Skip to content

Kinnison/test for dg #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
eftr7 wants to merge 21 commits into
base: master
Choose a base branch
from
Open

Kinnison/test for dg #1

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
22f8421
Cargo.toml: Add Sequoia dependency
kinnison Jul 28, 2019
4452512
DROPME: Patch sequoia until it is released
kinnison Jul 28, 2019
757c6b5
errors: Add signature errors
kinnison Jul 28, 2019
fedd8bb
dist: Add signature verification code
kinnison Jul 28, 2019
1aec13c
download: Verify signatures
kinnison Jul 28, 2019
7569cdd
reword; cargo.lock updated
kinnison Sep 28, 2019
e76a8f0
switch to rpgp
dignifiedquire Oct 18, 2019
7e1d41a
implement actual signature verification
dignifiedquire Oct 18, 2019
0d54b2e
handle multiple keys
dignifiedquire Oct 19, 2019
bf674b4
add signature key filtering
dignifiedquire Oct 19, 2019
0384115
add sample code for key generation and signature generation
dignifiedquire Oct 19, 2019
99cc6db
apply signature error patch
dignifiedquire Oct 19, 2019
aedcc73
generate signatures in testing
dignifiedquire Oct 19, 2019
a5f508e
more hard links, fixes tests
dignifiedquire Oct 19, 2019
eade276
add signatures for v1
dignifiedquire Oct 19, 2019
90ecda5
don't check signatures on tarballs
dignifiedquire Oct 19, 2019
0e9e392
update signatures in v2 tests
dignifiedquire Oct 19, 2019
f134129
disable broken signature test
dignifiedquire Oct 19, 2019
235bedf
switch to feature branch of rpgp for now
dignifiedquire Oct 19, 2019
3ebdd5b
disable slice_deque
dignifiedquire Oct 20, 2019
5fd72c9
Add test branch
kinnison Oct 22, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
517 changes: 517 additions & 0 deletions Cargo.lock
View file
Open in desktop

Large diffs are not rendered by default.

4 changes: 3 additions & 1 deletion Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,12 +13,13 @@ repository = "https://github.com/rust-lang/rustup.rs"
description = "Manage multiple rust installations with ease"

[features]
default = ["curl-backend", "reqwest-backend"]
default = ["curl-backend", "reqwest-backend", "signature-check"]
curl-backend = ["download/curl-backend"]
reqwest-backend = ["download/reqwest-backend"]
vendored-openssl = ['openssl/vendored']
# Include in the default set to disable self-update and uninstall.
no-self-update = []
signature-check = ["pgp"]

# Sorted by alphabetic order
[dependencies]
Expand Down Expand Up @@ -54,6 +55,7 @@ toml = "0.5"
url = "1"
wait-timeout = "0.2"
xz2 = "0.1.3"
pgp = { git = "https://github.com/rpgp/rpgp", branch = "fix/cfgs", optional = true, default-features = false}

[dependencies.retry]
version = "0.5"
Expand Down
1 change: 1 addition & 0 deletions appveyor.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ branches:
- master
- stable
- auto
- kinnison/test-for-dg

install:
# If this is a PR and we're not allowed to test PRs, skip the whole build.
Expand Down
39 changes: 38 additions & 1 deletion src/dist/download.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -119,6 +119,37 @@ impl<'a> DownloadCfg<'a> {
Ok(utils::read_file("hash", &hash_file).map(|s| s[0..64].to_owned())?)
}

#[cfg(feature = "signature-check")]
fn download_signature(&self, url: &str) -> Result<String> {
let sig_url = utils::parse_url(&(url.to_owned() + ".asc"))?;
let sig_file = self.temp_cfg.new_file()?;

utils::download_file(&sig_url, &sig_file, None, &|n| {
(self.notify_handler)(n.into())
})?;

Ok(utils::read_file("signature", &sig_file).map(|s| s.to_owned())?)
}

#[cfg(feature = "signature-check")]
fn check_signature(&self, url: &str, file: &temp::File<'_>) -> Result<()> {
let signature = self.download_signature(url).map_err(|e| {
e.chain_err(|| ErrorKind::SignatureVerificationFailed {
url: url.to_owned(),
})
})?;

let content = utils::read_file("channel data", file).map(|s| s.to_owned())?;
if !crate::dist::signatures::verify_signature(&content, &signature)? {
Err(ErrorKind::SignatureVerificationFailed {
url: url.to_owned(),
}
.into())
} else {
Ok(())
}
}

/// Downloads a file, sourcing its hash from the same url with a `.sha256` suffix.
/// If `update_hash` is present, then that will be compared to the downloaded hash,
/// and if they match, the download is skipped.
Expand Down Expand Up @@ -167,7 +198,13 @@ impl<'a> DownloadCfg<'a> {
(self.notify_handler)(Notification::ChecksumValid(url_str));
}

// TODO: Check the signature of the file
#[cfg(feature = "signature-check")]
{
// No signatures for tarballs for now.
if !url_str.ends_with(".tar.gz") && !url_str.ends_with(".tar.xz") {
self.check_signature(&url_str, &file)?;
}
}

