Commit Graph

26 Commits

Author SHA1 Message Date
David Dworken
b4f18162b4
Add better error message for SLSA failures 2024-08-11 12:29:37 -07:00
David Dworken
41f7cc84f9
Update slsa-verifier to attempt to fix SLSA breakage 2024-08-11 12:29:37 -07:00
David Dworken
d69176fb5c
Update SLSA integration to always prompt the user before suspected broken updates 2023-11-11 11:26:39 -08:00
David Dworken
165cdd9187
Update slsa integration to use the shared library for parsing version strings 2023-11-09 20:52:21 -08:00
David Dworken
c918bcd3cb
Update slsa validation to not validate version when running in github actions, since the one in actions isn't associated with a released version 2023-11-05 01:15:54 -07:00
David Dworken
29142df382
Add additional check that checks that the version is valid per semver 2023-11-05 00:38:21 -07:00
David Dworken
fca2b1441f
Always include user and device ID in API request headers, so that they're available in all server-side handlers 2023-10-14 10:52:51 -07:00
David Dworken
6d6a1a5e12
Move a bunch of update-specific code out of the generic lib.go file and into the update command 2023-09-13 22:45:49 -07:00
David Dworken
c5bdee9ad5
Merge pull request #102 from lsmoura/sergio/no-ctx-ptr
Remove context pointers since there is no need to pass around a pointer to an interface
2023-09-06 19:58:08 -07:00
Sergio Moura
a12b0e5f6f no context pointers 2023-09-05 15:45:17 -04:00
Sergio Moura
83ad8c7b1f wrap errors with %w instead of using %v 2023-09-05 15:08:55 -04:00
David Dworken
906ef3782b Add integration to disable SLSA verification if there is a current SLSA outage 2022-10-31 17:32:55 -07:00
David Dworken
30e6f048ab Add better handling for SLSA errors 2022-10-02 20:14:54 -07:00
David Dworken
1d8973ed2a Revert "Disable SLSA verification pending slsa-verifier bug"
This reverts commit baf9f7d9c1.
2022-10-02 19:37:07 -07:00
David Dworken
baf9f7d9c1 Disable SLSA verification pending slsa-verifier bug 2022-10-01 15:26:42 -07:00
David Dworken
fee21ee4f8 Pass in ctx 2022-09-22 18:11:35 -07:00
David Dworken
cb16984f77 Pipe ctx into the slsa code to avoid context.TODO() 2022-09-21 20:22:34 -07:00
David Dworken
83a0beff43 Bump go version, remove the vendored slsa library, and depend on a newer copy with a different API. Updates now work. 2022-09-02 00:15:58 -07:00
David Dworken
c918c5042e Fix test on incorrect update output + prevent downgrades 2022-06-04 21:42:40 -07:00
David Dworken
de15305fb5 Patch vendored slsa verifier and fix updates 2022-06-04 21:31:16 -07:00
David Dworken
e638b9795b Manually vendor the slsa_verifier lib so we can make tweaks to it 2022-06-04 21:21:49 -07:00
David Dworken
dd4e2e9278 Add TODO + better error messages 2022-06-04 20:35:47 -07:00
David Dworken
1da703e9c2 Working update code for macos 2022-05-26 23:45:08 -07:00
David Dworken
65bbb40732 Disable SLSA verification of the branch to fix update flow 2022-04-17 12:53:06 -07:00
David Dworken
cf55805578 Verify the version tag in SLSA too 2022-04-17 10:29:48 -07:00
David Dworken
3d7af0cd4b Add SLSA verification of updated binary
Currently the SLSA verifier is meant to be used a standalone binary. I copied a bit of code from their main (and imported the rest of their code as a library) in order to support embedding it as a library. This ensures that the updated hishtory passes SLSA L3.
2022-04-16 16:02:07 -07:00