Authenticate the cryptographic chain-of-custody of Linux distributions (like Arch Linux and Debian) to their source code inputs

Overview

backseat-signed

Authenticate the cryptographic chain-of-custody of Linux distributions (like Arch Linux and Debian) to their source code inputs. This is done by following cryptographic links from a signed derivate to its source input.

This concept is somewhat goofy but has some interesting properties - software releases are typically signed like this:

example-0.1.0.tar.gz <- example-0.1.0.tar.gz.sig

✨Fabulous✨. However, the luxury of this simplicity may not always be available, upstream may not be signing their releases, or they are signing some intermediate build artifact instead of the actual source code *hint hint*.

Now what if this is not available? May I present you this alternative chain:

example-0.1.0.tar.gz <- PKGBUILD <- .BUILDINFO <- .pkg.tar.zst <- .pkg.tar.zst.sig

Due to a chain of happy coincidents, when an Arch Linux package maintainer signs a package they built from example-0.1.0.tar.gz, they sign something that contains a hash (.pkg.tar.zst/.BUILDINFO) of something that contains a hash (PKGBUILD) of the original example-0.1.0.tar.gz.

Or how about this one?

example-0.1.0.tar <- example_0.1.0.orig.tar.xz <- Sources.xz <- Release <- Release.gpg

This may require some squinting since in Debian the source tarball is sometimes recompressed so only the inner .tar is compared, the outer compression layer is disregarded.

But didn't this just go wrong?

Indeed, you can use backseat-signed to verify xz-5.6.1.tar.gz (sha256:2398f4a8e53345325f44bdd9f0cc7401bd9025d736c6d43b372f4dea77bf75b8) has been in both Debian and Arch Linux.

But this is specifically why the xz thing was such a big deal.

Both have used something that wasn't a VCS snapshot and instead used an archive with source code pre-processed by autotools (and some manual changes), which is arguably an intermediate build artifact.

Since both distributions intend to build from source (with different levels of strictness), they should prefer a VCS snapshot that was taken with e.g. git archive.

Ideally you could:

git -C source-code/ -c tar.tar.gz.command="gzip -cn" archive --prefix="example-0.1.0/" -o "example-0.1.0.tar.gz" "v0.1.0"
backseat-signed verify --todo ./debian.todo example-0.1.0.tar.gz
backseat-signed verify --todo ./archlinux.todo example-0.1.0.tar.gz

Which hopefully makes it fairly obvious what's the soure code that people should be code reviewing. 🦝

This could then be topped off with reproducible builds to verify the path from source -> binary too (in its entirety).

How to use the plumbing commands

For Arch Linux:

# prepare what we want to compare with
git clone 'https://github.com/abishekvashok/cmatrix'
git -C cmatrix/ -c tar.tar.gz.command="gzip -cn" archive --prefix="cmatrix-2.0/" -o "cmatrix-2.0.tar.gz" "v2.0"

# for the lack of a better keyring file
# verify cmatrix-2.0-3-x86_64.pkg.tar.zst.sig -> cmatrix-2.0-3-x86_64.pkg.tar.zst
wget 'https://archive.archlinux.org/packages/c/cmatrix/cmatrix-2.0-3-x86_64.pkg.tar.zst'{,.sig}
backseat-signed plumbing archlinux-pkg-from-sig --keyring /usr/share/pacman/keyrings/archlinux.gpg --sig cmatrix-2.0-3-x86_64.pkg.tar.zst.sig cmatrix-2.0-3-x86_64.pkg.tar.zst
# verify cmatrix-2.0-3-x86_64.pkg.tar.zst -> PKGBUILD
wget 'https://gitlab.archlinux.org/archlinux/packaging/packages/cmatrix/-/raw/2.0-3/PKGBUILD'
backseat-signed plumbing archlinux-pkgbuild-from-pkg --pkg cmatrix-2.0-3-x86_64.pkg.tar.zst PKGBUILD
# verify PKGBUILD -> cmatrix-2.0.tar.gz
backseat-signed plumbing archlinux-file-from-pkgbuild --pkgbuild PKGBUILD cmatrix-2.0.tar.gz

For Debian:

# prepare what we want to compare with
git clone 'https://github.com/abishekvashok/cmatrix'
git -C cmatrix/ -c tar.tar.gz.command="gzip -cn" archive --prefix="cmatrix-2.0/" -o "cmatrix-2.0.tar.gz" "v2.0"

# verify Release.gpg -> Release -> Sources.xz
backseat-signed plumbing debian-sources-from-release --keyring debian-archive-bookworm-automatic.asc --sig Release.gpg --release Release Sources.xz
# verify Sources.xz -> cmatrix-2.0.tar.gz
# if debian recompressed your file, you need to provide this file too with `--orig cmatrix_2.0.orig.tar.xz`
backseat-signed plumbing debian-tarball-from-sources --sources Sources.xz cmatrix-2.0.tar.gz

Important

This tool is still experimental and some things are hard-coded that you'd expect to be more flexible. If something fails please open a github issue. 🖤

Where does the name come from?

The name is derived from 'backseat gaming,' which refers to someone who is not actively playing (but merely watching) who involves themselves in a game someone else is playing.

