Commit Graph

14 Commits

Author SHA1 Message Date
David Dworken
30e6f048ab Add better handling for SLSA errors 2022-10-02 20:14:54 -07:00
David Dworken
1d8973ed2a Revert "Disable SLSA verification pending slsa-verifier bug"
This reverts commit baf9f7d9c1.
2022-10-02 19:37:07 -07:00
David Dworken
baf9f7d9c1 Disable SLSA verification pending slsa-verifier bug 2022-10-01 15:26:42 -07:00
David Dworken
fee21ee4f8 Pass in ctx 2022-09-22 18:11:35 -07:00
David Dworken
cb16984f77 Pipe ctx into the slsa code to avoid context.TODO() 2022-09-21 20:22:34 -07:00
David Dworken
83a0beff43 Bump go version, remove the vendored slsa library, and depend on a newer copy with a different API. Updates now work. 2022-09-02 00:15:58 -07:00
David Dworken
c918c5042e Fix test on incorrect update output + prevent downgrades 2022-06-04 21:42:40 -07:00
David Dworken
de15305fb5 Patch vendored slsa verifier and fix updates 2022-06-04 21:31:16 -07:00
David Dworken
e638b9795b Manually vendor the slsa_verifier lib so we can make tweaks to it 2022-06-04 21:21:49 -07:00
David Dworken
dd4e2e9278 Add TODO + better error messages 2022-06-04 20:35:47 -07:00
David Dworken
1da703e9c2 Working update code for macos 2022-05-26 23:45:08 -07:00
David Dworken
65bbb40732 Disable SLSA verification of the branch to fix update flow 2022-04-17 12:53:06 -07:00
David Dworken
cf55805578 Verify the version tag in SLSA too 2022-04-17 10:29:48 -07:00
David Dworken
3d7af0cd4b Add SLSA verification of updated binary
Currently the SLSA verifier is meant to be used a standalone binary. I copied a bit of code from their main (and imported the rest of their code as a library) in order to support embedding it as a library. This ensures that the updated hishtory passes SLSA L3.
2022-04-16 16:02:07 -07:00