Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pkg/apk: switch to SHA2-256 based signatures by default #1440

Merged
merged 1 commit into from
Dec 13, 2024
Merged

pkg/apk: switch to SHA2-256 based signatures by default #1440

merged 1 commit into from
Dec 13, 2024

Conversation

xnox
Copy link
Contributor

@xnox xnox commented Dec 13, 2024
edited
Loading

Remove commented out support for dual-signing, as it is not correctly
supported by anything (non-deterministic validation, leading to
trusting weakest signature, rather than strongest one).

Switch default signing type to RSA256 (RSA signature over SHA2-256
message digest).

Provide environment variable opt-out to switch back to RSA (RSA
signature over SHA1 message digest).

This allows to roll this out, with a runtime escape hatch.

If successful, runtime escape hatch can be reverted.

All tests pass, as support for validating RSA/RSA256/dual signatures
was already landed previously.

This api is used by melange and has been cross-tested with melange (using replace go.mod directive pointing at this proposed apko code).

@xnox xnox marked this pull request as draft December 13, 2024 22:28
@xnox
pkg/apk: switch to SHA2-256 based signatures by default
e2b26f6 
Remove commented out support for dual-signing, as it is not correctly
supported by anything (non-deterministic validation, leading to
trusting weakest signature, rather than strongest one).

Switch default signing type to RSA256 (RSA signature over SHA2-256
message digest).

Provide environment variable opt-out to switch back to RSA (RSA
signature over SHA1 message digest).

This allows to roll this out, with a runtime escape hatch.

BTW I am not sure if anybody uses this API, as I am failing to find
any references to SignIndex() call anywhere...
@xnox xnox mentioned this pull request Dec 13, 2024
Merged
@xnox xnox marked this pull request as ready for review December 13, 2024 22:59
xnox added a commit to xnox/melange that referenced this pull request Dec 13, 2024
@xnox
sign: switch to SHA2-256 signature by default
3d1b7b3 
Switch to SHA2-256 signature by default for the `melange sign`
command.

Use the same runtime opt-out back to SHA1 signatures as apko.

With apko from:
- chainguard-dev/apko#1440

This will use RSA256 signature type for both .apk & APKINDEX.tar.gz
signing.
@xnox xnox merged commit 0686921 into chainguard-dev:main Dec 13, 2024
14 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jonjohnsonjr jonjohnsonjr jonjohnsonjr approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@xnox @jonjohnsonjr