Skip to content

Secure distribution pipeline #172

Description

@armoha

There was a tool kiddy in the past to rename my app and its author who could only edit Rust source code and run cargo build xd

In the era full of supply chain attacks, I'd like to make sure my compiler and its distributions are not compromised to protect end users. I think reproducible builds with SHA-256, SHA-512 hashes and GPG signatures would be enough to defend Trusting Trust attacks. Typical non-programmers almost never verify hashes or signatures manually, so publishing on Microsoft Store would be best for them. It seems Microsoft Store is available in China but Microsoft does not operate local server within China so download and browsing would be slow and might experience instable connectivity.

Todo

  • Reproducible builds
    • RIIR C/C++ codes
    • Reproducible PyO3-based Python wheels
    • Use Docker or Podman for Linux
  • SHA-256, SHA-512 hashes
  • GPG signatures
  • Automated verification on Github Actions
  • Publish on Microsoft Store

Scripting language

Python is not designed to be embedded and sandboxed. Embedding Python interpreter as is for executing arbitrary user code would be against Microsoft Store policy.

10.2.2

Your product must not attempt to fundamentally change or extend its described functionality or introduce features or functionality that are in violation of Store Policies through any form of dynamic inclusion of code. Your product should not, for example, download a remote script and subsequently execute that script in a manner that is not consistent with the described functionality

Lua cannot reach out to the filesystem, network, or OS if you strip the entire standard library and expose only your own API functions. It seems that Lua is substantially better for MS Store compliance than Python. Monty looks promising as Python subset without file system and network access, but it's very incomplete for now. (no classes yet)

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions