Add basic validation using the published version of hishtory too

This commit is contained in:
David Dworken 2023-12-20 17:27:06 -08:00
parent 3ce76d154a
commit fa7d6be54d

View File

@ -47,10 +47,11 @@ def validate_macos_signature(filename: str) -> None:
assert "Authority=Apple Root CA" in out assert "Authority=Apple Root CA" in out
assert "TeamIdentifier=QUXLNCT7FA" in out assert "TeamIdentifier=QUXLNCT7FA" in out
def validate_hishtory_status(filename: str) -> None: def validate_hishtory_status(filename: str, deep_validation: bool) -> None:
assert os.path.exists(filename) assert os.path.exists(filename)
subprocess.check_output(['chmod', "+x", filename]) subprocess.check_output(['chmod', "+x", filename])
status = subprocess.check_output([filename, "status", "-v"]).decode('utf-8') status = subprocess.check_output([filename, "status", "-v"]).decode('utf-8')
if deep_validation:
git_hash = os.environ['GITHUB_SHA'] git_hash = os.environ['GITHUB_SHA']
assert git_hash, git_hash assert git_hash, git_hash
assert f"Commit Hash: {git_hash}" in status, status assert f"Commit Hash: {git_hash}" in status, status
@ -58,7 +59,8 @@ def validate_hishtory_status(filename: str) -> None:
with open('VERSION') as f: with open('VERSION') as f:
version = "v0." + f.read().strip() version = "v0." + f.read().strip()
assert f"hiSHtory: {version}" in status, status assert f"hiSHtory: {version}" in status, status
else:
assert "hiSHtory: " in status, status
def main() -> None: def main() -> None:
print("Starting validation of MacOS signatures") print("Starting validation of MacOS signatures")
@ -68,9 +70,9 @@ def main() -> None:
print("Starting validation of SLSA attestations") print("Starting validation of SLSA attestations")
validate_slsa("./hishtory") validate_slsa("./hishtory")
validate_slsa(os.path.expanduser("~/.hishtory/hishtory")) validate_slsa(os.path.expanduser("~/.hishtory/hishtory"))
# TODO: Run validation using hishtory built at HEAD too
print("Validating other metadata") print("Validating other metadata")
validate_hishtory_status("./hishtory-darwin-amd64") validate_hishtory_status("./hishtory-darwin-amd64", True)
validate_hishtory_status("~/.hishtory/hishtory", False)
if __name__ == '__main__': if __name__ == '__main__':
main() main()