Skip to content

/rustup.rs

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sign and validate signatures of rustup-setup #242

Open
brson opened this Issue Apr 1, 2016 · 2 comments

Comments

Assignees
No one assigned
Labels
security
Projects
Build in Issue Categorisation
Milestone
No milestone
2 participants
@brson @heartsucker
@brson
Copy link
Contributor

brson commented Apr 1, 2016

We need to sign rustup-setup and validate them on self-update. Probably we can create a new subkey of the existing signing key and give the secrets to travis and appveyor.

This should use the same crypto as we use for rust builds.
@brson

This comment has been minimized.

Sign in to view
Copy link
Contributor Author

brson commented Apr 1, 2016

We might also create a new key just for rustup instead of messing with the rust key.

@brson brson added the security label May 12, 2016

@brson brson referenced this issue Jul 27, 2016

Open

Validate signatures of builds #241

@brson brson referenced this issue Aug 22, 2016

Closed

rustup.sh and underlying binaries authentication #16442

@jonathanKingston jonathanKingston referenced this issue Jan 8, 2017

Open

Consider providing an asc file for gpg checking for rustup-init #915

@Diggsey Diggsey added this to Build in Issue Categorisation May 4, 2017

@heartsucker

This comment has been minimized.

Sign in to view
Copy link

heartsucker commented Jul 29, 2017

Just noting here for completeness that this will be covered by using TUF as it requires mandatory signatures. See #241.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.