extern/hishtory
1
0
Fork 0
mirror of https://github.com/ddworken/hishtory.git synced 2025-06-20 11:57:50 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add additional fail-safe validation to SLSA validator for better error messages

Browse Source
This commit is contained in:
David Dworken 2025-02-02 11:47:02 -08:00
parent 417c2e9e62
commit eabd001d3e
No known key found for this signature in database
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
scripts/actions-validate.py
View File

@ -8,6 +8,7 @@ ALL_FILES = ['hishtory-linux-amd64', 'hishtory-linux-arm64', 'hishtory-darwin-am
def validate_slsa(hishtory_binary: str) -> None: def validate_slsa(hishtory_binary: str) -> None:
assert os.path.exists(hishtory_binary) assert os.path.exists(hishtory_binary)
assertPresentAndNotAscii(hishtory_binary)
subprocess.check_output(['chmod', "+x", hishtory_binary]) subprocess.check_output(['chmod', "+x", hishtory_binary])
for filename in ALL_FILES: for filename in ALL_FILES:
try: try:
@ -63,6 +64,13 @@ def validate_hishtory_status(filename: str, deep_validation: bool) -> None:
else: else:
assert "hiSHtory: " in status, status assert "hiSHtory: " in status, status
def assertPresentAndNotAscii(fn):
if not os.path.exists(fn):
raise Exception(f"{fn=} does not exist, did it fail to download?")
out = subprocess.check_output(["file", fn]).decode('utf-8')
if "ASCII text" in out:
raise Exception(f"{fn=} is of type {out}")
def main() -> None: def main() -> None:
print("Starting validation of MacOS signatures") print("Starting validation of MacOS signatures")
for filename in ALL_FILES: for filename in ALL_FILES: