICAidHlwZSI6ICJodHRwczovL3dpdG5lc3MuZGV2L2F0dGVzdGF0aW9ucy9naXQvdjAuMSIsCiAgICAgICAgICAicmVnb3BvbGljaWVzIjogW10KICAgICAgICB9LAogICAgICAgIHsKICAgICAgICAgICJ0eXBlIjogImh0dHBzOi8vd2l0bmVzcy5kZXYvYXR0ZXN0YXRpb25zL2dpdGh1Yi92MC4xIiwKICAgICAgICAgICJyZWdvcG9saWNpZXMiOiBbCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAibW9kdWxlIjogImNHRmphMkZuWlNCbmFYUm9kV0lLQ1dSbGJubGJiWE5uWFNCN0Nna0phVzV3ZFhRdWFuZDBMbU5zWVdsdGN5NWhkV1FnSVQwZ0luZHBkRzVsYzNNaUNnbHBibkIxZEM1cWQzUXVZMnhoYVcxekxtbHpjeUFoUFNBaWFIUjBjSE02THk5MGIydGxiaTVoWTNScGIyNXpMbWRwZEdoMVluVnpaWEpqYjI1MFpXNTBMbU52YlNJS0NXbHVjSFYwTG1wM2RDNWpiR0ZwYlhNdWNtVndiM05wZEc5eWVTQWhQU0FpZEdWemRHbG1lWE5sWXk5bllXeGhaSEpwWld3aUNnbHBibkIxZEM1cWQzUXVZMnhoYVcxekxuSjFibTVsY2w5bGJuWnBjbTl1YldWdWRDQWhQU0FpWjJsMGFIVmlMV2h2YzNSbFpDSUtDV2x1Y0hWMExtTnBZMjl1Wm1sbmNHRjBhQ0FoUFNBaUlnb0phVzV3ZFhRdWFuZDBMbU5zWVdsdGN5NXlaWEJ2YzJsMGIzSjVYMjkzYm1WeUlDRTlJQ0owWlhOMGFXWjVjMlZqSWdvSmFXNXdkWFF1YW5kMExuWmxjbWxtYVdWa1Fua3VhbmRyYzFWeWJDQWhQU0FpYUhSMGNITTZMeTkwYjJ0bGJpNWhZM1JwYjI1ekxtZHBkR2gxWW5WelpYSmpiMjUwWlc1MExtTnZiUzh1ZDJWc2JDMXJibTkzYmk5cWQydHpJZ29KQ1cxelp5QTZQU0FpZFc1bGVIQmxZM1JsWkNCMllXeDFaU0JtYjNJZ2EyVjVLSE1wSUdwM2RDNWpiR0ZwYlhNdVlYVmtMQ0JxZDNRdVkyeGhhVzF6TG1semN5d2dhbmQwTG1Oc1lXbHRjeTV5WlhCdmMybDBiM0o1TENCcWQzUXVZMnhoYVcxekxuSjFibTVsY2w5bGJuWnBjbTl1YldWdWRDd2dZMmxqYjI1bWFXZHdZWFJvTENCcWQzUXVZMnhoYVcxekxuSmxjRzl6YVhSdmNubGZiM2R1WlhJc0lHcDNkQzUyWlhKcFptbGxaRUo1TG1wM2EzTlZjbXdnYVc0Z1lYUjBaWE4wWVhScGIyNGdkSGx3WlNCb2RIUndjem92TDNkcGRHNWxjM011WkdWMkwyRjBkR1Z6ZEdGMGFXOXVjeTluYVhSb2RXSXZkakF1TVNJS0NYMD0iLAogICAgICAgICAgICAgICJuYW1lIjogInNjYW4taHR0cHM6Ly93aXRuZXNzLmRldi9hdHRlc3RhdGlvbnMvZ2l0aHViL3YwLjEiCiAgICAgICAgICAgIH0KICAgICAgICAgIF0KICAgICAgICB9LAogICAgICAgIHsKICAgICAgICAgICJ0eXBlIjogImh0dHBzOi8vd2l0bmVzcy5kZXYvYXR0ZXN0YXRpb25zL21hdGVyaWFsL3YwLjEiLAogICAgICAgICAgInJlZ29wb2xpY2llcyI6IFtdCiAgICAgICAgfSwKICAgICAgICB7CiAgICAgICAgICAidHlwZSI6ICJodHRwczovL3dpdG5lc3MuZGV2L2F0dGVzdGF0aW9ucy9jb21tYW5kLXJ1bi92MC4xIiwKICAgICAgICAgICJyZWdvcG9saWNpZXMiOiBbXQogICAgICAgIH0sCiAgICAgICAgewogICAgICAgICAgInR5cGUiOiAiaHR0cHM6Ly93aXRuZXNzLmRldi9hdHRlc3RhdGlvbnMvcHJvZHVjdC92MC4xIiwKICAgICAgICAgICJyZWdvcG9saWNpZXMiOiBbXQogICAgICAgIH0sCiAgICAgICAgewogICAgICAgICAgInR5cGUiOiAiaHR0cHM6Ly93aXRuZXNzLmRldi9hdHRlc3RhdGlvbnMvc2FyaWYvdjAuMSIsCiAgICAgICAgICAicmVnb3BvbGljaWVzIjogW10KICAgICAgICB9CiAgICAgIF0KICAgIH0KICB9Cn0K","payloadType":"https://witness.testifysec.com/policy/v0.1","signatures":[{"keyid":"a0e98f1869e6730b02f80dc5d2ddd7149d0dcba3ecb2f4cbf1aeaa6ef8bb069d","sig":"Id+sEVgrb6Unes3R1s1Z7nZDmZ8cEhfHJQxI9DyRkxx52KgcQ6c2vjs9m3y8wxSpRmwNbV7zIzEd4Opp9eMAk3bX2qrJXg38cQo0G6f5hIpkyhwmTjWbvPlJ3sRP6vBiw0DnrvBCLgc9UZpZgL7p43sXA/3ctwl2t/O8nVzqaNz8lVoe75oMt5sdRg+XlEq3AE9YSMitt+yDtztp5ZiAzLE2+scg2zLb1hPsuiQkHPp5lrrqPhDD7x2QhhM0hn8vl4CRrU8IPK6A9q2XzZmrQy4lgcX1+X0b8ojWiLEUidMUjQv4R3WCHy9UeOk0As+nFB1ylqveRxmMSuPP0ZfX9A=="}]} +{"payload":"ewogICJleHBpcmVzIjogIjIwMjMtMDctMjhUMTE6NDg6MzkuMDIwMzg1OTU3LTA1OjAwIiwKICAicm9vdHMiOiB7CiAgICAiMzhmZTI0MDEyYzNmM2VkMTkwNzIzMmVlODRjNDUwMDI1OTdmZTEzMmQyMjQxMzFkYTA4ZTk5YjY2NWYxMTExNyI6IHsKICAgICAgImNlcnRpZmljYXRlIjogIkNpMHRMUzB0UWtWSFNVNGdRMFZTVkVsR1NVTkJWRVV0TFMwdExRcE5TVWxEUjJwRFEwRmhSMmRCZDBsQ1FXZEpWVUZNYmxacFZtWnVWVEJpY2twaGMyMVNhMGh5Ymk5VmJtWmhVWGREWjFsSlMyOWFTWHBxTUVWQmQwMTNDa3RxUlZaTlFrMUhRVEZWUlVOb1RVMWpNbXh1WXpOU2RtTnRWWFZhUjFZeVRWSkZkMFIzV1VSV1VWRkVSWGRvZW1GWFpIcGtSemw1V2xSQlpVWjNNSGtLVFdwQk1FMVVUWGxOUkVFeVRWUldZVVozTUhwTlZFVjNUVVJWZUUxNlZUSk9WR2hoVFVSamVFWlVRVlJDWjA1V1FrRnZWRVJJVG5CYU0wNHdZak5LYkFwTWJWSnNaR3BGWlUxQ2QwZEJNVlZGUVhoTlZtTXliRzVqTTFKMlkyMVZkR0ZYTlRCYVdFcDBXbGRTY0ZsWVVteE5TRmwzUlVGWlNFdHZXa2w2YWpCRENrRlJXVVpMTkVWRlFVTkpSRmxuUVVVNFVsWlRMM2x6U0N0T1QzWjFSRnA1VUVsYWRHbHNaMVZHT1U1c1lYSlpjRUZrT1VoUU1YWkNRa2d4VlRWRFZqY0tOMHhUVXpkek1GcHBTRFJ1UlRkSWRqZHdkRk0yVEhaMlVpOVRWR3MzT1RoTVZtZE5la3hzU2pSSVpVbG1Sak4wU0ZOaFpYaE1ZMWx3VTBGVGNqRnJVd293VGk5U1owSktlaTg1YWxkRGFWaHViek56ZDJWVVFVOUNaMDVXU0ZFNFFrRm1PRVZDUVUxRFFWRlpkMFYzV1VSV1VqQnNRa0YzZDBObldVbExkMWxDQ2tKUlZVaEJkMDEzUldkWlJGWlNNRlJCVVVndlFrRm5kMEpuUlVJdmQwbENRVVJCWkVKblRsWklVVFJGUm1kUlZUTTVVSEI2TVZsclJWcGlOWEZPYW5BS1MwWlhhWGhwTkZsYVJEaDNTSGRaUkZaU01HcENRbWQzUm05QlZWZE5RV1ZZTlVaR2NGZGhjR1Z6ZVZGdldrMXBNRU55Um5obWIzZERaMWxKUzI5YVNRcDZhakJGUVhkTlJGcDNRWGRhUVVsM1VFTnpVVXMwUkZscFdsbEVVRWxoUkdrMVNFWkxibVo0V0hnMlFWTlRWbTFGVW1aemVXNVpRbWxZTWxnMlUwcFNDbTVhVlRnMEx6bEVXbVJ1Um5aMmVHMUJha0pQZERaUmNFSnNZelJLTHpCRWVIWnJWRU54Y0dOc2RucHBURFpDUTBOUWJtcGtiRWxDTTFCMU0wSjRjMUFLYlhsblZWazNTV2t5ZW1Ka1EyUnNhV2x2ZHowS0xTMHRMUzFGVGtRZ1EwVlNWRWxHU1VOQlZFVXRMUzB0TFFvPSIsCiAgICAgICJpbnRlcm1lZGlhdGVzIjogWwogICAgICAgICJDaTB0TFMwdFFrVkhTVTRnUTBWU1ZFbEdTVU5CVkVVdExTMHRMUXBOU1VsQ09YcERRMEZZZVdkQmQwbENRV2RKVlVGTVdrNUJVRVprZUVoUWQycGxSR3h2UkhkNVdVTm9RVTh2TkhkRFoxbEpTMjlhU1hwcU1FVkJkMDEzQ2t0cVJWWk5RazFIUVRGVlJVTm9UVTFqTW14dVl6TlNkbU50VlhWYVIxWXlUVkpGZDBSM1dVUldVVkZFUlhkb2VtRlhaSHBrUnpsNVdsUkJaVVozTUhrS1RWUkZkMDFFWTNoTmVsVXlUbFJzWVVaM01IcE5WRVYzVFVSVmVFMTZWVEpPVkdoaFRVTnZlRVpVUVZSQ1owNVdRa0Z2VkVSSVRuQmFNMDR3WWpOS2JBcE1iVkpzWkdwRlVrMUJPRWRCTVZWRlFYaE5TV015Ykc1ak0xSjJZMjFWZDJScVFWRkNaMk54YUd0cVQxQlJTVUpDWjFWeVoxRlJRVWxuVG1sQlFWUTNDbGhsUmxRMGNtSXpVRkZIZDFNMFNXRnFkRXhyTXk5UGJHNXdaMkZ1WjJGQ1kyeFpjSE5aUW5JMWFTczBlVzVDTURkalpXSXpURkF3VDBsUFdtUjRaWGdLV0RZNVl6VnBWblY1U2xKUkswaDZNRFY1YVN0VlJqTjFRbGRCYkVod2FWTTFjMmd3SzBneVIwaEZOMU5ZY21zeFJVTTFiVEZVY2pFNVREbG5aemt5YWdwWmVrSm9UVUUwUjBFeFZXUkVkMFZDTDNkUlJVRjNTVUpDYWtGUVFtZE9Wa2hTVFVKQlpqaEZRbFJCUkVGUlNDOU5RakJIUVRGVlpFUm5VVmRDUWxKWkNuZENOV1pyVlZkc1duRnNObnBLUTJocmVVeFJTM05ZUml0cVFXWkNaMDVXU0ZOTlJVZEVRVmRuUWxKWmQwSTFabXRWVjJ4YWNXdzJla3BEYUd0NVRGRUtTM05ZUml0cVFVdENaMmR4YUd0cVQxQlJVVVJCZDA1d1FVUkNiVUZxUlVGcU1XNUlaVmhhY0NzeE0wNVhRazVoSzBWRWMwUlFPRWN4VjFkbk1YUkRUUXBYVUM5WFNGQnhjR0ZXYnpCcWFITjNaVTVHV21kVGN6QmxSVGQzV1VrMGNVRnFSVUV5VjBJNWIzUTVPSE5KYTI5R00zWmFXV1JrTXk5V2RGZENOV0k1Q2xST1RXVmhOMGw0TDNOMFNqVlVabU5NVEdWQlFreEZORUpPU2s5elVUUjJia0pJU2dvdExTMHRMVVZPUkNCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2c9PSIKICAgICAgXQogICAgfQogIH0sCiAgInRpbWVzdGFtcGF1dGhvcml0aWVzIjogewogICAgIjIxNTFiNjExMzdmZmE4NmJmNjY0NjkxYmE2N2U3ZGEwYjE5Zjk4Yzc1OGUzZDIyOGQ1ZDhlYmYyN2UwNDQ0MzgiOiB7CiAgICAgICJjZXJ0aWZpY2F0ZSI6ICJMUzB0TFMxQ1JVZEpUaUJEUlZKVVNVWkpRMEZVUlMwdExTMHRDazFKU1VndmVrTkRRbVZsWjBGM1NVSkJaMGxLUVUxSWNHaG9XVTV4VDIxQlRVRXdSME5UY1VkVFNXSXpSRkZGUWtSUlZVRk5TVWRXVFZKRmQwUjNXVVFLVmxGUlMwVjNhRWRqYlZac1NVWlNWRkZVUlZGTlFUUkhRVEZWUlVONFRVaFZiVGwyWkVOQ1JGRlVSVmxOUWxsSFFURlZSVUY0VFZCa00yUXpURzFhZVFwYVYxWXdZekpGZFdJelNtNU5VMGwzU1VGWlNrdHZXa2xvZG1OT1FWRnJRa1pvVG1sa1dFNXdZa2RXTmxsWVRrRmFNakZvWVZkM2RWa3lPWFJOVWtsM0NrVkJXVVJXVVZGSVJYZHNXR1JYVm5sbGJVb3hZMjFqZUVSNlFVNUNaMDVXUWtGblZFSnJTbWhsVjFaNVltcEZURTFCYTBkQk1WVkZRbWhOUTFKRlZYY0tTR2hqVGsxVVdYZE5la1Y2VFVSRk1VMXFSWHBYYUdOT1RrUkZkMDE2UVROTlJFVXhUV3BGZWxkcVEwSnNWRVZTVFVFNFIwRXhWVVZEYUUxSlVtNUtiQXBhVTBKVlZUQkZlRVZFUVU5Q1owNVdRa0Z6VkVJeFNuWmlNMUZuVVRCRmVFZEVRVmRDWjA1V1FrRk5WRVF6WkROa2VUVnRZMjFXYkdSSVRtaE1iVGw1Q2xwNlJXbE5RMEZIUTFOeFIxTkpZak5FVVVWS1FWSlpWRmx1Vm5waFYzaHNaVzFHZWxGSFpIUlpWMnh6VEcxT2RtSlVSVk5OUWtGSFFURlZSVUo0VFVvS1ZqTldiR051Y0dsa1dFcHVUVkU0ZDBSUldVUldVVkZKUlhkYVExbFliR3hqYlRSNFEzcEJTa0puVGxaQ1FWbFVRV3RTUmsxSlNVTkpha0ZPUW1kcmNRcG9hMmxIT1hjd1FrRlJSVVpCUVU5RFFXYzRRVTFKU1VORFowdERRV2RGUVhSblMwOUVha0Y1T0ZKRlVUSlhWRTV4VlhWa1FXNXFhR3hEY25CRk5uRnNDbTFSWms1d2NHVlViVloyV25KSU5IcDFkRzRyVG5kVVlVaEJSM0JxVTBkMk5DOVhVbkJhTVhkYU0wSlNXalZ0VUZWQ1dubE1aM0V3V1hKSlpsRTFSbmdLTUhNdlRWSmFVSHBqTVhJemJFdFhjazFTT1hOQlVYZzBiVTQwZWpFeGVFWkZUelV5T1V3d1pFWkthbEJHT1UxRU9FZHdaREptWlZkNlIzbHdkR3hsYkFwaUsxQnhWQ3NySzJaUFlUSnZXVEFyVG1GTlRUZHNMM2hqVGtoUVQyRk5lakF2TW05c2F6QnBNakpvWWt0bFZtaDJiMnRRUTNGb1JtaDZjM1ZvUzNOdENuRTBUMll2Ynl0ME5tUkpOM040Tldnd2JsQk5iVFJuUjFOU2FHWnhLM28yUWxSU1owTnljVkZITWtaUFRHOVdSbWQwTm1sSmJTOUNiazVtWmxWeU4xWUtSRmxrTTNwYWJVbDNSazlxTDBnelJFdEliMGRwYXk5NFN6TkZPREpaUVRKYWRXeFdUMFpTVnk5NmFqUkJjR3BRWVRWUFJtSndTV3RrTUhCdGVuaDZaQXBGWTB3ME56bG9VMEU1WkVacGVWWnRVM2hRZEZrMWVtVXhVQ3RDUlRsaVRWVXhVRk5qY0ZKNmR6aE5TRVpZZUhsTGNWY3hNMUYyTjB4WGR6UnpZbXN6Q2xOamFVSTNSMEZEWWxGcFZrZDZaMnQyV0VjMmVUZzFTRTkxZGxkT2RrTTFSMHhUYVhsUU9VZHNVRUl3VmpZNGRHSjRlalJLVmxSU1pIY3ZXRzR2V0ZRS1JrNTZVa0pOTTJOeE9HeENUMEZXZEM5UVFWZzFLM1ZHWTNZeFV6bDNSa1U0V1dwaFFtWlhRMUF4YW1SQ2FXd3JZelJsS3pCMFpIbDNWREp2U20xWlFncENSaTlyUlhReGQyMUhkMDF0U0hWdVRrVjFVVTU2YURGR2RFcFpOVFJvWWxWbWFWZHBNemh0UVZORk4zaE5kRTFvWm1vdlF6UlRkbUZ3YVVST09ETTNDbWRaWVZCbWN6aDRNMHRhZUdKWU4wTXpXVUZ6Um01S2FXNXNkMEZWYzNNeFptUkxZWEk0VVM5WlZuTTNTQzl1VlRSak5FbDRlSGg2TkdZMk4yWmpWbkVLVFRKSlZFdGxiblJpUTAxRFFYZEZRVUZoVDBOQmF6UjNaMmRLUzAxQmQwZEJNVlZrUlhkUlJrMUJUVUpCWmpoM1JHZFpSRlpTTUZCQlVVZ3ZRa0ZSUkFwQlowaEhUVUl3UjBFeFZXUkVaMUZYUWtKVU5sWlJNazFPUjFwU1VUQjZNelUzVDI1aVNsZDJaWFZoYTJ4NlEwSjVaMWxFVmxJd2FrSkpTRU5OU1VjdkNtZENWRFpXVVRKTlRrZGFVbEV3ZWpNMU4wOXVZa3BYZG1WMVlXdHNOa2RDYlRaVFFtMUVRMEpzVkVWU1RVRTRSMEV4VlVWRGFFMUpVbTVLYkZwVFFsVUtWVEJGZUVWRVFVOUNaMDVXUWtGelZFSXhTblppTTFGblVUQkZlRWRFUVZkQ1owNVdRa0ZOVkVRelpETmtlVFZ0WTIxV2JHUklUbWhNYlRsNVducEZhUXBOUTBGSFExTnhSMU5KWWpORVVVVktRVkpaVkZsdVZucGhWM2hzWlcxR2VsRkhaSFJaVjJ4elRHMU9kbUpVUlZOTlFrRkhRVEZWUlVKNFRVcFdNMVpzQ21OdWNHbGtXRXB1VFZFNGQwUlJXVVJXVVZGSlJYZGFRMWxZYkd4amJUUjRRM3BCU2tKblRsWkNRVmxVUVd0U1JtZG5hMEYzWlcxSFJtY3lielpaUVhjS1RYZFpSRlpTTUdaQ1EzZDNTMnBCYjI5RFlXZEtTVmxwWVVoU01HTkViM1pNTTJRelpIazFiV050Vm14a1NFNW9URzA1ZVZwNU9YbGlNamt3V0RKT2FBcE1iVTU1WWtSRFFucDNXVVJXVWpCblFrbElTRTFKU0VWTlNVaENRbWR2Y2tKblJVVkJXVWg1U2tGRlFrMUpSM2xOUkUxSFEwTnpSMEZSVlVaQ2QwbENDa1pwWkc5a1NGSjNUMms0ZG1RelpETk1iVnA1V2xkV01HTXlSWFZpTTBwdVRESmFlVnBYVmpCak1rWm1XVE5DZWt4dGFEQmlWM2QzVFdkWlNVdDNXVUlLUWxGVlNFRm5SVmRLYldnd1pFaEJOa3g1T1ROa00yTjFXbTVLYkZwWVVucFpVelYyWTIxamRscHVTbXhhV0ZKNldWWTVhbU5JVFhWalIxSnRUVVZqUndwRFEzTkhRVkZWUmtKM1NVTk5SSE5oVDFWYWVWcFhWbFZWTUVWblpFaEtNV016VW14YVEwSXdZVmN4YkdNelVtaGlXRUp3WW0xaloxVXlPVzFrU0dSb0NtTnRWV2RaV0UxbldWTkNWRnBZU2pKaFYwNXNTVU5vVkZsWFJsUkxWRUV6UW1kbmNrSm5SVVpDVVdOQ1FWRlJjazFEYTNkS2QxbEpTM2RaUWtKUlZVZ0tUVUZIUjBjeWFEQmtTRUUyVEhrNU0yUXpZM1ZhYmtwc1dsaFNlbGxUTlhaamJXTTJUV3BWTWsxRVFVNUNaMnR4YUd0cFJ6bDNNRUpCVVRCR1FVRlBRd3BCWjBWQllVczVLM1kxVDBaWmRUbE5ObnAwV1VNclREWTVjM2N4YjIxa2VXeHBPRGxzV2tGbWNGZE5UV2c1UTFKdFNtaE5Oa3RDY1UwdmFYQjNiMHgwQ201NGVYaEhjMkpEVUdoalVXcDFWSFo2YlN0NWJFNDJWbmRVVFcxSmJGWjVWbE5NUzFsYVkyUlRhblF2WlVOVlRpczBNVXMzYzBRM1IxWnRlRnBDUVVZS1NVeHVRa1J0VkVkS2JVeHJjbFV3UzNWMVNYQnFPR3hKTDBVMldqWk9ibTExVURJclVrRlJVMGh6WmtKUmFUWnpjM051V0Uxdk5FaFBWelZuZEZCUE53cG5SSEpWY0ZaWVNVUXJLekZRTkZodVpHdHZTMjQzVTNaM05XNHdlbE01Wm5ZeGFIaENZMWxKU0ZCUVVWVjZaVEoxTXpCaVFWRjBNRzR3YVVsNVVreDZDbUZYZFdoMGNFRjBaRGRtWm5kRllrRlRaM3BDTjBVclRrZEdOSFJ3VmpNM1pUaExhVUV5ZUdsSFUxSnhWRFZ1WkhVeU9HWm5jRTlaT0RkblJETkJjbG9LUkdOMFduWjJWRU5tU0dSQlV6VnJSVTh6WjI1SFIyVmFSVlpNUkcxbVJYTjJPRlJIU21FelFXeHFWbUUxUlRRd1NWRkVjMVZZY0ZGTWFUaEhLMVZETkFveFJGZGFkVGhGVmxRMGNtNVpZVU4zTVZaWU4xTm9UMUl4VUU1RFEzWnFZamhUT0hSbVpIVmtaRGw2YUZVelowVkNNSEo0WkdWVWVURjBWbUpPVEZoWENqazVlVGt3ZUdOM2NqRmFTVVJWZDAwdmVGRXZibTlQT0VaU2FHMHdURzlRUXpjelJXWXJTalJhUW1SeWRsZDNZWFZHTTNwS1pUTXpaRFJwWW5oRlkySUtPQzl3ZWpWWGVrWnJaV2w0V1UweWJuTklhSEZJYzBKTGR6ZEtVRzkxUzA1WVVtNXNOVWxCUlRGbFJtMXhSSGxETjBjdlZsUTNUMFkyTmpsNFRUWm9ZZ3BWZERWSE1qRktSVFJqVGtzMlRrNTFZMU1yWm5wbk1VcFFXREFyTTFab2MxbGFhbW8zUkRWMWJHcFNkbEZZY2tvNGFVaG5jaTlOTm1veWIweElkbFJCQ2treVRVeGtjVEp4YWxwR1JFOURXSE40UW5oS2NHSnRURWRDZURsdmR6WmFaWEpzVlhoNmQzTXlRVmQyTW5CclBRb3RMUzB0TFVWT1JDQkRSVkpVU1VaSlEwRlVSUzB0TFMwdENnPT0iCiAgICB9CiAgfSwKICAic3RlcHMiOiB7CiAgICAiYnVpbGQiOiB7CiAgICAgICJuYW1lIjogImJ1aWxkIiwKICAgICAgImZ1bmN0aW9uYXJpZXMiOiBbCiAgICAgICAgewogICAgICAgICAgInR5cGUiOiAicm9vdCIsCiAgICAgICAgICAiY2VydENvbnN0cmFpbnQiOiB7CiAgICAgICAgICAgICJjb21tb25uYW1lIjogIioiLAogICAgICAgICAgICAiZG5zbmFtZXMiOiBbCiAgICAgICAgICAgICAgIioiCiAgICAgICAgICAgIF0sCiAgICAgICAgICAgICJlbWFpbHMiOiBbCiAgICAgICAgICAgICAgIioiCiAgICAgICAgICAgIF0sCiAgICAgICAgICAgICJvcmdhbml6YXRpb25zIjogWwogICAgICAgICAgICAgICIqIgogICAgICAgICAgICBdLAogICAgICAgICAgICAidXJpcyI6IFsKICAgICAgICAgICAgICAiKiIKICAgICAgICAgICAgXSwKICAgICAgICAgICAgInJvb3RzIjogWwogICAgICAgICAgICAgICIzOGZlMjQwMTJjM2YzZWQxOTA3MjMyZWU4NGM0NTAwMjU5N2ZlMTMyZDIyNDEzMWRhMDhlOTliNjY1ZjExMTE3IgogICAgICAgICAgICBdCiAgICAgICAgICB9CiAgICAgICAgfSwKICAgICAgICB7CiAgICAgICAgICAidHlwZSI6ICJyb290IiwKICAgICAgICAgICJjZXJ0Q29uc3RyYWludCI6IHsKICAgICAgICAgICAgImNvbW1vbm5hbWUiOiAiKiIsCiAgICAgICAgICAgICJkbnNuYW1lcyI6IFsKICAgICAgICAgICAgICAiKiIKICAgICAgICAgICAgXSwKICAgICAgICAgICAgImVtYWlscyI6IFsKICAgICAgICAgICAgICAiKiIKICAgICAgICAgICAgXSwKICAgICAgICAgICAgIm9yZ2FuaXphdGlvbnMiOiBbCiAgICAgICAgICAgICAgIioiCiAgICAgICAgICAgIF0sCiAgICAgICAgICAgICJ1cmlzIjogWwogICAgICAgICAgICAgICIqIgogICAgICAgICAgICBdLAogICAgICAgICAgICAicm9vdHMiOiBbCiAgICAgICAgICAgICAgIjM4ZmUyNDAxMmMzZjNlZDE5MDcyMzJlZTg0YzQ1MDAyNTk3ZmUxMzJkMjI0MTMxZGEwOGU5OWI2NjVmMTExMTciLAogICAgICAgICAgICAgICIzOGZlMjQwMTJjM2YzZWQxOTA3MjMyZWU4NGM0NTAwMjU5N2ZlMTMyZDIyNDEzMWRhMDhlOTliNjY1ZjExMTE3IgogICAgICAgICAgICBdCiAgICAgICAgICB9CiAgICAgICAgfQogICAgICBdLAogICAgICAiYXR0ZXN0YXRpb25zIjogWwogICAgICAgIHsKICAgICAgICAgICJ0eXBlIjogImh0dHBzOi8vd2l0bmVzcy5kZXYvYXR0ZXN0YXRpb25zL2dpdC92MC4xIiwKICAgICAgICAgICJyZWdvcG9saWNpZXMiOiBbXQogICAgICAgIH0sCiAgICAgICAgewogICAgICAgICAgInR5cGUiOiAiaHR0cHM6Ly93aXRuZXNzLmRldi9hdHRlc3RhdGlvbnMvZ2l0aHViL3YwLjEiLAogICAgICAgICAgInJlZ29wb2xpY2llcyI6IFsKICAgICAgICAgICAgewogICAgICAgICAgICAgICJtb2R1bGUiOiAiY0dGamEyRm5aU0JuYVhSb2RXSUtDV1JsYm5sYmJYTm5YU0I3Q2drSmFXNXdkWFF1YW5kMExtTnNZV2x0Y3k1aGRXUWdJVDBnSW5kcGRHNWxjM01pQ2dscGJuQjFkQzVxZDNRdVkyeGhhVzF6TG1semN5QWhQU0FpYUhSMGNITTZMeTkwYjJ0bGJpNWhZM1JwYjI1ekxtZHBkR2gxWW5WelpYSmpiMjUwWlc1MExtTnZiU0lLQ1dsdWNIVjBMbXAzZEM1amJHRnBiWE11Y21Wd2IzTnBkRzl5ZVNBaFBTQWlkR1Z6ZEdsbWVYTmxZeTluWVd4aFpISnBaV3dpQ2dscGJuQjFkQzVxZDNRdVkyeGhhVzF6TG5KMWJtNWxjbDlsYm5acGNtOXViV1Z1ZENBaFBTQWlaMmwwYUhWaUxXaHZjM1JsWkNJS0NXbHVjSFYwTG1OcFkyOXVabWxuY0dGMGFDQWhQU0FpSWdvSmFXNXdkWFF1YW5kMExtTnNZV2x0Y3k1eVpYQnZjMmwwYjNKNVgyOTNibVZ5SUNFOUlDSjBaWE4wYVdaNWMyVmpJZ29KYVc1d2RYUXVhbmQwTG5abGNtbG1hV1ZrUW5rdWFuZHJjMVZ5YkNBaFBTQWlhSFIwY0hNNkx5OTBiMnRsYmk1aFkzUnBiMjV6TG1kcGRHaDFZblZ6WlhKamIyNTBaVzUwTG1OdmJTOHVkMlZzYkMxcmJtOTNiaTlxZDJ0eklnb0pDVzF6WnlBNlBTQWlkVzVsZUhCbFkzUmxaQ0IyWVd4MVpTQm1iM0lnYTJWNUtITXBJR3AzZEM1amJHRnBiWE11WVhWa0xDQnFkM1F1WTJ4aGFXMXpMbWx6Y3l3Z2FuZDBMbU5zWVdsdGN5NXlaWEJ2YzJsMGIzSjVMQ0JxZDNRdVkyeGhhVzF6TG5KMWJtNWxjbDlsYm5acGNtOXViV1Z1ZEN3Z1kybGpiMjVtYVdkd1lYUm9MQ0JxZDNRdVkyeGhhVzF6TG5KbGNHOXphWFJ2Y25sZmIzZHVaWElzSUdwM2RDNTJaWEpwWm1sbFpFSjVMbXAzYTNOVmNtd2dhVzRnWVhSMFpYTjBZWFJwYjI0Z2RIbHdaU0JvZEhSd2N6b3ZMM2RwZEc1bGMzTXVaR1YyTDJGMGRHVnpkR0YwYVc5dWN5OW5hWFJvZFdJdmRqQXVNU0lLQ1gwPSIsCiAgICAgICAgICAgICAgIm5hbWUiOiAiYnVpbGQtaHR0cHM6Ly93aXRuZXNzLmRldi9hdHRlc3RhdGlvbnMvZ2l0aHViL3YwLjEiCiAgICAgICAgICAgIH0KICAgICAgICAgIF0KICAgICAgICB9LAogICAgICAgIHsKICAgICAgICAgICJ0eXBlIjogImh0dHBzOi8vd2l0bmVzcy5kZXYvYXR0ZXN0YXRpb25zL21hdGVyaWFsL3YwLjEiLAogICAgICAgICAgInJlZ29wb2xpY2llcyI6IFtdCiAgICAgICAgfSwKICAgICAgICB7CiAgICAgICAgICAidHlwZSI6ICJodHRwczovL3dpdG5lc3MuZGV2L2F0dGVzdGF0aW9ucy9jb21tYW5kLXJ1bi92MC4xIiwKICAgICAgICAgICJyZWdvcG9saWNpZXMiOiBbXQogICAgICAgIH0sCiAgICAgICAgewogICAgICAgICAgInR5cGUiOiAiaHR0cHM6Ly93aXRuZXNzLmRldi9hdHRlc3RhdGlvbnMvcHJvZHVjdC92MC4xIiwKICAgICAgICAgICJyZWdvcG9saWNpZXMiOiBbXQogICAgICAgIH0sCiAgICAgICAgewogICAgICAgICAgInR5cGUiOiAiaHR0cHM6Ly93aXRuZXNzLmRldi9hdHRlc3RhdGlvbnMvb2NpL3YwLjEiLAogICAgICAgICAgInJlZ29wb2xpY2llcyI6IFtdCiAgICAgICAgfQogICAgICBdCiAgICB9LAogICAgImNvbW1pdCI6IHsKICAgICAgIm5hbWUiOiAiY29tbWl0IiwKICAgICAgImZ1bmN0aW9uYXJpZXMiOiBbCiAgICAgICAgewogICAgICAgICAgInR5cGUiOiAicm9vdCIsCiAgICAgICAgICAiY2VydENvbnN0cmFpbnQiOiB7CiAgICAgICAgICAgICJjb21tb25uYW1lIjogIioiLAogICAgICAgICAgICAiZG5zbmFtZXMiOiBbCiAgICAgICAgICAgICAgIioiCiAgICAgICAgICAgIF0sCiAgICAgICAgICAgICJlbWFpbHMiOiBbCiAgICAgICAgICAgICAgImNvbGVrNDJAZ21haWwuY29tIgogICAgICAgICAgICBdLAogICAgICAgICAgICAib3JnYW5pemF0aW9ucyI6IFsKICAgICAgICAgICAgICAiKiIKICAgICAgICAgICAgXSwKICAgICAgICAgICAgInVyaXMiOiBbCiAgICAgICAgICAgICAgIioiCiAgICAgICAgICAgIF0sCiAgICAgICAgICAgICJyb290cyI6IFsKICAgICAgICAgICAgICAiMzhmZTI0MDEyYzNmM2VkMTkwNzIzMmVlODRjNDUwMDI1OTdmZTEzMmQyMjQxMzFkYTA4ZTk5YjY2NWYxMTExNyIKICAgICAgICAgICAgXQogICAgICAgICAgfQogICAgICAgIH0KICAgICAgXSwKICAgICAgImF0dGVzdGF0aW9ucyI6IFsKICAgICAgICB7CiAgICAgICAgICAidHlwZSI6ICJodHRwczovL3dpdG5lc3MuZGV2L2F0dGVzdGF0aW9ucy9naXQvdjAuMSIsCiAgICAgICAgICAicmVnb3BvbGljaWVzIjogW10KICAgICAgICB9LAogICAgICAgIHsKICAgICAgICAgICJ0eXBlIjogImh0dHBzOi8vd2l0bmVzcy5kZXYvYXR0ZXN0YXRpb25zL21hdGVyaWFsL3YwLjEiLAogICAgICAgICAgInJlZ29wb2xpY2llcyI6IFtdCiAgICAgICAgfSwKICAgICAgICB7CiAgICAgICAgICAidHlwZSI6ICJodHRwczovL3dpdG5lc3MuZGV2L2F0dGVzdGF0aW9ucy9wcm9kdWN0L3YwLjEiLAogICAgICAgICAgInJlZ29wb2xpY2llcyI6IFtdCiAgICAgICAgfQogICAgICBdCiAgICB9LAogICAgInNjYW4iOiB7CiAgICAgICJuYW1lIjogInNjYW4iLAogICAgICAiZnVuY3Rpb25hcmllcyI6IFsKICAgICAgICB7CiAgICAgICAgICAidHlwZSI6ICJyb290IiwKICAgICAgICAgICJjZXJ0Q29uc3RyYWludCI6IHsKICAgICAgICAgICAgImNvbW1vbm5hbWUiOiAiKiIsCiAgICAgICAgICAgICJkbnNuYW1lcyI6IFsKICAgICAgICAgICAgICAiKiIKICAgICAgICAgICAgXSwKICAgICAgICAgICAgImVtYWlscyI6IFsKICAgICAgICAgICAgICAiKiIKICAgICAgICAgICAgXSwKICAgICAgICAgICAgIm9yZ2FuaXphdGlvbnMiOiBbCiAgICAgICAgICAgICAgIioiCiAgICAgICAgICAgIF0sCiAgICAgICAgICAgICJ1cmlzIjogWwogICAgICAgICAgICAgICIqIgogICAgICAgICAgICBdLAogICAgICAgICAgICAicm9vdHMiOiBbCiAgICAgICAgICAgICAgIjM4ZmUyNDAxMmMzZjNlZDE5MDcyMzJlZTg0YzQ1MDAyNTk3ZmUxMzJkMjI0MTMxZGEwOGU5OWI2NjVmMTExMTciCiAgICAgICAgICAgIF0KICAgICAgICAgIH0KICAgICAgICB9CiAgICAgIF0sCiAgICAgICJhdHRlc3RhdGlvbnMiOiBbCiAgICAgICAgewogICAgICAgICAgInR5cGUiOiAiaHR0cHM6Ly93aXRuZXNzLmRldi9hdHRlc3RhdGlvbnMvZ2l0L3YwLjEiLAogICAgICAgICAgInJlZ29wb2xpY2llcyI6IFtdCiAgICAgICAgfSwKICAgICAgICB7CiAgICAgICAgICAidHlwZSI6ICJodHRwczovL3dpdG5lc3MuZGV2L2F0dGVzdGF0aW9ucy9naXRodWIvdjAuMSIsCiAgICAgICAgICAicmVnb3BvbGljaWVzIjogWwogICAgICAgICAgICB7CiAgICAgICAgICAgICAgIm1vZHVsZSI6ICJjR0ZqYTJGblpTQm5hWFJvZFdJS0NXUmxibmxiYlhOblhTQjdDZ2tKYVc1d2RYUXVhbmQwTG1Oc1lXbHRjeTVoZFdRZ0lUMGdJbmRwZEc1bGMzTWlDZ2xwYm5CMWRDNXFkM1F1WTJ4aGFXMXpMbWx6Y3lBaFBTQWlhSFIwY0hNNkx5OTBiMnRsYmk1aFkzUnBiMjV6TG1kcGRHaDFZblZ6WlhKamIyNTBaVzUwTG1OdmJTSUtDV2x1Y0hWMExtcDNkQzVqYkdGcGJYTXVjbVZ3YjNOcGRHOXllU0FoUFNBaWRHVnpkR2xtZVhObFl5OW5ZV3hoWkhKcFpXd2lDZ2xwYm5CMWRDNXFkM1F1WTJ4aGFXMXpMbkoxYm01bGNsOWxiblpwY205dWJXVnVkQ0FoUFNBaVoybDBhSFZpTFdodmMzUmxaQ0lLQ1dsdWNIVjBMbU5wWTI5dVptbG5jR0YwYUNBaFBTQWlJZ29KYVc1d2RYUXVhbmQwTG1Oc1lXbHRjeTV5WlhCdmMybDBiM0o1WDI5M2JtVnlJQ0U5SUNKMFpYTjBhV1o1YzJWaklnb0phVzV3ZFhRdWFuZDBMblpsY21sbWFXVmtRbmt1YW5kcmMxVnliQ0FoUFNBaWFIUjBjSE02THk5MGIydGxiaTVoWTNScGIyNXpMbWRwZEdoMVluVnpaWEpqYjI1MFpXNTBMbU52YlM4dWQyVnNiQzFyYm05M2JpOXFkMnR6SWdvSkNXMXpaeUE2UFNBaWRXNWxlSEJsWTNSbFpDQjJZV3gxWlNCbWIzSWdhMlY1S0hNcElHcDNkQzVqYkdGcGJYTXVZWFZrTENCcWQzUXVZMnhoYVcxekxtbHpjeXdnYW5kMExtTnNZV2x0Y3k1eVpYQnZjMmwwYjNKNUxDQnFkM1F1WTJ4aGFXMXpMbkoxYm01bGNsOWxiblpwY205dWJXVnVkQ3dnWTJsamIyNW1hV2R3WVhSb0xDQnFkM1F1WTJ4aGFXMXpMbkpsY0c5emFYUnZjbmxmYjNkdVpYSXNJR3AzZEM1MlpYSnBabWxsWkVKNUxtcDNhM05WY213Z2FXNGdZWFIwWlhOMFlYUnBiMjRnZEhsd1pTQm9kSFJ3Y3pvdkwzZHBkRzVsYzNNdVpHVjJMMkYwZEdWemRHRjBhVzl1Y3k5bmFYUm9kV0l2ZGpBdU1TSUtDWDA9IiwKICAgICAgICAgICAgICAibmFtZSI6ICJzY2FuLWh0dHBzOi8vd2l0bmVzcy5kZXYvYXR0ZXN0YXRpb25zL2dpdGh1Yi92MC4xIgogICAgICAgICAgICB9CiAgICAgICAgICBdCiAgICAgICAgfSwKICAgICAgICB7CiAgICAgICAgICAidHlwZSI6ICJodHRwczovL3dpdG5lc3MuZGV2L2F0dGVzdGF0aW9ucy9tYXRlcmlhbC92MC4xIiwKICAgICAgICAgICJyZWdvcG9saWNpZXMiOiBbXQogICAgICAgIH0sCiAgICAgICAgewogICAgICAgICAgInR5cGUiOiAiaHR0cHM6Ly93aXRuZXNzLmRldi9hdHRlc3RhdGlvbnMvY29tbWFuZC1ydW4vdjAuMSIsCiAgICAgICAgICAicmVnb3BvbGljaWVzIjogW10KICAgICAgICB9LAogICAgICAgIHsKICAgICAgICAgICJ0eXBlIjogImh0dHBzOi8vd2l0bmVzcy5kZXYvYXR0ZXN0YXRpb25zL3Byb2R1Y3QvdjAuMSIsCiAgICAgICAgICAicmVnb3BvbGljaWVzIjogW10KICAgICAgICB9LAogICAgICAgIHsKICAgICAgICAgICJ0eXBlIjogImh0dHBzOi8vd2l0bmVzcy5kZXYvYXR0ZXN0YXRpb25zL3NhcmlmL3YwLjEiLAogICAgICAgICAgInJlZ29wb2xpY2llcyI6IFtdCiAgICAgICAgfQogICAgICBdCiAgICB9CiAgfQp9Cg==","payloadType":"https://witness.testifysec.com/policy/v0.1","signatures":[{"keyid":"c782efdc719b444e0e04801f9c2fa733408536afac088c007c543295c4614ea1","sig":"dGe4fgX5cTFPMpeKsZc1pL1is1YCeWry6MU4uQhWV/oRFLAht/cC3jHGE0MmFTqX213pzt4hTsRfZEoCYLIHXDRoY9S6btxF5GFe6rEWen5aJ2sDyAaYCqLE62s4mKO24iuqY1v7B7gIDGqB6GQ2RguXl4tvl8tCV7te29nZQYud6wicuSwfXXhbyCL7Xg31kvwul1yRKO1nI1fe7/BMCNAfHhWDfR9MygP1XyfGhZcX6M6H8/k8VpkobAzqIByzLqRgNZ9aWoMcLlhNCQgvGfy/1bXdK9A7QhZoqwKt+LcB0AuIfhrr/gi1HrT1P7glnuTVW87PA7mFIQkrN0u2Hg=="}]} diff --git a/.witness/policy.json b/.witness/policy.json index 631b0066..d8941c81 100644 --- a/.witness/policy.json +++ b/.witness/policy.json @@ -1,5 +1,5 @@ { - "expires": "2023-04-19T03:16:29.93403799-05:00", + "expires": "2023-07-28T11:48:39.020385957-05:00", "roots": { "38fe24012c3f3ed1907232ee84c45002597fe132d224131da08e99b665f11117": { "certificate": "Ci0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQpNSUlDR2pDQ0FhR2dBd0lCQWdJVUFMblZpVmZuVTBickphc21Sa0hybi9VbmZhUXdDZ1lJS29aSXpqMEVBd013CktqRVZNQk1HQTFVRUNoTU1jMmxuYzNSdmNtVXVaR1YyTVJFd0R3WURWUVFERXdoemFXZHpkRzl5WlRBZUZ3MHkKTWpBME1UTXlNREEyTVRWYUZ3MHpNVEV3TURVeE16VTJOVGhhTURjeEZUQVRCZ05WQkFvVERITnBaM04wYjNKbApMbVJsZGpFZU1Cd0dBMVVFQXhNVmMybG5jM1J2Y21VdGFXNTBaWEp0WldScFlYUmxNSFl3RUFZSEtvWkl6ajBDCkFRWUZLNEVFQUNJRFlnQUU4UlZTL3lzSCtOT3Z1RFp5UEladGlsZ1VGOU5sYXJZcEFkOUhQMXZCQkgxVTVDVjcKN0xTUzdzMFppSDRuRTdIdjdwdFM2THZ2Ui9TVGs3OThMVmdNekxsSjRIZUlmRjN0SFNhZXhMY1lwU0FTcjFrUwowTi9SZ0JKei85aldDaVhubzNzd2VUQU9CZ05WSFE4QkFmOEVCQU1DQVFZd0V3WURWUjBsQkF3d0NnWUlLd1lCCkJRVUhBd013RWdZRFZSMFRBUUgvQkFnd0JnRUIvd0lCQURBZEJnTlZIUTRFRmdRVTM5UHB6MVlrRVpiNXFOanAKS0ZXaXhpNFlaRDh3SHdZRFZSMGpCQmd3Rm9BVVdNQWVYNUZGcFdhcGVzeVFvWk1pMENyRnhmb3dDZ1lJS29aSQp6ajBFQXdNRFp3QXdaQUl3UENzUUs0RFlpWllEUElhRGk1SEZLbmZ4WHg2QVNTVm1FUmZzeW5ZQmlYMlg2U0pSCm5aVTg0LzlEWmRuRnZ2eG1BakJPdDZRcEJsYzRKLzBEeHZrVENxcGNsdnppTDZCQ0NQbmpkbElCM1B1M0J4c1AKbXlnVVk3SWkyemJkQ2RsaWlvdz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=", diff --git a/.witness/policy.pub b/.witness/policy.pub index 4b0bcffb..8f022d21 100644 --- a/.witness/policy.pub +++ b/.witness/policy.pub @@ -1,9 +1,9 @@ -----BEGIN PUBLIC KEY----- -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi10OxJeW7mg9qwIeyIXa -dHmwJcTK8DkqY4Tep45C9FmEJE5OjuItSPzplFvJpI5NcVQbfuK3/EtYWRQiqPki -GUzKa2cx3Epzt7k36JCVB3oFcQjLRUETs9m6EJkLdPW23XvExdtqWsy5aP9Itubj -f88H4zSXGYbt3aCq73k/jy87f4ZseTCdL7HGmaSbWoO9jlxXG61N/IHnrj0ey+zB -4PBxVSZK3/hb8aj7l3ElBct+mSA7b1FbFjl5LNUqK0YhxDtSeTXWkB5xgfwf4AfY -nyDji8G++3QUhYOAcUjOou1vgMEfgv+OTJf26GNKUbhi5kNsrH+BMDPGyltCB4uQ -mQIDAQAB +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8qUTvuzgTfcnmcxP84aM +F48eFpszJtXLUECx4SHWXQ/wBv8ja1ddsb3aVaI9qFbDkVdL89BXTE17ekYMFugm +D/J2uhXID40DyA12M+FjPd2w+mKnMpKH5q91a6X3LBhxHw8p9qvp/A/Fw8TSXNHQ +dZFmX3xqJQgbKUhVnhPqsaWYtvx86ddWcONBrw2jd2ZEpoi4ctQrhqEOUISIk/9u +Pv7wD2TPvfQWPmaQRpS/Ogkkv4iKCCUT+mgwLNNXzXCVmDBgNymouS7TQBrEOgHO +wmfIPXkr0fhl5fZTIQEeGD8J47JmCRB0DHBgEhAOam6xQOtoQcKZ8VlyCUrPhBPJ +GQIDAQAB -----END PUBLIC KEY----- diff --git a/script.sh b/script.sh index c56ab607..2bb45ede 100755 --- a/script.sh +++ b/script.sh @@ -19,7 +19,7 @@ SIGSTORE_INTERMEDIATE=.witness/intermediate.pem ./get_certs.sh && mv root.pem ${SIGSTORE_ROOT} && mv intermediate.pem ${SIGSTORE_INTERMEDIATE} # Create policy -policy-tool create -x=$COMMIT -r $SIGSTORE_ROOT -i $SIGSTORE_INTERMEDIATE --constraint-emails colek42@gmail.com -x $SCORE -r $SIGSTORE_ROOT -i $SIGSTORE_INTERMEDIATE -x $SCAN -r $SIGSTORE_ROOT -i $SIGSTORE_INTERMEDIATE -y .witness/sticky.yaml -x $CONTAINER_BUILD -r $SIGSTORE_ROOT -i $SIGSTORE_INTERMEDIATE -y .witness/sticky.yaml -t https://freetsa.org/files/cacert.pem > .witness/policy.json +policy-tool create -x=$COMMIT -r $SIGSTORE_ROOT -i $SIGSTORE_INTERMEDIATE --constraint-emails colek42@gmail.com -x $SCORE -r $SIGSTORE_ROOT -i $SIGSTORE_INTERMEDIATE -x $SCAN -r $SIGSTORE_ROOT -i $SIGSTORE_INTERMEDIATE -y .witness/sticky.yaml -x $CONTAINER_BUILD -r $SIGSTORE_ROOT -i $SIGSTORE_INTERMEDIATE -y .witness/sticky.yaml -t https://freetsa.org/files/cacert.pem -e 2400h0m0s > .witness/policy.json # Create RSA public-private key pair for policy signing openssl genrsa -out .witness/policy.key 2048 From 368f17ad3ee10f40f7a8eb6e92d4d82eee9af5ee Mon Sep 17 00:00:00 2001 From: Cole Kennedy Date: Wed, 19 Apr 2023 13:29:09 -0500 Subject: [PATCH 08/12] touch --- hello.txt | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 hello.txt diff --git a/hello.txt b/hello.txt new file mode 100644 index 00000000..e69de29b From 94fa2ec6a230ea0476164520ed9d9a995af42dde Mon Sep 17 00:00:00 2001 From: Cole Kennedy Date: Wed, 19 Apr 2023 13:50:21 -0500 Subject: [PATCH 09/12] test --- text.txt | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 text.txt diff --git a/text.txt b/text.txt new file mode 100644 index 00000000..e69de29b From cad3d3dc7decaeca6d4e06e60c1d25c30b09e0c4 Mon Sep 17 00:00:00 2001 From: Cole Kennedy Date: Tue, 25 Apr 2023 03:08:06 -0500 Subject: [PATCH 10/12] Update scorecards.yml Signed-off-by: Cole Kennedy --- .github/workflows/scorecards.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 862456f7..e1a3faca 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -38,7 +38,7 @@ jobs: enable-sigstore: true enable-archivista: true trace: false - step: "build" + step: "scorecard" attestations: "environment git sarif" command: docker run -v $PWD:/repo -e GITHUB_AUTH_TOKEN=$GITHUB_TOKEN -e ENABLE_SARIF=true gcr.io/openssf/scorecard@sha256:8201c5b7706459cac1d67484dda85cb2fe7ec7492f07012c0be99c12a96f4b8e --repo=github.com/testifysec/galadriel --show-details --policy /repo/.github/workflows/scorecard.policy --format=sarif > results.sarif From 5c88d16c9b3875269fcc2272f3ac846d73583c1d Mon Sep 17 00:00:00 2001 From: Cole Kennedy Date: Fri, 25 Aug 2023 13:25:32 -0500 Subject: [PATCH 11/12] Update release.yml Signed-off-by: Cole Kennedy --- .github/workflows/release.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d9c1b1e2..390bae75 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -32,7 +32,7 @@ jobs: run: go install github.com/goreleaser/goreleaser@v1.17.1 - name: Run GoReleaser - uses: testifysec/witness-run-action@v0.1.2 + uses: testifysec/witness-run-action@v0.1.3 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_REPOSITORY_OWNER: ${{ github.repository_owner }} @@ -70,7 +70,7 @@ jobs: echo "${AUTH_TOKEN}" | ko login ghcr.io --username dummy --password-stdin - name: Build Server - uses: testifysec/witness-run-action@v0.1.2 + uses: testifysec/witness-run-action@v0.1.3 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_REPOSITORY_OWNER: ${{ github.repository_owner }} @@ -111,7 +111,7 @@ jobs: echo "${AUTH_TOKEN}" | ko login ghcr.io --username dummy --password-stdin - name: Build Harvestor - uses: testifysec/witness-run-action@v0.1.2 + uses: testifysec/witness-run-action@v0.1.3 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_REPOSITORY_OWNER: ${{ github.repository_owner }} From 4314ab932d3dc98b6c5e8dcbc4de6083921059e8 Mon Sep 17 00:00:00 2001 From: Cole Kennedy Date: Sat, 26 Aug 2023 12:09:42 -0500 Subject: [PATCH 12/12] Update release.yml Signed-off-by: Cole Kennedy --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 390bae75..bc325cb3 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -15,7 +15,7 @@ jobs: steps: - name: Download syft - uses: anchore/sbom-action/download-syft@06e109483e6aa305a2b2395eabae554e51530e1d # v0.13.1 + uses: anchore/sbom-action/download-syft@v0.14.3 - name: Checkout uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0