Ok(Some((file, partial_hash)))
}
Expand Down
3 changes: 3 additions & 0 deletions src/dist/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,3 +13,6 @@ pub mod manifest;
pub mod manifestation;
pub mod notifications;
pub mod prefix;

#[cfg(feature = "signature-check")]
pub mod signatures;
221 changes: 221 additions & 0 deletions src/dist/rust-signing-key.asc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,221 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBFJEwMkBEADlPACa2K7reD4x5zd8afKx75QYKmxqZwywRbgeICeD4bKiQoJZ
dUjmn1LgrGaXuBMKXJQhyA34e/1YZel/8et+HPE5XpljBfNYXWbVocE1UMUTnFU9
CKXa4AhJ33f7we2/QmNRMUifw5adPwGMg4D8cDKXk02NdnqQlmFByv0vSaArR5kn
gZKnLY6o0zZ9Buyy761Im/ShXqv4ATUgYiFc48z33G4j+BDmn0ryGr1aFdP58tHp
gjWtLZs0iWeFNRDYDje6ODyu/MjOyuAWb2pYDH47Xu7XedMZzenH2TLM9yt/hyOV
xReDPhvoGkaO8xqHioJMoPQi1gBjuBeewmFyTSPS4deASukhCFOcTsw/enzJagiS
ZAq6Imehduke+peAL1z4PuRmzDPO2LPhVS7CDXtuKAYqUV2YakTq8MZUempVhw5n
LqVaJ5/XiyOcv405PnkT25eIVVVghxAgyz6bOU/UMjGQYlkUxI7YZ9tdreLlFyPR
OUL30E8q/aCd4PGJV24yJ1uit+yS8xjyUiMKm4J7oMP2XdBN98TUfLGw7SKeAxyU
92BHlxg7yyPfI4TglsCzoSgEIV6xoGOVRRCYlGzSjUfz0bCMCclhTQRBkegKcjB3
sMTyG3SPZbjTlCqrFHy13e6hGl37Nhs8/MvXUysq2cluEISn5bivTKEeeQARAQAB
tERSdXN0IExhbmd1YWdlIChUYWcgYW5kIFJlbGVhc2UgU2lnbmluZyBLZXkpIDxy
dXN0LWtleUBydXN0LWxhbmcub3JnPohGBBARAgAGBQJUtB4jAAoJEAoE4qn3sTzh
T1AAnRCaa2mzmn50mW3FPTja7cVs2ImAAKCsEs5DYlJ4WRC4Dw3XI0G/2cgjgIhG
BBARAgAGBQJW/nyVAAoJEPVo8RjooCaMPSEAoJep8O2cPX/Bif3N3AWS5qstgvtm
AJ4g3QuYn5+3O/OZo6PcV8Kjyx4YHIkBHAQQAQgABgUCVzwYDgAKCRCsbXJ0YoF5
NYkaCACGY8ZRZ4dcZ8UDSz29r61tU11t7NlUOkcjC/AaY9CNSApG7LxWDidhrAMB
fQim6tsQVsDyH5Y/1ph/9diwdUlURhzIkSRwvVj/z8mS3NeVB+/Pt/WMNd4BLNlI
d5N1HBYLGxf1pjV/e2bLhRnV9G9VHhQdQS1quBBWa3kFsgQbbPRJBYvccroy/pL2
neWMSiPwdCjua4rJAM0gl7JYhdawcb9aSThE1yPZEel1AXCk2eQ/S4ZKfR4sD59a
1qhXS8MPA0aOmqSJ/kXppNhDUzvT5MMwNGTzbEzCRaXyA7Kg76rkBqw6us62HIbb
xGK+prBWWksIoMJjoqJ6V1Roz4IKiQEcBBIBCAAGBQJVLZKvAAoJELJyOQzzBim6
TpgH/AwppYy8pMEEcqmcoLB+AHfs2JPnaoY8G32VEHMItvlssu5n2kQMotIl2HFU
Pv0Wisj7SjzG5z4s8FVasPEHOoJhIuu7UYfqJKUpaBVYxxbBnTWdgy1/jCIBb175
OzzLgII1XSqRkM93HuTzpAkw1/9/FJDtmbTmGbhcgf1YtDSRwqnFpZT+wst1ncx7
AcuN5L/PSiXXMQbS9HRWByBTa9mTqkjCXkVdnkldlkvCIFp4Xfewc1cQPHBGjPGW
e7FMXFVj++fYWGotKNnk2B+bX/8xOWsPwdvnhdFfyPVxdhdwPZAzTmXDqLXMT4D4
PNkN3uTb4r7/q30IICZgbsxUiBSJARwEEgEKAAYFAlbNGKcACgkQ9vLQRF3Bcvgx
bQf/ZT12jAU/0LCQ6ZdLOvZmS30lmszS8uiZ+gdPq2cg26mwPsNeHAvhBWqzkqdv
SiGuRD5LOtO3/JkS+zGj/jKFCHfv2zfxTRmQK8B3r1GqFsTgSpq0+1ezFsFAsTFp
28v6JjD9CthEXLdxPN4gyfHFALpepe1W5gsbxgLVt6OYHnvq/gRKhFQKlCCw/Tpe
