-
Notifications
You must be signed in to change notification settings - Fork 11
/
attestation.c4m
59 lines (46 loc) · 1.53 KB
/
attestation.c4m
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
##
## Copyright (c) 2023, Crash Override, Inc.
##
## This file is part of Chalk
## (see https://crashoverride.com/docs/chalk)
##
## Builtin attestation implementation(s).
# installs attestation and returns true if it succeeded.
func install_cosign() {
# Follow https://docs.sigstore.dev/system_config/installation/
# to install attestation
host_arch := arch()
host_os := osname()
if host_os == "macosx" {
host_os := "darwin"
}
install_name := "cosign-" + host_os + "-" + host_arch
install_url := "https://github.com/sigstore/cosign/releases/latest/download/" + install_name
info("Downloading cosign.....")
contents := url_get(install_url)
trace("Downloaded cosign.")
write_file("/tmp/cosign", contents)
trace(run("chmod +x /tmp/cosign"))
cosign_path := find_exe("cosign", ["/tmp"])
if cosign_path != "" {
trace("Successfully installed attestation into: " + cosign_path)
return true
}
trace("Unable to install cosign (cannot write to tmp?)")
return false
}
func load_attestation_binary(download_if_not_present: bool) {
result := ""
supplemental_path := [env("GOPATH") + "/bin", "~/go/bin", "/tmp"]
attestation_binary := find_exe("cosign", supplemental_path)
if attestation_binary == "" and download_if_not_present == true {
if install_cosign() {
attestation_binary := find_exe("cosign", supplemental_path)
if attestation_binary == "" {
error("cosign could not be found!!!")
return attestation_binary
}
}
}
return attestation_binary
}