Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sigstore signing? #105

Closed
henryiii opened this issue Mar 27, 2024 · 4 comments
Closed

Sigstore signing? #105

henryiii opened this issue Mar 27, 2024 · 4 comments

Comments

@henryiii
Copy link
Contributor

Would it make sense to have a sigstore signing option?

https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/#signing-the-distribution-packages

(Someone could download, sign, then reupload, but this seems like the sort of thing that could be integrated)
@hynek
Copy link
Owner

hynek commented Mar 28, 2024

I don't have time to read up on this, but I'm open to PRs.

@hugovk hugovk mentioned this issue May 8, 2024
Merged
@blaisep
Copy link

blaisep commented May 28, 2024

ok you guys may be ahead of me, I was going to ask if you have already considered hardened runners, like
https://github.com/wolfi-dev/wolfi-act ?
(and yes, I can prepare a PR if needed)

from jazzband/help#364 (comment)

@webknjaz
Copy link
Contributor

Would it make sense to have a sigstore signing option?

Don't. Just don't. Integrating it into the action means giving the entirety of the build dependency tree access to OIDC. It is intentional that builds are to be performed in a job separate from uploading, and I've always emphasized this in the docs and on other avenues. This is why my guide that you linked, and the one William contributed to GitHub's own docs, demonstrate such separation in the examples.

Giving OIDC to the dist build job enables privilege elevation in systems other than PyPI through build dependency poisoning in PyPI-related jobs. Such things shouldn't be hidden from the end-user, who would then get confused on how something like AWS (or anything else OIDC-integrated, really) they plugged to a repository got compromised when they thought they weren't actually doing anything with it.

On that note, there will be attestations built into my pypi-publish action soon'ish (as it already uses OIDC for tokenless publishing), which is why William didn't copy the signing job example when contributing the OIDC/Trusted Publishing doc to GitHub. He's already started a draft PR against the action, the Twine PR has been merged and released last week and the Warehouse bits are still in the works. But I'd expect more progress after June 5.

To summarize, while the intention is good, I believe this actually opens up a can of worms vulnerability-wise, if integrated into this action.

@henryiii
Copy link
Contributor Author

Excellent information, thanks!

@henryiii henryiii closed this as not planned Won't fix, can't repro, duplicate, stale May 28, 2024
This was referenced Jun 24, 2024
Merged
Open
Closed
@hynek hynek mentioned this issue Sep 3, 2024
Merged
This was referenced Sep 6, 2024
Merged
Merged
@noirbizarre noirbizarre mentioned this issue Sep 24, 2024
Merged
@webknjaz webknjaz mentioned this issue Oct 25, 2024
Merged
@webknjaz webknjaz mentioned this issue Nov 5, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@hynek @blaisep @webknjaz @henryiii