6hNSGWHsUtHXMrozT9l/hDfoe00jq9svlhWWnW2NaKfjiI9owUaZ8u5WS0LerZOG
x8NvGRHJWC8guxV5JNfBMlWVWAcw6KMaMpg7b1dXFkOGWmPNiZIiNuSWc5X53ado
fg15QEVD5QshfXp23ErJoezyr4kCHAQQAQIABgUCVLI3QgAKCRAWRXpjaM/yb91T
EACx2va1fpY9XfGxH9J/7xaCYEnjOz29yqhEccMBFKw78Bjtsiwt9tAUQQuQ1yVG
3QTSeWMz+W7+xBs8RlZqqS+DwlIbp4YlWag4ZYWAqDTzUrwFgLOBijmBNkD5kkb0
5Qhx+vJSpYVjOIepFc6q4pSREAICBwHPwC91fxknSyIbHQIvg3oEwUcoASfF2Pl3
v0Aeh/ILpYyRB3nVfqds3Kq7LgO7lksdGur9odn5xIXDPXo9j86Gk1NX5KeGwGx4
6valJ5qrgbKf5KIUX1UDMDNBemq7rvaj9m5MKkKiEJFFq2Fk8AJM3MJdgDSc3uUy
+GWa0ZkLb2AnstXxSU9985qluoX1F2ZtK2sDlp8lotOqlDDglNU3rN1d523ITHBu
ozwCtdpSw5MW0l8zotMZoXwH/oJabIpAQ6Xnjcfoh/Lf6Z7NS7YvGLW76t436v1l
/93EAc7Y+4W9YDFVlBaVdRPfDvIC4UgogUpWHTJm4Jhat1kyg1L67z8KsOGRk3wn
v4F3K1/WgT2I0EXJkQAF3lYwSJPJXRAsF/dYp5VzRRGApxp9XjP0x6YnhvZ7tdY0
KqiSlbkqJTO3YKKLzKdFGNv+ISeAmG0Us7MiesF0Q4y/L+b+bkMML877kGNSs6J6
HmeVASQ4o4AImHWyW0PMHqY4lVG4Ct5uoYNWhUyk+Ye4XYkCHAQQAQIABgUCVgiG
OAAKCRDa5xfv6UJFQc8wD/9gcMgb26OtjUmNdeT7zx+Rp/Bi0dJwuc4s+YbAQ9d5
JzdC1nsS1MSYUlDSDu39PTEPJugAkQtvLlpE/mlhf7QvuC2zbbHWrmc5qNYzBML8
zO4HnjjLNgk33qoiWxhuiFiQxro6W4KVI9H8fDaKIfpaMYGuSS8lPf7ZgnMs4LTd
yaPH7oK8qqzjE14ob2x0JivUJaw4vv/iHqUKKOESQrtWy/b78sQM44u1IPl/D9Fm
TySW/AJAXek3zTLCPuZvqwsmqwLXNXhpO7vKm4onxpD3a96tVuQJ3o8krNNnR1DC
jVnLDtcMBbDgxs3sGgTIHBUOBE5cgq5CJZo6rC/W5IeuqYB0ff4BFn/FM/s26E79
C7/r8y4MDu+9jeaPplnL3WqxKL9ZRFCxG9zO4q+oI7BF1tWKoXe9vTuTlRVR7jR3
ciBtlCgdnolwg8Z9NTfMrpKQiZdUATqHd1bfhrj0q112mukO1o4pLs+GUkr4ehBg
yM1S5XFR58FlzIs5tWbfvFspcvY8sItycHjUd4nz23KWuILiR4U94n9CuYHAk7jR
oCGd2vZIvgSkiu9Vwom1IyvHKhyDD5mWShnR29cChht4ZVYot3zcPU5GdN5MzhiJ
w3H8WQdQZW8vxvubIu5xH9NPGwtApu+kKMiIBchnEpAeoo6td6P+S1v5VtFZ8sth
UokCHAQQAQgABgUCVlNPvwAKCRC9qdNhFsKehNpMEACnE3FcMQtlwEB6BlJgQnBV
BZ2q3RhuqVQnJ2eA7lnnlAjN5WX+B8yG6JYsjIFwPVmWU8rFPkBlDK7lV/NYgbg1
JTwS6FtxUOCqA2VATEXQ+6SJAp3bHWngl7YG4aj8GVEB6woyWsEyjMjDtLz2rNmq
W9hN+qqYSoZZpQXgsQJ/rD6BXdsh6uM9Qv8+CmKkrPs77XmkaKHKR6tby4y8dHca
urf9JSLPQoZz80rUQarPnc19xpZQCK8xdWnBfrZU9ky0B9G+IcWmr5n3IEe0YXpA
8X3Gh5zmmNCkQWx10sf/Vk7BYYd+zZgsXOgo5ZDOlBQ42j+gBQomMKJWvC6/U+sG
tbzsiuPfbp90t9P/zBCepKim9Wtb82yeq2MrQqNlh8M5JIGocLfL14IwCY/tNiRv
AUQZ7jQMSN9NvIe9HoK6ggUb5xLs6NEHxKaY9DcDsO5Gt7HHSF4doOpHTQEbLKv2
84/TeWtCFZMZbWDt7/0c+leeAPWdaFrFffoDogGzXZc+VtOOurq1KNGF8v3bWLTU
X4wmOvcSyHOGcG5y/ShJwBz4W3aqP0jYB+RO5dcVHBklqi+12MJiWuKYhUEYq9Ni
ETzjSHLGtFW6hOIhVAzzjcHmb1g/dIuLERxiZ4sJRXQnmujfkKgiVzHVur88XKKF
UFrbDrPrVtDIvXdbAG5GeYkCHAQQAQoABgUCVdyg6QAKCRB0i5sFhQxAdX7IEAC1
eOctobW988zKce2o+163ML6xb9m0Ie2rO8vyUBhPxvmQYlVDJEqFPlG6mKSyChlX
