Sign and validate signatures of rustup-setup

[brson]

We need to sign rustup-setup and validate them on self-update. Probably we can create a new subkey of the existing signing key and give the secrets to travis and appveyor.

This should use the same crypto as we use for rust builds.

[brson]

We might also create a new key just for rustup instead of messing with the rust key.

[heartsucker]

Just noting here for completeness that this will be covered by using TUF as it requires mandatory signatures. See #241.

[comicfans]

Hello ,I’ve installed rustup binary(itself) from trusted source (official website), but due to internet restriction , I have to use RUSTUP_DIST_SERVER to download toolchain(for higher speed) , but I’d like to know how rustup handle update info and binary download from dist server ? I mean if I my rustup binary is trustable , but I use RUSTUP_DIST_SERVER to download toolchain, can RUSTUP_DIST_SERVER provided hijacked toolchain to me ?

[kinnison]

@comicfans The full story around verifying the security of the files rustup downloads has yet to be completed. For now, we rely on the SSL certificates authenticating the RUSTUP_DIST_SERVER and your trust therein.

[comicfans]

@kinnison Thanks for explanation , so that means if I setup https RUSTUP_DIST_SERVER (with valid ssl), the update index and download binary are both downloaded from dist server and it is possible dist server provide both hijacked index/binary ?

[kinnison]

Yes, you have to trust the dist server currently.