extern/hishtory
1
0
Fork 0
mirror of https://github.com/ddworken/hishtory.git synced 2024-11-23 08:45:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
2,010 Commits 67 Branches 499 Tags 50 MiB
87c2cde688
Commit Graph

24 Commits

Author SHA1 Message Date
David Dworken
d69176fb5c
Update SLSA integration to always prompt the user before suspected broken updates 2023-11-11 11:26:39 -08:00
David Dworken
165cdd9187
Update slsa integration to use the shared library for parsing version strings 2023-11-09 20:52:21 -08:00
David Dworken
c918bcd3cb
Update slsa validation to not validate version when running in github actions, since the one in actions isn't associated with a released version 2023-11-05 01:15:54 -07:00
David Dworken
29142df382
Add additional check that checks that the version is valid per semver 2023-11-05 00:38:21 -07:00
David Dworken
fca2b1441f
Always include user and device ID in API request headers, so that they're available in all server-side handlers 2023-10-14 10:52:51 -07:00
David Dworken
6d6a1a5e12
Move a bunch of update-specific code out of the generic lib.go file and into the update command 2023-09-13 22:45:49 -07:00
David Dworken
c5bdee9ad5
Merge pull request #102 from lsmoura/sergio/no-ctx-ptr 
Remove context pointers since there is no need to pass around a pointer to an interface
 2023-09-06 19:58:08 -07:00
Sergio Moura
a12b0e5f6f no context pointers 2023-09-05 15:45:17 -04:00
Sergio Moura
83ad8c7b1f wrap errors with %w instead of using %v 2023-09-05 15:08:55 -04:00
David Dworken
906ef3782b Add integration to disable SLSA verification if there is a current SLSA outage 2022-10-31 17:32:55 -07:00
David Dworken
30e6f048ab Add better handling for SLSA errors 2022-10-02 20:14:54 -07:00
David Dworken
1d8973ed2a Revert "Disable SLSA verification pending slsa-verifier bug" 
This reverts commit baf9f7d9c1.
 2022-10-02 19:37:07 -07:00
David Dworken
baf9f7d9c1 Disable SLSA verification pending slsa-verifier bug 2022-10-01 15:26:42 -07:00
David Dworken
fee21ee4f8 Pass in ctx 2022-09-22 18:11:35 -07:00
David Dworken
cb16984f77 Pipe ctx into the slsa code to avoid context.TODO() 2022-09-21 20:22:34 -07:00
David Dworken
83a0beff43 Bump go version, remove the vendored slsa library, and depend on a newer copy with a different API. Updates now work. 2022-09-02 00:15:58 -07:00
David Dworken
c918c5042e Fix test on incorrect update output + prevent downgrades 2022-06-04 21:42:40 -07:00
David Dworken
de15305fb5 Patch vendored slsa verifier and fix updates 2022-06-04 21:31:16 -07:00
David Dworken
e638b9795b Manually vendor the slsa_verifier lib so we can make tweaks to it 2022-06-04 21:21:49 -07:00
David Dworken
dd4e2e9278 Add TODO + better error messages 2022-06-04 20:35:47 -07:00
David Dworken
1da703e9c2 Working update code for macos 2022-05-26 23:45:08 -07:00
David Dworken
65bbb40732 Disable SLSA verification of the branch to fix update flow 2022-04-17 12:53:06 -07:00
David Dworken
cf55805578 Verify the version tag in SLSA too 2022-04-17 10:29:48 -07:00
David Dworken
3d7af0cd4b Add SLSA verification of updated binary 
Currently the SLSA verifier is meant to be used a standalone binary. I copied a bit of code from their main (and imported the rest of their code as a library) in order to support embedding it as a library. This ensures that the updated hishtory passes SLSA L3.
 2022-04-16 16:02:07 -07:00