Expand description
Pinned-root trust model for the registry index (audit C1).
The registry index is the system’s trust root: it names artifact URLs,
checksums, detached signatures, and the public keys that verify those
signatures. If the index itself is unauthenticated, an attacker who controls
the index (MITM on a plaintext URL, a malicious $VANTA_REGISTRY, a
compromised mirror) can supply their own keypair and sign malicious bytes —
signature verification then provides zero protection.
This module implements a minimal but real pinned-root model:
- A small set of root public keys is pinned out-of-band — compiled in
(
COMPILED_IN_ROOT_KEYS) and/or loaded from the user-owned trusted config at<trust_dir>/roots.toml(load_root_keys). Roots are never sourced from the fetched index. - A fetched index must carry a detached signature that
index_signed_by_rootverifies against one of the pinned roots before its entries are trusted. - A per-artifact signing key (carried in the index) is only trusted if the
index that carried it was itself verified against a pinned root
(transitive trust), or that key is itself in the pinned set
(
artifact_key_is_trusted). Otherwise it is treated as unverified.
Verification is fail-closed throughout: any parse/length/scheme failure denies trust rather than granting it.
Constants§
- COMPILED_
IN_ ROOT_ KEYS - Compiled-in trusted root public keys (minisign format, one full key text per
entry — the same shape minisign writes, including the
untrusted comment:line).
Functions§
- artifact_
key_ is_ trusted - Whether a per-artifact signing key (carried by the index) may be trusted.
- index_
signed_ by_ root - Whether
index_bytescarries a detachedsignatureproduced by one of the pinnedroots. Tries every root and returnstrueon the first that verifies; returnsfalseif none do (including whenrootsis empty). - load_
root_ keys - Load the set of pinned root public-key texts: the compiled-in roots plus any
the operator placed in the user-owned
<trust_dir>/roots.toml. These are the only keys ever trusted to authenticate an index; they are never read from a fetched index.