You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Several recipes in meta-dstack/ fetch source tarballs over the network during the Yocto build using SRC_URI with HTTP(S) URLs, making the build non-reproducible and vulnerable to supply-chain attacks if the upstream source is compromised.
Root Cause
Three build recipes enable network access during compilation via do_compile[network] = "1":
libnvidia-container: Also uses curl --insecure
dstack-guest: Go dependencies fetched during build
dstack-sysbox: Go dependencies fetched during build
Yocto's default build isolation disables network access during do_compile to ensure reproducibility and supply-chain integrity. When do_compile[network] = "1" is set, dependencies are fetched at build time without the checksum verification that SRC_URI provides in do_fetch.
Attack Path
Attacker compromises a dependency server or performs a MitM attack on the build network
During do_compile, the build fetches Go modules or other dependencies over the network
Fetched dependencies are not checksum-verified (unlike SRC_URI entries in do_fetch)
Malicious code is compiled into the resulting binaries
Affected binaries are included in the dstack guest image
Impact
Supply-chain integrity gap. Dependencies fetched during compilation bypass Yocto's integrity verification. A compromised upstream server or network attacker can inject malicious code into three components: NVIDIA container runtime, dstack guest agent, and sysbox container runtime.
Suggested Fix
Pre-fetch all Go dependencies during do_fetch with checksum verification:
Several recipes in
meta-dstack/fetch source tarballs over the network during the Yocto build usingSRC_URIwith HTTP(S) URLs, making the build non-reproducible and vulnerable to supply-chain attacks if the upstream source is compromised.Root Cause
Three build recipes enable network access during compilation via
do_compile[network] = "1":curl --insecureYocto's default build isolation disables network access during
do_compileto ensure reproducibility and supply-chain integrity. Whendo_compile[network] = "1"is set, dependencies are fetched at build time without the checksum verification thatSRC_URIprovides indo_fetch.Attack Path
do_compile, the build fetches Go modules or other dependencies over the networkSRC_URIentries indo_fetch)Impact
Supply-chain integrity gap. Dependencies fetched during compilation bypass Yocto's integrity verification. A compromised upstream server or network attacker can inject malicious code into three components: NVIDIA container runtime, dstack guest agent, and sysbox container runtime.
Suggested Fix
do_fetchwith checksum verification:go mod vendor) and include the vendor directory in the sourcedo_compile[network] = "1"from all three recipes