tracking issue for rekor 2 adoption in pypi ecosystem #147
Description
Summary
This is a tracking issue to make sure Rekor v2 adoption goes without issues in the PyPI ecosystem (pypi-attestations, warehouse, gh-action-pypi-publish, Index Hosted Attestations spec).
- rekor v2 is a new transparency log used by Sigstore, a successor to Rekor v1. User visible changes include different log entry types and requirement for RFC3161 timestamps (Rekor v1 entries included a integrated time but v2 entries do not )
- The log entries are included in the PyPI attestations so the switch requires upgrades at both signing and verifying end
- Rekor v2 is just being deployed on the Sigstore public infrastructure. Rekor v1 log remains usable in parallel for now
Projects involved
- sigstore-python < 4 supports rekor v1 only. Sigstore-python >= 4 supports both rekor v1 and v2 and by default when signing chooses the log version based on recommendation from Sigstore public good infra
- pypi-attestations 0.0.27 uses sigstore-python < 4. pypi-attestations 0.0.28 uses sigstore-python 4 but chooses to always sign with rekor v1
- Index Hosted Attestations specification is currently technically compatible with rekor v2 log entries but does not cover RFC3161 timestamps which are required to verify rekor v2 log entries
- warehouse and gh-action-pypi-publish currently use pypi-attestations 0.0.27
Sigstore public good infrastructure
Sigstore public good infra has two Rekor instances (v1 and v2). Both instances are listed in trust root so clients can verify signature bundles containing entries from either log. Only the v1 instance is currently recommended for signing clients (to allow more time for verifying clients to upgrade). This recommendation will change in the coming months.
Migration strategy
Main concerns
- warehouse as the verifier should get upgraded before gh-action-pypi-publish
- gh-action-pypi-publish should control when rekor v2 entries are used (unlike the sigstore-python CLI that will use Rekor v2 when Sigstore public good recommends to do so)
- rekor v2 entries should be in use before Sigstore public good turns Rekor v1 log read-only (this is not even planned yet but will likely happen at some point)
Plan
- Upgrade warehouse, then gh-action-pypi-publish to pypi-attestations 0.0.28 -- this means using the newest sigstore-python but explicitly choosing to sign with Rekor v1 even if public good instance starts recommending v2
- Add support for RFC3161 timestamps in pypi-attestations and Index Hosted Attestations spec, enable Rekor v2 entries pypi-attestations (see Ensure pypi attestations can handle timestamps (and as result rekorv2 log entries) #142)
- Wait for Sigstore public good to start recommending Rekor v2
- Upgrade Warehouse, then gh-action-pypi-publish to the pypi-attestations version with Rekor v2 enabled
CC @di, @facutuesca, @webknjaz, @woodruffw