Skip to content

fix(selfupdate): quiet cosign fallback (no nag), MIR_REQUIRE_COSIGN opt-in#46

Merged
frahlg merged 1 commit into
mainfrom
selfupdate-quiet-cosign
Jun 13, 2026
Merged

fix(selfupdate): quiet cosign fallback (no nag), MIR_REQUIRE_COSIGN opt-in#46
frahlg merged 1 commit into
mainfrom
selfupdate-quiet-cosign

Conversation

@frahlg

@frahlg frahlg commented Jun 13, 2026

Copy link
Copy Markdown
Member

Most users don't have cosign installed, so mir self-update printed a warning: cosign not found … on every update — making a successful, checksum-verified update look
broken. Fair feedback that the tone was wrong.

Change

  • Silent by default when cosign is absent (or the release is unsigned): the per-file
    SHA256 already protects against a corrupted download, so no nag.
  • Positive confirmation when cosign IS present and verifies: ✓ verified the release signature (cosign keyless).
  • MIR_REQUIRE_COSIGN opt-in: turns a missing cosign / unsigned release into a hard
    error, so a security-conscious operator can mandate provenance verification.
  • Tamper detection unchanged: a present-but-failing cosign still hard-fails the update.

After this, the common case is just:

updating mir 0.5.1 → v0.5.2 …
updated mir → v0.5.2

Tests

Updated/added cosign tests: silent-on-absent, strict-mode hard error, unsigned-release
silent, and pass-emits-positive-note. Full suite + vet + gofmt green.

🤖 Generated with Claude Code

@frahlg @claude
fix(selfupdate): don't nag about cosign on every update
04584bd 
Most users don't have cosign installed, so printing
"warning: cosign not found; skipping signature check ..." on every
self-update made a successful, checksum-verified update look broken.

Now the cosign-absent (and unsigned-release) paths are SILENT by default —
the per-file SHA256 still guards the download. When cosign IS present and
verifies, we emit a positive "✓ verified the release signature" line. And
MIR_REQUIRE_COSIGN turns a missing/absent signature into a hard error, so an
operator can mandate provenance verification.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@chatgpt-codex-connector

chatgpt-codex-connector Bot commented Jun 13, 2026

Copy link
Copy Markdown

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

@frahlg frahlg merged commit d262645 into main Jun 13, 2026
2 checks passed
@frahlg frahlg deleted the selfupdate-quiet-cosign branch June 13, 2026 15:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@frahlg