David Dworken
b4f18162b4
Add better error message for SLSA failures
2024-08-11 12:29:37 -07:00
David Dworken
41f7cc84f9
Update slsa-verifier to attempt to fix SLSA breakage
2024-08-11 12:29:37 -07:00
David Dworken
d69176fb5c
Update SLSA integration to always prompt the user before suspected broken updates
2023-11-11 11:26:39 -08:00
David Dworken
165cdd9187
Update slsa integration to use the shared library for parsing version strings
2023-11-09 20:52:21 -08:00
David Dworken
c918bcd3cb
Update slsa validation to not validate version when running in github actions, since the one in actions isn't associated with a released version
2023-11-05 01:15:54 -07:00
David Dworken
29142df382
Add additional check that checks that the version is valid per semver
2023-11-05 00:38:21 -07:00
David Dworken
fca2b1441f
Always include user and device ID in API request headers, so that they're available in all server-side handlers
2023-10-14 10:52:51 -07:00
David Dworken
6d6a1a5e12
Move a bunch of update-specific code out of the generic lib.go file and into the update command
2023-09-13 22:45:49 -07:00
David Dworken
c5bdee9ad5
Merge pull request #102 from lsmoura/sergio/no-ctx-ptr
...
Remove context pointers since there is no need to pass around a pointer to an interface
2023-09-06 19:58:08 -07:00
Sergio Moura
a12b0e5f6f
no context pointers
2023-09-05 15:45:17 -04:00
Sergio Moura
83ad8c7b1f
wrap errors with %w instead of using %v
2023-09-05 15:08:55 -04:00
David Dworken
906ef3782b
Add integration to disable SLSA verification if there is a current SLSA outage
2022-10-31 17:32:55 -07:00
David Dworken
30e6f048ab
Add better handling for SLSA errors
2022-10-02 20:14:54 -07:00
David Dworken
1d8973ed2a
Revert "Disable SLSA verification pending slsa-verifier bug"
...
This reverts commit baf9f7d9c1
.
2022-10-02 19:37:07 -07:00
David Dworken
baf9f7d9c1
Disable SLSA verification pending slsa-verifier bug
2022-10-01 15:26:42 -07:00
David Dworken
fee21ee4f8
Pass in ctx
2022-09-22 18:11:35 -07:00
David Dworken
cb16984f77
Pipe ctx into the slsa code to avoid context.TODO()
2022-09-21 20:22:34 -07:00
David Dworken
83a0beff43
Bump go version, remove the vendored slsa library, and depend on a newer copy with a different API. Updates now work.
2022-09-02 00:15:58 -07:00
David Dworken
c918c5042e
Fix test on incorrect update output + prevent downgrades
2022-06-04 21:42:40 -07:00
David Dworken
de15305fb5
Patch vendored slsa verifier and fix updates
2022-06-04 21:31:16 -07:00
David Dworken
e638b9795b
Manually vendor the slsa_verifier lib so we can make tweaks to it
2022-06-04 21:21:49 -07:00
David Dworken
dd4e2e9278
Add TODO + better error messages
2022-06-04 20:35:47 -07:00
David Dworken
1da703e9c2
Working update code for macos
2022-05-26 23:45:08 -07:00
David Dworken
65bbb40732
Disable SLSA verification of the branch to fix update flow
2022-04-17 12:53:06 -07:00
David Dworken
cf55805578
Verify the version tag in SLSA too
2022-04-17 10:29:48 -07:00
David Dworken
3d7af0cd4b
Add SLSA verification of updated binary
...
Currently the SLSA verifier is meant to be used a standalone binary. I copied a bit of code from their main (and imported the rest of their code as a library) in order to support embedding it as a library. This ensures that the updated hishtory passes SLSA L3.
2022-04-16 16:02:07 -07:00