Stage374 extends Stage373 by performing real Sigstore signing and Rekor transparency-log inclusion verification for the Stage373 final-acceptance attestation.
Stage373 created a canonical attestation that binds:
- Stage372 result SHA256
- Stage372 manifest SHA256
- Stage372 binding SHA256
- Stage373 attestation SHA256
Stage374 moves from preparation to production verification.
It:
- re-hashes the Stage373 attestation
- uses GitHub Actions OIDC
- signs the attestation with Cosign
- generates a Sigstore bundle
- verifies the signed blob
- verifies the expected workflow identity
- verifies the GitHub Actions OIDC issuer
- verifies transparency-log inclusion through Cosign
- creates safe execution and Rekor receipts
- sets
external_transparency_bound: trueonly after complete verification
Before the GitHub Actions workflow is run:
decision: production_execution_pendingexternal_transparency_bound: falsestage372_final_acceptance: false
This is the correct safe initial state.
Because Stage372 remains:
decision: final_acceptance_pendingtimestamp_verified: false
a successful Stage374 external verification produces:
decision: pending_state_transparency_boundexternal_transparency_bound: truestage372_final_acceptance: false
Stage374 does not convert Stage372 pending status into timestamp verification.
The production workflow uses:
contents: readid-token: write- Cosign v3.1.1
- fixed target path
- fixed workflow identity
- fixed OIDC issuer
- no repository write permission
https://github.com/mokkunsuzuki-code/stage374/.github/workflows/stage374-production-sigstore.yml@refs/heads/main
https://token.actions.githubusercontent.com
docs/sigstore-production/stage374_production_sigstore_input.jsondocs/sigstore-production/stage374_cosign_execution_receipt.jsondocs/sigstore-production/stage374_rekor_inclusion_receipt.jsondocs/sigstore-production/stage373_attestation.sigstore.bundle.jsondocs/sigstore-production/stage374_production_external_binding_result.jsondocs/sigstore-production/stage374_production_external_binding_summary.txt
The bundle and successful receipts are published only after downloading and validating the GitHub Actions artifact.
Stage374 does not publish:
- private keys
- OIDC tokens
- GitHub tokens
- access tokens
- API keys
- raw QKD key material
- raw timestamp binaries
- raw environment variables
- browser authentication codes
- free-form shell commands
Stage374 does not perform ML-DSA signing.
Production ML-DSA dual-signature verification and downgrade prevention belong to Stage375.
MIT License.
Stage374 completed real GitHub Actions OIDC signing and external transparency verification.
Current result:
decision: pending_state_transparency_boundexternal_transparency_bound: truestage372_final_acceptance: false- GitHub Actions run:
29295518405 - Cosign version:
3.1.1 - signature verification: successful
- workflow identity verification: successful
- OIDC issuer verification: successful
- Rekor inclusion verification: successful
Stage374 preserves the Stage372 pending state. External transparency binding does not convert the pending timestamp result into final timestamp acceptance.
execute_external_operations: false applies only to the local Python gate.
External operations are:
- disabled in the local gate
- authorized only in the fixed GitHub Actions workflow
- executed through GitHub Actions OIDC
- recorded through public, secret-free verification receipts
The Stage374 GitHub Actions workflow extracts public Rekor details from the Sigstore bundle, including:
- Rekor log ID
- Rekor log index
- integrated time
- inclusion-proof root hash
- inclusion-proof tree size
- Signed Entry Timestamp SHA256
entry_uuid is not invented when it is not present in the Sigstore bundle.