Alex Cameron
Alex Cameron
I noticed that sometimes the `pip freeze` output can return comments, which can yield weird results when querying the `installed_packages`. I'm not sure if there are other cases, but this...
With the latest Remill, I'm seeing compilation failures: ``` /Users/tetsuo/Code/anvill/lib/Lifters/FunctionLifter.cpp:161:7: error: no matching constructor for initialization of 'remill::InstructionLifter::LifterPtr' (aka 'shared_ptr') inst_lifter(options.arch->DefaultLifter(intrinsics)), ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX12.3.sdk/usr/include/c++/v1/__memory/shared_ptr.h:441:23: note: candidate constructor not viable: no...
As part of the opaque pointers implementation, I commented out the `ConvertIntegerToPointerOperations` pass since it makes heavy use of pointer types. We should rewrite this pass to not rely on...
As discussed in https://github.com/lifting-bits/anvill/pull/297#issuecomment-1150583656, `DSEPass` and `SinkingPass` are taking much longer on certain examples with LLVM 14 (30+ minutes for a lift that took a ~2 min on LLVM 13)....
We've temporarily disabled coverage testing while we're fleshing out the basic signing/verification functionality. Once things take a bit more shape, we should begin adding back coverage. I expect this issue...
At the moment, we've decided to check in the CTFE public key and use it to verify SCTs. The way this should really work is that we should check in...
We have some hardcoded assumptions that we're using ECDSA keys with SHA256 hashes to generate signatures. Fulcio supports other signing and hashing algorithms so we should allow them too. For...
As part of #12, we've disabled interrogate while we're in the initial phases of development. When things are looking more solid, let's add a docstring for everything and reenable interrogate.
Once we've written the Fulcio and Rekor clients, we should be fill out the importable API. The API should roughly line up with the subcommands that `cosign` supports. The CLI...
We should look at what flags that `cosign` provides and consider adding them to `sigstore-python`. Some examples that we've already identified include controlling the URL of the Fulcio and Rekor...