From 35eb21f6d1bb561652d591b287954fbacf919616 Mon Sep 17 00:00:00 2001 From: Ivan Font Date: Tue, 17 Sep 2024 17:16:45 -0700 Subject: [PATCH 1/8] Update to support Sigstore sign via CLI Signed-off-by: Ivan Font --- src/sign.py | 27 ++++++++++++++++++++------- 1 file changed, 20 insertions(+), 7 deletions(-) diff --git a/src/sign.py b/src/sign.py index ec1ae946..36521e96 100644 --- a/src/sign.py +++ b/src/sign.py @@ -28,6 +28,7 @@ from model_signing.signature import signing from model_signing.signing import in_toto from model_signing.signing import in_toto_signature +from model_signing.signing import sigstore log = logging.getLogger(__name__) @@ -54,7 +55,7 @@ def _arguments() -> argparse.Namespace: method_cmd = parser.add_subparsers( required=True, dest="method", - help="method to sign the model: [pki, private-key, skip]", + help="method to sign the model: [pki, private-key, sigstore, skip]", ) # PKI pki = method_cmd.add_parser("pki") @@ -91,6 +92,16 @@ def _arguments() -> argparse.Namespace: type=pathlib.Path, dest="key_path", ) + # sigstore + sigstore = method_cmd.add_parser("sigstore") + sigstore.add_argument( + "--use_ambient_credentials", + help="use ambient credentials (also known as Workload Identity, default is true)", + required=False, + type=bool, + default=True, + dest="use_ambient_credentials", + ) # skip method_cmd.add_parser("skip") @@ -100,17 +111,21 @@ def _arguments() -> argparse.Namespace: def _get_payload_signer(args: argparse.Namespace) -> signing.Signer: if args.method == "private-key": _check_private_key_options(args) - return key.ECKeySigner.from_path(private_key_path=args.key_path) + payload_signer = key.ECKeySigner.from_path(private_key_path=args.key_path) + return in_toto_signature.IntotoSigner(payload_signer) elif args.method == "pki": _check_pki_options(args) - return pki.PKISigner.from_path( + payload_signer = pki.PKISigner.from_path( args.key_path, args.signing_cert_path, args.cert_chain_path ) + return in_toto_signature.IntotoSigner(payload_signer) + elif args.method == "sigstore": + return sigstore.SigstoreDSSESigner(use_ambient_credentials=args.use_ambient_credentials) elif args.method == "skip": return fake.FakeSigner() else: log.error(f"unsupported signing method {args.method}") - log.error('supported methods: ["pki", "private-key", "skip"]') + log.error('supported methods: ["pki", "private-key", "sigstore", "skip"]') exit(-1) @@ -133,7 +148,6 @@ def _check_pki_options(args: argparse.Namespace): if args.cert_chain_path == "": log.warning("No certificate chain provided") - def main(): logging.basicConfig(level=logging.INFO) args = _arguments() @@ -151,10 +165,9 @@ def hasher_factory(file_path: pathlib.Path) -> file.FileHasher: file_hasher_factory=hasher_factory ) - intoto_signer = in_toto_signature.IntotoSigner(payload_signer) sig = model.sign( model_path=args.model_path, - signer=intoto_signer, + signer=payload_signer, payload_generator=in_toto.DigestsIntotoPayload.from_manifest, serializer=serializer, ignore_paths=[args.sig_out], From b4f09bc4dce1afc8d16505351c4b1e0587dd8c98 Mon Sep 17 00:00:00 2001 From: Ivan Font Date: Thu, 26 Sep 2024 18:21:56 -0700 Subject: [PATCH 2/8] Update to support Sigstore verify via CLI Signed-off-by: Ivan Font --- src/verify.py | 68 ++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 48 insertions(+), 20 deletions(-) diff --git a/src/verify.py b/src/verify.py index 031354bc..1a11e434 100644 --- a/src/verify.py +++ b/src/verify.py @@ -27,6 +27,8 @@ from model_signing.signature import pki from model_signing.signature import verifying from model_signing.signing import in_toto_signature +from model_signing.signing import signing +from model_signing.signing import sigstore log = logging.getLogger(__name__) @@ -51,7 +53,7 @@ def _arguments() -> argparse.Namespace: