Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Single-subject attestations in actions/attest@v2 #213

Open
AA-Turner opened this issue Feb 17, 2025 · 3 comments · May be fixed by #219
Open

Single-subject attestations in actions/attest@v2 #213

AA-Turner opened this issue Feb 17, 2025 · 3 comments · May be fixed by #219

Comments

@AA-Turner
Copy link

Hi,

Thank you for maintaining this action!

We currently use version 1 of the action, which (as I understand it) creates one attestation per artefact, writing each to a new line of a JSONL document. #164 changed this to creating a single attesation with multiple 'subjects'.

We're using the action for integration with GitHub, and then converting the Sigstore attestations to the format expected by the Python Package Index (PEP 740). When upgrading the action to version 2, I get a failure with pypi-attestations, which requires that there must be exactly one subject in the statement.

My questions are therefore:

  1. Is it possible to replicate the v1 behaviour of one-attestation-per-artefact with v2 of the action?
  2. Ought this be fixed in pypi-attestations instead? (I will open a similar issue there and cross-link it)
  3. (low priority; usability) Is it possible to include the filename of the attested artefacts somehow in the action outputs? I currently extract this via JSON decoding a base64-encoded blob inside the Sigstore JSON, which isn't the most ergonomic.

For my use-case, I can just use two invocations of the article, as our build process only produces two artefacts, but this does not scale well should we create more outputs in the future.

Thanks,
Adam

References:
@AA-Turner AA-Turner mentioned this issue Feb 17, 2025
Open
@AA-Turner
Copy link
Author

I've had confirmation from @woodruffw (in trailofbits/pypi-attestations#89 (comment)) that PEP 740 is designed around single-subject attestations, partly as a security measure.

Yeah, this is a known problem -- we intentionally standardized PEP 740 around a single-subject assumption, since that most closely aligns with how PyPI and other index machinery works (i.e. all operations happen on single release files, there's no "batch" uploading).

We could relax the requirement here (and within PEP 740, PyPI, etc.), but I'm wary about doing so because it subtly changes the verification model: instead of PyPI being able to fully assert that the subject of an attestation exactly matches the expected release file, the model becomes "1-of-N subjects match." This in turn enables a kind of confused deputy attack:

...

PEP 740 and PyPI attestations are becoming very widely used in the Python ecosystem, as a standardised replacement for GPG signatures, etc.

Tagging @bdehamer as the author of #164 -- are you able to comment on the possibility of some form of support for single-subject attestations in v2 of the action? Sorry for the direct ping.

There are work arounds we can use, but it is nice to be able to use an "official" GitHub action, and also great to have attestations uploaded directly to GitHub.

Thanks,
Adam

@phillmv
Copy link
Contributor

phillmv commented Feb 27, 2025

Hi! Sorry for the latency in getting back to you.

So, when you attest multiple subjects you want the ability to generate N attestations per each subject, instead of 1 attestation for N subjects.

Without looking at the code too deeply, it seems like, given an optional flag like one-subject-one-attestation: true, we could "just" call createAttestation once per subject instead of once with all subjects.

I think this has merit & I will bring this up to the team. It may be a while before we can fit this in our roadmap, though.

In the meantime my suggestion is:

  • if you are proficient with typescript, please feel free to submit a PR
  • i won't embarrass myself by linking to a copilot output i haven't been able to verify, but i think you might be able to wire this up by saving a list of files into an env variable, and then using the matrix keyword to run one action per file.

@AA-Turner AA-Turner linked a pull request Feb 28, 2025 that will close this issue
Open
@AA-Turner
Copy link
Author

The challenge with a matrix is that the parellelism is at the job, rather than step, level. The example here has two jobs (release to GitHub & the Python Package Index), so reworking to use a matrix would be somewhat complex.

See #219 for an attempt to generate single-subject attestations in a semi-sane way, feedback appreciated.

A

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Support single-subject attestations AA-Turner/actions-attest
2 participants
@phillmv @AA-Turner