HTzdMWuyEQZzOiE6jMuSxY9PQCRycfVXlgJ99U4BWq1jKTCFqQyrQmqSyK41kUYI
i6Uy3+BhT5QYmsKfyBjRP38EYX6dUX4l3SL1JDWn7wEIdheMKPhdkvpj3kqHmHTh
EsYBECguGDYTzKMFZdG7Qzdm1tU4iF0UXYd48/V0R/ASa8FWDwJLm0xCvTZ+KHrw
z2w3noq5SlFGMJdVHTl7vgcwwSj16a4ASshdBJs2au/U1dC/YnA8tFaiTAUQSRK3
n4IV/e9DeRP1ZXDyKxzDoEIsg7QzAhWvi7HMmIiV81kuF8MM86J9CEHhMPZH8cSu
Kl3ypMnkGDiRjNOs/PRE4xqW3VZSakwEyTxMkNEqsBM+hcOunNC/7cE4jpzhL27g
CQqXvPw4YWPLUAXvPCMwINKKArzy8QlxUdVfWv095Rea4uZ3rj1l+ux+IaN7YI4G
3KyKej8eFSJWY001Q5kVB/TRnqPgnypB9B1Hmfb7KucdyQ/TiRN6teJJFqGKF/gI
XdOj/JqVv9Hu+AJeWO3pUkabmLgv/m5XfS8nfe2/042i38/0aGthYQ1ginOf7V0p
eVTMre6b81OWZHX6H1dlaeljSggCMZbL/mMgp0GyR4kCHAQQAQoABgUCWZsGmAAK
CRB9CgkxwFlhrBjTEACnLG358cZIlJuPjKuaRA+qGZZzCSzWZkP0Sne3S9q8PZor
WVwBm6RCfUi5cNNaUDHEVggeqsetn5P6quqG84GI5idhGJRJeGA0gmyrjndXbjQ0
QgZ3ZCqyLvHsGvdq6na8hgkwEU5gA/C/gttOFol+fvgevytEOjP3Kf/EPI5PBWCb
kJ+fEILQZtwujhyS19Og3IWnpa3pqR1xcl7e8HrMGn3YNvV71LPyam/00Q4ntZPY
yd6LdHMN2P3jFfYgzn6WAWUDhm/k4KqnFzfTNYBoPP3CuzrDRJollWxfJRsHDLlR
pRbFHjDbcYJMDm063OaC6vFFP/61LekI+hxqiYDkZ2O+KkhGFWXuy3zSr3zc4Ljy
9nRmoauIVk+lQ/0fP9sOyUiKPZwcgKiBch/EawItTLX3u7A44sdfQ4c4sHUpa0Hl
2qbIgw32AEP3jUSM0v7Tsvfuw0fjzQkw7HUWVkFDPgaF4ffwu9nWIH5+YRu7TQrt
QWh9M703yjLXFsUQQrAFdqZkfxsqMmdHdU8CfmcS50NSg5dG1e7Lz7qjdnZwzREV
sCF6nUHAulPaea7QJ+km5005begUN1uTLp+Tg2mcjYy+s12W/JzD+ZJ5L7GHM7pn
zFgg2IpoOmYocE+bT6VV8M8Hmq7k4FGAm515FZZ1jAkOZLOzyq830jQ+HJsr54kC
HAQQAQoABgUCWameUgAKCRDxXgTvizequeSaD/9S1Xr3+4SaaQjDAlNQY8dvHaz/
1Jn8zjjUMOA6PDDBSCTInNn/XiNRMGQQuDaV1doYycXAIWp+LP5/9VGFF2DMPDT5
MggZFX1REJjYNTYMmYtBbYB/DvPuyqX0mrPSQQalNyK9KNXY/loRhmaymTUy7JOT
AMR14k2Kir0MW/b+c3H9W4sWwMwLZc4UqssiKw/a0h3y27QJgUcISTKV2oMn0PGe
idj4ATgGy0R6OKp/gEeSTrvchMFguyP3Vbyst9r7pAFyNeJHGqayXNKSz27mABq2
csd10JXvvkSqe98gtdRRqM8QQAQgjZgPCYL6agslc+NRsmo3eMX7/4BXgNp6E2ap
B1T4AP7349FTcoFKTrXXE0eqoP3p9GB9g84lHkH+SY9drJqAUha8H1B1NZubZCSv
pKqzKKzPAwjN1kjt+es+eN2VMmQCPidvsNVfjdGT+7ky/w8MHFIPA4qtQC6oWY/h
tgFcT7mzJHYgI8xqBaj7Z/YxPcH1WKPt4yTBVf/7S1s5TSxXIHOA2zatQGqpgH/E
XM9ix7f57LiW6psaU6sHnPRxE3N0a0IMPc91jDjbsaPeOAirrqpYjNHP2QsvMjS3
X6Zd5qUITASw60dT4+/B3iFL6/4+Ews9TCojUK2+XtKbcQGdi5mLa3q+TUQFQgGX
Rj5rFRzuF06BiTc8k4kCIgQSAQgADAUCVSJw/AWDB4YfgAAKCRAgFAmeI5zxs7Ow
D/0eftFo3x7plB/+BbsgspP1GNMWEmYDbDV3pNYLWVjwLUiv+UFUSt7Nf8KciJTP
2RZDtePMckyaUOaH6rg8F1wtoL827Adb0ps1yFR2ukTs1VhPQI6w9YWx+QlHdmxW
WoGEzENiyPHDe33jNZz99cL+yyy1HapZEPrgEZFjZWilBaH3PSPrNj92vQPyBNCH
6oqZInPhMKqHDIpf0x9J3fOuEgWKOq/5OafEfjMTU0IMvAUR03MUcBO9wmlte4R8
1OY8FiRVFCbz8T0KpI7LaMqtu5mx17bRzlBWD7xhq8mG0SvrpGb670QG+fVUUeWf
