Available project release gittuf 0.4, which is developing a hierarchical system for verifying the contents of Git repositories, allowing to minimize risks in the situation of compromise of individual developers with access to the repository. Gittuf provides an additional layer of security to Git and a set of utilities for managing the keys of all developers who have access to the repository, and setting rules for accessing branches, tags and individual files. The project code is written in Go and distributed by licensed under Apache 2.0. The project is at the stage active development and is of alpha release quality, suitable for experimentation, but not yet ready for production implementation.
Information and artifacts that provide additional verification of changes are stored in the Git object store in a separate gittuf-specific namespace, allowing for backward compatibility with existing tools and services, including GitHub and GitLab. When using tools without gittuf support, the repository remains fully accessible, but the ability to extensively verify its integrity is limited. Architecture gittuf is based on proven elements of the framework T.U.F. (The Update Framework), used to protect update generation processes in projects such as Docker, Fuchsia, AGL (Automotive Grade Linux) and PyPI.
Advertisement
The gittuf verification model is based on a hierarchical trust propagation system. The root of trust belongs to the owner of the repository, who can generate keys for development participants and define the rules according to which the generated keys can be used. Gittuf allows you to create flexible granular rules that define the permissions of each developer and the area of u200bu200bthe repository in which he can make changes. For example, a developer may be authorized to create tags, make changes to specific branches, or change only individual files in the repository.
Developers and the changes they make are identified by keys and digital signatures. Gittuf allows you to generate new keys, securely distribute keys, perform periodic key rotation, revoke compromised keys, manage access lists (ACLs) and namespaces in Git repositories. Gittuf also maintains a master log of all changes (RSL – Reference State Log), integrity and protection from retroactive distortion in which is ensured using a tree structure “merkle tree” (Merkle Tree) – each branch verifies all underlying branches and nodes thanks to tree hashing (having the final hash, the user can verify the correctness of the entire history of operations, as well as the correctness of past states).
To verify the digital signatures of commits and tags, the repository owner generates and distributes public keys that are directly associated with the repository. To prevent attackers from promoting changes created after gaining access to the keys for generating digital signatures of individual developers, mechanisms for revoking and replacing keys are used. Keys have a limited lifetime and require constant updating to protect against signing with old keys.
Thanks for reading:
Advertisement