Towards a more secure conda ecosystem
Mamba now implements package signing and verification!
Supply chain security is crucial to the overall security of package managers, which are a major attack vector of information systems. Today, we are pleased to announce that mamba has gained the ability to cryptographically verify package and repository signatures, and includes an implementation of the TUF protocol (The Update Framework). This will be key to securing conda channels across a network of online mirrors.
Trusting package managers
When end-users install software using package managers such as
mamba, they implicitly trust that the content they are downloading is legitimate.
It’s the job of the package manager to offer sufficient guarantees about the authenticity of the content.
Before the support of package signing, Mamba already offered the following guarantees:
- the package checksum is validated against the repository index file,
- checksums of individual files expanded from the tarball are validated.
There is a trust chain between validations:
- repository index metadata serve to validate the tarballs
- tarballs metadata serve to validate the files
To completely secure the content provided by the server, the repository index should also be verified.
Implementing the package index validation
Securing a package manager is a multi-faceted problem to tackle:
- on the one hand, we must naturally secure the connection with the package server
- on the other hand, the server should provide some verifiable proof of the origin of the artifacts (packages’ index and packages)
For the former, the industry standard is SSL/TLS, which guarantees a private and unaltered communication with the package server (e.g. no man-in-the-middle).
For the latter, an asymmetric cryptographic signature of the payloads should be provided. An industry standard for asymmetric cryptography is OpenPGP but unfortunately it does not fully address our use case. Using a single key is still not enough to prevent from a wide range of attacks and building a solution upon PGP would require engineering a complete solution upon a low-level solution.
Asymmetric cryptography means that the key securing the data is split into two parts: the public key and the private/secret one.
It is well known to provide emails encryption but could also be used to guarantee public data validity by producing a signature over data using a private key.
TUF: The Update Framework
TUF was created to define a robust and audited process around cryptographic techniques for package management and supply chain security. It relies on:
- defining multiple roles for responsibility separation and minimized key/role risk
- using a multi-signature trust (using thresholds)
- bringing explicit and implicit revocation (key rotation and expiration)
TUF has been increasingly adopted:
- a prototype has been tested on rubygems
TUF has been implemented in Mamba on both server (mamba, micromamba) and client (quetz) sides to provide the additional security data and perform validation:
What does it change for the end users
You probably want to know how it looks like to use this feature.
Well, it’s totally transparent to the end-user:
We also aim to give informative messages in case of failure. Here in the test suite:
Such informative messages are also available from the command line utilities:
Looking for security at scale
We aim to provide this enhanced security to every users of the conda ecosystem, which means convince standard sources of packages such as conda-forge to rely this new feature to provide package signatures.
For that, we need to create, test, and refine smooth workflows to encourage adoption from maintainers/packagers that may have to sign their artifacts or let servers automatically produce signatures depending on the security model chosen by a project.
It comes with some technical challenges about offline package signing, reproducible builds or synchronization with online CI pipelines.
We are enthusiastic about this feature and we cannot wait to seeing it used by everyone!
The initial development of Mamba by QuantStack was funded by Bloomberg.
Substantial improvements of the micromamba C++ implementation were funded by RoboCorp.
About the author
My name is Adrien Delsalle and I am a scientific software developer at QuantStack, currently working on the mamba stack.