[cfe-dev] RFC: Automated signing of release files

David Chisnall via cfe-dev cfe-dev at lists.llvm.org
Wed Jan 13 03:11:23 PST 2021 

Hi Tom,

It would be good to articulate what yo believe the benefit is here.

Signing is generally a process of associating an identity with an 
artefact so that attestations can be made about that artefact.

Git hashes are intrinsically signatures.  They associate the artefact of 
the latest commit with the identity of the merkel tree that defines the 
history.  As a result, they allow a user to validate that the code that 
they have is the same as some other repository.  Someone can look at 
their local depth-1 checkout and validate that it is part of the history 
of the public repository.

The simplest way for a user to get a cryptographic attestation that they 
have files that correspond to a revision in our git tree is to get a 
depth 1 checkout of the repo.  This is currently 140MB of data to 
transfer with git.  The extracted tree is 747MB including 149MB of git 
metadata.  The xz-compressed tarball sizes are very different: 86MB 
without the git info, 230MB with, so there's a big size saving to be had 
by not including the git data.

Presumably the goal here is to tie the hash of the tarball to a specific 
git revision with less overhead than including the full git state in the 
tarball.  The core idea here is to allow folks that download the tarball 
to delegate verifying that it matches the git repo to some other entity.

The simplest way for a user to do this is to grab the tarball over HTTPS 
directly from GitHub using a URL like:

https://api.github.com/repos/llvm/llvm-project/tarball/0f59d099571d3d803b54e2ce06aa94babb9b26db

This gives a 125MB tarball, so slightly smaller than a depth-1 git 
checkout (same git commit).  GitHub provides a live attestation that 
this tarball corresponds to the specific revision.  You can verify 
GitHub's TLS certificate to check the identity of the entity providing 
the attestation and so if you trust GitHub not to lie to you about 
something that's trivial to verify by doing a git clone then you have 
the guarantee.

I assume; however, that your use case assumes *offline* verification. 
This gets more tricky because any offline verification of signatures 
also requires a revocation mechanism and policy.  If our signing key is 
compromised and someone signs a load of tarballs of LLVM + malware as 
corresponding to a specific git revision that is publicly auditable and 
doesn't include malware then how do we revoke those signatures?

This gets even more complicated once we start talking about binaries.

Signatures of binaries are typically used to assert that a specific 
entity performed the build.  Binary signatures of open source projects 
typically attempt to associate the identity of the binary with the 
identity of the specific source code from which the build was run.

For the former to be useful, there needs to be some notion of identity 
for the folks doing the build.  If your plan is for a individual 
community members to be able to upload builds and have them signed then 
what is the process going to be to authorise people to upload builds? 
There's a big difference between builds that we can produce from CI VMs 
that are initialised to a well-defined state before the build and builds 
run on a random developer's machine that may be compromised.

For the signature to be useful for associating the build with a source 
revision, it needs to be verifiable, which means that the build needs to 
be reproducible.  I believe LLVM does now support a reproducible build 
configuration, do all of the release snapshots build it?  If someone 
runs a reproducible build and gets different output to the published 
sources, what is the revocation policy?

Finally, what is the process for verifying the integrity of the binaries 
on the client?  Normally this is something that's tightly coupled with 
the package management infrastructure.  Windows MSIs, Linux RPMs and 
Debs, FreeBSD pkgs all use different kinds of signature (including 
different signing algorithms, different signature serialisation formats, 
and even different scopes of what is signed).  Tarballs have no 
intrinsic signature mechanism and so would need to be checked by hand.

Operationally:

- If a user finds a signature mismatch, what does it tell them?

- If we discover a malicious binary and need to revoke its signature, 
how do we do that?

Without a lot more detail, I am opposed to adding generic signing 
infrastructure.  It adds complexity and the perception of security.  We 
need to *very* clearly establish the threat model and security 
guarantees that we think we are providing before we can discuss whether 
any given signature workflow actually achieves these guarantees.

David

On 13/01/2021 05:13, Tom Stellard via cfe-dev wrote:
> Hi,
> 
> I would like to automate the signing of some of the release files we 
> upload to the release page, starting with the source tarballs.  My 
> initial goal is to have a CI job that automatically creates, signs, and 
> uploads the source tarballs, whenever a new release is tagged.  I would 
> also like the key used for signing to be a 'project' key and not 
> someone's personal key.
> 
> Once this is done, I would like to implement something similar for the 
> release binaries, so that testers could upload the binaries and have 
> them automatically signed.  This will be more difficult than the source 
> tarballs, because the binaries are built by individual testers, so we 
> would need to prove that they come from a trust-worthy source.
> 
> Implementing these changes, will help streamline the release process and 
> let release managers avoid doing a lot of manual mistake-prone tasks.
> 
> The questions I have for the community are:
> 
> Is this a good idea?
> 
> How can I implement this securely?
> 
> Thanks,
> Tom
> 
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at lists.llvm.org
> https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
>

More information about the cfe-dev mailing list