Source URL: https://simonwillison.net/2024/Nov/14/pypi-digital-attestations/#atom-everything
Source: Simon Willison’s Weblog
Title: PyPI now supports digital attestations
Feedly Summary: PyPI now supports digital attestations
Dustin Ingram:
PyPI package maintainers can now publish signed digital attestations when publishing, in order to further increase trust in the supply-chain security of their projects. Additionally, a new API is available for consumers and installers to verify published attestations.
This has been in the work for a while, and is another component of PyPI’s approach to supply chain security for Python packaging – see PEP 740 – Index support for digital attestations for all of the underlying details.
A key problem this solves is cryptographically linking packages published on PyPI to the exact source code that was used to build those packages. In the absence of this feature there are no guarantees that the .tar.gz or .whl file you download from PyPI hasn’t been tampered with (to add malware, for example) in a way that’s not visible in the published source code.
These new attestations provide a mechanism for proving that a known, trustworthy build system was used to generate and publish the package, starting with its source code on GitHub.
The good news is that if you’re using the PyPI Trusted Publishers mechanism in GitHub Actions to publish packages, you’re already using this new system. I wrote about that system in January: Publish Python packages to PyPI with a python-lib cookiecutter template and GitHub Actions – and hundreds of my own PyPI packages are already using that system, thanks to my various cookiecutter templates.
I published an alpha package using Trusted Publishers last night and the files for that release are showing the new provenance information already:
Which links to this Sigstore log entry with more details, including the Git hash that was used to build the package:
Sigstore is a transparency log maintained by Open Source Security Foundation (OpenSSF), a sub-project of the Linux Foundation.
Via Hacker News
Tags: packaging, pypi, python, supply-chain, github, dustin-ingram
AI Summary and Description: Yes
Summary: PyPI has introduced support for digital attestations, enhancing supply chain security in Python packaging by allowing package maintainers to link published packages to their source code. This development addresses concerns about the integrity of packages from potential tampering and aims to build greater trust among users in the reliability of their package installations.
Detailed Description:
The recent changes to PyPI (Python Package Index) with the introduction of digital attestations represent a significant advancement in supply chain security for Python developers. This feature allows package maintainers to create and publish signed attestations alongside their packages, establishing a cryptographic link between the packages and the source code used for their creation.
Key Points:
– **Digital Attestations**: Package maintainers can now publish signed attestations that boost trust in the packages’ security.
– **API for Verification**: A new API is available for users and install processes to verify the published attestations, which enhances accountability.
– **Supply Chain Security**: These attestations form a crucial component of PyPI’s strategy to secure the supply chain for Python packaging, as outlined in PEP 740.
– **Addressing Tampering**: The primary issue addressed by this feature is the possibility of tampering with package files (e.g., .tar.gz or .whl) after they have been published, which could introduce malware that is not visible in the source code.
– **Provenance Information**: Attestations provide proof that a known build system was employed to generate the package, ensuring integrity from the source code stored on platforms like GitHub.
– **Integration with GitHub Actions**: Developers using the PyPI Trusted Publishers mechanism within GitHub Actions already benefit from these new attestations, offering an added layer of security for their package distribution pipeline.
– **Transparency and Traceability**: The introduction of a transparency log via Sigstore, maintained by the Open Source Security Foundation, allows for further tracking and assurance of the package-building process.
In conclusion, this update not only aligns with compliance and security best practices for software distribution but also serves as a significant move toward improving the overall security posture of Python package management in the community, enhancing user trust and the integrity of software supply chains.