mirror of
https://github.com/ddworken/hishtory.git
synced 2025-01-12 01:09:10 +01:00
Add better handling for SLSA errors
This commit is contained in:
parent
b7c64b61c8
commit
30e6f048ab
@ -703,13 +703,17 @@ func Update(ctx *context.Context) error {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Verify the SLSA attestation
|
// Verify the SLSA attestation
|
||||||
|
var slsaError error
|
||||||
if runtime.GOOS == "darwin" {
|
if runtime.GOOS == "darwin" {
|
||||||
err = verifyBinaryMac(ctx, "/tmp/hishtory-client", downloadData)
|
slsaError = verifyBinaryMac(ctx, "/tmp/hishtory-client", downloadData)
|
||||||
} else {
|
} else {
|
||||||
err = verifyBinary(ctx, "/tmp/hishtory-client", "/tmp/hishtory-client.intoto.jsonl", downloadData.Version)
|
slsaError = verifyBinary(ctx, "/tmp/hishtory-client", "/tmp/hishtory-client.intoto.jsonl", downloadData.Version)
|
||||||
}
|
}
|
||||||
|
if slsaError != nil {
|
||||||
|
err = handleSlsaFailure(slsaError)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("failed to verify SLSA provenance of the updated binary, aborting update (to bypass, set `export HISHTORY_DISABLE_SLSA_ATTESTATION=true`): %v", err)
|
return err
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Unlink the existing binary so we can overwrite it even though it is still running
|
// Unlink the existing binary so we can overwrite it even though it is still running
|
||||||
|
@ -1,6 +1,7 @@
|
|||||||
package lib
|
package lib
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"bufio"
|
||||||
"context"
|
"context"
|
||||||
"crypto/sha256"
|
"crypto/sha256"
|
||||||
"encoding/hex"
|
"encoding/hex"
|
||||||
@ -77,3 +78,14 @@ func getFileHash(binaryPath string) (string, error) {
|
|||||||
hash := hex.EncodeToString(hasher.Sum(nil))
|
hash := hex.EncodeToString(hasher.Sum(nil))
|
||||||
return hash, nil
|
return hash, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func handleSlsaFailure(srcErr error) error {
|
||||||
|
fmt.Printf("\nFailed to verify SLSA provenance! This is likely due to a SLSA bug (SLSA is a brand new standard, and like all new things, has bugs). Ignoring this failure means falling back to the way most software does updates. Do you want to ignore this failure and update anyways? [y/N]")
|
||||||
|
reader := bufio.NewReader(os.Stdin)
|
||||||
|
resp, err := reader.ReadString('\n')
|
||||||
|
if err == nil && strings.TrimSpace(resp) == "y" {
|
||||||
|
fmt.Println("Proceeding with update...")
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
return fmt.Errorf("failed to verify SLSA provenance of the updated binary, aborting update (to bypass, set `export HISHTORY_DISABLE_SLSA_ATTESTATION=true`): %v", srcErr)
|
||||||
|
}
|
||||||
|
@ -5,6 +5,7 @@ import (
|
|||||||
"context"
|
"context"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"log"
|
||||||
"os"
|
"os"
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
@ -105,8 +106,10 @@ func main() {
|
|||||||
}
|
}
|
||||||
fmt.Printf("Commit Hash: %s\n", GitCommit)
|
fmt.Printf("Commit Hash: %s\n", GitCommit)
|
||||||
case "update":
|
case "update":
|
||||||
// TODO: Add banner integration to update
|
err := lib.Update(hctx.MakeContext())
|
||||||
lib.CheckFatalError(lib.Update(hctx.MakeContext()))
|
if err != nil {
|
||||||
|
log.Fatalf("Failed to update hishtory: %v", err)
|
||||||
|
}
|
||||||
case "-h":
|
case "-h":
|
||||||
fallthrough
|
fallthrough
|
||||||
case "help":
|
case "help":
|
||||||
|
Loading…
Reference in New Issue
Block a user