Skip to content

Validate pgp signatures #2077

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Oct 26, 2019
Merged

Validate pgp signatures #2077

merged 3 commits into from
Oct 26, 2019

Conversation

dignifiedquire
Copy link
Contributor

@dignifiedquire dignifiedquire commented Oct 22, 2019
edited
Loading

Ref #2028

kinnison
kinnison suggested changes Oct 22, 2019
View reviewed changes
Copy link
Contributor

@kinnison kinnison left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks amazing as a first-cut. We need to have tests which verify that if signatures exist which are bad, we get appropriate warnings, and then we need to think about how we're going to handle the keyring more effectively than the current pair of commented lines; but thank you and I hope my suggestions are useful.

@dignifiedquire
Copy link
Contributor Author

I will need to wait for a more configurable way for keys to put in the real thing unfortunately, as cfg(test) is not applied when running the tests in the tests directory (ref likely rust-lang/rust#59168)

@bors
Copy link
Contributor

bors commented Oct 23, 2019

☔ The latest upstream changes (presumably #2079) made this pull request unmergeable. Please resolve the merge conflicts.

kinnison
kinnison reviewed Oct 23, 2019
View reviewed changes
Copy link
Contributor

@kinnison kinnison left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is looking pretty good now. I'm thinking about how I want to provide key configurability. I will hopefully have an answer for you in the next few days.

@dignifiedquire dignifiedquire force-pushed the pgp-signature-verification branch 2 times, most recently from 63cddaa to 0ab5596 Compare October 26, 2019 10:35
kinnison
kinnison reviewed Oct 26, 2019
View reviewed changes
Copy link
Contributor

@kinnison kinnison left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is starting to look like it's near to ready.

@kinnison
Copy link
Contributor

I think we need to start tidying this into a series of functional commits so that we can get ready to merge. This is looking amazing.

@dignifiedquire
feat: implement pgp signature validation
597953e 
Uses the pgp crate to validate signatures on downloaded artifacts when they are available and warns if those are not valid.

Ref rust-lang#2028
@dignifiedquire dignifiedquire force-pushed the pgp-signature-verification branch from 0ab5596 to 597953e Compare October 26, 2019 14:16
kinnison
kinnison approved these changes Oct 26, 2019
View reviewed changes
Copy link
Contributor

@kinnison kinnison left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That test looks 👍

@kinnison kinnison changed the title [WIP] Validate pgp signatures Validate pgp signatures Oct 26, 2019
kinnison
kinnison approved these changes Oct 26, 2019
View reviewed changes
Copy link
Contributor

@kinnison kinnison left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That makes sense, here's hoping it sorts appveyor out :D

@kinnison kinnison merged commit 4610a9a into rust-lang:master Oct 26, 2019
@bors bors mentioned this pull request Oct 26, 2019
Merged
@kinnison kinnison mentioned this pull request Oct 26, 2019
Closed
13 tasks
@dignifiedquire dignifiedquire deleted the pgp-signature-verification branch October 28, 2019 10:09
@jiegec jiegec mentioned this pull request Jun 8, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kinnison kinnison kinnison approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dignifiedquire @bors @kinnison