Expand description
in-toto v1 Statement with subject hashes.
Spec §6.3: the Statement binds every file in the .muragent tarball
(except the manifest and signature files themselves) to a SHA-256 digest.
The predicate carries manifest_sha256 — the SHA-256 of manifest.signed.json.
Structs§
Functions§
- build_
statement - Build an in-toto Statement from a list of (path, content_bytes) for every file in the tarball.
- verify_
subjects - Verify that every subject in the statement exists in the tarball with matching hash, and every tarball file (excluding EXCLUDED_FILES) is listed.