ASNfVZBzQuY6JV+R8vlPcrp4Lh7hJSEvqOnb3cKSAz+CCdIHtb6e8y8DNGx+cNUF
vXqehrUJtDLtl98K70qc1dc7rMBClSCeTh6atSfy5fbCZ/txq4p5zMyo/Nk1i21W
0YMIqFw2w+QCvckxg2DGwgKOrlet6V1dQkRHFeJGwVAYd33wn1kpJc8ZZ27gcJvt
SEx9RYreybcMRQxyzCnALBNh7A6AuTyYkcFNY7RQnBXWT1c62juhVco5dp81ksyI
WNgQ6Yo7iVnDiOSzTXXDH50ncocvG9Pf8iV1JafGZExxeuPNt6N4uvMTyMyOegtw
98IQL25ULwQ1zSDhzZRdHDyvt/TYBM+3DjTn3lrqx0oq0IkCIgQSAQoADAUCVu/U
2gWDB4YfgAAKCRCAPiCz8+Gdn+PkEADCxpb/cHOPlB0XjaKcYM+fFfIQN+uMc5u6
FGtJCgmR3Kt0lp3rqNxF4fWj8D/ctKIfFkcxOkF537JC6+BYZlGtB8uvk221OHQT
zNE8QfZUVJeUjH9d2KL9xbymEvNSq4A+6q+IR7epyXT7lsU6fyUukZYZiJmx6wh0
TvrVvbpkiwjkfHNJYc1qRE23wdicZ5rpWxijneFeWu5YQWNqnRf5FDosMkCxH9VD
O5D0BuS/3mam2wzW1+ljDuNEU5Hop4S/e8lJbAy0pZ8eRK5tdvzfdDLY0ItdYqDm
/QqHGGWPqJkTUBOJVNPSgVnpBYQMbxilVwTcxRxfnz8i1qUQYtfL4yfemiMVzdGD
mjrZbdA5jOVq2MV8aFe20CqNCaxjGw6Jb42ND2R8flwdz82hesDY1bu7URLBzK+u
XFNEjzAf9lM7Tj8m3xkfLzoKtrG2eUw0KvNsxfpp302k+mNnAxGKXMVTQ1NlRNFA
A28//Aa/y/9yBaqFc9VDBmGlduzhM0mgz0/EhypsBjUqjox91Pdc7Fm+eYVgZzbV
jkrq3cWsmhe/y/T3J5TpIYdZLKbWeJ+3J/Jquz4jPpEjFsxmhw3GdO/o6JHpQyGW
90W/OckhnUrygmriaB9qtfFozgcbWZ5eCwAFDYGu16YZnkefsZYcOc9+C2QhDSp6
WIJ20rlWUYkCIgQTAQgADAUCV1oUrwWDB4YfgAAKCRBJBM+klONzubu+D/4hVjnH
ww5j/CEw9M2WHNawuFPyeKEsgUVoLrrYXbT+ESWu1wtkhy3FLILcuI2qSPqccEx+
3WZNMOWlr8LrLIoJtUtJ/5OPVs6cimbIiyVQ9ggQ8AWtK0yFGdD/8bzLTl9yB1VY
hxNS7kIOc/a/Abc2e8zk7/osacMHNBjbj0aIH6/x0MAlBDR1SpwgZ1vVY5PJdL1D
Z15A1Y89tQviOo+mXDGASJXjvh6yVJb+wtUTeXbsDpB/9Mt3ZAPO4hvM+dSr0YHH
su0RE3wPw5jakJQOIaL+sLhtivU4YZBuTfg9AFuT+HIWnV/VzgoyJ0hzkFJ+MCXt
WSdH0gZPp/deiyF/psRInPxWkPm5feDIvxvtghsCg1lEgVDRtdE+nut7lAydbfLt
IrBQRJkWmTu/GPjNakEkib3YFKNaErehD2v8j+1MqtdHF5tzGt0lqRxiiWGIVHt8
FUvavcNs9Ut5cektwpq6xYT6wGjYXXl8EAtsKORBN/L2L7s11Yz8ujVKKXkzWZ3U
u/t03G00kVeFmP40TY/ZvNMm+KWxHdM+aEZMPVTRHgRxHwq1eHSTZwiSEYGHivMO
mNQ7z8O2CMd6Hr6kN/6zioIiejUdHd7QXC9WMK6sO7mC+UFay9sjbSOotRHsNT4N
kAfqwQ1/MmKwAnXG4OZpOudfVrkHduFAKIHauIkCOAQTAQIAIgUCUkTAyQIbAwYL
CQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQhauW5vob5f5fYQ//b1DWK1NSGx5n
Z3zYZeHJ9mwGCftIaA2IRghAGrNf4Y8DaPqR+w1OdIegWn8kCoGfPfGAVW5XXJg+
Oxk6QIaD2hJojBUrq1DALeCZVewzTVw6BN4DGuUexsc53a8DcY2Yk5WE3ll6UKq/
YPiWiPNX9r8FE2MJwMABB6mWZLqJeg4RCrriBiCG26NZxGE7RTtPHyppoVxWKAFD
iWyNdJ+3UnjldWrT9xFqjqfXWw9Bhz8/EoaGeSSbMIAQDkQQpp1SWpljpgqvctZl
c5fHhsG6lmzW5RM4NG8OKvq3UrBihvgzwrIfoEDKpXbk3DXqaSs1o81NH5ftVWWb
Jp/ywM9QuMC6n0YWiMZMQ1cFBy7tukpMkd+VPbPkiSwBhPkfZIzUAWd74nanN5SK
BtcnymgJ+OJcxfZLiUkXRj0aUT1GLA9/7wnikhJI+RvwRfHBgrssXBKNPOfXGWaj
