-
-
Notifications
You must be signed in to change notification settings - Fork 63
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support package signing and verification #1
Comments
signify could be one way to support that. The |
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
Sigstore has reached v1.0.0 and it provides a rust crate |
This comment was marked as outdated.
This comment was marked as outdated.
For nextest-rs/nextest#369, I had a look at https://docs.rs/sigstore/latest/sigstore/ and seems like it should be possible to:
Now, this just verifies that the bundle uploaded also matches the artifact uploaded. I think this would be a really useful initial step. To make this better:
I'm not a security expert and I'm almost certainly missing something. It would also be good to maybe open an issue with sigstore-rs people discussing this. |
More thoughts.
|
hmm, you can delete and re-upload artifacts, but so long as the signature is valid is it important that these are immutable? i think the risks one is attempting to mitigate are worth some though here.
slightly aside one of the things i've been thinking about a bit is how annoyingly repetitive setting up gh actions CI is for rust tools... maybe it'd be worth us investigating putting together a workflow template with variables for the usual stuff (rust version, platforms, platform packages, cross) that could include packaging / signing / publishing with whatever mechanisms we do use. |
A couple of existing efforts:
|
Yes, security-conscious users would like to pin the version and platform and have it be guaranteed to always resolve to the same artifacts. (modulo cargo-binstall itself being compromised, but they'll likely want to pin that to an exact version too)
Yes. I think publishing a new version that is bad is materially different from a malicious actor surreptitiously updating an old binary. (crates.io has the same philosophy, right?) |
Ah sorry, NobodyXu doesn't work on upload-rust-binary-action. But it's part of the same general family of actions as https://github.com/taiki-e/install-action which they do work on, haha :) |
@sunshowers We could put the public key/checksum inside If the registry is hacked, then no matter how secure your GitHub release is, it won't matter since the attacker can change Also, we are working on checksum support for registry #1183 , it will provide guarantees on security (presumably because crates.io index and the crates.io storage can be provided by two different sets of servers). |
Interesting idea -- how would you do that? I guess I imagined modifying |
You can put a public key inside Once the |
Gotcha! So, hmm, I think just storing the public key doesn't quite solve the threat model that I outlined, because: assume that the private key is stored as an environment secret on GHA. A malicious actor can:
In other words, we don't just need the public key to be stored in immutable storage, we also need some sort of identifier for the binary. This could be just as simple as a hash, or a certificate, or something that just makes sure that once a binary is published it never changes. Also, users will have to manage their own keys, which is something experts can likely do but new users could have trouble with. (In this case, to perform a release via GHA, you'd have to store the private key as a secret, then carefully destroy the key material on the local machine.) While asking people to use keys is definitely one way to go about it and does solve some problems, ideally users would also be able to perform signing via OpenID Connect. |
If you store that in the secret, then even the admin cannot read it, it can only be accessed inside GitHub Action.
Hmmm, perhaps we can store a root certificate in (Of course, if you can generate a new hash/public-key and modify
Thanks, I will read it later. |
I think the hash of the crate tarball can definitely be used when verifying the pre-built binaries, after all, the binary is built from the crate tarball. |
I skim through it, honestly I don't think it will solve the "someone replace the release artifacts" given that it still requires the developer to provide an identity token either in CI if automated, or locally. Perhaps I misunderstood and it does have mechanism to solve it, but IMHO the most secure way is still to provide a checksum inside Also cc @taiki-e since I would also love to hear feedback from you. |
We can do away with user key management via the same process sigstore works. That is, in CI:
As crate publishes are immutable, new artifacts can't be uploaded for that version, and as the keypair only exists in the context of that one CI job, it can't be stolen in the future. Verification is either:
or:
|
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
Alright, how about this: [metadata.binstall.signing]
algorithm = "minisign"
pubkey = "RWT+oj++Y0app3N4K+PLSYTKhtXimltIHxhoFgyWjxR/ZElCG0lDBDl5"
file = "{ url }.minisig" We add support for this optional section to the binstall metadata.
pubkey = { file = "signing.pub" }
pubkey = { url = "https://someserver.online/signing.pub" } to support loading from elsewhere maybe. Then binstall would, if the section is there:
We should add:
That leaves the modalities of signing to the packager. As we've discussed, there's two main approaches:
That will at least introduce package signing to the ecosystem; with this initial approach implemented we'll then be able to get more feedback from both packagers, users, and other community members. Because we'll namespace under How does that sound? |
It sounds great and aligns with how I would like this to be done. |
I've started work on a PR to do this! |
Alright y'all, we've shipped the first version of binstall with signing support! Find more info in the release notes and documentation. |
cc @sunshowers @ryankurte @somehowchris @taiki-e We will also open to new signing algorithms and PRs for improving our signing mechanism! |
Tracking/discussion issues for additional algorithm: |
It should be pretty easy to have a basic flow so CI created images can be signed, and verified on pull. Not sure what algorithm(s) / tools we should use? Accessibility is key, both IRL and in CI, and it needs to all work well cross-platform.
.sig
or appropriate to the format)The text was updated successfully, but these errors were encountered: