PoC: Release tuf with in-toto attestations and supply chain definition #2000
Conversation
Add a script to create two basic in-toto layouts, one for each build target (wheel + sdist) to verify their supply chains independently. See usage description in document header. Signed-off-by: Lukas Puehringer <[email protected]>
Use in-toto cli to generate signed attestations for each build target (sdist and wheel) and publish on the GH release page along with the build artifacts. Signed-off-by: Lukas Puehringer <[email protected]>
Add supplementatry documentation for RELEASE.md that describes how to create local maintainer attestations for 'tag' and 'build' steps of the release process, and how to verify them together with attestations from the online CD build job against an in-toto supply chain layout. Signed-off-by: Lukas Puehringer <[email protected]>
Pull Request Test Coverage Report for Build 2293926458
💛 - Coveralls |
|
Although this PR is fully functional, I labeled it as PoC because it has a couple of UX pain points: Key distribution
Metadata distribution
in-toto quirks In order for the verifier to link the paper trail of attestations to the actual final product, i.e. the build artifacts, a layout must define a so-called inspection, which in turn must define a shell command that is executed upon verification, even if no command is needed. Besides unnecessarily running a command, this can also fail the entire verification, if the command defined in the layout is not available to the verifier. Ideally, the inspection command is relevant to the verification. In our case this could be an untar/unzip command to open up the build artifact and, by defining further artifact rules in the layout, match its contents to the tagged sources earlier in the supply chain. To not further bloat the PR, I only defined the dummy inspection as described above. Another minor ux nuisance is that when the verifier runs the inspection command, it records all files from cwd as materials and products into an inspection attestation, which can then be used to link the final product to the products reported by the build attestation. For this to work, verification has to be run from a clean directory that contains only the build artifact to be verified. See in-toto/specification#27 for a discussion about (dummy) inspections and linking the final product. |
|
FYI: I also played around with a hatch plugin to generate in-toto attestations transparently by just calling For this PoC it made sense to just use the verbose (cc @ofek, author of hatch and in-toto adoption veteran) |
|
One more thing I'd like to add to the setup is creating attestations for the cd test runs and mandate them by the layout. But I'll likely do this in a follow-up PR. |
I'm still ingesting the whole thing so this is just a comment on this specifically: The build system plugin feels like a good idea but I do have a fundamental issue with injecting intoto into the python-tuf build system in general like the example does: we're adding a build dependency (an unversioned one even, although I'm sure that's because it's a PoC) for no benefit to the actual build. I'm not saying the in-toto maintainers are not trustworthy 😛, but I'm not sure that an attestation mechanism should be in the actual build pipeline. I thought I could just use it to document inputs and outputs, without giving the tool the ability to compromise our build system. Is there a real advantage to letting in-toto run the whole build? It seems to me like the build command is just another input to attest -- and in fact in our case it's already attested if cd.yml is part of the source source attestation |
|
Example attestations seem to be here |
No real advantage except for easier invocation maybe, and the ability to automatically record "byproducts" such as standard streams in the attestations, which I am not doing at the moment. To record an attestation with in-toto, without having it run the command, you can do: |
|
Heck, yes! Now I wonder if you could use TUF (e.g., PEP 480 and/or SigStore Trust Delegations) to somehow bootstrap the whole thing (pointing to in-toto metadata inside)... |
|
We should combine efforts on this and in-toto/in-toto#444 to get them both over the line, especially with bootstrapping in-toto metadata using TUF. |
|
I've given this feedback verbally but maybe should do it in writing too: the core requirement for any build integrity improvement is a verification process that can be and is used in the real world. If the verification is not easily usable and and understandable by humans, then the build integrity work may be cool but is in the end academic. This is the reason I've not made a proposal of e.g. sigstore signing yet: I could easily sign but what's the point if verification requires a crypto & certificate specialist? The core idea of a formal way to require CD and maintainer attestations is really cool but still, I would like to see a way to easily verify at least some of this in a practically useful way before we merge... Otherwise it feels like adding a lot of new process (and code to maintain) right now for vague potential value some time in the future. |
|
Can you say more about what you mean by "practically useful"?
When you in-toto verify something, you use a previously validated
root-of-trust to check a (potentially updated) layout file and validate
link metadata based upon the keys contained in this. Assuming your
root-of-trust is valid, the verification process provides you cryptographic
validation that the parties with the specified keys signed link metadata
that attested to only permitted operations.
Also, FYI: this sort of validation is used in the real world now by some
organizations (e.g.,
https://www.datadoghq.com/blog/engineering/secure-publication-of-datadog-agent-integrations-with-tuf-and-in-toto/
).
…On Thu, Jun 2, 2022 at 3:18 PM Jussi Kukkonen ***@***.***> wrote:
I've given this feedback verbally but maybe should do it in writing too:
the core requirement for any build integrity improvement is a *verification
process that can be and is used in the real world*. If the verification
is not easily usable and and understandable by humans, then the build
integrity work may be cool but is in the end academic. This is the reason
I've not made a proposal of e.g. sigstore signing yet: I could easily sign
but what's the point if verification requires a crypto & certificate
specialist?
The core idea of a formal way to require CD *and* maintainer attestations
is really cool but still, I would like to see a way to easily verify at
least some of this in a practically useful way before we merge... Otherwise
it feels like adding a lot of new process (and code to maintain) right now
for vague potential value some time in the future.
—
Reply to this email directly, view it on GitHub
<#2000 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAGROD7J7CKJ5BNN2PVAUVLVNBN25ANCNFSM5VN7XXTQ>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
What I mean is that
If we merge like this, to me it looks like verification still requires a considerable amount of effort for an in-toto specialist, and is very difficult for a random developer. |
Good questions, and this is precisely the kind of thing we should at least de facto standardise with, say, PEP 480. Let's actually take something like the Datadog work I did above (which partly inspired the upcoming Scudo, a variant of Uptane with in-toto attestations), and try it with a prototype of PEP 480. |
|
Hey just now seeing this. Yeah a build hook would work. For example, Project Jupyter & IPython are almost done switching their entire packaging ecosystem to be based on a Hatch build hook plugin. I tried to link to most of the changes here: https://hatch.pypa.io/latest/users/ One thing I added with all of you in mind was the |
So we can validate and verify in-toto links using layout keys distributed out of band for now 🙂 |
|
Converted this back to draft to be used as reference for other release signing solutions discussed in #1966, most notably wrt to UX and security properties. python-tuf maintainers currently don't feel confident to merge because of the perceived potential for human error in the setup and the complexity of validating its correctness. |
Please fill in the fields below to submit a pull request. The more information
that is provided, the better.
Fixes #529
POC for "long-term fix" for #1966
Description of the changes being introduced by the pull request:
This means for each build artifact that the release was tagged, and the tagged sources match the inputs to both local and cd builds, and the build outputs match the actual build artifacts available to the verifier. Moreover, the attestations must have been signed by the keys authorized in the layout.
See RELEASE_with_in-toto.md for details.
Please verify and check that the pull request fulfills the following
requirements: