Experimental binary transparency for pacman with sigstore and rekor

Overview

pacman-bintrans

This is an experimental implementation of binary transparency for pacman, the Arch Linux package manager. This project was originally heavily inspired by prior work by Mozilla and then re-implemented with the rekor transparency log of sigstore.

Cryptographic signatures prove that a message originates from somebody with control over the private key, but it's impossible to prove that the private key didn't sign additional messages. In update security this means a signed update is a strong indicator the update is authentic, but you can't be sure this update is the same update everybody else got. Somebody in control of the update key could craft a malicious update, sign it and feed it specifically to you. This attack is much less likely to get noticed than pushing a malicious update to all users.

Because transparency logs work best with a "single-purpose key", meaning the key is only ever used to sign Arch Linux packages, we're creating a special "transparency key". The operator needs to sign every Arch Linux package and upload the signature to the transparency log. They also need to maintain an audit log that tracks why each signature was created.

An external auditor could then fetch all signatures from sigstore and check if they belong to officially released packages.

Usage

pacman-bintrans integrates into pacman by registering it as a custom transport in /etc/pacman.conf:

XferCommand = /usr/bin/pacman-bintrans -vO %o %u --transparency-url https://pacman-bintrans.vulns.xyz/sigs/ --pubkey 'RWSC6c8TVaOYGoe60E+sPiPgumSQENiSNJrBOH6IUYdfmY9xIDJCFXa2'

To verify everything is working correctly you can clear your download cache with pacman -Scc and then try to re-download and reinstall a package with pacman -Suy filesystem.

pacman still verifies pgp signatures, but in addition also runs rekor-cli verify on each package to ensure it has been properly logged in the sigstore transparency log.

Configuration

TODO

Generating transparency proofs

This section is intended for package maintainers that are planning to run package repositories with binary transparency enabled.

cd pacman-bintrans-sign
cargo run --release -- -v \
    --repo-url 'https://ftp.halifax.rwth-aachen.de/archlinux/$repo/os/$arch' --repo-name core --architecture x86_64 \
    --signature-dir ../www/ --pubkey-path ~/keys/minisign.pub --seckey-path ~/keys/seckey

Searching the transparency log

There's a command to list all signatures that have been logged so far:

cd pacman-bintrans-monitor
cargo run

Fetching with a proxy

Note this doesn't fully torify all traffic, it only uses it to download the package and fetch from --transparency-url:

cargo run -- -vvO filesystem-2021.05.31-1-x86_64.pkg.tar.zst https://ftp.halifax.rwth-aachen.de/archlinux/core/os/x86_64/filesystem-2021.05.31-1-x86_64.pkg.tar.zst \
    --pubkey 'RWSC6c8TVaOYGoe60E+sPiPgumSQENiSNJrBOH6IUYdfmY9xIDJCFXa2' --transparency-url 'http://2iz5fzvuwjapcv5v2msvhlr5oqbwriznwu7hnsccrsho47ljqynrgryd.onion/sigs/' \
    --proxy 'socks5h://127.0.0.1:9050' --bypass-proxy-for-pkgs

Acknowledgments

This project was funded by Google, The Linux Foundation, and people like you and me through GitHub sponsors. ♥️ ♥️ ♥️

License

GPLv3+

Comments
  • Url scheme not allowed error while downloading pango on Arch Linux

    Url scheme not allowed error while downloading pango on Arch Linux

    While installing pango I got an error trying to download the transparency proof.

    Steps taken:

    1. I installed pacman-bintrans 0.1.0-1 from the arch community repository
    2. Installed the custom transport by copying the line from the README
    3. Ran pacman -Scc
    4. Ran pacman -Syu triggering an update to multiple packages including libibus-1.5.25-2 and pango-1:1.48.9-2

    Results: The libibus download was successfully verified while the pango download failed with the following error:

    [2021-08-24T02:31:22Z INFO  pacman_bintrans] Writing pkg to "/var/cache/pacman/pkg/libibus-1.5.25-2-x86_64.pkg.tar.zst.part"
    [2021-08-24T02:31:22Z INFO  pacman_bintrans] Transparency proof is required for "http://mirrors.sonic.net/archlinux/extra/os/x86_64/pango-1:1.48.9-2-x86_64.pkg.tar.zst", downloading into memory
    [2021-08-24T02:31:22Z INFO  pacman_bintrans::proof] Trying to download transparency proof from "pango-1:1.48.9-2-x86_64.pkg.tar.zst.t"
    Error: Failed to send request
    
    Caused by:
        0: builder error for url (pango-1:1.48.9-2-x86_64.pkg.tar.zst.t): URL scheme is not allowed
        1: URL scheme is not allowed
    
    opened by michardy 3
  • Signature verification failed

    Signature verification failed

    # pacman -S qt5-base 
    warning: qt5-base-5.15.2+kde+r237-1 is up to date -- reinstalling
    resolving dependencies...
    looking for conflicting packages...
    
