From 7d9664363dc3c14ea4147420706e4b1d6c9541b2 Mon Sep 17 00:00:00 2001 From: David Dworken Date: Wed, 8 Nov 2023 18:25:29 -0800 Subject: [PATCH] Add validation of hishtory status --- scripts/actions-validate.py | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/scripts/actions-validate.py b/scripts/actions-validate.py index 86cf2a0..4fca3d6 100644 --- a/scripts/actions-validate.py +++ b/scripts/actions-validate.py @@ -1,3 +1,4 @@ +from re import sub import subprocess import shutil import sys @@ -46,6 +47,18 @@ def validate_macos_signature(filename: str) -> None: assert "Authority=Apple Root CA" in out assert "TeamIdentifier=QUXLNCT7FA" in out +def validate_hishtory_status(filename: str) -> None: + assert os.path.exists(filename) + status = subprocess.check_output([filename, "status", "-v"]).decode('utf-8') + git_hash = os.environ['GITHUB_SHA'] + assert git_hash, git_hash + assert f"Commit Hash: {git_hash}" in status, status + assert os.path.exists('VERSION') + with open('VERSION') as f: + version = "v0." + f.read().strip() + assert f"hiSHtory: {version}" in status, status + + def main() -> None: print("Starting validation of MacOS signatures") for filename in ALL_FILES: @@ -53,6 +66,8 @@ def main() -> None: validate_macos_signature(filename) print("Starting validation of SLSA attestations") validate_slsa("./hishtory") + print("Validating other metadata") + validate_hishtory_status("hishtory-darwin-amd64") if __name__ == '__main__': main() \ No newline at end of file