Why use the past tense '-signed'?

This tool does not create signatures, it only collects and verifies them.

How does this program decompress xz/lzma?

It's using the lzma-rs crate, a pure Rust reimplementation of lzma.

Credits

This software was brought to you by humans associating with the European left-autonomous hacking scene of the 2020's, in response to the xz backdoor incident. It aims to make open source authority transparent enough to allow reasoning about them as common goods.

This project operates without public funding through anarcho-communism.

License

GPL-3.0-or-later

You might also like...
Key derivation and cryptographic signing functionality for Ethereum applications (ethers-rs)

ethers-signer-factory ethers-signer-factory is a Rust crate that provides functions for key derivation and signing of Ethereum transactions and messag

🧩Creating a blockchain wallet and integrating a couple of cryptographic algorithms to securely save the secrets.🧩

Rust Library For Cryptocurrency Wallet Folder Structure src : contains the source code of the library examples : contains some examples of the library

A (mostly) pure-Rust implementation of various cryptographic algorithms.

Rust-Crypto A (mostly) pure-Rust implementation of various common cryptographic algorithms. Rust-Crypto seeks to create practical, auditable, pure-Rus

Sodium Oxide: Fast cryptographic library for Rust (bindings to libsodium)

sodiumoxide |Crate|Documentation|Gitter| |:---:|:-----------:|:--------:|:-----:|:------:|:----:| |||| NaCl (pronounced "salt") is a new easy-to-use h

Collection of cryptographic hash functions written in pure Rust

RustCrypto: hashes Collection of cryptographic hash functions written in pure Rust. All algorithms reside in the separate crates and implemented using

Modern Cryptographic Firmware

Trussed® Modern Cryptographic Firmware Status Very much WIP. Actively developed. Unstable APIs.

The underlying cryptographic primitives for Manta Ecosystem

manta crypto The underlying cryptography that manta ecosystem relies on. It comes with the following traits: checksum: definitions for message digest.

Secure storage for cryptographic secrets in Rust

secrets secrets is a library to help Rust programmers safely held cryptographic secrets in memory. It is mostly an ergonomic wrapper around the memory

Pure Rust implementation of the RNCryptor cryptographic format by Rob Napier

rncryptor Rust Implementation of the RNCryptor spec This library implements the specification for the RNCryptor encrypted file format by Rob Napier. d

Comments
Owner
Rust Developer 🦀, {Arch Linux,Debian,Alpine} Package Maintainer 📦, Reproducible Builds Enthusiast ⛓, Security Researcher 🦝, Anarcho Communist 🏴
null
use your GitHub SSH keys to authenticate to sshd

aeneid If you squint, GitHub is basically a free, zero-ops IdP that provides SSH public keys. Let's use it to authenticate to OpenSSH! What / How? The

Nikhil Jha 21 Dec 6, 2022
Authenticate a tarball through a signed tag in a git repository (with reproducible builds)

auth-tarball-from-git Authenticate a tarball through a signed tag in a git repository (with reproducible builds). The signed git tag contains a hash o

null 14 Aug 16, 2022
Rebuilderd debian buildinfo crawler

Sponsored by: rebuilderd-debian-buildinfo-crawler This program parses the Packages.xz debian package index, attempts to discover the right buildinfo f

null 4 Feb 14, 2022
Manage lockfiles in PKGBUILDs for upstreams that don't ship them, `updpkgsums` for dependency trees (Arch Linux tooling)

updlockfiles Manage lockfiles for packages that don't ship any upstream. Like updpkgsums but for 3rd party dependency trees. If you're not actively ma

null 11 Oct 27, 2022
Cryptographic Primitive Code Generation by Fiat

Fiat-Crypto: Synthesizing Correct-by-Construction Code for Cryptographic Primitives Building This repository requires Coq 8.11 or later. Note that if

Programming Languages and Verification Group at MIT CSAIL 538 Jan 7, 2023
An open source desktop wallet for nano and banano with end-to-end encrypted, on chain messaging using the dagchat protocol.

An open source wallet with end-to-end encrypted, on chain messaging for nano and banano using the dagchat protocol.

derfarctor 22 Nov 6, 2022
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Themis provides strong, usable cryptography for busy people General purpose cryptographic library for storage and messaging for iOS (Swift, Obj-C), An

Cossack Labs 1.6k Dec 30, 2022
Pure-Rust traits and utilities for constant-time cryptographic implementations.

subtle Pure-Rust traits and utilities for constant-time cryptographic implementations. It consists of a Choice type, and a collection of traits using

dalek cryptography 196 Dec 13, 2022
the official Rust and C implementations of the BLAKE3 cryptographic hash function

BLAKE3 is a cryptographic hash function that is: Much faster than MD5, SHA-1, SHA-2, SHA-3, and BLAKE2. Secure, unlike MD5 and SHA-1. And secure again

BLAKE3 team 3.7k Jan 6, 2023
Dexios-Core is a library used for managing cryptographic functions and headers that adhere to the Dexios format.

What is it? Dexios-Core is a library used for managing cryptographic functions and headers that adhere to the Dexios format. Security Dexios-Core uses

brxken 3 Jul 4, 2022