method_cmd = parser.add_subparsers( required=True, dest="method", - help="method to verify the model: [pki, private-key, skip]", + help="method to verify the model: [pki, private-key, sigstore, skip]", ) # pki subcommand pki = method_cmd.add_parser("pki") @@ -73,11 +75,47 @@ def _arguments() -> argparse.Namespace: type=pathlib.Path, dest="key", ) - + # sigstore subcommand + sigstore = method_cmd.add_parser("sigstore") + sigstore.add_argument( + "--identity", + help="the expected identity of the signer e.g. name@example.com", + required=True, + type=str, + dest="identity", + ) + sigstore.add_argument( + "--identity-provider", + help="the identity provider expected e.g. https://accounts.example.com", + required=True, + type=str, + dest="identity_provider", + ) + # skip subcommand method_cmd.add_parser("skip") return parser.parse_args() +def _get_verifier(args: argparse.Namespace) -> verifying.Verifier: + verifier: verifying.Verifier + if args.method == "private-key": + _check_private_key_flags(args) + verifier = key.ECKeyVerifier.from_path(args.key) + return in_toto_signature.IntotoVerifier(verifier) + elif args.method == "pki": + _check_pki_flags(args) + verifier = pki.PKIVerifier.from_paths(args.root_certs) + return in_toto_signature.IntotoVerifier(verifier) + elif args.method == "sigstore": + return sigstore.SigstoreDSSEVerifier(identity=args.identity, + oidc_issuer=args.identity_provider) + elif args.method == "skip": + return fake.FakeVerifier() + else: + log.error(f"unsupported verification method {args.method}") + log.error('supported methods: ["pki", "private-key", "sigstore", "skip"]') + exit(-1) + def _check_private_key_flags(args: argparse.Namespace): if args.key == "": @@ -89,29 +127,21 @@ def _check_pki_flags(args: argparse.Namespace): if not args.root_certs: log.warning("no root of trust is set using system default") +def _get_signature(args: argparse.Namespace) -> signing.Signature: + if args.method == "sigstore": + return sigstore.SigstoreSignature.read(args.sig_path) + else: + return in_toto_signature.IntotoSignature.read(args.sig_path) def main(): logging.basicConfig(level=logging.INFO) args = _arguments() - verifier: verifying.Verifier log.info(f"Creating verifier for {args.method}") - if args.method == "private-key": - _check_private_key_flags(args) - verifier = key.ECKeyVerifier.from_path(args.key) - elif args.method == "pki": - _check_pki_flags(args) - verifier = pki.PKIVerifier.from_paths(args.root_certs) - elif args.method == "skip": - verifier = fake.FakeVerifier() - else: - log.error(f"unsupported verification method {args.method}") - log.error('supported methods: ["pki", "private-key", "skip"]') - exit(-1) - + verifier = _get_verifier(args) log.info(f"Verifying model signature from {args.sig_path}") - sig = in_toto_signature.IntotoSignature.read(args.sig_path) + sig = _get_signature(args) def hasher_factory(file_path: pathlib.Path) -> file.FileHasher: return file.SimpleFileHasher( @@ -122,12 +152,10 @@ def hasher_factory(file_path: pathlib.Path) -> file.FileHasher: file_hasher_factory=hasher_factory ) - intoto_verifier = in_toto_signature.IntotoVerifier(verifier) - try: model.verify( sig=sig, - verifier=intoto_verifier, + verifier=verifier, model_path=args.model_path, serializer=serializer, ignore_paths=[args.sig_path], From 6be059ee654d890be0379b5da425e8e8c9d88296 Mon Sep 17 00:00:00 2001 From: Ivan Font Date: Wed, 2 Oct 2024 17:53:47 -0700 Subject: [PATCH 3/8] Update docs for Sigstore sign/verify CLI Signed-off-by: Ivan Font --- README.model_signing.md | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/README.model_signing.md b/README.model_signing.md index 12f0543c..b9ec823a 100644 --- a/README.model_signing.md +++ b/README.model_signing.md @@ -29,6 +29,7 @@ are supported: * Bring your own key pair * Bring your own PKI +- Keyless signing using Sigstore with Fulcio root * Skip signing (only hash and create a bundle) The signing part creates a [sigstore bundle](https://github.com/sigstore/protobuf-specs/blob/main/protos/sigstore_bundle.proto) @@ -68,13 +69,13 @@ $ source .venv/bin/activate ## Sign ```bash -(.venv) $ python3 sign.py --model_path ${MODEL_PATH} --sig_out ${OUTPUT_PATH} --method {private-key, pki} {additional parameters depending on method} +(.venv) $ python3 sign.py --model_path ${MODEL_PATH} --sig_out ${OUTPUT_PATH} --method {private-key, pki, sigstore} {additional parameters depending on method} ``` ## Verify ```bash -(.venv) $ python3 verify.py --model_path ${MODEL_PATH} --method {private-key, pki} {additional parameters depending on method} +(.venv) $ python3 verify.py --model_path ${MODEL_PATH} --sig_path ${SIG_PATH} --method {private-key, pki, sigstore} {additional parameters depending on method} ``` ### Examples @@ -122,9 +123,21 @@ $ ROOT_CERTS='/path/to/root/certs' ... ``` -## Sigstore ID providers +#### Keyless signing using Sigstore -For developers signing models, there are three identity providers that can +```bash +$ MODEL_PATH='/path/to/your/model' +# SIGN +(.venv) $ python3 sign.py --model_path ${MODEL_PATH} --method sigstore +... +#VERIFY +(.venv) $ python3 verify.py --model_path ${MODEL_PATH} --sig_path ./model.sig --method sigstore --identity name@example.com --identity-provider https://accounts.example.com +... +``` + +### Sigstore ID providers + +For developers signing models with Sigstore, there are three identity providers that can be used at the moment: * Google's provider is `https://accounts.google.com`. From 6196cbf3ca5fc4681a2449fe7bb9fdebbddce645 Mon Sep 17 00:00:00 2001 From: Ivan Font Date: Wed, 2 Oct 2024 18:04:43 -0700 Subject: [PATCH 4/8] Update doc to reflect latest CLI changes Signed-off-by: Ivan Font --- README.model_signing.md | 48 ++++++++++++++++++++++++++--------------- 1 file changed, 31 insertions(+), 17 deletions(-) diff --git a/README.model_signing.md b/README.model_signing.md index b9ec823a..561cfc04 100644 --- a/README.model_signing.md +++ b/README.model_signing.md @@ -69,7 +69,7 @@ $ source .venv/bin/activate ## Sign ```bash -(.venv) $ python3 sign.py --model_path ${MODEL_PATH} --sig_out ${OUTPUT_PATH} --method {private-key, pki, sigstore} {additional parameters depending on method} +(.venv) $ python3 sign.py --model_path ${MODEL_PATH} --sig_out ${SIG_PATH} --method {private-key, pki, sigstore} {additional parameters depending on method} ``` ## Verify @@ -84,14 +84,15 @@ $ source .venv/bin/activate ```bash $ MODEL_PATH='/path/to/your/model' +$ SIG_PATH='./model.sig' $ openssl ecparam -name secp256k1 -genkey -noout -out ec-secp256k1-priv-key.pem $ openssl ec -in ec-secp256k1-priv-key.pem -pubout > ec-secp256k1-pub-key.pem $ source .venv/bin/activate # SIGN -(.venv) $ python3 sign_model.py --model_path ${MODEL_PATH} --method private-key --private-key ec-secp256k1-priv-key.pem +(.venv) $ python3 sign.py --model_path ${MODEL_PATH} --sig_out ${SIG_PATH} --method private-key --private-key ec-secp256k1-priv-key.pem ... #VERIFY -(.venv) $ python3 verify_model.py --model_path ${MODEL_PATH} --method private-key --public-key ec-secp256k1-pub-key.pem +(.venv) $ python3 verify.py --model_path ${MODEL_PATH} --sig_path ${SIG_PATH} --method private-key --public-key ec-secp256k1-pub-key.pem ... ``` @@ -105,11 +106,13 @@ In order to sign a model with your own PKI you need to create the following info ```bash $ MODEL_PATH='/path/to/your/model' +$ SIG_PATH='./model.sig' $ CERT_CHAIN='/path/to/cert_chain' $ SIGNING_CERT='/path/to/signing_certificate' $ PRIVATE_KEY='/path/to/private_key' # SIGN -(.venv) $ python3 sign_model.py --model_path ${MODEL_PATH} \ +(.venv) $ python3 sign.py --model_path ${MODEL_PATH} \ + --sig_path ${SIG_PATH} \ --method pki \ --private-key ${PRIVATE_KEY} \ --signing_cert ${SIGNING_CERT} \ @@ -117,9 +120,10 @@ $ PRIVATE_KEY='/path/to/private_key' ... #VERIFY $ ROOT_CERTS='/path/to/root/certs' -(.venv) $ python3 verify_model.py --model_path ${MODEL_PATH} \ - --method pki \ - --root_certs ${ROOT_CERTS} +(.venv) $ python3 verify.py --model_path ${MODEL_PATH} \ + --sig_path ${SIG_PATH} \ + --method pki \ + --root_certs ${ROOT_CERTS} ... ``` @@ -164,11 +168,13 @@ stored in TFHub, run the following commands: ```bash model_path=bertseq2seq +sig_path=model.sig wget "https://tfhub.dev/google/bertseq2seq/bert24_en_de/1?tf-hub-format=compressed" -O "${model_path}".tgz mkdir -p "${model_path}" cd "${model_path}" && tar xvzf ../"${model_path}".tgz && rm ../"${model_path}".tgz && cd - -python3 main.py sign --path "${model_path}" -python3 main.py verify --path "${model_path}" \ +python3 sign.py --model_path "${model_path}" --method sigstore +python3 verify.py --model_path "${model_path}" --sig_path ${sig_path} \ + --method sigstore \ --identity-provider https://accounts.google.com \ --identity myemail@gmail.com ``` @@ -186,9 +192,11 @@ After this, we can sign and verify a Bert base model: ```bash model_name=bert-base-uncased model_path="${model_name}" +sig_path=model.sig git clone --depth=1 "https://huggingface.co/${model_name}" && rm -rf "${model_name}"/.git -python3 main.py sign --path "${model_path}" -python3 main.py verify --path "${model_path}" \ +python3 sign.py --model_path "${model_path}" +python3 verify.py --model_path "${model_path}" --sig_path ${sig_path} \ + --method sigstore \ --identity-provider https://accounts.google.com \ --identity myemail@gmail.com ``` @@ -198,9 +206,11 @@ Similarly, we can sign and verify a Falcon model: ```bash model_name=tiiuae/falcon-7b model_path=$(echo "${model_name}" | cut -d/ -f2) +sig_path=model.sig git clone --depth=1 "https://huggingface.co/${model_name}" && rm -rf "${model_name}"/.git -python3 main.py sign --path "${model_path}" -python3 main.py verify --path "${model_path}" \ +python3 sign.py --model_path "${model_path}" +python3 verify.py --model_path "${model_path}" --sig_path ${sig_path} \ + --method sigstore \ --identity-provider https://accounts.google.com \ --identity myemail@gmail.com ``` @@ -210,11 +220,13 @@ We can also support models from the PyTorch Hub: ```bash model_name=hustvl/YOLOP model_path=$(echo "${model_name}" | cut -d/ -f2) +sig_path=model.sig wget "https://github.com/${model_name}/archive/main.zip" -O "${model_path}".zip mkdir -p "${model_path}" cd "${model_path}" && unzip ../"${model_path}".zip && rm ../"${model_path}".zip && shopt -s dotglob && mv YOLOP-main/* . && shopt -u dotglob && rmdir YOLOP-main/ && cd - -python3 main.py sign --path "${model_path}" -python3 main.py verify --path "${model_path}" \ +python3 sign.py --model_path "${model_path}" +python3 verify.py --model_path "${model_path}" --sig_path ${sig_path} \ + --method sigstore \ --identity-provider https://accounts.google.com \ --identity myemail@gmail.com ``` @@ -224,9 +236,11 @@ We also support ONNX models, for example Roberta: ```bash model_name=roberta-base-11 model_path="${model_name}.onnx" +sig_path=model.sig wget "https://github.com/onnx/models/raw/main/text/machine_comprehension/roberta/model/${model_name}.onnx" -python3 main.py sign --path "${model_path}" -python3 main.py verify --path "${model_path}" \ +python3 sign.py --model_path "${model_path}" +python3 verify.py --model_path "${model_path}" --sig_path ${sig_path} \ + --method sigstore \ --identity-provider https://accounts.google.com \ --identity myemail@gmail.com ``` From 0bb59aa04579d8264c87cb9c159d9750467daa4f Mon Sep 17 00:00:00 2001 From: Ivan Font