Add better handling for SLSA errors

This commit is contained in:
David Dworken 2022-10-02 20:14:54 -07:00
parent b7c64b61c8
commit 30e6f048ab
3 changed files with 25 additions and 6 deletions

View File

@ -703,13 +703,17 @@ func Update(ctx *context.Context) error {
} }
// Verify the SLSA attestation // Verify the SLSA attestation
var slsaError error
if runtime.GOOS == "darwin" { if runtime.GOOS == "darwin" {
err = verifyBinaryMac(ctx, "/tmp/hishtory-client", downloadData) slsaError = verifyBinaryMac(ctx, "/tmp/hishtory-client", downloadData)
} else { } else {
err = verifyBinary(ctx, "/tmp/hishtory-client", "/tmp/hishtory-client.intoto.jsonl", downloadData.Version) slsaError = verifyBinary(ctx, "/tmp/hishtory-client", "/tmp/hishtory-client.intoto.jsonl", downloadData.Version)
} }
if err != nil { if slsaError != nil {
return fmt.Errorf("failed to verify SLSA provenance of the updated binary, aborting update (to bypass, set `export HISHTORY_DISABLE_SLSA_ATTESTATION=true`): %v", err) err = handleSlsaFailure(slsaError)
if err != nil {
return err
}
} }
// Unlink the existing binary so we can overwrite it even though it is still running // Unlink the existing binary so we can overwrite it even though it is still running

View File

@ -1,6 +1,7 @@
package lib package lib
import ( import (
"bufio"
"context" "context"
"crypto/sha256" "crypto/sha256"
"encoding/hex" "encoding/hex"
@ -77,3 +78,14 @@ func getFileHash(binaryPath string) (string, error) {
hash := hex.EncodeToString(hasher.Sum(nil)) hash := hex.EncodeToString(hasher.Sum(nil))
return hash, nil return hash, nil
} }
func handleSlsaFailure(srcErr error) error {
fmt.Printf("\nFailed to verify SLSA provenance! This is likely due to a SLSA bug (SLSA is a brand new standard, and like all new things, has bugs). Ignoring this failure means falling back to the way most software does updates. Do you want to ignore this failure and update anyways? [y/N]")
reader := bufio.NewReader(os.Stdin)
resp, err := reader.ReadString('\n')
if err == nil && strings.TrimSpace(resp) == "y" {
fmt.Println("Proceeding with update...")
return nil
}
return fmt.Errorf("failed to verify SLSA provenance of the updated binary, aborting update (to bypass, set `export HISHTORY_DISABLE_SLSA_ATTESTATION=true`): %v", srcErr)
}

View File

@ -5,6 +5,7 @@ import (
"context" "context"
"encoding/json" "encoding/json"
"fmt" "fmt"
"log"
"os" "os"
"strings" "strings"
"time" "time"
@ -105,8 +106,10 @@ func main() {
} }
fmt.Printf("Commit Hash: %s\n", GitCommit) fmt.Printf("Commit Hash: %s\n", GitCommit)
case "update": case "update":
// TODO: Add banner integration to update err := lib.Update(hctx.MakeContext())
lib.CheckFatalError(lib.Update(hctx.MakeContext())) if err != nil {
log.Fatalf("Failed to update hishtory: %v", err)
}
case "-h": case "-h":
fallthrough fallthrough
case "help": case "help":