    Packages (1) qt5-base-5.15.2+kde+r237-1
    
    Total Installed Size:  65.15 MiB
    Net Upgrade Size:       0.00 MiB
    
    :: Proceed with installation? [Y/n] 
    :: Retrieving packages...
    [2021-11-14T03:12:51Z INFO  pacman_bintrans] Transparency proof is required for "https://manjaro.lucassymons.net/stable/extra/x86_64/qt5-base-5.15.2+kde+r237-1-x86_64.pkg.tar.zst", downloading into memory
    [2021-11-14T03:13:05Z INFO  pacman_bintrans::proof] Trying to download transparency proof from "https://pacman-bintrans.vulns.xyz/sigs/qt5-base-5.15.2+kde+r237-1-x86_64.pkg.tar.zst.t"
    [2021-11-14T03:13:07Z INFO  pacman_bintrans::proof] Calculating sha256sum for 18924753 bytes
    [2021-11-14T03:13:07Z INFO  pacman_bintrans::proof] Verifying transparency signature
    Error: Signature verification failed
    
    opened by nerd36 1
  • 404 Not Found

    404 Not Found

    # pacman -S octopi
    resolving dependencies...
    looking for conflicting packages...
    
    Packages (5) alpm-octopi-utils-1.0.2-2  expac-10-5  pkgfile-21-2
                 qtermwidget-0.17.0-2  octopi-0.11.0-3
    
    Total Download Size:   1.59 MiB
    Total Installed Size:  6.37 MiB
    
    :: Proceed with installation? [Y/n] 
    :: Retrieving packages...
    [2021-11-14T01:20:00Z INFO  pacman_bintrans] Transparency proof is required for "https://manjaro.lucassymons.net/stable/community/x86_64/alpm-octopi-utils-1.0.2-2-x86_64.pkg.tar.zst", downloading into memory
    [2021-11-14T01:20:02Z INFO  pacman_bintrans::proof] Trying to download transparency proof from "https://pacman-bintrans.vulns.xyz/sigs/alpm-octopi-utils-1.0.2-2-x86_64.pkg.tar.zst.t"
    Error: Server returned http error
    
    Caused by:
        HTTP status client error (404 Not Found) for url (https://pacman-bintrans.vulns.xyz/sigs/alpm-octopi-utils-1.0.2-2-x86_64.pkg.tar.zst.t)
    
    opened by nerd36 1
  • Allow everyone to publish to transparency log

    Allow everyone to publish to transparency log

    A client receives a package that is signed by Arch. Why shouldn't it can publish package data (including publisher signature) to public log? Why you should wait until the package's publisher or Arch, do that? This way we have a more decentralized audition, too

    opened by mahdi-ln 1
  • Proof-of-Work blockchain is safer

    Proof-of-Work blockchain is safer

    in PoW blockchain method the client has a time limit for receiving hashing answers from the blockchain network, so it can assure that it is viewing a version of blockchain with an International-scale hashing power. So it doesn't need gossiping to stop split-view-attack.

    P.S About bitcoin network fees, layer 2 should be used. Layer 2 security depends on the main blockchain.

    opened by mahdi-ln 0
  • Tor Usage

    Tor Usage

    Would be nice if it would be documented how to use

    XferCommand = /usr/bin/pacman-bintrans -O %o %u --transparency-url https://pacman-bintrans.vulns.xyz/sigs/ --pubkey 'RWSC6c8TVaOYGoe60E+sPiPgumSQENiSNJrBOH6IUYdfmY9xIDJCFXa2'

    with Tor - If even possible.

    Thanks!

    opened by ghost 1
  • Change interface to ask for confirmation before creating new database

    Change interface to ask for confirmation before creating new database

    I accidentally ran the sign command in the wrong directory and created a new database, which caused duplicate signatures with the RWSC6c8TVaOYGoe60E+sPiPgumSQENiSNJrBOH6IUYdfmY9xIDJCFXa2 key. There could be some kind of "setup" command that needs to be run explicitly to confirm the creation of a new database.