tIAmZc2tkR1E8zjBVLId7r5M8g52HKk+J+y5fVgJY91nxG0zf782JjtYuz9+knQd
55JLFJCOhhbv3uRvhvkqgauHagR5X9vCMtcvqDseK7LXrRaOdOUDrK/Zg/abi5d+
NIyZfEt/ObFsv3idAIe/zpU6xa1nYNe3+Ixlb6mlZm3WCWGxWe+GvNW/kq36jZ/v
/8pYMyVOp/kJqnf9y4dbufuYBg+RLqC5Ag0EUkTAyQEQANxy2tTSeRspfrpBk9+j
u+KZ3zc4umaIsEa5DxJ2zIKHywVAR67Um0K1YRG07/F5+tD9TIRkdx2pcmpjmSQz
qdk3zqa92Zzeijjz2RNyBY8qYmyE08IncjTsFFB8OnvdXcsAgjCFmI1BKnePxrAB
L/2k8X18aysPb0beWqQVsi5FsSpAHu6k1kaLKc+130x6Hf/YJAjeo+S7HeU5NeOz
3zD+h5bAQ25qMiVHX3FwH7rFKZtFFog9Ogjzi0TkDKKxoeFKyADfIdteJWFjOlCI
9KoIhfXqEt9JMnxApGqsJElJtfQjIdhMN4Lnep2WkudHAfwJ/412fe7wiW0rcBMv
r/BlBGRYvM4sTgN058EwIuY9Qmc8RK4gbBf6GsfGNJjWozJ5XmXElmkQCAvbQFoA
fi5TGfVb77QQrhrQlSpfIYrvfpvjYoqj618SbU6uBhzh758gLllmMB8LOhxWtq9e
yn1rMWyRKL1fEkfvvMc78zP+Px6yDMa6UIez8jZXQ87Zou9EriLbzF4QfIYAqR9L
USMnLk6Ko61tSFmFEDobC3tc1jkSg4zZe/wxskn96KOlmnxgMGO0vJ7ASrynoxEn
QE8k3WwA+/YJDwboIR7zDwTy3Jw3mn1FgnH+c7Rb9h9geOzxKYINBFz5Hd0MKx7k
Z1U6WobWKiYYxcCmoEeguSPHABEBAAGJAh8EGAECAAkFAlJEwMkCGwwACgkQhauW
5vob5f7fFA//Ra+itJF4NsEyyhx4xYDOPq4uj0VWVjLdabDvFjQtbBLwIyh2bm8u
O3AY4r/rrM5WWQ8oIXQ2vvXpAQO9g8iNlFez6OLzbfdSG80AG74pQqVVVyCQxD7F
anB/KGgetAoOstFxaCAg4nxFlarMctFqOOXCFkylWl504JVIOvgbbbyj6I7qCUmb
mqazBSMUK8c/Nz+FNu2Uf/lYWOeGogRSBgS0CVBcbmPUpnDHLxZWNXDWQOCxbhA1
Uf58hcyu036kkiWHh2OGgJqlo2WIraPXx1cGw1Ey+U6exbtrZfE5kM9pZzRG7ZY8
3CXpYWMpkyVXNWmf9JcIWWBrXvJmMi0FDvtgg3Pt1tnoxqdilk6yhieFc8LqBn6C
ZgFUBk0tNSaWk3PsN0N6Ut8VXY6sai7MJ0Gih1gE1xadWj2zfZ9sLGyt2jZ6wK++
U881YeXAryaGKJ8sIs182hwQb4qN7eiUHzLtIh8oVBHo8Q4BJSat88E5/gOD6IQI
pxc42iRLT+oNZw1hdwNyPOT1GMkkn86l3o7klwmQUWCPm6vl1aHp3omo+GHC63Pp
NFO5RncJIlo3aBKKmoE5lDSMGE8KFso5awTo9z9QnVPkRsk6qeBYit9xE3x3S+iw
jcSg0nieaAkc0N00nc9V9jfPvt4z/5A5vjHh+NhFwH5h2vBJVPdsz6mJAlUEEQEI
AD8WIQTV/o40yF21wFI3VKBvTvRyVqG33AUCW/ZLnwMFATwdhjxbXj5dK1tALl1y
dXN0XC1sYW5nXC5vcmc+JAAACgkQb070claht9x+hw/+NKdWSskoy7DL1SjFhaDA
x28X8QDYpjluY2CLQpW7i2ZfaC6ePUWGyPvHZfivMMw8RqWpYuTFdqUie3Yk0tWa
0D0jDd2BJ6Y8fmnj4NhtNKTJOEa21pWbrV/+69en/n4iFOt1BpxPJG5lGizZQ1qH
ShCVpo6ChZmHB79Cmt7FfeukbipjPb2PIgF7TIvLoVdI1fJJQEzDgKs3YFhLEPV6
DBdXqoezktcCqpa9ih0MyAxnobVxj0qIhUyjxj3UqjX33lBlcqrj/npumbfuoec7
qf12dr/VuWptKx2ncz6h22+RRzOJc6JEa0sSFsRvs7Bu6EM2fqMNtlTxty+vtJo5
0ui69NsCBe8eSmLGH73nNL53Ywi4VljMaQ+UVft+stl54g1U735FUkXQCDUzHswg
3vNh0g+9pEDp6HKUm8p05pzWLJ7phHXKAqzW+W1MYQN9850l5qRv4pNowVqrAcHQ
93tugvgB3TEAKm4dADCWSOsVY3dEt+UqZ+O1q4UMone3xuIEszVgPVK978AGaj1S
OhKohuKjgn+V/91/zCkkYRWy8VaqzuriSxfxN2kRCm2t4mjHaLkYibbnZRi0JaJF
HIS+WXvwg76UkvMe/AgixMeBqYYwfoi/xgSH2JKO1lumf5hh4/m4pVgZu3OpWpt/
