Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PEP 740: Post-deployment tasks #17001

Open
3 tasks
woodruffw opened this issue Oct 30, 2024 · 3 comments
Open
3 tasks

PEP 740: Post-deployment tasks #17001

woodruffw opened this issue Oct 30, 2024 · 3 comments
Assignees
Labels
meta Meta issues (rollouts, etc)

Comments

@woodruffw
Copy link
Member

woodruffw commented Oct 30, 2024

The main roadmap for PEP 740 is in #15871; this tracks related items that aren't blockers, but need to be thought about more and/or addressed in the medium-to-long term.

  • Support for other attestation types. Right now the "PyPI Publish" and SLSA types are supported, although the SLSA type is currently gated off since nothing is uploading it yet. The latter should be enabled. Assignee: @facutuesca
  • Evaluate additional forms of domain separation in the attestation body. Right now there's a scenario in which a single workflow identity can sign publish attestations for both PyPI and TestPyPI, and those two attestations are indistinguishable (since a publish attestation doesn't currently encode its intended "recipient" index). This leaves open a subset of index poisoning attacks, where an attacker manages to obtain attestations intended for TestPyPI and gets PyPI to serve them instead. @alex and I originally discussed this ~2 years ago and the original approach within Fulcio itself didn't pan out, so it needs to be tackled within the attestation body itself.
    • The solution to this is to encode a domain separator in the attestation payload, which could be as simple as the current OIDC audiences for PyPI and TestPyPI (pypi and testpypi respectively). We have a strong source of timeliness in the form of signed time, so we could add these and then require them in new attestations after a period of adoption.
  • Enable attestation support for other Trusted Publisher providers, e.g. GCB and ActiveState. This should be straightforward, just needs tests.
@woodruffw woodruffw added the meta Meta issues (rollouts, etc) label Oct 30, 2024
@woodruffw woodruffw self-assigned this Oct 30, 2024
@webknjaz
Copy link
Member

  • Support for other attestation types. Right now the "PyPI Publish" and SLSA types are supported, although the SLSA type is currently gated off since nothing is uploading it yet. The latter should be enabled.

Is it possible to do this in a job following pypi-upload?

@woodruffw
Copy link
Member Author

  • Support for other attestation types. Right now the "PyPI Publish" and SLSA types are supported, although the SLSA type is currently gated off since nothing is uploading it yet. The latter should be enabled.

Is it possible to do this in a job following pypi-upload?

Not at the moment -- in principle we could add a separate upload endpoint/codepath for uploading attestations to an already-uploaded release, but that doesn't exist yet. For the time being, the assumption is that one or more attestations get uploaded with the release itself, so a user who wants to upload a SLSA attestation should put it in their dist/ alongside their publish attestation.

In other words, a dist/ structure like:

dist/
  foo-1.2.3.tar.gz
  foo-1.2.3.tar.gz.publish.attestation
  foo-1.2.3.tar.gz.slsa.attestation

(The interstitial .publish. and .slsa aren't semantically meaningful -- twine just looks for dist.*.attestation).

@webknjaz
Copy link
Member

webknjaz commented Nov 5, 2024

@woodruffw so I'm usually structuring my workflows to do any mutations post initial PyPI publish. That's my point of no return. Besides, the official SLSA automation for GHA is a reusable workflow. So running it before publishing would be a separate job with a hope that dists will get uploaded eventually, which may not happen in case of release rejection. This is my primary motivation for uploading attestations post-release (which could be useful in tandem with the very old request to have draft releases for transactional uploads).

By the way, I've researched a little how the attestations are uploaded to GH: pypa/gh-action-pypi-publish#288.

woodruffw added a commit to trail-of-forks/warehouse that referenced this issue Nov 6, 2024
Signed-off-by: William Woodruff <[email protected]>
di added a commit that referenced this issue Nov 7, 2024
* initial attestations user docs

Signed-off-by: William Woodruff <[email protected]>

* more background, use preview

Signed-off-by: William Woodruff <[email protected]>

* docs: more improvements

Signed-off-by: William Woodruff <[email protected]>

* docs: attestation internals

Signed-off-by: William Woodruff <[email protected]>

* Update docs/user/attestations/internals.md

Co-authored-by: Facundo Tuesca <[email protected]>

* publish/v1: clarify the signing target

Signed-off-by: William Woodruff <[email protected]>

* Apply suggestions from code review

Co-authored-by: Facundo Tuesca <[email protected]>

* v1: be explicit about payload

Signed-off-by: William Woodruff <[email protected]>

* attestations: avoid "index attestations"

Signed-off-by: William Woodruff <[email protected]>

* attestations/internals: remove another confusing phrase

Signed-off-by: William Woodruff <[email protected]>

* Apply suggestions from code review

Co-authored-by: Dustin Ingram <[email protected]>

* docs: move internals doc to dev-docs

Signed-off-by: William Woodruff <[email protected]>

* dev: fix backticks

Signed-off-by: William Woodruff <[email protected]>

* lintage, add note about trust

Signed-off-by: William Woodruff <[email protected]>

* docs/dev: add callout for user docs

Signed-off-by: William Woodruff <[email protected]>

* Update attestation-internals.rst

Co-authored-by: Dustin Ingram <[email protected]>

* Update attestation-internals.rst

Co-authored-by: Dustin Ingram <[email protected]>

* tweak index attestations warning

Signed-off-by: William Woodruff <[email protected]>

* docs: more PEP 740 docs, begin migrating user API docs

Signed-off-by: William Woodruff <[email protected]>

* docs: integrity API, details

Signed-off-by: William Woodruff <[email protected]>

* api/integrity: fill in example

Signed-off-by: William Woodruff <[email protected]>

* document status code

Signed-off-by: William Woodruff <[email protected]>

* docs/dev: add note about api docs migration

Signed-off-by: William Woodruff <[email protected]>

* Apply suggestions from code review

Co-authored-by: Dustin Ingram <[email protected]>

* api/integrity: avoid weird formatting

Signed-off-by: William Woodruff <[email protected]>

* Apply suggestions from code review

Co-authored-by: Dustin Ingram <[email protected]>

* docs: link to #17001

Signed-off-by: William Woodruff <[email protected]>

* docs/dev: use sampleproject for attestation docs

Signed-off-by: William Woodruff <[email protected]>

* dev-docs: more attestation internals to security/

Signed-off-by: William Woodruff <[email protected]>

* dev-docs: remove old index ref

Signed-off-by: William Woodruff <[email protected]>

* dev-docs: fix two more broken refs

Signed-off-by: William Woodruff <[email protected]>

* user-docs: use a real provenance example

Signed-off-by: William Woodruff <[email protected]>

* remove incorrect header

Signed-off-by: William Woodruff <[email protected]>

* make toctree placement less confusing

Signed-off-by: William Woodruff <[email protected]>

---------

Signed-off-by: William Woodruff <[email protected]>
Co-authored-by: Facundo Tuesca <[email protected]>
Co-authored-by: Dustin Ingram <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
meta Meta issues (rollouts, etc)
Projects
None yet
Development

No branches or pull requests

2 participants