From c52356cb7ecd172f8a888c801d5113732cfe640a Mon Sep 17 00:00:00 2001 From: Dustin Ingram Date: Thu, 14 Nov 2024 07:11:09 -0700 Subject: [PATCH] PEP 740 blog post (#17070) * Add PEP 740 blog post * Update ToB link * Apply suggestions from code review * Update docs/blog/posts/2024-11-14-pypi-now-supports-digital-attestations.md * Apply suggestions from code review * Update docs/blog/posts/2024-11-14-pypi-now-supports-digital-attestations.md --- ...-pypi-now-supports-digital-attestations.md | 122 ++++++++++++++++++ 1 file changed, 122 insertions(+) create mode 100644 docs/blog/posts/2024-11-14-pypi-now-supports-digital-attestations.md diff --git a/docs/blog/posts/2024-11-14-pypi-now-supports-digital-attestations.md b/docs/blog/posts/2024-11-14-pypi-now-supports-digital-attestations.md new file mode 100644 index 000000000000..6309b784b20d --- /dev/null +++ b/docs/blog/posts/2024-11-14-pypi-now-supports-digital-attestations.md @@ -0,0 +1,122 @@ +--- +title: PyPI now supports digital attestations +description: Announcing support for PEP 740 on the Python Package Index +authors: + - di +date: 2024-11-14 +tags: + - publishing + - security + - oidc +--- + +PyPI package maintainers can now publish signed digital attestations when +publishing, in order to further increase trust in the supply-chain security of +their projects. Additionally, a new API is available for consumers and +installers to verify published attestations. + +Many projects have already begun publishing attestations, with more than 20,000 +attestations already published. + +This finalizes PyPI's support for [PEP 740], and follows directly from previous +work to add support for [Trusted Publishing], as well as the [deprecation and +removal of PGP signatures]. + + + +### Why not plain signatures? + +PyPI's support for digital attestations has three key advantages over regular +cryptographic signatures, such as those provided by PGP: + +* **Attestations are signed by an identity, not a key pair:** + Similar to our recent support for Trusted Publishing, PyPI's support for + digital attestations relies upon Open ID Connect (OIDC) identities. By signing + attestations with identities, and not a public/private key pair, we mitigate the + potential for an individual's key loss or compromise, one of the most common failure cases for + PGP signing. +* **Attestations provide a verifiable link to an upstream source repository:** + By signing with the identity of the upstream source repository, such as in the + case of an upload of a project built with GitHub Actions, PyPI's support for + digital attestations defines a strong and verifiable association between a file + on PyPI and the source repository, workflow, and even the commit hash that + produced and uploaded the file. Additionally, publishing attestations to a + transparency log helps mitigate against both compromise of PyPI and compromise + of the projects themselves. +* **Attestations are verified when uploaded, and must be verifiable to be uploaded:** + Upon review of the state of historical PGP signatures published to PyPI, [we + found that many signatures were not verifiable], either by PyPI or by end + users. With support for PEP 740, PyPI only permits attestations with a + verifiable signature to be uploaded and redistributed by the index. This + ensures that all attestations are verifiable and useful for all PyPI users. + +Much more detail is provided in a corresponding blog post by Trail of Bits: +[Attestations: a new generation of signatures on PyPI]. + +### How to view a file's attestations +For consumers and package installers wanting to perform verification, PyPI +currently provides two ways to access digital attestations associated with a +given file on PyPI: + +* **A new Integrity API for PyPI** + The [Integrity API](https://docs.pypi.org/api/integrity/) provides programmatic + access to PyPI's implementation of PEP 740. Operating on individual files, it + collects all published attestations for a given file and returns them as a + single response. + +* **A new web UI for viewing per-file attributes** + Similarly, we have introduced a new page on PyPI's web UI, displaying details + for individual files, including the presence of any attestations about the + file. You can see an example here: + + +### Get started today + +The generation and publication of attestations happens by default, and no +changes are necessary for projects that meet all of these conditions: + +1. publish from GitHub Actions; +2. via [Trusted Publishing]; and +3. use the [pypa/gh-action-pypi-publish] action to publish. + +Support for automatic attestation generation and publication from other Trusted +Publisher environments [is planned]. While not recommended, maintainers can also +[manually generate and publish attestations]. + +### Acknowledgements + +Support for work on PEP 740's authoring and design was provided by the +[Sovereign Tech Agency] and the Google Open Source Security Team. + +Funding for the implementation of PEP 740 was provided by the Google Open +Source Security Team, and much of the development work on PyPI and related +tools was performed by [Trail of Bits], with special thanks to contributors +[William Woodruff] and [Facundo Tuesca]. + +Thanks to the the [Sigstore project] for their work popularizing identity-based signing, hosting a public-good transparency log, and continued support of the [Python client for Sigstore]. + +Many thanks to [Sviatoslav Sydorenko] as well for his support and ongoing +maintenence of the [pypa/gh-action-pypi-publish] action, as well his support +for implementing PEP 740 in the action. + +--- + +_Dustin Ingram is a maintainer of the Python Package Index._ + +[PEP 740]: https://peps.python.org/pep-0740/ +[Trusted Publishing]: https://docs.pypi.org/trusted-publishers/ +[deprecation and removal of PGP signatures]: https://blog.pypi.org/posts/2023-05-23-removing-pgp/ +[pypa/gh-action-pypi-publish]: https://github.com/pypa/gh-action-pypi-publish +[Attestations: a new generation of signatures on PyPI]: https://blog.trailofbits.com/2024/11/14/attestations-a-new-generation-of-signatures-on-pypi/ +[Integrity API]: https://docs.pypi.org/api/integrity/ +[we announced last year]: 2023-04-20-introducing-trusted-publishers.md +[we found that many signatures were not verifiable]: https://blog.yossarian.net/2023/05/21/PGP-signatures-on-PyPI-worse-than-useless +[manually generate and publish attestations]: https://docs.pypi.org/attestations/producing-attestations/#the-manual-way +[Sovereign Tech Agency]: https://www.sovereign.tech/tech/python-package-index +[is planned]: https://github.com/pypi/warehouse/issues/17001 +[Trail of Bits]: https://www.trailofbits.com/ +[William Woodruff]: https://github.com/woodruffw +[Facundo Tuesca]: https://github.com/facutuesca +[Sigstore project]: https://www.sigstore.dev/ +[Python client for Sigstore]: https://pypi.org/project/sigstore/ +[Sviatoslav Sydorenko]: https://github.com/webknjaz