    The duplicate signatures that have been created:

    [2021-10-07T22:43:13Z INFO  pacman_bintrans_sign::archlinux] Downloadeded 1609289 bytes
    [2021-10-07T22:43:13Z INFO  pacman_bintrans_sign] Signing package
    [2021-10-07T22:43:13Z INFO  pacman_bintrans_sign] Adding to database
    [2021-10-07T22:43:13Z INFO  pacman_bintrans_sign] Writing signature to folder: "/var/www/html/sigs/389-ds-base-2.0.10-1-x86_64.pkg.tar.zst.t"
    [2021-10-07T22:43:13Z INFO  pacman_bintrans_sign] Uploading to sigstore
    Created entry at index 744343, available at: https://rekor.sigstore.dev/api/v1/log/entries/ebcfcca210b93aa49e83cc0998cf58930a9ad86cb6b3cf1443ea36d2ed2a3a9e
    [2021-10-07T22:43:14Z INFO  pacman_bintrans_sign] Signing package
    [2021-10-07T22:43:14Z INFO  pacman_bintrans_sign] Adding to database
    [2021-10-07T22:43:14Z INFO  pacman_bintrans_sign] Writing signature to folder: "/var/www/html/sigs/a2ps-4.14-12-x86_64.pkg.tar.zst.t"
    [2021-10-07T22:43:14Z INFO  pacman_bintrans_sign] Uploading to sigstore
    Created entry at index 744345, available at: https://rekor.sigstore.dev/api/v1/log/entries/ec5eb61eff748baec2dbcea45ad3521876ee1ed1c84094fb70a8bdb200a6d1c8
    [2021-10-07T22:43:15Z INFO  pacman_bintrans_sign] Signing package
    [2021-10-07T22:43:15Z INFO  pacman_bintrans_sign] Adding to database
    [2021-10-07T22:43:15Z INFO  pacman_bintrans_sign] Writing signature to folder: "/var/www/html/sigs/a52dec-0.7.4-11-x86_64.pkg.tar.zst.t"
    [2021-10-07T22:43:15Z INFO  pacman_bintrans_sign] Uploading to sigstore
    Created entry at index 744347, available at: https://rekor.sigstore.dev/api/v1/log/entries/700606141d1ea01f57ca46f14e35f21ab5ecd254edd11f0a471f6853a6e29574
    [2021-10-07T22:43:16Z INFO  pacman_bintrans_sign] Signing package
    [2021-10-07T22:43:16Z INFO  pacman_bintrans_sign] Adding to database
    [2021-10-07T22:43:16Z INFO  pacman_bintrans_sign] Writing signature to folder: "/var/www/html/sigs/aalib-1.4rc5-14-x86_64.pkg.tar.zst.t"
    [2021-10-07T22:43:16Z INFO  pacman_bintrans_sign] Uploading to sigstore
    Created entry at index 744349, available at: https://rekor.sigstore.dev/api/v1/log/entries/7b394533d1dc45929dab5c3c80af617f6e33ae774153c60eca53deb60032649e
    [2021-10-07T22:43:16Z INFO  pacman_bintrans_sign] Signing package
    [2021-10-07T22:43:16Z INFO  pacman_bintrans_sign] Adding to database
    [2021-10-07T22:43:16Z INFO  pacman_bintrans_sign] Writing signature to folder: "/var/www/html/sigs/abiword-3.0.5-1-x86_64.pkg.tar.zst.t"
    [2021-10-07T22:43:16Z INFO  pacman_bintrans_sign] Uploading to sigstore
    Created entry at index 744351, available at: https://rekor.sigstore.dev/api/v1/log/entries/2d3ea2e216d4f931da07a93efe5d7c82e3065d229f56166c7f1303ff20955b97
    [2021-10-07T22:43:17Z INFO  pacman_bintrans_sign] Signing package
    [2021-10-07T22:43:17Z INFO  pacman_bintrans_sign] Adding to database
    [2021-10-07T22:43:17Z INFO  pacman_bintrans_sign] Writing signature to folder: "/var/www/html/sigs/accerciser-3.38.0-2-any.pkg.tar.zst.t"
    [2021-10-07T22:43:17Z INFO  pacman_bintrans_sign] Uploading to sigstore
