Tracking: Simple PGP signature verification

[kinnison]

In order to implement simple signature verification for rustup to an extent that we're confident that it's good to proceed to thinking more about trust models, we need:

• Select an OpenPGP implementation to use (rpgp)
  • Develop a prototype using that implementation (done on Validate pgp signatures #2077)
  • Ensure the OpenPGP implementation supports all platforms we need it to
• Basic verification of signatures over channel manifests (in the .asc files)
  • Ensure that the signature-verification-failed message is good enough that users won't just re-run and/or file bugs on rustup which aren't actual bugs for us.
  • Switch warnings for errors, ensuring that GPG signatures are always checked and valid.
• Sign rustup releases
  • Ensure we have at least release signed before we deploy signature verification in a release
• Verify the signature on rustup releases in a basic way during self-update
• Verify the signature on the rustup-init downloaded by rustup-init.sh
  • Determine which tools we can use and how to detect them
  • Decide how we distribute the key to verify against
  • Implement the verification check

---

If anyone has ideas on what else needs doing, please comment below and I shall endeavour to keep this tracking issue up to date with the progress toward simple signature verification support.

[dignifiedquire]

I maintain https://github.com/rpgp/rpgp which should be easy to use for this as well and is pure rust, without c dependencies.

[kinnison]

Thanks @dignifiedquire I should indeed have a go with that in case I can get going more quickly than waiting for Sequoia to add Windows support which is currently blocking that prototype.
When you say there's no C deps, is that definite?

[dignifiedquire]

When you say there's no C deps, is that definite?

Yes, the goal is a fully portable version (it is currently deployed through an app using it on ios,android, windows, macos and various unix distros), with all crypto being either pure rust, with possible optimizations in assembly.

[dignifiedquire]

Also probably of interest, the first security audit was just finished, with some minor things still on my list to fix, but no major issues found.

If you have a sketch of what you want this feature to exactly do, I'd be happy to help fill in the rpgp specific details, as the docs are not that amazing quite yet

[kinnison]

I threw together a very dodgy hack to try with Sequoia here: https://github.com/kinnison/rustup.rs/tree/signed-channels

If you wanted to have a go at an equivalent using rpgp, or at least point me at appropriate stuff that'd be awesome. Sequoia was easy for me to get going with because their sqv example did everything I needed, so I could crib from it.

[dignifiedquire]

I added some basics here: https://github.com/dignifiedquire/rustup.rs/tree/signed-channels-rpgp

Haven't had time to implement proper verification of the signature being on its own. Question, how are the signatures generated at the moment, just so I know what format this is expected to be in. (if you have an example one that would be great)

[dignifiedquire]

Update: the branch now includes a the code to validate signatures and a test validating some of the official signatures

[kinnison]

Just to ensure things are linked:

• Call out to external GPG CLI tool if present #1314 talks about external GPG
• Validate signatures of builds #241 talks about needing to validate sigs
• Sign and validate signatures of rustup-setup #242 talks about signing (and validating) rustup-init itself.