summaryrefslogtreecommitdiffhomepage
path: root/.github/workflows/verify-locked-down-signatures.yml
AgeCommit message (Collapse)AuthorFilesLines
2025-09-30Require signatures on code owners filesLinus Färnstrand1-1/+3
2025-09-10Add license check for iOS to prevent GPL3 dependenciesSteffen1-0/+1
2025-07-24Update names for git signature checking CI jobLinus Färnstrand1-1/+2
2025-07-15Add android devshell lockfile to lockdown listAlbin1-0/+1
2025-04-02Mark trusted-metadata-signing-pubkeys as needing signatures to be editedLinus Färnstrand1-0/+1
2025-03-20Add new files to verify locked down flowDavid Göransson1-0/+4
2025-03-04Run the unicop tool on this repositoryLinus Färnstrand1-0/+1
2025-02-04Add rust-toolchain.toml to verified signature listKalle Lindström1-0/+1
2024-11-26Update Actionstinyboxvk1-1/+1
Signed-off-by: tinyboxvk <13696594+tinyboxvk@users.noreply.github.com>
2024-11-21Add `nsventforwarder` to root Cargo workspaceMarkus Pettersson1-1/+0
2024-11-14Fix verify-locked-down-signaturs jobOskar1-1/+1
2024-11-14Update github actions workflowsOskar1-1/+2
2024-07-25Limit permissions on verify-locked-down-signatures CI jobLinus Färnstrand1-0/+3
2024-07-23Force changes to CODEOWNERS to be signedLinus Färnstrand1-0/+1
2024-06-25Add a safe FFI wrapper in `wireguard-go-rs`Sebastian Holmin1-1/+1
- Add local wireguard go import - Activate DAITA and add `wgActivateDaita` and `wgReceiveEvent` FFI - Implement `start_daita` on Wireguard-go tunnel type - Mention DAITA in `wireguard-go-rs` description - Do not compile `wireguard-go-rs` on Windows - Handle DAITA closed on `nil` event - Handle daita action timeouts in libwg - Remove noisy log lines - Remove `maybenot_on_action` callback - Remove unused link to `../build/lib` for `talpid-wireguard` - Bump the `wireguard-go` submodule to a signed release tag in Mullvad's `wireguard-go` fork. - Update path to `libwg/go.sum` in verification script Also: - Use u64 instead of *mut void as log context - Make Tunnel::set_config take a &mut self - Use dyn Error instead of i32s for wg errors Co-authored-by: Joakim Hulthe <joakim@hulthe.net>
2024-04-02Require changes to Cargo.toml to be signedLinus Färnstrand1-0/+3
Also add a (forgotten?) test/Cargo.lock
2024-03-26Require signatures to update test/deny.tomlLinus Färnstrand1-0/+1
It's less important than the root deny.toml. But it still in certain ways affect supply chain security and licensing
2024-03-21Ensure signed commits for gradle wrapper updatesAlbin1-0/+3
2024-03-08Add deny.toml to list of important files that must be signedLinus Färnstrand1-0/+1
Since it controls what external sources cargo is allowed to pull in
2023-06-28Edit verify signature CI to catch changes in files in foldersLinus Färnstrand1-3/+2
2023-06-09Fix CI verification scriptJonathan1-0/+1
The verification script running on github would complain that the first commit of a PR changed all of the locked down files if this commit was unsigned. The reason was that in our github enviornment we don't fetch the entire git history but instead only the needed commits (so called shallow repository). The entire history is therefore folded into the first commit in the shallow repo. Since this history contains modifications of locked down files and since this commit is not signed the script will think this commit modified files its not allowed to. This fix deepens the shallow repo by 1 after fetching. It also clarifies a print in verification script to be more descriptive.
2023-05-09Fix broken github CI script caused by CVE fixJonathan1-8/+4
The github CI code broke due to a code injection vulnerability being fixed in a quick-and-dirty way. The dirty solution is here cleaned up and works better than previously.
2023-04-27Temporary fix to avoid the reported vuln: GHSA-x5vj-ch4c-g3jrLinus Färnstrand1-3/+4
2023-02-23Rename all mentions of the "master" branch to "main"Linus Färnstrand1-3/+3
2023-01-13Run yamlfix on all of .github/workflows/Linus Färnstrand1-32/+33
2023-01-10Fix verification of container image referencesAlbin1-2/+2
2022-12-07Make any changes to the container sigstore require signaturesLinus Färnstrand1-0/+1
2022-11-30Add initial build-and-publish.sh script and readme for build containersMullvad build server1-0/+4
2022-09-06Add gradle lockfiles to signature lockdown checkAlbin1-0/+2
2022-08-12Detect changes to go.sum in lockfile signature workflowDavid Lönnhager1-0/+1
2022-07-18Add swift Package.resolvedJonathan1-0/+1
2022-07-05Create verification script and github actionJonathan1-0/+26
Create a script which verifies that a set of "locked down" files are not changed in commits that have not been signed. Create a github workflow that runs the script in the CI. The script accepts --whitelist <commit> and --import-gpg-keys arguments. The default settings are supposed to work on the build server without importing the gpg keys from the trusted_keys.pub file and running with a hardcoded whitelist commit. Make the CI workflow use these arguments as it is supposed to in .github. The public keys that can be imported are specified as files in the ci/keys/ directory. The files that are locked down are specified in the .github workflow as a single source of truth. This requires some complicated parsing in the verification script as well as a dependency from the verification script to the workflow YAML. These are not ideal design choices however the alternative is to not have a single source of truth for the locked down files as the github workflow can not depend on an external file. The mullvad signing key is named to be first in the list in order to be imported first. The whitelisted commit is the latest master before this commit
Copyright © 2025 - 2026 Wayne Cole. WTFPL. Attribution appreciated. No warranty. Not liable for bodily damages.