mirror of
https://github.com/ddworken/hishtory.git
synced 2024-12-26 00:39:02 +01:00
Add SLSA validation with current binary built by SLSA
This commit is contained in:
parent
25e982603a
commit
35f9ad28a8
1
.github/workflows/slsa-releaser.yml
vendored
1
.github/workflows/slsa-releaser.yml
vendored
@ -220,7 +220,6 @@ jobs:
|
||||
export HISHTORY_TEST=1
|
||||
curl https://hishtory.dev/install.py | python3 -
|
||||
unset HISHTORY_TEST
|
||||
# go build
|
||||
python3 scripts/actions-validate.py
|
||||
echo DONE > hishtory-release-validation-completed
|
||||
- name: Release
|
||||
|
@ -8,6 +8,7 @@ ALL_FILES = ['hishtory-linux-amd64', 'hishtory-linux-arm64', 'hishtory-darwin-am
|
||||
|
||||
def validate_slsa(hishtory_binary: str) -> None:
|
||||
assert os.path.exists(hishtory_binary)
|
||||
subprocess.check_output(['chmod', "+x", hishtory_binary])
|
||||
for filename in ALL_FILES:
|
||||
try:
|
||||
print(f"Validating {filename} with {hishtory_binary=}")
|
||||
@ -68,7 +69,7 @@ def main() -> None:
|
||||
if "darwin" in filename:
|
||||
validate_macos_signature(filename)
|
||||
print("Starting validation of SLSA attestations")
|
||||
# validate_slsa("./hishtory") # TODO: Re-enable validation using the local binary
|
||||
validate_slsa("./hishtory-darwin-amd64")
|
||||
validate_slsa(os.path.expanduser("~/.hishtory/hishtory"))
|
||||
print("Validating other metadata")
|
||||
validate_hishtory_status("./hishtory-darwin-amd64", True)
|
||||
|
Loading…
Reference in New Issue
Block a user