Add SLSA validation with current binary built by SLSA

2024-11-07 17:05:41 +01:00 · 2024-03-24 21:48:01 -07:00 · 2024-03-24 21:48:01 -07:00 · 35f9ad28a8
commit 35f9ad28a8
parent 25e982603a
2 changed files with 2 additions and 2 deletions
--- a/.github/workflows/slsa-releaser.yml
+++ b/.github/workflows/slsa-releaser.yml
@ -220,7 +220,6 @@ jobs:
          export HISHTORY_TEST=1
          curl https://hishtory.dev/install.py | python3 -
          unset HISHTORY_TEST
-          # go build
          python3 scripts/actions-validate.py
          echo DONE > hishtory-release-validation-completed
      - name: Release
--- a/scripts/actions-validate.py
+++ b/scripts/actions-validate.py
@ -8,6 +8,7 @@ ALL_FILES = ['hishtory-linux-amd64', 'hishtory-linux-arm64', 'hishtory-darwin-am

 def validate_slsa(hishtory_binary: str) -> None:
    assert os.path.exists(hishtory_binary)
+    subprocess.check_output(['chmod', "+x", hishtory_binary])
    for filename in ALL_FILES:
        try:
            print(f"Validating {filename} with {hishtory_binary=}")
@ -68,7 +69,7 @@ def main() -> None:
        if "darwin" in filename:
            validate_macos_signature(filename)
    print("Starting validation of SLSA attestations")
-    # validate_slsa("./hishtory")  # TODO: Re-enable validation using the local binary
+    validate_slsa("./hishtory-darwin-amd64") 
    validate_slsa(os.path.expanduser("~/.hishtory/hishtory"))
    print("Validating other metadata")
    validate_hishtory_status("./hishtory-darwin-amd64", True)