Several recipes in meta-dstack/ fetch source tarballs over the network during the Yocto build using SRC_URI with HTTP(S) URLs, making the build non-reproducible and vulnerable to supply-chain attacks if the upstream source is compromised.
Root Cause
Three build recipes enable network access during compilation via do_compile[network] = "1":
- libnvidia-container: Also uses
curl --insecure
- dstack-guest: Go dependencies fetched during build
- dstack-sysbox: Go dependencies fetched during build
Yocto's default build isolation disables network access during do_compile to ensure reproducibility and supply-chain integrity. When do_compile[network] = "1" is set, dependencies are fetched at build time without the checksum verification that SRC_URI provides in do_fetch.
Attack Path
- Attacker compromises a dependency server or performs a MitM attack on the build network
- During
do_compile, the build fetches Go modules or other dependencies over the network
- Fetched dependencies are not checksum-verified (unlike
SRC_URI entries in do_fetch)
- Malicious code is compiled into the resulting binaries
- Affected binaries are included in the dstack guest image
Impact
Supply-chain integrity gap. Dependencies fetched during compilation bypass Yocto's integrity verification. A compromised upstream server or network attacker can inject malicious code into three components: NVIDIA container runtime, dstack guest agent, and sysbox container runtime.
Suggested Fix
- Pre-fetch all Go dependencies during
do_fetch with checksum verification:
SRC_URI += "file://vendor.tar.gz"
do_compile:prepend() {
cp -r ${WORKDIR}/vendor ${S}/vendor
export GOFLAGS="-mod=vendor"
}
- Use Go module vendoring (
go mod vendor) and include the vendor directory in the source
- Remove
do_compile[network] = "1" from all three recipes
Note: This issue was created automatically. The vulnerability report was generated by Claude and has not been verified by a human.
Several recipes in
meta-dstack/fetch source tarballs over the network during the Yocto build usingSRC_URIwith HTTP(S) URLs, making the build non-reproducible and vulnerable to supply-chain attacks if the upstream source is compromised.Root Cause
Three build recipes enable network access during compilation via
do_compile[network] = "1":curl --insecureYocto's default build isolation disables network access during
do_compileto ensure reproducibility and supply-chain integrity. Whendo_compile[network] = "1"is set, dependencies are fetched at build time without the checksum verification thatSRC_URIprovides indo_fetch.Attack Path
do_compile, the build fetches Go modules or other dependencies over the networkSRC_URIentries indo_fetch)Impact
Supply-chain integrity gap. Dependencies fetched during compilation bypass Yocto's integrity verification. A compromised upstream server or network attacker can inject malicious code into three components: NVIDIA container runtime, dstack guest agent, and sysbox container runtime.
Suggested Fix
do_fetchwith checksum verification:go mod vendor) and include the vendor directory in the sourcedo_compile[network] = "1"from all three recipes