-
Notifications
You must be signed in to change notification settings - Fork 985
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Invalid attestations supplied during upload: Attestations are only supported when using Trusted Publishing #17312
Comments
Hi, thanks for this issue. This is expected: using Trusted Publishing in this case means publishing from GitHub Actions. See https://docs.pypi.org/trusted-publishers/using-a-publisher/ for an example. |
This is confusing. Why does the documentation show you how to upload attestations manually under the "The manual way" heading if it doesn't work? |
There's no need to be rude. I'm just trying to understand why this doesn't work. |
Not trying to be rude, I really do want to know if you saw it and thought it didn't apply here or missed it entirely. Either we need to tweak the language of the warning to make it more clear, or remove this guide from our user-facing docs if folks are missing the warning. |
I saw the warning. The "easy way" section links to another project describing how to set it up using Github's CI. The warning doesn't say this is required. The "manual way" section looks like a far easier method for signing packages. It gives the impression there's a way to sign the package using attestations without having to tie into a convoluted CI. It seems like it should work because when I use the |
That's not exactly what's happening here: when you run In other words: running that command locally produces an attestation that's signed by your GitHub user identity, but not by the machine identity of a CI process. The latter is what Trusted Publishing uses, and is also a requirement within the current acceptance checks for attestations (since we can verify them against the Trusted Publisher(s) for a project). The "manual way" steps are documented for use in CI; they don't bypass the requirements that the official workflows maintain internally. But I can see how this could be confusing, and I can look at tweaking the docs to make it clearer that the manual steps still fundamentally require Trusted Publishing at the moment. TL;DR: Trusted Publishers are always machine identities, not user identities, so signing an attestation with your email address (as verified by GitHub) doesn't bypass the Trusted Publishing requirement for attestations. |
Thanks for the clarification. That's totally not what I expected when I read the term "Trusted Publisher". As a programmer, I expected the IdP such as Github to be the "publisher" because publishers are colloquially organizations, not machines.
That leads me to wonder why does
I read the prerequisites section, and the way it's worded sounds like a polite request to read some boilerplate ToS and disclaimer documents 99% of people won't bother with. |
In the context of PyPI, a "publisher" is the entity that uploads projects to the index. That can be a user, or it can be a machine process like a GitHub Actions workflow. The "trusted" in "Trusted Publsher" refers to the fact that the publisher provides a verifiable proof of identity instead of needing to be given a user-configured API token.
Under the hood, attestations are a wrapper over Sigstore. Sigstore allows signing with all kinds of identities (including email identities), but PyPI intentionally limits the things it accepts to only things that it can verify. At the present time, that effectively means machine identities that come from Trusted Publishing. I suppose we could cause
This feedback isn't actionable -- disclaimers are simultaneously boring and important. If you could give us something more actionable here (like "I might not have glossed over this if the order was different or the important technical part was more prominent") that would be helpful. |
Describe the bug
I'm following Producing attestations - PyPI Docs, and PyPI won't accept my attestations using Sigstore & Github. According to the guide,
Expected behavior
PyPI should accept my attestations using Sigstore & Github which is a Trusted Publisher.
To Reproduce
Clone my project https://github.com/cpburnz/python-sqlparams, and run the following:
Receive the error:
My Platform
This bug is not platform dependent.
Additional context
N/A
The text was updated successfully, but these errors were encountered: