Rustup: Tracking: Simple PGP signature verification

Created on 28 Sep 2019  路  12Comments  路  Source: rust-lang/rustup

In order to implement simple signature verification for rustup to an extent that we're confident that it's good to proceed to thinking more about trust models, we need:

  • [x] Select an OpenPGP implementation to use (rpgp)

    • [x] Develop a prototype using that implementation (done on #2077)

    • [x] Ensure the OpenPGP implementation supports all platforms we need it to

  • [x] Basic verification of signatures over channel manifests (in the .asc files)

    • [x] Ensure that the signature-verification-failed message is good enough that users won't just re-run and/or file bugs on rustup which aren't actual bugs for us.

    • [ ] Switch warnings for errors, ensuring that GPG signatures are always checked and valid.

  • [ ] Sign rustup releases

    • [ ] Ensure we have at least release signed before we deploy signature verification in a release

  • [ ] Verify the signature on rustup releases in a basic way during self-update
  • [ ] Verify the signature on the rustup-init downloaded by rustup-init.sh

    • [ ] Determine which tools we can use and how to detect them

    • [ ] Decide how we distribute the key to verify against

    • [ ] Implement the verification check

If anyone has ideas on what else needs doing, please comment below and I shall endeavour to keep this tracking issue up to date with the progress toward simple signature verification support.

security tracking
Source
picture kinnison
👀1

Most helpful comment

That's eventually the goal, but we want to have a mechanism to rotate the signing keys before we enable validation by default, otherwise older rustup clients might broke once we need to rotate keys.

Work on this started, but some of the people working on it got busy with other priorities.

picture pietroalbini on 8 Jun 2020
👍2

All 12 comments

I maintain https://github.com/rpgp/rpgp which should be easy to use for this as well and is pure rust, without c dependencies.

dignifiedquire picture dignifiedquire on 17 Oct 2019

Thanks @dignifiedquire I should indeed have a go with that in case I can get going more quickly than waiting for Sequoia to add Windows support which is currently blocking that prototype.
When you say there's no C deps, is that definite?

kinnison picture kinnison on 18 Oct 2019

When you say there's no C deps, is that definite?

Yes, the goal is a fully portable version (it is currently deployed through an app using it on ios,android, windows, macos and various unix distros), with all crypto being either pure rust, with possible optimizations in assembly.

dignifiedquire picture dignifiedquire on 18 Oct 2019

Also probably of interest, the first security audit was just finished, with some minor things still on my list to fix, but no major issues found.

If you have a sketch of what you want this feature to exactly do, I'd be happy to help fill in the rpgp specific details, as the docs are not that amazing quite yet

dignifiedquire picture dignifiedquire on 18 Oct 2019

I threw together a very dodgy hack to try with Sequoia here: https://github.com/kinnison/rustup.rs/tree/signed-channels

If you wanted to have a go at an equivalent using rpgp, or at least point me at appropriate stuff that'd be awesome. Sequoia was easy for me to get going with because their sqv example did everything I needed, so I could crib from it.

kinnison picture kinnison on 18 Oct 2019

I added some basics here: https://github.com/dignifiedquire/rustup.rs/tree/signed-channels-rpgp

Haven't had time to implement proper verification of the signature being on its own. Question, how are the signatures generated at the moment, just so I know what format this is expected to be in. (if you have an example one that would be great)

dignifiedquire picture dignifiedquire on 18 Oct 2019

Update: the branch now includes a the code to validate signatures and a test validating some of the official signatures

dignifiedquire picture dignifiedquire on 18 Oct 2019
🚀1

Just to ensure things are linked:

  • #1314 talks about external GPG
  • #241 talks about needing to validate sigs
  • #242 talks about signing (and validating) rustup-init itself.
kinnison picture kinnison on 18 Oct 2019

Hi, will there be a switch(or further, make it the default behavior) to force signature validation?

jiegec picture jiegec on 8 Jun 2020

That's eventually the goal, but we want to have a mechanism to rotate the signing keys before we enable validation by default, otherwise older rustup clients might broke once we need to rotate keys.

Work on this started, but some of the people working on it got busy with other priorities.

pietroalbini picture pietroalbini on 8 Jun 2020
👍2
  • [ ] Sign rustup releases

Isn't this step done too, if rustup is already validating the asc detached signatures? Or does this mean releases of rustup proper, not of the rust packages?

Anyway, this is awesome, I've been watching this for a while via #241, so I'm chuffed that this is working.

therealbstern picture therealbstern on 5 Dec 2020

@therealbstern No we don't sign rustup releases yet, only rust channels. We're working on some basic signature support by dint of unifying how rustup and rust releases are done to some extent, but that's going to be a long time in the making.

kinnison picture kinnison on 8 Dec 2020
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

davidawad picture davidawad  路  3Comments
matthiaskrgr picture matthiaskrgr  路  3Comments
mcandre picture mcandre  路  4Comments
Stargateur picture Stargateur  路  3Comments
QuarkDoe picture QuarkDoe  路  4Comments