-
Notifications
You must be signed in to change notification settings - Fork 1k
PEP 740 blog post #17070
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
PEP 740 blog post #17070
Changes from all commits
Commits
Show all changes
7 commits
Select commit
Hold shift + click to select a range
f6fe860
Add PEP 740 blog post
di 69732b3
Update ToB link
di 927aeaf
Apply suggestions from code review
di 0011920
Update docs/blog/posts/2024-11-14-pypi-now-supports-digital-attestati…
di 261b670
Apply suggestions from code review
di 8d7f0af
Merge branch 'main' into pep-740-blog
di c3f7045
Update docs/blog/posts/2024-11-14-pypi-now-supports-digital-attestati…
di File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
122 changes: 122 additions & 0 deletions
122
docs/blog/posts/2024-11-14-pypi-now-supports-digital-attestations.md
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,122 @@ | ||
| --- | ||
| title: PyPI now supports digital attestations | ||
| description: Announcing support for PEP 740 on the Python Package Index | ||
| authors: | ||
| - di | ||
| date: 2024-11-14 | ||
| tags: | ||
| - publishing | ||
| - security | ||
| - oidc | ||
| --- | ||
|
|
||
| PyPI package maintainers can now publish signed digital attestations when | ||
| publishing, in order to further increase trust in the supply-chain security of | ||
| their projects. Additionally, a new API is available for consumers and | ||
| installers to verify published attestations. | ||
|
|
||
| Many projects have already begun publishing attestations, with more than 20,000 | ||
| attestations already published. | ||
|
|
||
| This finalizes PyPI's support for [PEP 740], and follows directly from previous | ||
| work to add support for [Trusted Publishing], as well as the [deprecation and | ||
| removal of PGP signatures]. | ||
|
|
||
| <!-- more --> | ||
|
|
||
| ### Why not plain signatures? | ||
|
|
||
| PyPI's support for digital attestations has three key advantages over regular | ||
| cryptographic signatures, such as those provided by PGP: | ||
|
|
||
| * **Attestations are signed by an identity, not a key pair:** | ||
| Similar to our recent support for Trusted Publishing, PyPI's support for | ||
| digital attestations relies upon Open ID Connect (OIDC) identities. By signing | ||
| attestations with identities, and not a public/private key pair, we mitigate the | ||
| potential for an individual's key loss or compromise, one of the most common failure cases for | ||
| PGP signing. | ||
| * **Attestations provide a verifiable link to an upstream source repository:** | ||
| By signing with the identity of the upstream source repository, such as in the | ||
| case of an upload of a project built with GitHub Actions, PyPI's support for | ||
| digital attestations defines a strong and verifiable association between a file | ||
| on PyPI and the source repository, workflow, and even the commit hash that | ||
| produced and uploaded the file. Additionally, publishing attestations to a | ||
| transparency log helps mitigate against both compromise of PyPI and compromise | ||
| of the projects themselves. | ||
| * **Attestations are verified when uploaded, and must be verifiable to be uploaded:** | ||
| Upon review of the state of historical PGP signatures published to PyPI, [we | ||
| found that many signatures were not verifiable], either by PyPI or by end | ||
| users. With support for PEP 740, PyPI only permits attestations with a | ||
| verifiable signature to be uploaded and redistributed by the index. This | ||
| ensures that all attestations are verifiable and useful for all PyPI users. | ||
di marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
|
||
| Much more detail is provided in a corresponding blog post by Trail of Bits: | ||
| [Attestations: a new generation of signatures on PyPI]. | ||
|
|
||
| ### How to view a file's attestations | ||
| For consumers and package installers wanting to perform verification, PyPI | ||
| currently provides two ways to access digital attestations associated with a | ||
| given file on PyPI: | ||
|
|
||
| * **A new Integrity API for PyPI** | ||
| The [Integrity API](https://docs.pypi.org/api/integrity/) provides programmatic | ||
| access to PyPI's implementation of PEP 740. Operating on individual files, it | ||
| collects all published attestations for a given file and returns them as a | ||
| single response. | ||
|
|
||
| * **A new web UI for viewing per-file attributes** | ||
| Similarly, we have introduced a new page on PyPI's web UI, displaying details | ||
| for individual files, including the presence of any attestations about the | ||
| file. You can see an example here: | ||
| <https://pypi.org/project/sampleproject/#sampleproject-4.0.0.tar.gz> | ||
|
|
||
| ### Get started today | ||
|
|
||
| The generation and publication of attestations happens by default, and no | ||
| changes are necessary for projects that meet all of these conditions: | ||
|
|
||
| 1. publish from GitHub Actions; | ||
| 2. via [Trusted Publishing]; and | ||
| 3. use the [pypa/gh-action-pypi-publish] action to publish. | ||
|
|
||
| Support for automatic attestation generation and publication from other Trusted | ||
di marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| Publisher environments [is planned]. While not recommended, maintainers can also | ||
| [manually generate and publish attestations]. | ||
|
|
||
| ### Acknowledgements | ||
|
|
||
| Support for work on PEP 740's authoring and design was provided by the | ||
| [Sovereign Tech Agency] and the Google Open Source Security Team. | ||
|
|
||
| Funding for the implementation of PEP 740 was provided by the Google Open | ||
| Source Security Team, and much of the development work on PyPI and related | ||
| tools was performed by [Trail of Bits], with special thanks to contributors | ||
| [William Woodruff] and [Facundo Tuesca]. | ||
|
|
||
di marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| Thanks to the the [Sigstore project] for their work popularizing identity-based signing, hosting a public-good transparency log, and continued support of the [Python client for Sigstore]. | ||
|
|
||
| Many thanks to [Sviatoslav Sydorenko] as well for his support and ongoing | ||
| maintenence of the [pypa/gh-action-pypi-publish] action, as well his support | ||
| for implementing PEP 740 in the action. | ||
|
|
||
| --- | ||
|
|
||
| _Dustin Ingram is a maintainer of the Python Package Index._ | ||
|
|
||
| [PEP 740]: https://peps.python.org/pep-0740/ | ||
| [Trusted Publishing]: https://docs.pypi.org/trusted-publishers/ | ||
| [deprecation and removal of PGP signatures]: https://blog.pypi.org/posts/2023-05-23-removing-pgp/ | ||
| [pypa/gh-action-pypi-publish]: https://github.com/pypa/gh-action-pypi-publish | ||
| [Attestations: a new generation of signatures on PyPI]: https://blog.trailofbits.com/2024/11/14/attestations-a-new-generation-of-signatures-on-pypi/ | ||
| [Integrity API]: https://docs.pypi.org/api/integrity/ | ||
| [we announced last year]: 2023-04-20-introducing-trusted-publishers.md | ||
| [we found that many signatures were not verifiable]: https://blog.yossarian.net/2023/05/21/PGP-signatures-on-PyPI-worse-than-useless | ||
| [manually generate and publish attestations]: https://docs.pypi.org/attestations/producing-attestations/#the-manual-way | ||
| [Sovereign Tech Agency]: https://www.sovereign.tech/tech/python-package-index | ||
| [is planned]: https://github.com/pypi/warehouse/issues/17001 | ||
| [Trail of Bits]: https://www.trailofbits.com/ | ||
| [William Woodruff]: https://github.com/woodruffw | ||
| [Facundo Tuesca]: https://github.com/facutuesca | ||
di marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| [Sigstore project]: https://www.sigstore.dev/ | ||
| [Python client for Sigstore]: https://pypi.org/project/sigstore/ | ||
| [Sviatoslav Sydorenko]: https://github.com/webknjaz | ||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.