Problem
Right now, the same appcompose can hash differently depending on how the JSON is formatted - whitespace, key order, indentation, you name it. This makes verification a pain for devs trying to prove their docker-compose is actually running in a TEE.
Proposal
Use RFC 8785 - JSON Canonicalization Scheme for compose hash calculation.
Rollout
Phase 1 - SDK & Docs
- Add JCS hash calculation to the SDK
- Update docs explaining how it works and how the compose hash is built from each component
- No breaking changes yet
Phase 2 - Migration
- Make JCS the default in SDK
- Provide tooling to verify/convert existing files
Phase 3 - Enforcement
- Require JCS-canonical hashes in a future release
- Reject non-canonical submissions
Separate hashes for docker_compose & prelaunch_script
These two should have their own hashes, not just be buried in the final compose hash. Makes debugging way easier - you can tell exactly which part changed when hashes don't match. Plus they're raw strings (YAML/bash), so they don't go through JCS anyway. Keeping them separate gives better traceability.
Problem
Right now, the same appcompose can hash differently depending on how the JSON is formatted - whitespace, key order, indentation, you name it. This makes verification a pain for devs trying to prove their docker-compose is actually running in a TEE.
Proposal
Use RFC 8785 - JSON Canonicalization Scheme for compose hash calculation.
Rollout
Phase 1 - SDK & Docs
Phase 2 - Migration
Phase 3 - Enforcement
Separate hashes for docker_compose & prelaunch_script
These two should have their own hashes, not just be buried in the final compose hash. Makes debugging way easier - you can tell exactly which part changed when hashes don't match. Plus they're raw strings (YAML/bash), so they don't go through JCS anyway. Keeping them separate gives better traceability.