mirror of
https://github.com/ddworken/hishtory.git
synced 2025-06-21 04:17:45 +02:00
Add TODO + better error messages
This commit is contained in:
parent
8d93d08f80
commit
dd4e2e9278
@ -37,23 +37,24 @@ func verify(provenance []byte, artifactHash, source, branch, versionTag string)
|
|||||||
// Verify the provenance and return the signing certificate.
|
// Verify the provenance and return the signing certificate.
|
||||||
cert, err := pkg.FindSigningCertificate(context.Background(), uuids, *env, rClient)
|
cert, err := pkg.FindSigningCertificate(context.Background(), uuids, *env, rClient)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return fmt.Errorf("failed to locate signing certificate: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Get the workflow info given the certificate information.
|
// Get the workflow info given the certificate information.
|
||||||
workflowInfo, err := pkg.GetWorkflowInfoFromCertificate(cert)
|
workflowInfo, err := pkg.GetWorkflowInfoFromCertificate(cert)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return fmt.Errorf("failed to verify workflow info: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Unpack and verify info in the provenance, including the Subject Digest.
|
// Unpack and verify info in the provenance, including the Subject Digest.
|
||||||
if err := pkg.VerifyProvenance(env, artifactHash); err != nil {
|
if err := pkg.VerifyProvenance(env, artifactHash); err != nil {
|
||||||
return err
|
return fmt.Errorf("failed to verify provenance: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Verify the workflow identity.
|
// Verify the workflow identity.
|
||||||
|
fmt.Printf("source=%#v, workflowInfo=%#v\n", source, workflowInfo)
|
||||||
if err := pkg.VerifyWorkflowIdentity(workflowInfo, source); err != nil {
|
if err := pkg.VerifyWorkflowIdentity(workflowInfo, source); err != nil {
|
||||||
return err
|
return fmt.Errorf("failed to verify workflow identity: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Verify the branch.
|
// Verify the branch.
|
||||||
@ -64,7 +65,7 @@ func verify(provenance []byte, artifactHash, source, branch, versionTag string)
|
|||||||
|
|
||||||
// Verify the tag.
|
// Verify the tag.
|
||||||
if err := pkg.VerifyTag(env, versionTag); err != nil {
|
if err := pkg.VerifyTag(env, versionTag); err != nil {
|
||||||
return err
|
return fmt.Errorf("failed to verify tag: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
|
@ -156,6 +156,7 @@ func saveHistoryEntry() {
|
|||||||
lib.CheckFatalError(err)
|
lib.CheckFatalError(err)
|
||||||
result := db.Create(entry)
|
result := db.Create(entry)
|
||||||
lib.CheckFatalError(result.Error)
|
lib.CheckFatalError(result.Error)
|
||||||
|
// TODO: ^ sometimes fails with the error "database is locked (261)". Fix this by retrying.
|
||||||
|
|
||||||
// Persist it remotely
|
// Persist it remotely
|
||||||
encEntry, err := data.EncryptHistoryEntry(config.UserSecret, *entry)
|
encEntry, err := data.EncryptHistoryEntry(config.UserSecret, *entry)
|
||||||
|
Loading…
x
Reference in New Issue
Block a user