    Created entry at index 744353, available at: https://rekor.sigstore.dev/api/v1/log/entries/9fb778d871097b0e7eb6f83f2cf9f2aefe0b6776197e111b700a1e3485732645
    [2021-10-07T22:43:18Z INFO  pacman_bintrans_sign] Signing package
    [2021-10-07T22:43:18Z INFO  pacman_bintrans_sign] Adding to database
    [2021-10-07T22:43:18Z INFO  pacman_bintrans_sign] Writing signature to folder: "/var/www/html/sigs/accounts-qml-module-0.7-4-x86_64.pkg.tar.zst.t"
    [2021-10-07T22:43:18Z INFO  pacman_bintrans_sign] Uploading to sigstore
    Created entry at index 744355, available at: https://rekor.sigstore.dev/api/v1/log/entries/c06f0bf349ab1985f4752b5002202c0447a7f45305928a31cdf78a12314873b2
    [2021-10-07T22:43:19Z INFO  pacman_bintrans_sign] Signing package
    [2021-10-07T22:43:19Z INFO  pacman_bintrans_sign] Adding to database
    [2021-10-07T22:43:19Z INFO  pacman_bintrans_sign] Writing signature to folder: "/var/www/html/sigs/accountsservice-0.6.55-3-x86_64.pkg.tar.zst.t"
    [2021-10-07T22:43:19Z INFO  pacman_bintrans_sign] Uploading to sigstore
    Created entry at index 744357, available at: https://rekor.sigstore.dev/api/v1/log/entries/ed659e6197da055bc70f8a0b028da495af306a499f610201799b8543cdfb02ef
    [2021-10-07T22:43:19Z INFO  pacman_bintrans_sign] Signing package
    [2021-10-07T22:43:19Z INFO  pacman_bintrans_sign] Adding to database
    [2021-10-07T22:43:19Z INFO  pacman_bintrans_sign] Writing signature to folder: "/var/www/html/sigs/adobe-source-code-pro-fonts-2.038ro+1.058it+1.018var-1-any.pkg.tar.zst.t"
    [2021-10-07T22:43:19Z INFO  pacman_bintrans_sign] Uploading to sigstore
    Created entry at index 744359, available at: https://rekor.sigstore.dev/api/v1/log/entries/ba38376ad3c4af0b09ecab80df6e8075b6f574e8a3706361746b045ebda0a8c7
    [2021-10-07T22:43:20Z INFO  pacman_bintrans_sign] Signing package
    [2021-10-07T22:43:20Z INFO  pacman_bintrans_sign] Adding to database
    [2021-10-07T22:43:20Z INFO  pacman_bintrans_sign] Writing signature to folder: "/var/www/html/sigs/adobe-source-sans-fonts-3.046-1-any.pkg.tar.zst.t"
    [2021-10-07T22:43:20Z INFO  pacman_bintrans_sign] Uploading to sigstore
    Created entry at index 744361, available at: https://rekor.sigstore.dev/api/v1/log/entries/263d59ccc8fd0bacbfb5bcb7fc6e06ceb908922ec8c9322e36bb9c55a3e6bf23
    [2021-10-07T22:43:21Z INFO  pacman_bintrans_sign] Signing package
    [2021-10-07T22:43:21Z INFO  pacman_bintrans_sign] Adding to database
    [2021-10-07T22:43:21Z INFO  pacman_bintrans_sign] Writing signature to folder: "/var/www/html/sigs/adobe-source-serif-fonts-4.004-2-any.pkg.tar.zst.t"
    [2021-10-07T22:43:21Z INFO  pacman_bintrans_sign] Uploading to sigstore
    Created entry at index 744363, available at: https://rekor.sigstore.dev/api/v1/log/entries/4b4d4c8712a9d2902bd46b149c3828beaade9a759b08149d86df7101a01cee81
    [2021-10-07T22:43:22Z INFO  pacman_bintrans_sign] Signing package
    [2021-10-07T22:43:22Z INFO  pacman_bintrans_sign] Adding to database
    [2021-10-07T22:43:22Z INFO  pacman_bintrans_sign] Writing signature to folder: "/var/www/html/sigs/adwaita-icon-theme-40.1.1-1-any.pkg.tar.zst.t"
    [2021-10-07T22:43:22Z INFO  pacman_bintrans_sign] Uploading to sigstore
