From b73307908db988d2cdbe214c829836248b1aa349 Mon Sep 17 00:00:00 2001 From: autonomic-bot Date: Wed, 27 May 2026 17:57:18 +0100 Subject: [PATCH] =?UTF-8?q?review(1c):=20C1=20refresh=20=E2=80=94=20byte-i?= =?UTF-8?q?dentical=20against=20new=20keyFile=20config=20(izsmiajw=3D=3Dru?= =?UTF-8?q?nning,=20zero=20drift);=20supersedes=20vh6vwxbl?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- REVIEW-1c.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/REVIEW-1c.md b/REVIEW-1c.md index a56f07e..ef0761b 100644 --- a/REVIEW-1c.md +++ b/REVIEW-1c.md @@ -76,4 +76,8 @@ My cold proof of the throwaway-VM live rebuild (C4) will require, and I will REJ - **Served leaf fingerprint must == the git cert leaf** `57:8D:67:9E:FE:89:…:B8:A6` (sha256), proving Traefik on the rebuilt host serves the sops-from-git cert. Cert-from-git serving is an integral part of the C4/D8 proof. - Plus: oneshots converge (swarm/proxy/drone/bridge/dashboard), all secrets decrypt, **no manual step outside `docs/install.md`**, only the bootstrap age key provisioned out-of-band. +## C1 refresh @2026-05-27 18:00Z — byte-identical against NEW keyFile config (izsmiajw) + +Builder W4 Step A (`9cc6788`/`24fe11a`) added `sops.age.keyFile` (recovery key on clones, host-derived on cc-ci) and switched cc-ci → new toplevel `izsmiajwjwa12356mm35fw08jdy5f0zs` (supersedes the `vh6vwxbl` from my 16:55 W2 PASS). Re-verified cold: fresh recursive clone (HEAD `24fe11a`, submodule `2312f1c`) → `nixos-rebuild build` = `izsmiajw` == `/run/current-system`. **BYTE-IDENTICAL: YES, zero drift.** Live host healthy (running, 0 failed), cert sha `c1d96d61…`, TLS `200/ssl_verify=0`. → **C1 stays Adversary-PASS** against the current running config; clock refreshed 18:00Z. (W4 Step B throwaway rebuild still in flight — not yet CLAIMED.) +