QfcKAPtDk8ffZ/3LVUEXlX25Ag0EVI9keAEQAL3RoVsHncJTmjHfBOV4JJsvCum4
DuJDZ/rDdxauGcjMUWZaG338ZehnDqG1Yn/ys7zEaKYUmqyT+XP+M2IAQRTyxwlU
1RsDlemQfWrESfZQCCmbnFScL0E7cBzy4xvtInQeUaFgJZ1BmxbzQrx+eBBdOTDv
7RLnNVygRmMzmkDhxO1IGEu1+3ETIg/DxFE7VQY0It/Ywz+nHu1o4Hemc/GdKxu9
hcYvcRVc/Xhueq/zcIM96l0m+CFbs0HMKCj8dgMeNg6pbbDjNM+cV+5BgpRdIpE2
l9W7ImpbLihqcZt47J6oWt/RDRVoKOzRxjhULVyV2VP9ESr48HnbvxcpvUAEDCQU
hsGpur4EKHFJ9AmQ4zf91gWLrDc6QmlACn9o9ARUfOV5aFsZI9ni1MJEInJTP37s
tz/uDECRie4LTL4O6P4Dkto8ROM2wzZq5CiRNfnTPP7ARfxlCkpg+gpLYRlxGUvR
n6EeYwDtiMQJUQPfpGHSvThUlgDEsDrpp4SQSmdACB+rvaRqCawWKoXs0In/9wyl
GorRUupeqGC0I0/rh+f5mayFvORzwy/4KK4QIEV9aYTXTvSRl35MevfXU1Cumlaq
le6SDkLr3ZnFQgJBqap0Y+Nmmz2HfO/pohsbtHPX92SN3dKqaoSBvzNGY5WT3Csq
xDtik37kR3f9/DHpABEBAAGJBD4EGAECAAkFAlSPZHgCGwICKQkQhauW5vob5f7B
XSAEGQECAAYFAlSPZHgACgkQXLSpNHs7CdwemA/+KFoGuFqU0uKT9qblN4ugRyil
5itmTRVffl4tm5OoWkW8uDnu7Ue3vzdzy+9NV8X2wRG835qjXijWP++AGuxgW6LB
9nV5OWiKMCHOWnUjJQ6pNQMAgSN69QzkFXVF/q5fbkma9TgSbwjrVMyPzLSRwq7H
sT3V02Qfr4cyq39QeILGy/NHW5z6LZnBy3BaVSd0lGjCEc3yfH5OaB79na4W86WC
V5n4IT7cojFM+LdL6P46RgmEtWSG3/CDjnJl6BLRWqatRNBWLIMKMpn+YvOOL9Tw
uP1xbqWr1vZ66wksm53NIDcWhptpp0KEuzbU0/DtOltBhcX8tOmO36LrSadX9rwc
kSETCVYklmpAHNxPml011YNDThtBidvsicw1vZwRHsXn+txlL6RAIRN+J/Rw3uOi
JAqN9Qgedpx2q+E15t8MiTg/FXtB9SysnskFT/BHz0USNKJUY0btZBw3eXWzUnZf
59D8VW1M/9JwznCHAx0c9wy/gRDiwt9w4RoXryJDVAwZg8rwByjldoiThUJhkCYv
J0R3xH3kPnPlGXDW49E9R8C2umRC3cYOL4U9dOQ15hSlYydF5urFGCLIvodtE9q8
0uhpyt8L/5jj9tbwZWv6JLnfBquZSnCGqFZRfXlbJphk9+CBQWwiZSRLZRzqQ4ff
l4xyLuolx01PMaatkQbRaw/+JpgRNlurKQ0PsTrO8tztO/tpBBj/huc2DGkSwEWv
kfWElS5RLDKdoMVs/j5CLYUJzZVikUJRm7m7b+OAP3W1nbDhuID+XV1CSBmGifQw
poPTys21stTIGLgznJrIfE5moFviOLqD/LrcYlsqCQg0yleu7SjOs//8dM3mC2Fy
LaE/dCZ8l2DCLhHw0+ynyRAvSK6aGCmZz6jMjmYFMXgiy7zESksMnVFMulIJJhR3
eB0wx2GitibjY/ZhQ7tD3i0yy9ILR07dFz4pgkVMafxpVR7fmrMZ0t+yENd+9qzy
AZs0ksxORoc2ze90SCx2jwEX/3K+m4I0hP2H/w5WgqdvuRLiqf+4BGW4zqWkLLlN
Ie/okt0r82SwHtDN0Ui1asmZTGj6sm8SXtwx+5cE38MttWqjDiibQOSthRVcETBy
RYM8KcjYSUCi4PoBc3NpDONkFbZm6XofR/f5mTcl2jDw6fIeVc4Hd1jBGajNzEqt
neqqbdAkPQaLsuD2TMkQfTDJfE/IljwjrhDa9Mi+odtnMWq8vlwOZZ24/8/BNK5q
XuCYL67O7AJB4ZQ6BT+g4z96iRLbupzu/XJyXkQFrOY/Ghegvn7fDrnt2KC9Mpge
FBXzUp+k5rzUdF8jbCx5apVjA1sWXB9Kh3L+DUwFMve696B5tlHyc1KxjHR6w9GR
sh4=
=zTca
-----END PGP PUBLIC KEY BLOCK-----
71 changes: 71 additions & 0 deletions src/dist/signatures.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,71 @@
//! Signature verification support for Rustup.
//!
//! Only compiled if the signature-check feature is enabled