    Created entry at index 744365, available at: https://rekor.sigstore.dev/api/v1/log/entries/a92c38a986a5704535904827732defba8a9fa3e38404a75c2533e330569e2072
    [2021-10-07T22:43:22Z INFO  pacman_bintrans_sign] Signing package
    [2021-10-07T22:43:22Z INFO  pacman_bintrans_sign] Adding to database
    [2021-10-07T22:43:22Z INFO  pacman_bintrans_sign] Writing signature to folder: "/var/www/html/sigs/aiksaurus-1.2.1-7-x86_64.pkg.tar.zst.t"
    [2021-10-07T22:43:22Z INFO  pacman_bintrans_sign] Uploading to sigstore
    Created entry at index 744368, available at: https://rekor.sigstore.dev/api/v1/log/entries/e72cd95b06372fe493a3636613ae82564be16707c7535e3ec97c72dcf63af0db
    [2021-10-07T22:43:23Z INFO  pacman_bintrans_sign] Signing package
    [2021-10-07T22:43:23Z INFO  pacman_bintrans_sign] Adding to database
    [2021-10-07T22:43:23Z INFO  pacman_bintrans_sign] Writing signature to folder: "/var/www/html/sigs/aisleriot-3.22.14-1-x86_64.pkg.tar.zst.t"
    [2021-10-07T22:43:23Z INFO  pacman_bintrans_sign] Uploading to sigstore
    Created entry at index 744370, available at: https://rekor.sigstore.dev/api/v1/log/entries/6cf5810880639e708da267687d50fc297e5e5420491063e87c5a56fa0d33b0ae
    [2021-10-07T22:43:24Z INFO  pacman_bintrans_sign] Signing package
    [2021-10-07T22:43:24Z INFO  pacman_bintrans_sign] Adding to database
    [2021-10-07T22:43:24Z INFO  pacman_bintrans_sign] Writing signature to folder: "/var/www/html/sigs/akonadi-21.08.2-1-x86_64.pkg.tar.zst.t"
    [2021-10-07T22:43:24Z INFO  pacman_bintrans_sign] Uploading to sigstore
    Created entry at index 744371, available at: https://rekor.sigstore.dev/api/v1/log/entries/dbd774a4db051f3a0ba135b88150057c8a3ccbf088e45ba6c7ce10000373497b
    [2021-10-07T22:43:24Z INFO  pacman_bintrans_sign] Signing package
    [2021-10-07T22:43:24Z INFO  pacman_bintrans_sign] Adding to database
    [2021-10-07T22:43:24Z INFO  pacman_bintrans_sign] Writing signature to folder: "/var/www/html/sigs/akonadi-calendar-21.08.2-1-x86_64.pkg.tar.zst.t"
    [2021-10-07T22:43:24Z INFO  pacman_bintrans_sign] Uploading to sigstore
    Created entry at index 744373, available at: https://rekor.sigstore.dev/api/v1/log/entries/373e53aac1c0c5bae9d3bad8b7535a70ec066aebda26964f52ad575f73a466b0
    [2021-10-07T22:43:25Z INFO  pacman_bintrans_sign] Signing package
    [2021-10-07T22:43:25Z INFO  pacman_bintrans_sign] Adding to database
    [2021-10-07T22:43:25Z INFO  pacman_bintrans_sign] Writing signature to folder: "/var/www/html/sigs/akonadi-calendar-tools-21.08.2-1-x86_64.pkg.tar.zst.t"
    [2021-10-07T22:43:25Z INFO  pacman_bintrans_sign] Uploading to sigstore
    Created entry at index 744375, available at: https://rekor.sigstore.dev/api/v1/log/entries/e7c6491b6fed60eabee2d539be917167421f8e871f593562c5f4de987fbdfc49
    [2021-10-07T22:43:26Z INFO  pacman_bintrans_sign] Signing package
    [2021-10-07T22:43:26Z INFO  pacman_bintrans_sign] Adding to database
    [2021-10-07T22:43:26Z INFO  pacman_bintrans_sign] Writing signature to folder: "/var/www/html/sigs/akonadi-contacts-21.08.2-1-x86_64.pkg.tar.zst.t"
    [2021-10-07T22:43:26Z INFO  pacman_bintrans_sign] Uploading to sigstore
