| """ | |
| Simple script for constructing small XAR files. | |
| License: CC0-1.0 | |
| """ | |
| import datetime | |
| import gzip | |
| import hashlib | |
| import io | |
| import struct |
| # MIT License | |
| # | |
| # Copyright (c) 2023 Seth Michael Larson | |
| # | |
| # Permission is hereby granted, free of charge, to any person obtaining a copy | |
| # of this software and associated documentation files (the "Software"), to deal | |
| # in the Software without restriction, including without limitation the rights | |
| # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | |
| # copies of the Software, and to permit persons to whom the Software is | |
| # furnished to do so, subject to the following conditions: |
Watch all the informational videos from the CNA onboarding documentation. Approximately an hour of content about the program, becoming a CNA, assigning CVE IDs, and creating CVE records. Slides are available on the website.
| { | |
| "$id": "https://spec.openapis.org/oas/3.1/schema/2022-10-07", | |
| "$schema": "https://json-schema.org/draft/2020-12/schema", | |
| "description": "The description of OpenAPI v3.1.x documents without schema validation, as defined by https://spec.openapis.org/oas/v3.1.0", | |
| "type": "object", | |
| "properties": { | |
| "$schema": { | |
| "type": "string" | |
| }, | |
| "openapi": { |
Created example project: https://github.com/sethmlarson/python-slsa-release-test
Python doesn't have a specific builder yet. Only have source attestation using the generic builder. Used: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml
Attestation "subject.name" is taken as input from sha256sum, so check the output of that to ensure it's what you want (ie package.tar.gz vs dist/package.tar.gz) For this I had to include a cd dist/ && before the sha256sum * call. Not sure where this matters though?
Success:
| import ssl | |
| import requests | |
| from requests.adapters import HTTPAdapter | |
| import truststore | |
| class TruststoreAdapter(HTTPAdapter): | |
| def init_poolmanager( | |
| self, *args, **kwargs | |
| ): | |
| ctx = truststore.SSLContext(ssl.PROTOCOL_TLS_CLIENT) |
| import asyncio as A,urllib.parse as U,re;B,C,I,S=b"",b"\r\n",int,lambda*A:re.match(*A,24).groups() | |
| async def request(m,u,h,b): | |
| s,_,a,_,q,_=z=U.urlparse(u);T,E,d,N=s!=b"http",0,B,z.hostname;r,w=await A.open_connection(N,I(z.port or 80+363*T),ssl=T,server_hostname=[None,N][T]);w.write(m+b" "+(a or b"/")+[b"?"+q,B][q==B]+b" HTTP/1.0"+C+C.join([b"%b:%b"%W for W in h]+[B,b]));await w.drain() | |
| while c:=await r.read(): | |
| if C*2in(d:=d+c)*(E==0):E,d=d.split(C*2,1);t,o=S(b"HTTP/.+? (\d+).*?%b(.*)"%C,E);o=[S(rb"([^\s]+):\s*(.+?)\s*$",x)for x in o.split(C)] | |
| w.close();return I(t),o,d |
| diff --git a/setup.py b/setup.py | |
| index f804932..12ae724 100644 | |
| --- a/setup.py | |
| +++ b/setup.py | |
| @@ -1,11 +1,43 @@ | |
| #!/usr/bin/env python | |
| +import platform | |
| +import sys | |
| from setuptools import find_packages, setup | |
| +from setuptools.command.build_ext import build_ext |
| import inspect | |
| import sys | |
| from pathlib import Path | |
| def warn_stacklevel() -> int: | |
| """Dynamically determine stacklevel for warnings based on the call stack""" | |
| try: | |
| # Grab the root module from the current module '__name__' | |
| module_name = __name__.partition(".")[0] |