Red Hat ndi Google, pamodzi ndi yunivesite ya Purdue, adayambitsa pulojekiti ya Sigstore, yomwe cholinga chake ndi kupanga zida ndi ntchito zotsimikizira mapulogalamu pogwiritsa ntchito siginecha za digito ndikusunga chipika cha anthu kuti chitsimikizire zowona (zolemba zowonekera). Ntchitoyi ipangidwa mothandizidwa ndi bungwe lopanda phindu la Linux Foundation.
Pulojekiti yomwe ikuyembekezeredwayo ipititsa patsogolo chitetezo cha njira zogawa mapulogalamu ndikuteteza ku ziwonetsero zomwe cholinga chake ndikusintha magawo a mapulogalamu ndi zodalira (zopereka). Imodzi mwazovuta zazikulu zachitetezo mu pulogalamu yotseguka ndizovuta kutsimikizira komwe kumachokera pulogalamuyo ndikutsimikizira njira yomanga. Mwachitsanzo, ma projekiti ambiri amagwiritsa ntchito ma hashes kuti atsimikizire kukhulupirika kwa kutulutsidwa, koma nthawi zambiri zidziwitso zofunika kuti zitsimikizidwe zimasungidwa pamakina osatetezedwa komanso m'malo osungiramo ma code omwe amagawana nawo, chifukwa chake owukira amatha kusokoneza mafayilo ofunikira kuti atsimikizire ndikuyambitsa zosintha zoyipa. popanda kudzutsa kukayikira.
Ndi gawo laling'ono chabe la ma projekiti omwe amagwiritsa ntchito siginecha ya digito pogawira zotulutsidwa chifukwa cha zovuta pakuwongolera makiyi, kugawa makiyi a anthu onse, ndikubweza makiyi osokonekera. Kuti kutsimikizira kumveke bwino, ndikofunikiranso kukonza njira yodalirika komanso yotetezeka yogawira makiyi a anthu onse ndi macheke. Ngakhale ndi siginecha ya digito, ogwiritsa ntchito ambiri amanyalanyaza zotsimikizira chifukwa amafunika kuthera nthawi yowerengera zotsimikizira ndikumvetsetsa chinsinsi chomwe chili chodalirika.
Sigstore imadziwika kuti ndiyofanana ndi Let's Encrypt for code, kupereka ziphaso zamakhodi osayina pakompyuta ndi zida zotsimikizira zokha. Ndi Sigstore, Madivelopa amatha kusaina zinthu zakale zokhudzana ndi ntchito monga mafayilo amasulidwe, zithunzi zamabokosi, mawonetsero, ndi zotheka. Chinthu chapadera cha Sigstore ndikuti zinthu zomwe zimagwiritsidwa ntchito posayina zikuwonetsedwa mu chipika cha anthu chomwe chingagwiritsidwe ntchito potsimikizira ndi kufufuza.
M'malo mwa makiyi okhazikika, Sigstore amagwiritsa ntchito makiyi afupipafupi a ephemeral, omwe amapangidwa pogwiritsa ntchito zizindikiro zomwe zimatsimikiziridwa ndi OpenID Connect operekera (panthawi yopanga makiyi a siginecha ya digito, wopanga mapulogalamu amadzizindikiritsa yekha kudzera mwa wothandizira OpenID wolumikizidwa ndi imelo). Zowona za makiyi zimatsimikiziridwa pogwiritsa ntchito chipika chapakati pagulu, zomwe zimapangitsa kuti zitsimikizire kuti wolemba siginechayo ndi yemwe amadzinenera kuti ndi wotani ndipo siginecha inapangidwa ndi wophunzira yemweyo yemwe anali ndi udindo pazotulutsa zakale.
Sigstore imapereka ntchito zokonzeka zomwe mungagwiritse ntchito kale, komanso zida zomwe zimakulolani kuti mugwiritse ntchito ntchito zofananira pazida zanu. Ntchitoyi ndi yaulere kwa onse opanga mapulogalamu ndi opereka mapulogalamu, ndipo imayikidwa papulatifomu yopanda ndale - Linux Foundation. Zigawo zonse zautumiki ndizotseguka, zolembedwa mu Go ndikugawidwa pansi pa chilolezo cha Apache 2.0.
Zina mwa zigawo zomwe zapangidwa tingazindikire:
- Rekor ndikukhazikitsa chipika chosungira metadata yosainidwa ndi digito yowonetsa zambiri zamapulojekiti. Kuonetsetsa umphumphu ndi kuteteza ku chiwonongeko cha deta pambuyo pake, ndondomeko yofanana ndi mtengo "Merkle Tree" imagwiritsidwa ntchito, yomwe nthambi iliyonse imatsimikizira nthambi zonse zapansi ndi mfundo, chifukwa cha hashing (yofanana ndi mtengo). Pokhala ndi hashi yomaliza, wogwiritsa ntchito akhoza kutsimikizira kulondola kwa mbiri yonse ya ntchito, komanso kulondola kwa madera akale a database (chitsimikizo cha mizu ya chikhalidwe chatsopano cha database chikuwerengedwa poganizira za zakale. ). Kuti mutsimikizire ndi kuwonjezera zolemba zatsopano, Restful API imaperekedwa, komanso mawonekedwe a cli.
- Fulcio (SigStore WebPKI) ndi njira yopangira maulamuliro a certification (Root-CAs) omwe amapereka satifiketi akanthawi kochepa kutengera imelo yotsimikizika kudzera pa OpenID Connect. Moyo wa satifiketiyo ndi mphindi 20, pomwe wopangayo ayenera kukhala ndi nthawi yopanga siginecha ya digito (ngati satifiketi ikagwera m'manja mwa wowukira, ikhala itatha kale).
- Π‘osign (Container Signing) ndi chida chopangira siginecha za zotengera, kutsimikizira siginecha ndikuyika zotengera zosainidwa m'mankhokwe zomwe zimagwirizana ndi OCI (Open Container Initiative).
Source: opennet.ru