extern/hishtory
1
0
Fork 0
mirror of https://github.com/ddworken/hishtory.git synced 2025-08-09 15:15:08 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add better handling for SLSA errors

Browse Source
This commit is contained in:
David Dworken
2022-10-02 20:14:54 -07:00
parent b7c64b61c8
commit 30e6f048ab
3 changed files with 25 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
client/lib/lib.go
View File

@ -703,13 +703,17 @@ func Update(ctx *context.Context) error {
}
// Verify the SLSA attestation
var slsaError error
if runtime.GOOS == "darwin" {
err = verifyBinaryMac(ctx, "/tmp/hishtory-client", downloadData)
slsaError = verifyBinaryMac(ctx, "/tmp/hishtory-client", downloadData)
} else {
err = verifyBinary(ctx, "/tmp/hishtory-client", "/tmp/hishtory-client.intoto.jsonl", downloadData.Version)
slsaError = verifyBinary(ctx, "/tmp/hishtory-client", "/tmp/hishtory-client.intoto.jsonl", downloadData.Version)
}
if err != nil {
return fmt.Errorf("failed to verify SLSA provenance of the updated binary, aborting update (to bypass, set `export HISHTORY_DISABLE_SLSA_ATTESTATION=true`): %v", err)
if slsaError != nil {
err = handleSlsaFailure(slsaError)
if err != nil {
return err
}
}
// Unlink the existing binary so we can overwrite it even though it is still running