    Created entry at index 744377, available at: https://rekor.sigstore.dev/api/v1/log/entries/fd98956e5d379da540a29701bde4c0f10f6814e607260e2287f6935ed62a4688
    [2021-10-07T22:43:26Z INFO  pacman_bintrans_sign] Signing package
    [2021-10-07T22:43:26Z INFO  pacman_bintrans_sign] Adding to database
    [2021-10-07T22:43:26Z INFO  pacman_bintrans_sign] Writing signature to folder: "/var/www/html/sigs/akonadi-import-wizard-21.08.2-1-x86_64.pkg.tar.zst.t"
    [2021-10-07T22:43:26Z INFO  pacman_bintrans_sign] Uploading to sigstore
    Created entry at index 744379, available at: https://rekor.sigstore.dev/api/v1/log/entries/ac3ce5f3f4bd7700e89c2fb0d36acca8deaa3a9b269698dbd03723b5ae2892b5
    [2021-10-07T22:43:27Z INFO  pacman_bintrans_sign] Signing package
    [2021-10-07T22:43:27Z INFO  pacman_bintrans_sign] Adding to database
    [2021-10-07T22:43:27Z INFO  pacman_bintrans_sign] Writing signature to folder: "/var/www/html/sigs/akonadi-mime-21.08.2-1-x86_64.pkg.tar.zst.t"
    [2021-10-07T22:43:27Z INFO  pacman_bintrans_sign] Uploading to sigstore
    Created entry at index 744381, available at: https://rekor.sigstore.dev/api/v1/log/entries/13a7e0f75efdd60154d737045b350cf55e7ce73bac17974371b656b96c1db261
    [2021-10-07T22:43:28Z INFO  pacman_bintrans_sign] Signing package
    [2021-10-07T22:43:28Z INFO  pacman_bintrans_sign] Adding to database
    [2021-10-07T22:43:28Z INFO  pacman_bintrans_sign] Writing signature to folder: "/var/www/html/sigs/akonadi-notes-21.08.2-1-x86_64.pkg.tar.zst.t"
    [2021-10-07T22:43:28Z INFO  pacman_bintrans_sign] Uploading to sigstore
    Created entry at index 744383, available at: https://rekor.sigstore.dev/api/v1/log/entries/d7ddad51302994a7ebdfb64475e408347ec0e81aefea78047207245ec9b8aac8
    [2021-10-07T22:43:29Z INFO  pacman_bintrans_sign] Signing package
    [2021-10-07T22:43:29Z INFO  pacman_bintrans_sign] Adding to database
    [2021-10-07T22:43:29Z INFO  pacman_bintrans_sign] Writing signature to folder: "/var/www/html/sigs/akonadi-search-21.08.2-1-x86_64.pkg.tar.zst.t"
    [2021-10-07T22:43:29Z INFO  pacman_bintrans_sign] Uploading to sigstore
    Created entry at index 744385, available at: https://rekor.sigstore.dev/api/v1/log/entries/3d0b144f8f619cc4640a1b123e98e46cf853b5740279afb279ee7bb899a1461b
    [2021-10-07T22:43:29Z INFO  pacman_bintrans_sign] Signing package
    [2021-10-07T22:43:29Z INFO  pacman_bintrans_sign] Adding to database
    [2021-10-07T22:43:29Z INFO  pacman_bintrans_sign] Writing signature to folder: "/var/www/html/sigs/akonadiconsole-21.08.2-1-x86_64.pkg.tar.zst.t"
    [2021-10-07T22:43:29Z INFO  pacman_bintrans_sign] Uploading to sigstore
    Created entry at index 744387, available at: https://rekor.sigstore.dev/api/v1/log/entries/0c3aff0eee6bf86f139829c1440820704c49af2c582d343363575f3723dbf101
    [2021-10-07T22:43:30Z INFO  pacman_bintrans_sign] Signing package
    [2021-10-07T22:43:30Z INFO  pacman_bintrans_sign] Adding to database
    [2021-10-07T22:43:30Z INFO  pacman_bintrans_sign] Writing signature to folder: "/var/www/html/sigs/akregator-21.08.2-1-x86_64.pkg.tar.zst.t"
    [2021-10-07T22:43:30Z INFO  pacman_bintrans_sign] Uploading to sigstore
