# SSLAB Students Cindy (@cindykimxp) - https://github.com/in-toto/in-toto/pull/357 Kristel (@kristelfung) - https://salsa.debian.org/reproducible-builds/debian-rebuilder-setup Yuanrui (@SolidifiedRay) - https://github.com/in-toto/in-toto/pull/364 - layout tool frontend (D3.js) Benjamin (@itsbenwu) - layout tool backend Isha (@IshaDave) - https://github.com/in-toto/in-toto/issues/365 - https://github.com/in-toto/layout-web-tool/issues/6 - https://github.com/in-toto/in-toto/blob/develop/layout-creation.md TODO: - split custody - students should talk to each other - slack channel? :heavy_check_mark: - another slack channel? - maybe they feel safer than on cncf - student meeting once per week (let's aim for Wednesday, 10AM ET) :heavy_check_mark: - cut Cindy and Kristel some slack over the sommer - wait for - Yuanrui to finish in-toto#364 - Isha to submit PR for in-toto#365 - maybe ask Benjamin to in-toto dev env and pick up https://github.com/in-toto/in-toto/issues/355 - later: - ask Yuanrui and Benjamin - to set up layout web tool - browse layout web tool - live instance, and - issue tracker - if that/what strikes their fancy - point Isha to to layout creation issue + coding task (see below) ## GSoC Christian (@shibumi) Jesús (@51v4n) ## Coding Task TODO: Add to https://github.com/in-toto/layout-web-tool/issues/6 ``` *Coding Task: File Tracking for in-toto* *Some Fun Context:* The lab's in-toto <https://ssl.engineering.nyu.edu/projects#in-toto> project provides a way to secure the coding supply chain so that each of the steps in the process of producing and shipping code can be verified as having been performed by someone trustworthy, and that the results have not been tampered with by others in between steps. *The Task:* Given two 'snapshots' of a file structure -- 'before' and 'after' -- determine which files have been added, which have been removed, which have been modified, and which have remained unchanged. The metadata is provided as Python dictionaries. The keys in the dictionary are filepaths, and the values are hexadecimal strings representing the hashes of the corresponding files. The output should be in the form of four lists of filepaths: 'unchanged', 'modified', 'added', and 'removed'. Your code should be readable and roughly follow these lab guidelines <https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_secure-2Dsystems-2Dlab_code-2Dstyle-2Dguidelines&d=DwIBaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=2YMLsMLCML1EOEAeVc1Mhx6J99vqRVHSnZUnatehIDg&m=T1EefQCGXPhKN2l9DCSKguE1LKHyP9Y543JHKKkfutM&s=f40BpW281emlkNlp5rYYxePW0PZZweghQKR98APCnSA&e=>. Don't worry too much about style, but write code that is easy to read: provide comments that explain why things were done one way or another -- comments that focus on 'why' more than 'what'. I'll judge the code based on whether or not it works for some sample sets, and whether or not it makes sense, is well organized, and is well commented. *Input Example:* before = { 'one.tgz': '1234567890abcdef', 'foo/two.tgz': '0000001111112222', 'three.txt': '1111222233334444' 'bar/bat/four.tgz': '6677889900112233' } after = { 'five.txt': '5555555555555555', 'one.tgz': '1234567890abcdef', 'foo/two.tgz': 'ffffffffffffffff', 'bar/bat/four.tgz': '6677889900112233', 'baz/six.tgz': '6666666666666666' } *Output Example:* unchanged = ['one.tgz', 'bar/bat/four.tgz'] modified = ['foo/two.tgz'] added = ['five.txt', 'baz/six.tgz'] removed = ['three.txt'] *Bonus:* If you'd prefer to show off a bit, you can write your code to optionally take a before and an after archive (zip, tar.gz, etc. -- your choice) and calculate the 'before' and 'after' metadata yourself by calculating hashes of the files provided. This is not at all required. ```