Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Accept SHA1 keys and release 1.25.2 #3186

Merged
merged 7 commits into from
Feb 1, 2023
Merged

Accept SHA1 keys and release 1.25.2 #3186

merged 7 commits into from
Feb 1, 2023

Conversation

pietroalbini
Copy link
Member

This PR prepares the 1.25.2 rustup release, adding SHA1 to the list of hashing algorithms explicitly allowed by Sequoia. This is needed since the Rust key uses SHA1 for its own signatures, and Sequoia has a 2023-02-01 cutoff for the use of SHA1. That is resulting in signature verification failed warnings for rustup users.

@pietroalbini pietroalbini mentioned this pull request Feb 1, 2023
Open
bjorn3
bjorn3 reviewed Feb 1, 2023
View reviewed changes
src/dist/signatures.rs Outdated Show resolved Hide resolved
nwalfield
nwalfield reviewed Feb 1, 2023
View reviewed changes
src/config.rs Outdated Show resolved Hide resolved
nwalfield
nwalfield suggested changes Feb 1, 2023
View reviewed changes
src/dist/signatures.rs Outdated Show resolved Hide resolved
@Rustin170506
Copy link
Member

@pietroalbini The CI failed because you missing some changes from #3121. You need to add the -x arg to shellcheck.

@pietroalbini
Copy link
Member Author

Thanks @hi-rustin, cherry-picked that commit too.

Rustin170506
Rustin170506 approved these changes Feb 1, 2023
View reviewed changes
Copy link
Member

@Rustin170506 Rustin170506 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me! But I'm not familiar with the release process.
Should we merge this change back to the master? I'm not sure. It would be nice if Daniel had time to look at it.

@Rustin170506
Copy link
Member

The CI failed because of the code format.

kinnison
kinnison reviewed Feb 1, 2023
View reviewed changes
Copy link
Contributor

@kinnison kinnison left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Modulo Neil's concern I'm okay with this. @hi-rustin I trust you to confirm the CI tweaks are OK, as for release process, Pietro knows what to do, and once things are settled on the release, merging the changes back into master can happen.

Then we can consider how to resolve this longer term in a better fashion.

@g2p
Copy link

g2p commented Feb 1, 2023
edited
Loading

Updating the embedded key might be a better option:

It should be possible (for someone with the secret key) to regenerate the internal signatures without updating the key id, using this sequoia tool: https://gitlab.com/sequoia-pgp/keyring-linter (https://lib.rs/crates/sequoia-keyring-linter)

@pietroalbini
Copy link
Member Author

Also disabled Clippy since 1.67 included a loooooooot of warnings.

@kinnison
Copy link
Contributor

kinnison commented Feb 1, 2023

Updating the embedded key might be a better option:

It should be possible (for someone with the secret key) to regenerate the internal signatures without updating the key id, using this sequoia tool: https://gitlab.com/sequoia-pgp/keyring-linter

I think that this is a good idea, but probably might take longer to be confident about given the lack of experience with OpenPGP in the team right now.

As a plan I'd say "do this patch now, update key later, do new release with new key, and then make rollover plans properly" would make the most sense - we need to do the minimal change which gets our user-base to not need to worry about the warnings until we can protect them more fully - as it stands, we're still only warning, not erroring out, so the relative attack surface vs. protection aspects are semi-moot points anyway IMO.

@Rustin170506
Copy link
Member

Also disabled Clippy since 1.67 included a loooooooot of warnings.

I suppose the warnings would not break the rustup's CI.

@pietroalbini
Copy link
Member Author

I suppose the warnings would not break the rustup's CI.

Oh yeah, didn't notice rustup's CI doesn't deny warnings. Also pushed a super hacky way to get the Android CI hopefully working.

@pietroalbini
Copy link
Member Author

CI seems to be going, will merge this to let the build on stable finish sooner.

@pietroalbini pietroalbini merged commit ac2594f into stable Feb 1, 2023
@pietroalbini pietroalbini deleted the pa-sha1 branch February 1, 2023 15:41
@sidkshatriya sidkshatriya mentioned this pull request Feb 4, 2023
Open
@vcunat vcunat mentioned this pull request Feb 9, 2023
Merged
13 tasks
@Rustin170506 Rustin170506 mentioned this pull request Mar 19, 2023
Closed
AJ-Ianozi pushed a commit to AJ-Ianozi/getada-download that referenced this pull request Oct 12, 2023
@pietroalbini
Merge pull request rust-lang#3186 from rust-lang/pa-sha1
e0e1fdf 
Accept SHA1 keys and release 1.25.2
@bjorn3 bjorn3 mentioned this pull request Mar 21, 2024
Closed
@Noratrieb Noratrieb mentioned this pull request Nov 29, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nwalfield nwalfield nwalfield requested changes

@kinnison kinnison kinnison left review comments

@bjorn3 bjorn3 bjorn3 left review comments

@Rustin170506 Rustin170506 Rustin170506 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@pietroalbini @Rustin170506 @g2p @kinnison @nwalfield @bjorn3