Module Signatures Required - I have questions

[tom886]

I read the announcement in regards of the module signatures will be required and there are some parts I really don't understand.

The Preferences > Security > Allow installation of unsigned modules option will be disabled by default, and a valid CPD identity will be required to enable it.

Who can enable that? User? Can it only be enabled if the module is signed? Is this systemwide or module specific?

We are making this change to stop hacking activities that we have detected affecting some third-party modules, as well as to strengthen the security of PixInsight installations on all platforms.

What does this mean for the end user?
Cannot install a module anymore which is not signed? The 2 modules I have in mind are for example StarNet2 and DeepSNR.
I am not sure whether the author is willing to get these modules signed.

Cheers
Tom

 

[Marcelofig]

I have mine, does this affect the current modules or only future ones? For example, if I have already installed module "A" and it is not signed by its developer, does it mean that from the next version of PI, it will stop working?

And related to the above, it would be good to have a list here of which models are signed and which are not, to know what to expect when the next version of PI is released.

 

[Mike1485]

And related to the above, it would be good to have a list here of which models are signed and which are not, to know what to expect when the next version of PI is released.

I can't speak for other developers but for modules I have released the position is as follows (along with their repository address).

Processes already signed
NarrowbandNormalization (https://www.cosmicphotons.com/pi_modules/narrowbandnormalization/)
ColourMask (https://www.cosmicphotons.com/pi_modules/colourmask/)

Processes that will be signed in next few days (before next PI release)
GeneralisedHyperbolicStretch (https://www.ghsastro.co.uk/updates/)
SolarToolbox (https://www.cosmicphotons.com/pi_modules/solartoolbox/)
Colourise (https://www.cosmicphotons.com/pi_scripts/nbcolourmapper/)

All of my scripts have been signed since script signing was introduced some while back

CS, Mike

 

[Mike1485]

All my modules have now been released with signatures.
CS, Mike

 

[mat_blue]

I read the announcement in regards of the module signatures will be required and there are some parts I really don't understand.

Who can enable that? User? Can it only be enabled if the module is signed? Is this systemwide or module specific?

What does this mean for the end user?
Cannot install a module anymore which is not signed? The 2 modules I have in mind are for example StarNet2 and DeepSNR.
I am not sure whether the author is willing to get these modules signed.

Cheers
Tom

I have the same question. I have three repositories with unsigned scripts that I would not want to do without. Can I get a "valid CPD identity" so I can enable unsigned scripts? Can we get more information about "hacking activities that we have detected affecting some third-party modules"? I appreciate the developers trying to protect us from hackers but we should have the ability to override that if we deem it safe. I am only endangering myself if I use a malicious unsigned script (as far as I can tell). The inability to override this restriction seems to fall into the category of "protecting me from myself", which I don't particularly care for. If I'm wrong about any of the above, please say so.

 

[Juan Conejero]

Hi Tom,

The Preferences > Security > Allow installation of unsigned modules option will be disabled by default, and a valid CPD identity will be required to enable it.

Who can enable that? User? Can it only be enabled if the module is signed? Is this systemwide or module specific?

As we initially designed this security feature, you'd need a valid Certified PixInsight Developer (CPD) identity to enable the Allow installation of unsigned modules option. In other words, only CPDs could enable the installation of unsigned modules on their machines.

However, we are currently considering alternative designs, including the possibility of requiring module signatures on an on-demand basis through dedicated API calls that would make this restriction more relaxed or perhaps unnecessary and allow the use of local code signing identities under certain conditions. At any rate, we'll postpone the release of this feature as necessary until we find an implementation as minimally intrusive as possible.

What does this mean for the end user?
Cannot install a module anymore which is not signed?

Requiring module signatures should have no practical consequences for end users. The primary purpose of these changes is to protect third-party developers from illegal hacking activities, such as the distribution of altered module binaries where license verification code has been modified or removed. Module signatures also guarantee the integrity and authenticity of module binaries on all platforms. These security enhancements are essential for the viability of our development platform in the medium to long term.

The 2 modules I have in mind are for example StarNet2 and DeepSNR.
I am not sure whether the author is willing to get these modules signed.

We have contacted all (known) module developers, including the author of the modules you mentioned, to inform them about these changes. All developers distributing PixInsight modules and scripts should be registered as CPDs; there is no reason to neglect this. Code signing is an essential security feature that no software developer should ignore.

 

[tom886]

Thank you Juan,

This makes it more clear.

Cheers
Tom