Red Hat neGoogle, pamwe nePurdue University, nguva pfupi yapfuura yakazivisa kuvambwa kwechirongwa cheSigstore, ndiani Chinangwa ndechekugadzira maturusi uye masevhisi ekuona software uchishandisa masiginecha edhijitari uye chengetedza ruzhinji rwekunyoresa registry. Iyo purojekiti ichagadziridzwa pasi pesimba reLinux Foundation, sangano risingabatsiri.
Iyo chirongwa chakatsanangurwa wedzera kuchengetedzeka kwenzvimbo dzekuparadzira software uye chengetedza pakurwiswa kwakanangwa kutsiva software yezvinhu uye kutsamira (kupa cheni). Chimwe chezvinhu zvakakosha zvekuchengetedza mune yakavhurika sosi software ndiko kunetseka kwekutarisa kunobva chirongwa uye kuongorora maitiro ekuvaka.
Somuenzaniso, kuongorora kutendeka kweshanduro, mapurojekiti mazhinji anoshandisa hash, Asi kazhinji ruzivo rwunodiwa kuti ruve nechokwadi runochengetwa mune zvisina kuchengetedzwa masystem uye mune akagovaniswa kodhi marekodhi, semhedzisiro yekukanganisa kwevanorwisa vanogona kutsiva mafaera anodikanwa kuti aongororwe uye pasina kumutsa kufungirana, kuunza shanduko yakaipa.
Vashoma chete vemapurojekiti vanoshandisa masiginecha edhijitari kugovera zvinoburitswa nekuda kwekunetseka kweakakosha manejimendi, kugoverwa kwemakiyi eruzhinji uye kubviswa kwekiyi dzakakanganiswa. Kuti ongororo iite zvine musoro, iwe unodawo kuronga nzira yakavimbika uye yakachengeteka yekugovera veruzhinji makiyi uye macheki. Kunyangwe iine siginecha yedhijitari, vashandisi vazhinji vanofuratira ongororo sezvo zvinotora nguva kudzidza maitiro ekuongorora uye nekunzwisisa kuti kiyi ipi inovimbwa.
Nezve Sigstore
Sigstore inosimudzirwa seAke Encrypt analog yekodhi, pejikupa zvitupa zvekusaina kodhi yedhijitari uye maturusi ekugadzirisa ongororo. NeSigstore, vanogadzira vanogona kusaina manhamba ekushandisa-zvine chekuita neshanduro senge kuvhura mafaera, mifananidzo yemidziyo, inoratidza, uye zvinogoneka. Chinhu cheSigstore ndechekuti izvo zvinoshandiswa zvinoshandiswa kusaina zvinoratidzwa mune yeruzhinji rekodhi yakachengetedzwa kubva kushanduko, iyo inogona kushandiswa kuongorora uye kuongorora.
Panzvimbo pemakiyi anogara aripo, Sigstore inoshandisa pfupi-inorarama ephemeral makiyi, Izvo zvinogadzirwa zvichibva pane zvitupa zvinosimbiswa neOpenID Connect vanopa (panguva iyo makiyi edigital siginicha inogadzirwa, anovandudza anoonekwa kuburikidza neOpenID mupi ane email link). Iko kwechokwadi kwemakiyi kunoongororwa kuchipesana neruzhinji rwevanhu rekodhi, zvichikubvumidza kuti uve nechokwadi chekuti munyori wesiginicha ndiye chaiye waanoti ndiye uye kuti siginecha yakaumbwa nemunhu mumwechete anga achitora chikamu chekare.
Sigstore inopa yakagadzirira-kushandisa-sevhisi uye seti yemidziyo iyo inobvumidza iwe kuita zvakafanana masevhisi pakombuta yako. Iyo sevhisi ndeye mahara kune vese vanogadzira software uye vatengesi, uye inoitwa pane isina kwayakagadzika chikuva - iyo Linux Foundation Zvese zvikamu zvebasa ndere rakavhurika sosi, yakanyorwa mumutauro weGo, uye inoparadzirwa pasi peApache 2.0 rezinesi.
Pakati pezvinhu zviri kuvandudzwa, zvinogona kucherechedzwa:
- Rekor: kuiswa kwerejista kuti uchengetedze metadata yakasainwa nenhamba izvo zvinoratidza ruzivo nezve mapurojekiti. Kuvimbisa kutendeseka uye kudzivirirwa pakukanganiswa kwedata, iyo "Muti Merkle" chimiro chemuti chinoshandiswa zvekare, uko rimwe nerimwe bazi rinoongorora tambo dzese uye zviri pasi pezvinhu, nekuda kweiyo hash basa.
- Fulcio (SigStore WebPKI) sisitimu yekugadzira zvitupa zviremera (Root-CA) iyo inoburitsa zvitupa zvipfupi-zvinoenderana nemaemail akasimbiswa kuburikidza neOverID Unganidzo. Hupenyu hwese hwetifiketi maminetsi makumi maviri, panguva iyo musimudziri anofanirwa kuve nenguva yekugadzira siginicha yedhijitari (kana mune ramangwana chitupa chikawira mumaoko eanorwisa, chinopera).
- Сosign (Container Signing) seti yemidziyo yekugadzira masiginecha mumidziyo, chengetedza masiginecha uye isa midziyo yakasainwa muOCI (Open Container Initiative) inowirirana zvinyorwa.
Chekupedzisira, kana iwe uchifarira kuziva zvakawanda nezve chirongwa ichi, unogona kutarisa ruzivo Mune inotevera chinongedzo.