Google idalengeza kupanga zotulutsa zokhazikika zoyamba za zigawo zomwe zimapanga projekiti ya Sigstore, yomwe imanenedwa kuti ndiyoyenera kupanga zogwirira ntchito. Sigstore imapanga zida ndi ntchito zotsimikizira mapulogalamu pogwiritsa ntchito siginecha ya digito ndikusunga chipika chapagulu chotsimikizira kutsimikizika kwakusintha (lolemba lowonekera). Ntchitoyi ikupangidwa mothandizidwa ndi bungwe lopanda phindu la Linux Foundation ndi Google, Red Hat, Cisco, vmWare, GitHub ndi HP Enterprise mothandizidwa ndi OpenSSF (Open Source Security Foundation) ndi Purdue University.
Sigstore ikhoza kuganiziridwa ngati Let's Encrypt for code, kupereka ziphaso zamakhodi osayina pa digito ndi zida zotsimikizira zokha. Ndi Sigstore, Madivelopa amatha kusaina zinthu zakale zokhudzana ndi ntchito monga mafayilo amasulidwe, zithunzi zamabokosi, mawonetsero, ndi zotheka. Zomwe zimagwiritsidwa ntchito posayina zikuwonetsedwa mu chipika cha anthu chomwe sichingasokonezedwe chomwe chingagwiritsidwe ntchito potsimikizira ndi kuwunika.
M'malo mwa makiyi okhazikika, Sigstore amagwiritsa ntchito makiyi a ephemeral aafupi omwe amapangidwa kutengera zidziwitso zotsimikiziridwa ndi OpenID Connect operekera (panthawi yopanga makiyi ofunikira kuti apange siginecha ya digito, wopanga mapulogalamu amadzizindikiritsa kudzera mwa opereka OpenID omwe amamangirira imelo. ). Zowona za makiyi zimatsimikiziridwa ndi chipika chapakati pagulu, chomwe chimakulolani kuti muwonetsetse kuti wolemba siginechayo ndi yemwe amadzinenera kuti ndi, ndipo siginecha inapangidwa ndi wophunzira yemweyo yemwe anali ndi udindo pazotulutsa zakale.
Kukonzekera kwa Sigstore kuti ikwaniritsidwe ndi chifukwa cha kupangidwa kwa kutulutsidwa kwa zigawo ziwiri zofunika - Rekor 1.0 ndi Fulcio 1.0, zomwe mapulogalamu awo amalumikizana amanenedwa kuti ndi okhazikika ndipo kuyambira pano akusunga kuyanjana kwambuyo. Zigawo zautumiki zimalembedwa mu Go ndikugawidwa pansi pa layisensi ya Apache 2.0.
Chigawo cha Rekor chili ndi chipika chosungirako metadata yosainidwa ndi digito yomwe imawonetsa zambiri zamapulojekiti. Kuonetsetsa umphumphu ndi chitetezo ku chiwonongeko cha deta, mtengo wa Merkle Tree umagwiritsidwa ntchito momwe nthambi iliyonse imatsimikizira nthambi zonse zomwe zili pansi ndi ma node kupyolera mu mgwirizano (mtengo) hashing. Pokhala ndi hashi yomaliza, wogwiritsa ntchito akhoza kutsimikizira kulondola kwa mbiri yonse ya ntchito, komanso kulondola kwa madera akale a database (chitsimikizo cha mizu ya chikhalidwe chatsopano cha database chikuwerengedwa poganizira za zakale. ). API ya RESTful imaperekedwa kuti itsimikizire ndikuwonjezera zolemba zatsopano, komanso mawonekedwe a mzere wamalamulo.
Chigawo cha Fulcio (SigStore WebPKI) chimaphatikizapo njira yopangira maulamuliro a satifiketi (mizu ma CA) omwe amapereka ziphaso zanthawi yayitali kutengera imelo yotsimikizika kudzera pa OpenID Connect. Moyo wa satifiketiyo ndi mphindi 20, pomwe wopangayo ayenera kukhala ndi nthawi yopanga siginecha ya digito (ngati mtsogolomo chiphasocho chigwera m'manja mwa wowukira, chikhala kale). Kuphatikiza apo, polojekitiyi imapanga zida za Cosign (Container Signing), zomwe zimapangidwa kuti zipange siginecha zamakontena, kutsimikizira siginecha ndikuyika zotengera zomwe zasainidwa m'mankhokwe zomwe zimagwirizana ndi OCI (Open Container Initiative).
Kukhazikitsidwa kwa Sigstore kumapangitsa kuti zitheke kuonjezera chitetezo cha njira zogawira mapulogalamu ndikuteteza ku ziwonetsero zomwe zimafuna kulowetsamo malaibulale ndi zodalira (zopereka). Chimodzi mwazinthu zazikulu zachitetezo mu pulogalamu yotseguka ndizovuta kutsimikizira komwe kumachokera pulogalamuyo ndikutsimikizira njira yomanga. Mwachitsanzo, ma projekiti ambiri amagwiritsa ntchito ma hashes kuti ayang'ane kukhulupirika kwa kumasulidwa, koma nthawi zambiri zidziwitso zofunika kuti zitsimikizidwe zimasungidwa pamakina osatetezedwa komanso m'malo omwe amagawana nawo ndi code, chifukwa chake, ngati atasokonezedwa, owukira amatha kusintha mafayilo ofunikira kutsimikizira ndipo, popanda kudzutsa kukayikira, kuyambitsa zosintha zoyipa.
Kugwiritsa ntchito siginecha za digito pakutsimikizira kumasulidwa sikunafalikirebe chifukwa cha zovuta pakuwongolera makiyi, kugawa makiyi a anthu onse, komanso kuchotsedwa kwa makiyi osokonekera. Kuti kutsimikizira kumveke bwino, kumafunikanso kukonza njira yodalirika komanso yotetezeka yogawira makiyi a anthu onse ndi macheke. Ngakhale ndi siginecha ya digito, ogwiritsa ntchito ambiri amanyalanyaza zotsimikizira chifukwa zimatenga nthawi kuti aphunzire njira yotsimikizira ndikumvetsetsa chinsinsi chomwe chili chodalirika. Pulojekiti ya Sigstore imayesa kufewetsa ndikusintha njirazi popereka yankho lokonzekera komanso lotsimikiziridwa.
Source: opennet.ru