15 Commits

Author	SHA1	Message	Date
David Dworken	906ef3782b	Add integration to disable SLSA verification if there is a current SLSA outage	2022-10-31 17:32:55 -07:00
David Dworken	30e6f048ab	Add better handling for SLSA errors	2022-10-02 20:14:54 -07:00
David Dworken	1d8973ed2a	Revert "Disable SLSA verification pending slsa-verifier bug" ... This reverts commit baf9f7d9c1.	2022-10-02 19:37:07 -07:00
David Dworken	baf9f7d9c1	Disable SLSA verification pending slsa-verifier bug	2022-10-01 15:26:42 -07:00
David Dworken	fee21ee4f8	Pass in ctx	2022-09-22 18:11:35 -07:00
David Dworken	cb16984f77	Pipe ctx into the slsa code to avoid context.TODO()	2022-09-21 20:22:34 -07:00
David Dworken	83a0beff43	Bump go version, remove the vendored slsa library, and depend on a newer copy with a different API. Updates now work.	2022-09-02 00:15:58 -07:00
David Dworken	c918c5042e	Fix test on incorrect update output + prevent downgrades	2022-06-04 21:42:40 -07:00
David Dworken	de15305fb5	Patch vendored slsa verifier and fix updates	2022-06-04 21:31:16 -07:00
David Dworken	e638b9795b	Manually vendor the slsa_verifier lib so we can make tweaks to it	2022-06-04 21:21:49 -07:00
David Dworken	dd4e2e9278	Add TODO + better error messages	2022-06-04 20:35:47 -07:00
David Dworken	1da703e9c2	Working update code for macos	2022-05-26 23:45:08 -07:00
David Dworken	65bbb40732	Disable SLSA verification of the branch to fix update flow	2022-04-17 12:53:06 -07:00
David Dworken	cf55805578	Verify the version tag in SLSA too	2022-04-17 10:29:48 -07:00
David Dworken	3d7af0cd4b	Add SLSA verification of updated binary ... Currently the SLSA verifier is meant to be used a standalone binary. I copied a bit of code from their main (and imported the rest of their code as a library) in order to support embedding it as a library. This ensures that the updated hishtory passes SLSA L3.	2022-04-16 16:02:07 -07:00