Date: Thu, 3 Oct 2024 18:35:00 -0700 Subject: [PATCH 5/8] Fix sign.py lint errors Signed-off-by: Ivan Font --- src/sign.py | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/src/sign.py b/src/sign.py index 36521e96..aac347d3 100644 --- a/src/sign.py +++ b/src/sign.py @@ -96,7 +96,8 @@ def _arguments() -> argparse.Namespace: sigstore = method_cmd.add_parser("sigstore") sigstore.add_argument( "--use_ambient_credentials", - help="use ambient credentials (also known as Workload Identity, default is true)", + help="use ambient credentials (also known as Workload Identity," + + "default is true)", required=False, type=bool, default=True, @@ -111,7 +112,8 @@ def _arguments() -> argparse.Namespace: def _get_payload_signer(args: argparse.Namespace) -> signing.Signer: if args.method == "private-key": _check_private_key_options(args) - payload_signer = key.ECKeySigner.from_path(private_key_path=args.key_path) + payload_signer = key.ECKeySigner.from_path( + private_key_path=args.key_path) return in_toto_signature.IntotoSigner(payload_signer) elif args.method == "pki": _check_pki_options(args) @@ -120,12 +122,14 @@ def _get_payload_signer(args: argparse.Namespace) -> signing.Signer: ) return in_toto_signature.IntotoSigner(payload_signer) elif args.method == "sigstore": - return sigstore.SigstoreDSSESigner(use_ambient_credentials=args.use_ambient_credentials) + return sigstore.SigstoreDSSESigner( + use_ambient_credentials=args.use_ambient_credentials) elif args.method == "skip": return fake.FakeSigner() else: log.error(f"unsupported signing method {args.method}") - log.error('supported methods: ["pki", "private-key", "sigstore", "skip"]') + log.error('supported methods: ["pki", "private-key", "sigstore", ' + + '"skip"]') exit(-1) From 42c136a3eaa7ba9d720001ef2da14eac079e7737 Mon Sep 17 00:00:00 2001 From: Ivan Font Date: Thu, 3 Oct 2024 18:35:09 -0700 Subject: [PATCH 6/8] Fix verify.py lint errors Signed-off-by: Ivan Font --- src/verify.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/verify.py b/src/verify.py index 1a11e434..70b5e59f 100644 --- a/src/verify.py +++ b/src/verify.py @@ -113,7 +113,8 @@ def _get_verifier(args: argparse.Namespace) -> verifying.Verifier: return fake.FakeVerifier() else: log.error(f"unsupported verification method {args.method}") - log.error('supported methods: ["pki", "private-key", "sigstore", "skip"]') + log.error('supported methods: ["pki", "private-key", "sigstore", ' + + '"skip"]') exit(-1) From 6fb0931d534adb4e786c010243ff7e629b270302 Mon Sep 17 00:00:00 2001 From: Ivan Font Date: Thu, 3 Oct 2024 18:35:25 -0700 Subject: [PATCH 7/8] Remvoe --method option from doc for required arg Signed-off-by: Ivan Font --- README.model_signing.md | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/README.model_signing.md b/README.model_signing.md index 561cfc04..86f4bac2 100644 --- a/README.model_signing.md +++ b/README.model_signing.md @@ -69,13 +69,13 @@ $ source .venv/bin/activate ## Sign ```bash -(.venv) $ python3 sign.py --model_path ${MODEL_PATH} --sig_out ${SIG_PATH} --method {private-key, pki, sigstore} {additional parameters depending on method} +(.venv) $ python3 sign.py --model_path ${MODEL_PATH} --sig_out ${SIG_PATH} {private-key, pki, sigstore} {additional parameters depending on method} ``` ## Verify ```bash -(.venv) $ python3 verify.py --model_path ${MODEL_PATH} --sig_path ${SIG_PATH} --method {private-key, pki, sigstore} {additional parameters depending on method} +(.venv) $ python3 verify.py --model_path ${MODEL_PATH} --sig_path ${SIG_PATH} {private-key, pki, sigstore} {additional parameters depending on method} ``` ### Examples @@ -89,10 +89,10 @@ $ openssl ecparam -name secp256k1 -genkey -noout -out ec-secp256k1-priv-key.pem $ openssl ec -in ec-secp256k1-priv-key.pem -pubout > ec-secp256k1-pub-key.pem $ source .venv/bin/activate # SIGN -(.venv) $ python3 sign.py --model_path ${MODEL_PATH} --sig_out ${SIG_PATH} --method private-key --private-key ec-secp256k1-priv-key.pem +(.venv) $ python3 sign.py --model_path ${MODEL_PATH} --sig_out ${SIG_PATH} private-key --private-key ec-secp256k1-priv-key.pem ... #VERIFY -(.venv) $ python3 verify.py --model_path ${MODEL_PATH} --sig_path ${SIG_PATH} --method private-key --public-key ec-secp256k1-pub-key.pem +(.venv) $ python3 verify.py --model_path ${MODEL_PATH} --sig_path ${SIG_PATH} private-key --public-key ec-secp256k1-pub-key.pem ... ``` @@ -113,7 +113,7 @@ $ PRIVATE_KEY='/path/to/private_key' # SIGN (.venv) $ python3 sign.py --model_path ${MODEL_PATH} \ --sig_path ${SIG_PATH} \ - --method pki \ + pki \ --private-key ${PRIVATE_KEY} \ --signing_cert ${SIGNING_CERT} \ [--cert_chain ${CERT_CHAIN}] @@ -122,7 +122,7 @@ $ PRIVATE_KEY='/path/to/private_key' $ ROOT_CERTS='/path/to/root/certs' (.venv) $ python3 verify.py --model_path ${MODEL_PATH} \ --sig_path ${SIG_PATH} \ - --method pki \ + pki \ --root_certs ${ROOT_CERTS} ... ``` @@ -132,10 +132,10 @@ $ ROOT_CERTS='/path/to/root/certs' ```bash $ MODEL_PATH='/path/to/your/model' # SIGN -(.venv) $ python3 sign.py --model_path ${MODEL_PATH} --method sigstore +(.venv) $ python3 sign.py --model_path ${MODEL_PATH} sigstore ... #VERIFY -(.venv) $ python3 verify.py --model_path ${MODEL_PATH} --sig_path ./model.sig --method sigstore --identity name@example.com --identity-provider https://accounts.example.com +(.venv) $ python3 verify.py --model_path ${MODEL_PATH} --sig_path ./model.sig sigstore --identity name@example.com --identity-provider https://accounts.example.com ... ``` @@ -172,9 +172,9 @@ sig_path=model.sig wget "https://tfhub.dev/google/bertseq2seq/bert24_en_de/1?tf-hub-format=compressed" -O "${model_path}".tgz mkdir -p "${model_path}" cd "${model_path}" && tar xvzf ../"${model_path}".tgz && rm ../"${model_path}".tgz && cd - -python3 sign.py --model_path "${model_path}" --method sigstore +python3 sign.py --model_path "${model_path}" sigstore python3 verify.py --model_path "${model_path}" --sig_path ${sig_path} \ - --method sigstore \ + sigstore \ --identity-provider https://accounts.google.com \ --identity myemail@gmail.com ``` @@ -196,7 +196,7 @@ sig_path=model.sig git clone --depth=1 "https://huggingface.co/${model_name}" && rm -rf "${model_name}"/.git python3 sign.py --model_path "${model_path}" python3 verify.py --model_path "${model_path}" --sig_path ${sig_path} \ - --method sigstore \ + sigstore \ --identity-provider https://accounts.google.com \ --identity myemail@gmail.com ``` @@ -210,7 +210,7 @@ sig_path=model.sig git clone --depth=1 "https://huggingface.co/${model_name}" && rm -rf "${model_name}"/.git python3 sign.py --model_path "${model_path}" python3 verify.py --model_path "${model_path}" --sig_path ${sig_path} \ - --method sigstore \ + sigstore \ --identity-provider https://accounts.google.com \ --identity myemail@gmail.com ``` @@ -226,7 +226,7 @@ mkdir -p "${model_path}" cd "${model_path}" && unzip ../"${model_path}".zip && rm ../"${model_path}".zip && shopt -s dotglob && mv YOLOP-main/* . && shopt -u dotglob && rmdir YOLOP-main/ && cd - python3 sign.py --model_path "${model_path}" python3 verify.py --model_path "${model_path}" --sig_path ${sig_path} \ - --method sigstore \ + sigstore \ --identity-provider https://accounts.google.com \ --identity myemail@gmail.com ``` @@ -240,7 +240,7 @@ sig_path=model.sig wget "https://github.com/onnx/models/raw/main/text/machine_comprehension/roberta/model/${model_name}.onnx" python3 sign.py --model_path "${model_path}" python3 verify.py --model_path "${model_path}" --sig_path ${sig_path} \ - --method sigstore \ + sigstore \ --identity-provider