allow sha1 signing keys without a cutoff date

pietroalbini · pietroalbini · commit d9769b806977 · 2023-02-01T16:02:39.000+01:00
diff --git a/src/config.rs b/src/config.rs
@@ -7,12 +7,13 @@ use std::str::FromStr;
 use std::sync::Arc;
 
 use anyhow::{anyhow, bail, Context, Result};
-use sequoia_openpgp::{parse::Parse, policy, Cert};
+use sequoia_openpgp::{parse::Parse, Cert};
 use serde::Deserialize;
 use thiserror::Error as ThisError;
 
 use crate::cli::self_update::SelfUpdateMode;
 use crate::dist::download::DownloadCfg;
+use crate::dist::signatures::sequoia_policy;
 use crate::dist::{
     dist::{self, Profile},
     temp,
@@ -198,7 +199,8 @@ impl PgpPublicKey {
         let keyid = format_hex(cert.keyid().as_bytes(), "-", 4)?;
         let algo = cert.primary_key().pk_algo();
         let fpr = format_hex(cert.fingerprint().as_bytes(), " ", 2)?;
-        let p = policy::StandardPolicy::new();
+        let p = sequoia_policy();
+
         let uid0 = cert
             .with_policy(&p, None)?
             .primary_userid()
diff --git a/src/dist/signatures.rs b/src/dist/signatures.rs
@@ -8,11 +8,32 @@ use anyhow::Result;
 
 use sequoia_openpgp::{
     parse::{stream::*, Parse},
-    policy, Cert, KeyHandle,
+    policy::{HashAlgoSecurity, StandardPolicy},
+    types::HashAlgorithm,
+    Cert, KeyHandle,
 };
 
 use crate::config::PgpPublicKey;
 
+pub(crate) fn sequoia_policy() -> StandardPolicy<'static> {
+    let mut policy = StandardPolicy::new();
+
+    // The builtin Rust signature key uses SHA-1 for its own signature, even though the individual
+    // signatures generated by it nowadays use SHA-512. Sequoia added a cutoff date for SHA1,
+    // 2023-02-01, which caused warnings to be displayed to rustup users from that day onwards.
+    //
+    // To keep supporting the Rust signature key, we allow the SHA-1 algorithm in rustup without a
+    // cutoff date when verifying the signature key bindings. SHA-1 data signatures are still
+    // disallowed.
+    policy.reject_hash_property_at(
+        HashAlgorithm::SHA1,
+        HashAlgoSecurity::SecondPreImageResistance,
+        None,
+    );
+
+    policy
+}
+
 /// Returns the index of the cert in `certs` that verifies a
 /// signature.
 ///
@@ -26,7 +47,8 @@ pub(crate) fn verify_signature<T: Read + Send + Sync>(
     signature: &str,
     certs: &[PgpPublicKey],
 ) -> Result<Option<usize>> {
-    let p = policy::StandardPolicy::new();
+    let p = sequoia_policy();
+
     let helper = Helper::new(certs);
     let mut v = DetachedVerifierBuilder::from_reader(signature.as_bytes())?
         .with_policy(&p, None, helper)?;