// TODO: Determine whether we want external keyring support
// TODO: Determine how to integrate nicely into the test suite

use pgp::types::KeyTrait;
use pgp::{Deserializable, SignedPublicKey, StandaloneSignature};

use crate::errors::*;

// const SIGNING_KEY_BYTES: &[u8] = include_bytes!("rust-signing-key.asc");
const SIGNING_KEY_BYTES: &[u8] = include_bytes!("../../tests/mock/signing-key.pub.asc");

lazy_static::lazy_static! {
static ref SIGNING_KEYS: Vec<SignedPublicKey> = {
pgp::SignedPublicKey::from_armor_many(std::io::Cursor::new(SIGNING_KEY_BYTES))
.map_err(squish_internal_err).unwrap()
.0
.collect::<std::result::Result<Vec<_>, _>>()
.map_err(squish_internal_err).unwrap()
};
}

fn squish_internal_err<E: std::fmt::Display>(err: E) -> Error {
ErrorKind::SignatureVerificationInternalError(format!("{}", err)).into()
}

pub fn verify_signature(content: &str, signature: &str) -> Result<bool> {
let (signatures, _) =
StandaloneSignature::from_string_many(signature).map_err(squish_internal_err)?;

for signature in signatures {
let signature = signature.map_err(squish_internal_err)?;

for key in &*SIGNING_KEYS {
if key.is_signing_key() {
if signature.verify(key, content.as_bytes()).is_ok() {
return Ok(true);
}
}
for sub_key in &key.public_subkeys {
if sub_key.is_signing_key() {
if signature.verify(sub_key, content.as_bytes()).is_ok() {
return Ok(true);
}
}
}
}
}

Ok(false)
}

// Disabled, as currently we use a different key for testing
// #[cfg(test)]
// mod tests {
// use super::*;

// #[test]
// fn test_verify_signature() {
// let content = include_str!("../../tests/data/channel-rust-stable.toml");
// let signature = include_str!("../../tests/data/channel-rust-stable.toml.asc");

// assert!(
// verify_signature(content, signature).unwrap(),
// "invalid signature"
// );
// }
// }
Loading