diff --git a/.github/workflows/auto-release.yml b/.github/workflows/auto-release.yml index 19f6c0167..b54a9209e 100644 --- a/.github/workflows/auto-release.yml +++ b/.github/workflows/auto-release.yml @@ -96,6 +96,18 @@ jobs: repo_path: ./local_kernel source_path: ./ + # 1. Install cosign tool + - name: Install Cosign + uses: sigstore/cosign-installer@v3.8.1 + + # 2. Sign the sbom.spdx file using cosign. Two files are produced: sbom.sig and sbom.crt, stored in the same directory as sbom.spdx + - name: Attest SBOM + working-directory: ./local_kernel + run: | + cosign sign-blob sbom.spdx --output-certificate='sbom.crt' --output-signature='sbom.sig' -y + # The following is a sanity check. After signing, we verify the image to check that everything is OK + cosign verify-blob --signature='sbom.sig' --certificate='sbom.crt' --certificate-identity-regexp=.* --certificate-oidc-issuer-regexp='https://github.com' ./sbom.spdx + - name: commit SBOM file env: VERSION_NUMBER: ${{ github.event.inputs.version_number }} diff --git a/include/list.h b/include/list.h index b64450c72..b6e0d34f4 100644 --- a/include/list.h +++ b/include/list.h @@ -44,7 +44,7 @@ * * In addition to it's value, each list item contains a pointer to the next * item in the list (pxNext), a pointer to the list it is in (pxContainer) - * and a pointer to back to the object that contains it. These later two + * and a pointer back to the object that contains it. These later two * pointers are included for efficiency of list manipulation. There is * effectively a two way link between the object containing the list item and * the list item itself. diff --git a/portable/ThirdParty/GCC/Posix/port.c b/portable/ThirdParty/GCC/Posix/port.c index b5a4a1b62..d0b81dc1e 100644 --- a/portable/ThirdParty/GCC/Posix/port.c +++ b/portable/ThirdParty/GCC/Posix/port.c @@ -193,7 +193,7 @@ void prvFatalError( const char * pcCall, } /*-----------------------------------------------------------*/ -static void prvPortSetCurrentThreadName( char * pxThreadName ) +static void prvPortSetCurrentThreadName( const char * pxThreadName ) { #ifdef __APPLE__ pthread_setname_np( pxThreadName );