-
Notifications
You must be signed in to change notification settings - Fork 964
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Add PEP 740 blog post * Update ToB link * Apply suggestions from code review * Update docs/blog/posts/2024-11-14-pypi-now-supports-digital-attestations.md * Apply suggestions from code review * Update docs/blog/posts/2024-11-14-pypi-now-supports-digital-attestations.md
- Loading branch information
Showing
1 changed file
with
122 additions
and
0 deletions.
There are no files selected for viewing
122 changes: 122 additions & 0 deletions
122
docs/blog/posts/2024-11-14-pypi-now-supports-digital-attestations.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,122 @@ | ||
--- | ||
title: PyPI now supports digital attestations | ||
description: Announcing support for PEP 740 on the Python Package Index | ||
authors: | ||
- di | ||
date: 2024-11-14 | ||
tags: | ||
- publishing | ||
- security | ||
- oidc | ||
--- | ||
|
||
PyPI package maintainers can now publish signed digital attestations when | ||
publishing, in order to further increase trust in the supply-chain security of | ||
their projects. Additionally, a new API is available for consumers and | ||
installers to verify published attestations. | ||
|
||
Many projects have already begun publishing attestations, with more than 20,000 | ||
attestations already published. | ||
|
||
This finalizes PyPI's support for [PEP 740], and follows directly from previous | ||
work to add support for [Trusted Publishing], as well as the [deprecation and | ||
removal of PGP signatures]. | ||
|
||
<!-- more --> | ||
|
||
### Why not plain signatures? | ||
|
||
PyPI's support for digital attestations has three key advantages over regular | ||
cryptographic signatures, such as those provided by PGP: | ||
|
||
* **Attestations are signed by an identity, not a key pair:** | ||
Similar to our recent support for Trusted Publishing, PyPI's support for | ||
digital attestations relies upon Open ID Connect (OIDC) identities. By signing | ||
attestations with identities, and not a public/private key pair, we mitigate the | ||
potential for an individual's key loss or compromise, one of the most common failure cases for | ||
PGP signing. | ||
* **Attestations provide a verifiable link to an upstream source repository:** | ||
By signing with the identity of the upstream source repository, such as in the | ||
case of an upload of a project built with GitHub Actions, PyPI's support for | ||
digital attestations defines a strong and verifiable association between a file | ||
on PyPI and the source repository, workflow, and even the commit hash that | ||
produced and uploaded the file. Additionally, publishing attestations to a | ||
transparency log helps mitigate against both compromise of PyPI and compromise | ||
of the projects themselves. | ||
* **Attestations are verified when uploaded, and must be verifiable to be uploaded:** | ||
Upon review of the state of historical PGP signatures published to PyPI, [we | ||
found that many signatures were not verifiable], either by PyPI or by end | ||
users. With support for PEP 740, PyPI only permits attestations with a | ||
verifiable signature to be uploaded and redistributed by the index. This | ||
ensures that all attestations are verifiable and useful for all PyPI users. | ||
|
||
Much more detail is provided in a corresponding blog post by Trail of Bits: | ||
[Attestations: a new generation of signatures on PyPI]. | ||
|
||
### How to view a file's attestations | ||
For consumers and package installers wanting to perform verification, PyPI | ||
currently provides two ways to access digital attestations associated with a | ||
given file on PyPI: | ||
|
||
* **A new Integrity API for PyPI** | ||
The [Integrity API](https://docs.pypi.org/api/integrity/) provides programmatic | ||
access to PyPI's implementation of PEP 740. Operating on individual files, it | ||
collects all published attestations for a given file and returns them as a | ||
single response. | ||
|
||
* **A new web UI for viewing per-file attributes** | ||
Similarly, we have introduced a new page on PyPI's web UI, displaying details | ||
for individual files, including the presence of any attestations about the | ||
file. You can see an example here: | ||
<https://pypi.org/project/sampleproject/#sampleproject-4.0.0.tar.gz> | ||
|
||
### Get started today | ||
|
||
The generation and publication of attestations happens by default, and no | ||
changes are necessary for projects that meet all of these conditions: | ||
|
||
1. publish from GitHub Actions; | ||
2. via [Trusted Publishing]; and | ||
3. use the [pypa/gh-action-pypi-publish] action to publish. | ||
|
||
Support for automatic attestation generation and publication from other Trusted | ||
Publisher environments [is planned]. While not recommended, maintainers can also | ||
[manually generate and publish attestations]. | ||
|
||
### Acknowledgements | ||
|
||
Support for work on PEP 740's authoring and design was provided by the | ||
[Sovereign Tech Agency] and the Google Open Source Security Team. | ||
|
||
Funding for the implementation of PEP 740 was provided by the Google Open | ||
Source Security Team, and much of the development work on PyPI and related | ||
tools was performed by [Trail of Bits], with special thanks to contributors | ||
[William Woodruff] and [Facundo Tuesca]. | ||
|
||
Thanks to the the [Sigstore project] for their work popularizing identity-based signing, hosting a public-good transparency log, and continued support of the [Python client for Sigstore]. | ||
|
||
Many thanks to [Sviatoslav Sydorenko] as well for his support and ongoing | ||
maintenence of the [pypa/gh-action-pypi-publish] action, as well his support | ||
for implementing PEP 740 in the action. | ||
|
||
--- | ||
|
||
_Dustin Ingram is a maintainer of the Python Package Index._ | ||
|
||
[PEP 740]: https://peps.python.org/pep-0740/ | ||
[Trusted Publishing]: https://docs.pypi.org/trusted-publishers/ | ||
[deprecation and removal of PGP signatures]: https://blog.pypi.org/posts/2023-05-23-removing-pgp/ | ||
[pypa/gh-action-pypi-publish]: https://github.com/pypa/gh-action-pypi-publish | ||
[Attestations: a new generation of signatures on PyPI]: https://blog.trailofbits.com/2024/11/14/attestations-a-new-generation-of-signatures-on-pypi/ | ||
[Integrity API]: https://docs.pypi.org/api/integrity/ | ||
[we announced last year]: 2023-04-20-introducing-trusted-publishers.md | ||
[we found that many signatures were not verifiable]: https://blog.yossarian.net/2023/05/21/PGP-signatures-on-PyPI-worse-than-useless | ||
[manually generate and publish attestations]: https://docs.pypi.org/attestations/producing-attestations/#the-manual-way | ||
[Sovereign Tech Agency]: https://www.sovereign.tech/tech/python-package-index | ||
[is planned]: https://github.com/pypi/warehouse/issues/17001 | ||
[Trail of Bits]: https://www.trailofbits.com/ | ||
[William Woodruff]: https://github.com/woodruffw | ||
[Facundo Tuesca]: https://github.com/facutuesca | ||
[Sigstore project]: https://www.sigstore.dev/ | ||
[Python client for Sigstore]: https://pypi.org/project/sigstore/ | ||
[Sviatoslav Sydorenko]: https://github.com/webknjaz |