    Created entry at index 744389, available at: https://rekor.sigstore.dev/api/v1/log/entries/9b06b7b08a53b7a197150925828f928743c06b25e6d8eef0570f638482bbb9a3
    [2021-10-07T22:43:31Z INFO  pacman_bintrans_sign] Signing package
    [2021-10-07T22:43:31Z INFO  pacman_bintrans_sign] Adding to database
    [2021-10-07T22:43:31Z INFO  pacman_bintrans_sign] Writing signature to folder: "/var/www/html/sigs/alacarte-3.36.0+2+gae6b92d-2-any.pkg.tar.zst.t"
    [2021-10-07T22:43:31Z INFO  pacman_bintrans_sign] Uploading to sigstore
    Created entry at index 744391, available at: https://rekor.sigstore.dev/api/v1/log/entries/0ed5244468cdeb0a609818fa83846f7ccd10f9d544a07caf6b5347e6137ff6ac
    [2021-10-07T22:43:31Z INFO  pacman_bintrans_sign] Signing package
    [2021-10-07T22:43:31Z INFO  pacman_bintrans_sign] Adding to database
    [2021-10-07T22:43:31Z INFO  pacman_bintrans_sign] Writing signature to folder: "/var/www/html/sigs/alertmanager-0.23.0-2-x86_64.pkg.tar.zst.t"
    [2021-10-07T22:43:31Z INFO  pacman_bintrans_sign] Uploading to sigstore
    Created entry at index 744393, available at: https://rekor.sigstore.dev/api/v1/log/entries/1b018e728bcb3618b6f59815b14f44a3432c6cfe95bffe2361de62cc7213a058
    [2021-10-07T22:43:32Z INFO  pacman_bintrans_sign] Signing package
    [2021-10-07T22:43:32Z INFO  pacman_bintrans_sign] Adding to database
    [2021-10-07T22:43:32Z INFO  pacman_bintrans_sign] Writing signature to folder: "/var/www/html/sigs/alsa-card-profiles-1:0.3.38-1-x86_64.pkg.tar.zst.t"
    [2021-10-07T22:43:32Z INFO  pacman_bintrans_sign] Uploading to sigstore
    Created entry at index 744395, available at: https://rekor.sigstore.dev/api/v1/log/entries/a43383dd5014b3769b43c9b76bd4a2d9eea40f3d3282929ba9a3b321ea5a6036
    [2021-10-07T22:43:33Z INFO  pacman_bintrans_sign] Signing package
    [2021-10-07T22:43:33Z INFO  pacman_bintrans_sign] Adding to database
    [2021-10-07T22:43:33Z INFO  pacman_bintrans_sign] Writing signature to folder: "/var/www/html/sigs/alsa-firmware-1.2.4-2-any.pkg.tar.zst.t"
    [2021-10-07T22:43:33Z INFO  pacman_bintrans_sign] Uploading to sigstore
    Created entry at index 744397, available at: https://rekor.sigstore.dev/api/v1/log/entries/8d6962f7674470a63c606b7feed32decf0eb97064590d09c1d7655be876894eb
    [2021-10-07T22:43:34Z INFO  pacman_bintrans_sign] Signing package
    [2021-10-07T22:43:34Z INFO  pacman_bintrans_sign] Adding to database
    [2021-10-07T22:43:34Z INFO  pacman_bintrans_sign] Writing signature to folder: "/var/www/html/sigs/alsa-lib-1.2.5.1-3-x86_64.pkg.tar.zst.t"
    [2021-10-07T22:43:34Z INFO  pacman_bintrans_sign] Uploading to sigstore
    Created entry at index 744399, available at: https://rekor.sigstore.dev/api/v1/log/entries/f07e2d1d8cbf3391b17e48a356dde6df3d2c247a3d13c869e3ca4671db44df68
    [2021-10-07T22:43:34Z INFO  pacman_bintrans_sign] Signing package
    [2021-10-07T22:43:34Z INFO  pacman_bintrans_sign] Adding to database
    [2021-10-07T22:43:34Z INFO  pacman_bintrans_sign] Writing signature to folder: "/var/www/html/sigs/alsa-oss-1.1.8-3-x86_64.pkg.tar.zst.t"
    [2021-10-07T22:43:34Z INFO  pacman_bintrans_sign] Uploading to sigstore
    ^C
    
