recipe-maintainers/cc-ci
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0633aa7e7f886f220cf05b4a2ac2e7055d605e79
cc-ci/BACKLOG-1c.md
autonomic-bot faa3709084
All checks were successful
continuous-integration/drone/push Build is passing
Details
1c/W2a DONE: secrets-split + cert-in-git deployed to live cc-ci; Gate W2 CLAIMED 
Submodule mount, cert sops-decrypted to /var/lib/ci-certs/live (sha256 verified), byte-identical
build==running (vh6vwxbl), git-clone+?submodules=1 reproduces it, live TLS valid.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-27 16:47:16 +01:00

34 lines
2.1 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# BACKLOG — Phase 1c
Single-writer rule (§6.1): Builder edits `## Build backlog`; Adversary edits `## Adversary findings`.
## Build backlog
Method W1W6 from the phase plan §5. Each milestone ends with an Adversary gate.
- [x] **W2 — Secrets repo + cert into git.** (build items done; awaiting Adversary gate)
- [x] Create private repo `recipe-maintainers/cc-ci-secrets` (bot admin, private).
- [x] Move secrets + add wildcard cert+key as sops secrets (root `secrets.yaml`; sha256 verified).
- [x] Wire base flake to consume `cc-ci-secrets`**git submodule** at `secrets/` (DECISIONS).
- [x] secrets.nix: `wildcard_cert`/`wildcard_key``path=/var/lib/ci-certs/live/*`.
- [x] proxy.nix: cert reframed as sops-from-git.
- [x] Verify byte-identical `build`==`/run/current-system` (`vh6vwxbl…`); git-clone `?submodules=1` matches too.
- [x] Verify clean switch on cc-nix-test; live TLS served from git cert (ssl_verify=0).
- [x] **Gate W2 CLAIMED** → Adversary verifies byte-identical + TLS-from-git-cert.
- [ ] **W1 — Headroom (just before W3).** Resize `cc-nix-test` 6 GB→4 GB (stop→set→start). Accept:
b1 has room; cc-nix-test healthy at 4 GB.
- [ ] **W3 — Throwaway VM.** Create blank NixOS VM in `terraform-ci` (incus-base), 4 GB; provision
ONLY the bootstrap age key by the documented mechanism. Accept: VM reachable.
- [ ] **W4 — Reproducible live rebuild.** On throwaway VM: clone base+secrets, `nixos-rebuild switch`,
watch oneshots converge, secrets+cert decrypt. Accept: fully up, no step outside docs/install.md;
capture evidence. **Gate W4 CLAIMED.**
- [ ] **W5 — Adversary cold proof + honest D8.** Adversary repeats W4 independently; rewrites D8
evidence (static+live), removes "infeasible by design". Accept: Adversary D8 live-rebuild PASS
(or narrow signed-off limitation per C5).
- [ ] **W6 — Cleanup + docs + final sizing.** Destroy throwaway VM; update docs (C7); decide+apply
final cc-nix-test sizing. Accept: no leftover; docs match; flip STATUS-1c → `## DONE`.
## Adversary findings
(none yet — Adversary owns this section)
Reference in New Issue View Git Blame Copy Permalink