Merge pull request rust-lang#3190 from rust-lang/stable

Merge stable back

CHANGELOG.md

@@ -1,5 +1,22 @@
 # Changelog
 
+## [1.25.2] - 2023-02-01
+
+This version of Rustup changes the signature verification code to continue
+accepting Rust's release signature key, which previously caused warnings due to
+a time-based check.
+
+Note that signature verification in Rustup is still an experimental feature,
+and there is intentionally no way to enforce signature verification due to the
+feature being incomplete.
+
+Thanks go to:
+
+- Pietro Albini
+- Daniel Silverstone
+
+[1.25.2]: https://github.com/rust-lang/rustup/release/tag/1.25.2
+
 ## [1.25.1] - 2022-07-12
 
 This version of Rustup reverts a single PR from 1.25.1 and tidies a couple of internal

Cargo.toml

@@ -9,7 +9,7 @@ license = "MIT OR Apache-2.0"
 name = "rustup"
 readme = "README.md"
 repository = "https://github.com/rust-lang/rustup"
-version = "1.25.1"
+version = "1.25.2"
 
 [features]
 curl-backend = ["download/curl-backend"]

ci/docker/mips-unknown-linux-gnu/Dockerfile

@@ -1,4 +1,4 @@
 FROM rust-mips-unknown-linux-gnu
 
-ENV CC_mips_unknown_linux_gnu=mips-linux-gnu-gcc \
-    CARGO_TARGET_MIPS_UNKNOWN_LINUX_GNU_LINKER=mips-linux-gnu-gcc
+ENV CC_mips_unknown_linux_gnu=mips-unknown-linux-gnu-gcc \
+    CARGO_TARGET_MIPS_UNKNOWN_LINUX_GNU_LINKER=mips-unknown-linux-gnu-gcc

ci/docker/mips64-unknown-linux-gnuabi64/Dockerfile

@@ -1,4 +1,4 @@
 FROM rust-mips64-unknown-linux-gnuabi64
 
-ENV CC_mips64_unknown_linux_gnuabi64=mips64-linux-gnuabi64-gcc \
-    CARGO_TARGET_MIPS64_UNKNOWN_LINUX_GNUABI64_LINKER=mips64-linux-gnuabi64-gcc
+ENV CC_mips64_unknown_linux_gnuabi64=mips64-unknown-linux-gnu-gcc \
+    CARGO_TARGET_MIPS64_UNKNOWN_LINUX_GNUABI64_LINKER=mips64-unknown-linux-gnu-gcc

ci/docker/mips64el-unknown-linux-gnuabi64/Dockerfile

@@ -1,4 +1,4 @@
 FROM rust-mips64el-unknown-linux-gnuabi64
 
-ENV CC_mips64el_unknown_linux_gnuabi64=mips64el-linux-gnuabi64-gcc \
-    CARGO_TARGET_MIPS64EL_UNKNOWN_LINUX_GNUABI64_LINKER=mips64el-linux-gnuabi64-gcc
+ENV CC_mips64el_unknown_linux_gnuabi64=mips64el-unknown-linux-gnu-gcc \
+    CARGO_TARGET_MIPS64EL_UNKNOWN_LINUX_GNUABI64_LINKER=mips64el-unknown-linux-gnu-gcc

ci/docker/mipsel-unknown-linux-gnu/Dockerfile

@@ -1,4 +1,4 @@
 FROM rust-mipsel-unknown-linux-gnu
 
-ENV CC_mipsel_unknown_linux_gnu=mipsel-linux-gnu-gcc \
-    CARGO_TARGET_MIPSEL_UNKNOWN_LINUX_GNU_LINKER=mipsel-linux-gnu-gcc
+ENV CC_mipsel_unknown_linux_gnu=mipsel-unknown-linux-gnu-gcc \
+    CARGO_TARGET_MIPSEL_UNKNOWN_LINUX_GNU_LINKER=mipsel-unknown-linux-gnu-gcc

download/Cargo.toml

@@ -4,7 +4,7 @@ authors = ["Brian Anderson <[email protected]>"]
 edition = "2021"
 license = "MIT OR Apache-2.0"
 name = "download"
-version = "1.25.1"
+version = "1.25.2"
 
 [features]
 

rustup-init.sh

@@ -25,7 +25,7 @@ RUSTUP_UPDATE_ROOT="${RUSTUP_UPDATE_ROOT:-https://static.rust-lang.org/rustup}"
 #XXX: If you change anything here, please make the same changes in setup_mode.rs
 usage() {
     cat 1>&2 <<EOF
-rustup-init 1.25.1 (48d233f65 2022-07-12)
+rustup-init 1.25.2 (8c4dad73d 2023-02-01)
 The installer for rustup
 
 USAGE:

src/config.rs

@@ -7,12 +7,13 @@ use std::str::FromStr;
 use std::sync::Arc;
 
 use anyhow::{anyhow, bail, Context, Result};
-use sequoia_openpgp::{parse::Parse, policy, Cert};
+use sequoia_openpgp::{parse::Parse, Cert};
 use serde::Deserialize;
 use thiserror::Error as ThisError;
 
 use crate::cli::self_update::SelfUpdateMode;
 use crate::dist::download::DownloadCfg;
+use crate::dist::signatures::sequoia_policy;
 use crate::dist::{
     dist::{self, Profile},
     temp,
@@ -198,7 +199,8 @@ impl PgpPublicKey {
         let keyid = format_hex(cert.keyid().as_bytes(), "-", 4)?;
         let algo = cert.primary_key().pk_algo();
         let fpr = format_hex(cert.fingerprint().as_bytes(), " ", 2)?;
-        let p = policy::StandardPolicy::new();
+        let p = sequoia_policy();
+
         let uid0 = cert
             .with_policy(&p, None)?
             .primary_userid()

src/dist/signatures.rs

@@ -8,11 +8,32 @@ use anyhow::Result;
 
 use sequoia_openpgp::{
     parse::{stream::*, Parse},
-    policy, Cert, KeyHandle,
+    policy::{HashAlgoSecurity, StandardPolicy},
+    types::HashAlgorithm,
+    Cert, KeyHandle,
 };
 
 use crate::config::PgpPublicKey;
 
+pub(crate) fn sequoia_policy() -> StandardPolicy<'static> {
+    let mut policy = StandardPolicy::new();
+
+    // The builtin Rust signature key uses SHA-1 for its own signature, even though the individual
+    // signatures generated by it nowadays use SHA-512. Sequoia added a cutoff date for SHA1,
+    // 2023-02-01, which caused warnings to be displayed to rustup users from that day onwards.
+    //
+    // To keep supporting the Rust signature key, we allow the SHA-1 algorithm in rustup without a
+    // cutoff date when verifying the signature key bindings. SHA-1 data signatures are still
+    // disallowed.
+    policy.reject_hash_property_at(
+        HashAlgorithm::SHA1,
+        HashAlgoSecurity::SecondPreImageResistance,
+        None,
+    );
+
+    policy
+}
+
 /// Returns the index of the cert in `certs` that verifies a
 /// signature.
 ///
@@ -26,7 +47,8 @@ pub(crate) fn verify_signature<T: Read + Send + Sync>(
     signature: &str,
     certs: &[PgpPublicKey],
 ) -> Result<Option<usize>> {
-    let p = policy::StandardPolicy::new();
+    let p = sequoia_policy();
+
     let helper = Helper::new(certs);
     let mut v = DetachedVerifierBuilder::from_reader(signature.as_bytes())?
         .with_policy(&p, None, helper)?;