David Dworken
30e6f048ab
Add better handling for SLSA errors
2022-10-02 20:14:54 -07:00
David Dworken
1d8973ed2a
Revert "Disable SLSA verification pending slsa-verifier bug"
...
This reverts commit baf9f7d9c1
.
2022-10-02 19:37:07 -07:00
David Dworken
baf9f7d9c1
Disable SLSA verification pending slsa-verifier bug
2022-10-01 15:26:42 -07:00
David Dworken
fee21ee4f8
Pass in ctx
2022-09-22 18:11:35 -07:00
David Dworken
cb16984f77
Pipe ctx into the slsa code to avoid context.TODO()
2022-09-21 20:22:34 -07:00
David Dworken
83a0beff43
Bump go version, remove the vendored slsa library, and depend on a newer copy with a different API. Updates now work.
2022-09-02 00:15:58 -07:00
David Dworken
c918c5042e
Fix test on incorrect update output + prevent downgrades
2022-06-04 21:42:40 -07:00
David Dworken
de15305fb5
Patch vendored slsa verifier and fix updates
2022-06-04 21:31:16 -07:00
David Dworken
e638b9795b
Manually vendor the slsa_verifier lib so we can make tweaks to it
2022-06-04 21:21:49 -07:00
David Dworken
dd4e2e9278
Add TODO + better error messages
2022-06-04 20:35:47 -07:00
David Dworken
1da703e9c2
Working update code for macos
2022-05-26 23:45:08 -07:00
David Dworken
65bbb40732
Disable SLSA verification of the branch to fix update flow
2022-04-17 12:53:06 -07:00
David Dworken
cf55805578
Verify the version tag in SLSA too
2022-04-17 10:29:48 -07:00
David Dworken
3d7af0cd4b
Add SLSA verification of updated binary
...
Currently the SLSA verifier is meant to be used a standalone binary. I copied a bit of code from their main (and imported the rest of their code as a library) in order to support embedding it as a library. This ensures that the updated hishtory passes SLSA L3.
2022-04-16 16:02:07 -07:00