Starting with the Python 3.11.0, Python 3.10.7, Python 3.9.14, Python 3.8.14, and Python 3.7.14 releases, CPython release artifacts are additionally signed with Sigstore (in addition to existing GPG signatures).
This page provides guidance on verifying Sigstore signatures as a CPython consumer, and outlines some motivation for using these additional signatures.
Sigstore verification of CPython Releases
Introduction to Sigstore
Sigstore is a new standard for signing, verifying and protecting software. The Sigstore project is a set of tools and services:
- a certificate authority
- a signature transparency log
- multiple ecosystem-specific signing clients (such as https://pypi.org/p/sigstore/)
At a high level, Sigstore uses a certificate authority to tie OpenID Connect (OIDC) identities to ephemeral keys, and uses a transparency log to publish the results of signing events. This eliminates the need for signers to manage private keys. It also allows users to verify signatures based on characteristics of the OIDC identities, such as an email address.
Verifying CPython release artifacts with Sigstore
Verification requires the presence of two files: the release artifact in question and bundled "verification materials" which typically has a file extension of
.sigstore. For example, for the Python 3.11.0 source release, you would download the following files:
$ wget https://www.python.org/ftp/python/3.11.0/Python-3.11.0.tgz $ wget https://www.python.org/ftp/python/3.11.0/Python-3.11.0.tgz.sigstore
These verification materials should exist for all release artifacts, and are listed on the downloads page along with their corresponding artifacts.
Verification additionally requires prior knowledge of the identity of the signer. For CPython releases, these are the email addresses of the release manager for the given release. The release managers for current and upcoming releases are as follows:
|Release||PEP||Release manager||OIDC Issuer|
Finally, verification requires a Sigstore client. Using https://pypi.org/p/sigstore/ is recommended:
To install with additional install-time assurances including hash-checking and version pinning, you can run the following to install from a fully specified requirements file:
$ python -m pip install -r https://raw.githubusercontent.com/sigstore/sigstore-python/main/install/requirements.txt
Alternatively, to install as usual without these assurances:
$ python -m pip install sigstore
Finally, in the directory where you downloaded the release artifact and verification materials, you can run the following:
$ python -m sigstore verify identity \ --bundle Python-3.11.0.tgz.sigstore \ --cert-identity email@example.com \ --cert-oidc-issuer https://accounts.google.com \ Python-3.11.0.tgz
Running this command should result in the output
OK: Python-3.11.0.tgz, which indicates that the signature is valid.
(Note that in addition to verifying the signature and certificate, this command performs an online verification that there is a corresponding entry in the signature transparency log as well. Offline verification is not yet supported)
Any issues with this guide can be reported to https://github.com/sigstore/sigstore-python/issues