mirror of
https://github.com/ddworken/hishtory.git
synced 2025-03-15 15:58:22 +01:00
Add SLSA validation with current binary built by SLSA
This commit is contained in:
parent
0c3e515008
commit
59e8a6dd5b
1
.github/workflows/slsa-releaser.yml
vendored
1
.github/workflows/slsa-releaser.yml
vendored
@ -220,7 +220,6 @@ jobs:
|
|||||||
export HISHTORY_TEST=1
|
export HISHTORY_TEST=1
|
||||||
curl https://hishtory.dev/install.py | python3 -
|
curl https://hishtory.dev/install.py | python3 -
|
||||||
unset HISHTORY_TEST
|
unset HISHTORY_TEST
|
||||||
# go build
|
|
||||||
python3 scripts/actions-validate.py
|
python3 scripts/actions-validate.py
|
||||||
echo DONE > hishtory-release-validation-completed
|
echo DONE > hishtory-release-validation-completed
|
||||||
- name: Release
|
- name: Release
|
||||||
|
@ -8,6 +8,7 @@ ALL_FILES = ['hishtory-linux-amd64', 'hishtory-linux-arm64', 'hishtory-darwin-am
|
|||||||
|
|
||||||
def validate_slsa(hishtory_binary: str) -> None:
|
def validate_slsa(hishtory_binary: str) -> None:
|
||||||
assert os.path.exists(hishtory_binary)
|
assert os.path.exists(hishtory_binary)
|
||||||
|
subprocess.check_output(['chmod', "+x", hishtory_binary])
|
||||||
for filename in ALL_FILES:
|
for filename in ALL_FILES:
|
||||||
try:
|
try:
|
||||||
print(f"Validating {filename} with {hishtory_binary=}")
|
print(f"Validating {filename} with {hishtory_binary=}")
|
||||||
@ -68,7 +69,7 @@ def main() -> None:
|
|||||||
if "darwin" in filename:
|
if "darwin" in filename:
|
||||||
validate_macos_signature(filename)
|
validate_macos_signature(filename)
|
||||||
print("Starting validation of SLSA attestations")
|
print("Starting validation of SLSA attestations")
|
||||||
# validate_slsa("./hishtory") # TODO: Re-enable validation using the local binary
|
validate_slsa("./hishtory-darwin-amd64")
|
||||||
validate_slsa(os.path.expanduser("~/.hishtory/hishtory"))
|
validate_slsa(os.path.expanduser("~/.hishtory/hishtory"))
|
||||||
print("Validating other metadata")
|
print("Validating other metadata")
|
||||||
validate_hishtory_status("./hishtory-darwin-amd64", True)
|
validate_hishtory_status("./hishtory-darwin-amd64", True)
|
||||||
|
Loading…
Reference in New Issue
Block a user