GitHub Community
Assets and digests aren't immutable #161656
Replies: 3 comments 1 reply
-
|
This is an out of topic, but another important fact about Releases now expose digests for release assets is that we can't get digests of assets which were released before the feature was released. gh release view -R aquaproj/aqua v2.51.2 --json assets{
"assets": [
{
"apiUrl": "https://api.github.com/repos/aquaproj/aqua/releases/assets/253664367",
"contentType": "text/plain; charset=utf-8",
"createdAt": "2025-05-11T12:29:13Z",
"digest": null,
"downloadCount": 211,
"id": "RA_kwDOF9Sih84PHpxv",
"label": "",
"name": "aqua_2.51.2_checksums.txt",
"size": 540,
"state": "uploaded",
"updatedAt": "2025-05-11T12:29:14Z",
"url": "https://github.com/aquaproj/aqua/releases/download/v2.51.2/aqua_2.51.2_checksums.txt"
},
Digests are generated at upload time, so it can't be helped. |
Beta Was this translation helpful? Give feedback.
-
|
To ensure reliable asset integrity verification, we should implement unique identifiers for each uploaded asset, regardless of file name, and maintain historical digests for all versions. This approach allows users to accurately verify the integrity of specific asset versions. Additionally, providing secure access to checksums via a dedicated API endpoint will enhance trust in the downloaded files. |
Beta Was this translation helpful? Give feedback.
-
|
To ensure reliable asset integrity verification, we should implement unique identifiers for each uploaded asset, regardless of file name, and maintain historical digests for all versions. This approach allows users to accurately verify the integrity of specific asset versions. Additionally, providing secure access to checksums via a dedicated API endpoint will enhance trust in the downloaded files. |
Beta Was this translation helpful? Give feedback.
-
|
My immediate thought is the XZ backdoor from last year and how it was only activated via modified binaries produced by the attacker in their capacity as maintainer. Building the project from scratch didn't activate the backdoor at all, which bypassed the sort of people who were most likely to catch the backdoor. XZ makes their releases by hand and uploads assets the same way. However, a great many of the most popular projects on GitHub do not do that and instead use GitHub actions to upload binaries, which means they never touch maintainer's computers before being downloaded by users. This means that the only way a backdoor like XZ could be executed is via manually replacing assets that were uploaded by the GitHub actions bot user. GitHub's digests feel like an easy first line of defense against this sort of malice. While I totally get just computing the digest per asset so people can use them as a checksum, I think this is a waste of a potential security feature. It would be nice if GitHub only calculated the hash once per file name per release instead and then if an asset was uploaded that didn't match the hash raised some kind of warning. I know that this raises some flags on its own (for one, it's not nice to treat maintainers as potential attack vectors), but I'm betting almost every project would be okay with this because they're not manually adjusting their release assets once they're made. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Select Topic Area
Product Feedback
Body
Releases now expose digests for release assets
I've confirmed that a digest was changed when I removed an asset and upload a different asset with the same name.
This means we can't verify downloaded assets haven't been altered since publishing.
To verify assets, we need to get checksums by secure way somehow.
What does the above sentence mean?
I think the change log misleads people.
How To Confirm
Digest was
sha256:ffb45e1c366eb95e0da4541dc24e25f80b27d0e4045c30d069799cf1c9451135.{ "assets": [ { "apiUrl": "https://api.github.com/repos/szksh-lab-2/test-github-action/releases/assets/261096875", "contentType": "text/plain", "createdAt": "2025-06-05T02:03:32Z", "digest": "sha256:ffb45e1c366eb95e0da4541dc24e25f80b27d0e4045c30d069799cf1c9451135", "downloadCount": 0, "id": "RA_kwDODTmpTc4PkAWr", "label": "", "name": "aqua_2.51.2_checksums.txt", "size": 540, "state": "uploaded", "updatedAt": "2025-06-05T02:03:33Z", "url": "https://github.com/szksh-lab-2/test-github-action/releases/download/v0.6.0/aqua_2.51.2_checksums.txt" } ] }Digest was changed:
sha256:5891b5b522d5df086d0ff0b110fbd9d21bb4fc7163af34d08286a2e846f6be03{ "assets": [ { "apiUrl": "https://api.github.com/repos/szksh-lab-2/test-github-action/releases/assets/261098286", "contentType": "text/plain", "createdAt": "2025-06-05T02:08:57Z", "digest": "sha256:5891b5b522d5df086d0ff0b110fbd9d21bb4fc7163af34d08286a2e846f6be03", "downloadCount": 0, "id": "RA_kwDODTmpTc4PkAsu", "label": "", "name": "aqua_2.51.2_checksums.txt", "size": 6, "state": "uploaded", "updatedAt": "2025-06-05T02:08:58Z", "url": "https://github.com/szksh-lab-2/test-github-action/releases/download/v0.6.0/aqua_2.51.2_checksums.txt" } ] }Beta Was this translation helpful? Give feedback.
All reactions