https://accounts.google.com \ --identity myemail@gmail.com ``` From 68c8c8f7969ee87255e62ac3ae64b99184b366bc Mon Sep 17 00:00:00 2001 From: Ivan Font Date: Fri, 4 Oct 2024 17:27:12 -0700 Subject: [PATCH 8/8] Fix Python type errors Signed-off-by: Ivan Font --- src/sign.py | 16 ++++++++++------ src/verify.py | 17 +++++++++++------ 2 files changed, 21 insertions(+), 12 deletions(-) diff --git a/src/sign.py b/src/sign.py index aac347d3..6236532f 100644 --- a/src/sign.py +++ b/src/sign.py @@ -25,9 +25,9 @@ from model_signing.signature import fake from model_signing.signature import key from model_signing.signature import pki -from model_signing.signature import signing from model_signing.signing import in_toto from model_signing.signing import in_toto_signature +from model_signing.signing import signing from model_signing.signing import sigstore @@ -113,7 +113,8 @@ def _get_payload_signer(args: argparse.Namespace) -> signing.Signer: if args.method == "private-key": _check_private_key_options(args) payload_signer = key.ECKeySigner.from_path( - private_key_path=args.key_path) + private_key_path=args.key_path + ) return in_toto_signature.IntotoSigner(payload_signer) elif args.method == "pki": _check_pki_options(args) @@ -123,13 +124,15 @@ def _get_payload_signer(args: argparse.Namespace) -> signing.Signer: return in_toto_signature.IntotoSigner(payload_signer) elif args.method == "sigstore": return sigstore.SigstoreDSSESigner( - use_ambient_credentials=args.use_ambient_credentials) + use_ambient_credentials=args.use_ambient_credentials + ) elif args.method == "skip": - return fake.FakeSigner() + return in_toto_signature.IntotoSigner(fake.FakeSigner()) else: log.error(f"unsupported signing method {args.method}") - log.error('supported methods: ["pki", "private-key", "sigstore", ' - + '"skip"]') + log.error( + 'supported methods: ["pki", "private-key", "sigstore", "skip"]' + ) exit(-1) @@ -152,6 +155,7 @@ def _check_pki_options(args: argparse.Namespace): if args.cert_chain_path == "": log.warning("No certificate chain provided") + def main(): logging.basicConfig(level=logging.INFO) args = _arguments() diff --git a/src/verify.py b/src/verify.py index 70b5e59f..4a3ffe1d 100644 --- a/src/verify.py +++ b/src/verify.py @@ -96,7 +96,8 @@ def _arguments() -> argparse.Namespace: return parser.parse_args() -def _get_verifier(args: argparse.Namespace) -> verifying.Verifier: + +def _get_verifier(args: argparse.Namespace) -> signing.Verifier: verifier: verifying.Verifier if args.method == "private-key": _check_private_key_flags(args) @@ -107,14 +108,16 @@ def _get_verifier(args: argparse.Namespace) -> verifying.Verifier: verifier = pki.PKIVerifier.from_paths(args.root_certs) return in_toto_signature.IntotoVerifier(verifier) elif args.method == "sigstore": - return sigstore.SigstoreDSSEVerifier(identity=args.identity, - oidc_issuer=args.identity_provider) + return sigstore.SigstoreDSSEVerifier( + identity=args.identity, oidc_issuer=args.identity_provider + ) elif args.method == "skip": - return fake.FakeVerifier() + return in_toto_signature.IntotoVerifier(fake.FakeVerifier()) else: log.error(f"unsupported verification method {args.method}") - log.error('supported methods: ["pki", "private-key", "sigstore", ' - + '"skip"]') + log.error( + 'supported methods: ["pki", "private-key", "sigstore", "skip"]' + ) exit(-1) @@ -128,12 +131,14 @@ def _check_pki_flags(args: argparse.Namespace): if not args.root_certs: log.warning("no root of trust is set using system default") + def _get_signature(args: argparse.Namespace) -> signing.Signature: if args.method == "sigstore": return sigstore.SigstoreSignature.read(args.sig_path) else: return in_toto_signature.IntotoSignature.read(args.sig_path) + def main(): logging.basicConfig(level=logging.INFO) args = _arguments()