)]}'
{
  "commit": "7013e9ee282ef58104f91d64d85d4aec62f9c022",
  "tree": "baa2d5484c5a5e7add5f9caef2833a3da4abbe29",
  "parents": [
    "00442413a2d0e6d6978982f9eeec0268e533ba56"
  ],
  "author": {
    "name": "Sean McCullough",
    "email": "banksean@gmail.com",
    "time": "Wed May 14 02:03:58 2025 +0000"
  },
  "committer": {
    "name": "Sean McCullough",
    "email": "banksean@gmail.com",
    "time": "Wed May 14 11:15:45 2025 -0700"
  },
  "message": "ssh: use local CA, add mutual container/host auth\n\nSee loop/server/local_ssh.md for a detailed description of how sketch uses\nnow uses a local CA to sign each container certificate instead of adding\na new entry to known_hosts for each container.\n\nThis also adds another layer of security by having the container\u0027s ssh\nserver verify that incoming ssh connections have valid host certificates,\nwhereas prior to this change the authentication was only one-way (verifying\nthat the sketch container you think you\u0027re ssh\u0027ing into really is the one\nyou think you\u0027re ssh\u0027ing into).\n\nThis is somewhat inspired by https://github.com/FiloSottile/mkcert - which\nplays a similar role as ssh_theater.go local for ssh connections, but mkcert\nuses a local CA to address local development use cases for TLS/https rather\nthan for ssh.\n\nCo-Authored-By: sketch \u003chello@sketch.dev\u003e\nChange-ID: sc7b3928295277d5dk\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "7ff0f903af0f89791d5c10f72b69e53a468ffdcd",
      "old_mode": 33188,
      "old_path": "dockerimg/dockerimg.go",
      "new_id": "966373b9d969a8c1e77bb454b6714724656cd809",
      "new_mode": 33188,
      "new_path": "dockerimg/dockerimg.go"
    },
    {
      "type": "modify",
      "old_id": "91d3c21c718691306a380e4df561e81f79aa8f62",
      "old_mode": 33188,
      "old_path": "dockerimg/ssh_theater.go",
      "new_id": "061862643b43aa92f071dc031848290fdb99b879",
      "new_mode": 33188,
      "new_path": "dockerimg/ssh_theater.go"
    },
    {
      "type": "modify",
      "old_id": "3ca80a7e7bd398a0e34e1b948997f14c133eb12a",
      "old_mode": 33188,
      "old_path": "dockerimg/ssh_theater_test.go",
      "new_id": "c8a7362d2f176d60ebf6570dc1c20c97dae73d62",
      "new_mode": 33188,
      "new_path": "dockerimg/ssh_theater_test.go"
    },
    {
      "type": "add",
      "old_id": "0000000000000000000000000000000000000000",
      "old_mode": 0,
      "old_path": "/dev/null",
      "new_id": "1a4744c31f99ab8e12c191ce8e993acc4ae8fb78",
      "new_mode": 33188,
      "new_path": "loop/server/local_ssh.md"
    },
    {
      "type": "modify",
      "old_id": "a89557dffd116375b234eb42d1443535f9890ac9",
      "old_mode": 33188,
      "old_path": "loop/server/loophttp.go",
      "new_id": "1cd486a9bb28a91d5cf7681abd433cff34e0abde",
      "new_mode": 33188,
      "new_path": "loop/server/loophttp.go"
    },
    {
      "type": "modify",
      "old_id": "18837a5f04fa6034f53435114d39fc4324446d94",
      "old_mode": 33188,
      "old_path": "loop/server/sshserver.go",
      "new_id": "65eb54bb0b5e32b07ad6a9d83e1d783484ce7cd4",
      "new_mode": 33188,
      "new_path": "loop/server/sshserver.go"
    }
  ]
}