attestable-build-tool

command module

v0.0.0-...-8bebe21 Latest Latest Go to latest Published: Apr 12, 2024 License: Apache-2.0 Imports: 21 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/automata-network/attestable-build-tool

Links

Open Source Insights

README ¶

Attestable Build Tool

About

In the current technological landscape, there's a glaring absence of mechanisms to verify that an executable file has been compiled from a specific source code. This gap poses significant challenges in terms of security, transparency, and trust, as there is no definitive way to prove the authenticity of the compiled software.

To address this issue, we are introducing a method that involves standardizing the compilation process within an enclave environment. An enclave is a protected, isolated area of execution, where code can be run in confidentiality and integrity, safeguarded from potential tampering or unauthorized access.

Architecture

architecture

Usage

Github Runner

Apply for a nitro enclave machine on AWS.
Configure the GitHub runner:
2.1. Settings → Actions → Runners → New self-hosted runner
2.2. Follow the instructions to configure the GitHub Runner
Download the Software Build Attestation Image.
Download the Attestation Build Tool.

Github Action

Create build_attestation.yml under the project's .github/workflow directory

name: Software Build Attestation

on:
  release:
    types: [published]

jobs:
  build:
    permissions: write-all
    runs-on: [self-hosted]
    steps:
    - name: Checkout
      uses: actions/checkout@v2
    - name: Build
      run: |
        attestable-build-tool build -output release.tar -nitro ~/ata-build-rust-latest.eif
    - name: Release
      uses: softprops/action-gh-release@v1
      with:
        files: release.tar

Create the build.json file in the project.

{
	"language": "rust",
	"input": {
		"cmd": "./scripts/build.sh",
		"vendor": "./scripts/vendor.sh"
	},
	"output": {
		"files": [
			"target/release/binary",
		]
	}
}

Enclave Images

rust
go

Contributing

Before You Contribute:

Raise an Issue: If you find a bug or wish to suggest a feature, please open an issue first to discuss it. Detail the bug or feature so we understand your intention.
Pull Requests (PR): Before submitting a PR, ensure:
- Your contribution successfully builds.
- It includes tests, if applicable.