    opened by kpcyrd 0
Releases(v0.4.0)
Owner
Independent security research. Works on backdoor-resistant software distribution. Maintains packages in Arch Linux, Debian, Alpine. Steals food at conferences.
null
An implementation of the append-only log described in the Certificate Transparency specification (RFC 6962)

CT Merkle This is an implementation of the append-only log described in the Certificate Transparency specification (RFC 6962). The log is a Merkle tre

Michael Rosenberg 30 Dec 2, 2022
EXPERIMENTAL: Bitcoin Core Prometheus exporter based on User-Space, Statically Defined Tracing and eBPF.

bitcoind-observer An experimental Prometheus metric exporter for Bitcoin Core based on Userspace, Statically Defined Tracing and eBPF. This demo is ba

0xB10C 24 Nov 8, 2022
An experimental rust zksnarks compiler with embeeded bellman-bn128 prover

Za! An experimental port of the circom zk-SNARK compiler in Rust with embedded bellman-bn128 prover. I created it as a PoC port of the existing JavaSc

adria0.eth 39 Aug 26, 2022
Rust implementation of the Matter protocol. Status: Experimental

matter-rs: The Rust Implementation of Matter Build Building the library: $ cd matter $ cargo build Building the example: $ cd matter $ RUST_LOG="matt

Connectivity Standards Alliance 12 Jan 5, 2023
Write Extism plugins in JavaScript (Experimental)

Extism JavaScript PDK Note: This is very experimental. If you are interested in helping or following development, join the #js-pdk room in our discord

Extism 6 Jan 18, 2023
Avalanche primitive types in Rust (experimental)

AvalancheGo Compatibility Crate Version(s) AvalancheGo Version(s) Protocol Version v0.0.134-155 v1.9.2,v1.9.3 19 v0.0.156-176 v1.9.4 20 v0.0.177-200 v

Ava Labs 26 Feb 4, 2023
An experimental fork of a16z's Helios Ethereum client which can run its network traffic over the Nym mixnet

Helios (Nym mixnet fork) Helios is a fully trustless, efficient, and portable Ethereum light client written in Rust. This fork of Helios includes nasc

Nym 4 Mar 3, 2023
Briolette is an experimental framework for researching offline digital currency designs.

Briolette - experimental framework for offline-enabled digital currency Briolette is an experimental framework for researching offline digital currenc

Google 39 Apr 9, 2023
experimental package manager for node.js

pacquet Experimental package manager for node.js written in rust. Disclaimer: This is mostly a playground for me to learn Rust and understand how pack

pnpm 349 Aug 22, 2023
CosmOS - experimental operating system written in Rust.

CosmOS A simple operating system written in Rust. Table of Contents CosmOS Setup QEMU Run OS dev resources General Bootloader Setup Linux Arch pacman

COSMO PK Group 11 Oct 7, 2023
A Rust binary for file encryption to multiple participants.

Kaspa-miner A Rust binary for file encryption to multiple participants. Installation From Sources With Rust's package manager cargo, you can install k

Elichai Turkel 31 Dec 30, 2022
Rust implementation of the Binary Canonical Serialization (BCS) format

Binary Canonical Serialization (BCS) BCS (formerly "Libra Canonical Serialization" or LCS) is a serialization format developed in the context of the D

Zefchain Labs 4 Nov 13, 2022
📦+🦀=♥️ A tool that helps wrap binary releases for easy distribution

Rustwrap A tool that helps wrap binary releases for easy distribution. Currently supporting: npm - npm install -g your-tool will make your binary your

Rusty Ferris Club 7 Dec 15, 2022
Multi-tenant Nix Binary Cache

Attic Attic is a self-hostable Nix Binary Cache server backed by an S3-compatible storage provider. It has support for global deduplication and garbag

Zhaofeng Li 189 Feb 5, 2023
IBC modules and relayer - Formal specifications and Rust implementation

ibc-rs Rust implementation of the Inter-Blockchain Communication (IBC) protocol. This project comprises primarily four crates: The ibc crate defines t

Informal Systems 296 Dec 31, 2022
Diem’s mission is to build a trusted and innovative financial network that empowers people and businesses around the world.

Note to readers: On December 1, 2020, the Libra Association was renamed to Diem Association. The project repos are in the process of being migrated. A

Diem 16.7k Jan 8, 2023
Fast and efficient ed25519 signing and verification in Rust.

ed25519-dalek Fast and efficient Rust implementation of ed25519 key generation, signing, and verification in Rust. Documentation Documentation is avai

dalek cryptography 563 Dec 26, 2022
A safe implementation of the secure remote password authentication and key-exchange protocol (SRP), SRP6a and legacy are as features available.

Secure Remote Password (SRP 6 / 6a) A safe implementation of the secure remote password authentication and key-exchange protocol (SRP version 6a). Ver

Sven Assmann 10 Nov 3, 2022
Retrieving SSH and GPS keys from GitHub and GitLab

Dormarch Retrieving SSH and GPS keys from GitHub and GitLab Usage After having installed Dormarch, you can see all the options with dormarch -h. To re

Riccardo Padovani 2 Dec 24, 2021