From 35f9ad28a8e8c43f53df1bd089d9cde4b0fcbad9 Mon Sep 17 00:00:00 2001
From: David Dworken <david@daviddworken.com>
Date: Sun, 24 Mar 2024 21:48:01 -0700
Subject: [PATCH] Add SLSA validation with current binary built by SLSA

---
 .github/workflows/slsa-releaser.yml | 1 -
 scripts/actions-validate.py         | 3 ++-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/slsa-releaser.yml b/.github/workflows/slsa-releaser.yml
index d7ab8c0..875a687 100644
--- a/.github/workflows/slsa-releaser.yml
+++ b/.github/workflows/slsa-releaser.yml
@@ -220,7 +220,6 @@ jobs:
           export HISHTORY_TEST=1
           curl https://hishtory.dev/install.py | python3 -
           unset HISHTORY_TEST
-          # go build
           python3 scripts/actions-validate.py
           echo DONE > hishtory-release-validation-completed
       - name: Release
diff --git a/scripts/actions-validate.py b/scripts/actions-validate.py
index 589678b..e1f8265 100644
--- a/scripts/actions-validate.py
+++ b/scripts/actions-validate.py
@@ -8,6 +8,7 @@ ALL_FILES = ['hishtory-linux-amd64', 'hishtory-linux-arm64', 'hishtory-darwin-am
 
 def validate_slsa(hishtory_binary: str) -> None:
     assert os.path.exists(hishtory_binary)
+    subprocess.check_output(['chmod', "+x", hishtory_binary])
     for filename in ALL_FILES:
         try:
             print(f"Validating {filename} with {hishtory_binary=}")
@@ -68,7 +69,7 @@ def main() -> None:
         if "darwin" in filename:
             validate_macos_signature(filename)
     print("Starting validation of SLSA attestations")
-    # validate_slsa("./hishtory")  # TODO: Re-enable validation using the local binary
+    validate_slsa("./hishtory-darwin-amd64") 
     validate_slsa(os.path.expanduser("~/.hishtory/hishtory"))
     print("Validating other metadata")
     validate_hishtory_status("./hishtory-darwin-amd64", True)