distinguish between cached and uncached creds
p2p and multicast creds are not cached the same way that s3 and webdav creds are. The difference is that p2p and multicast obtain the creds themselves, as part of a process like pairing. So they're storing the only extant copy of the creds. In s3 and webdav etc the creds are provided by the cloud storage provider. This is a fine difference, but I do think it's a reasonable difference. If the user wants to prevent s3 and webdav etc creds from being stored unencrypted on disk, they won't feel the same about p2p auth tokens used for tor, or a multicast encryption key, or for that matter their local ssh private key. This commit was sponsored by Fernando Jimenez on Patreon.
This commit is contained in:
Joey Hess
parent
736ecbe4b8
commit
e89bb4361b
4 changed files with 28 additions and 28 deletions
36
Creds.hs
36
Creds.hs
|
|
@ -13,9 +13,9 @@ module Creds (
|
|||
getRemoteCredPairFor,
|
||||
warnMissingCredPairFor,
|
||||
getEnvCredPair,
|
||||
writeCacheCreds,
|
||||
readCacheCreds,
|
||||
cacheCredsFile,
|
||||
writeCreds,
|
||||
readCreds,
|
||||
credsFile,
|
||||
removeCreds,
|
||||
includeCredsInfo,
|
||||
) where
|
||||
|
|
@ -141,32 +141,32 @@ getEnvCredPair storage = liftM2 (,)
|
|||
|
||||
writeCacheCredPair :: CredPair -> CredPairStorage -> Annex ()
|
||||
writeCacheCredPair credpair storage =
|
||||
writeCacheCreds (encodeCredPair credpair) (credPairFile storage)
|
||||
writeCreds (encodeCredPair credpair) (credPairFile storage)
|
||||
|
||||
readCacheCredPair :: CredPairStorage -> Annex (Maybe CredPair)
|
||||
readCacheCredPair storage = maybe Nothing decodeCredPair
|
||||
<$> readCreds (credPairFile storage)
|
||||
|
||||
existsCacheCredPair :: CredPairStorage -> Annex Bool
|
||||
existsCacheCredPair storage =
|
||||
liftIO . doesFileExist =<< credsFile (credPairFile storage)
|
||||
|
||||
{- Stores the creds in a file inside gitAnnexCredsDir that only the user
|
||||
- can read. -}
|
||||
writeCacheCreds :: Creds -> FilePath -> Annex ()
|
||||
writeCacheCreds creds file = do
|
||||
writeCreds :: Creds -> FilePath -> Annex ()
|
||||
writeCreds creds file = do
|
||||
d <- fromRepo gitAnnexCredsDir
|
||||
createAnnexDirectory d
|
||||
liftIO $ writeFileProtected (d </> file) creds
|
||||
|
||||
readCacheCredPair :: CredPairStorage -> Annex (Maybe CredPair)
|
||||
readCacheCredPair storage = maybe Nothing decodeCredPair
|
||||
<$> readCacheCreds (credPairFile storage)
|
||||
readCreds :: FilePath -> Annex (Maybe Creds)
|
||||
readCreds f = liftIO . catchMaybeIO . readFileStrict =<< credsFile f
|
||||
|
||||
readCacheCreds :: FilePath -> Annex (Maybe Creds)
|
||||
readCacheCreds f = liftIO . catchMaybeIO . readFileStrict =<< cacheCredsFile f
|
||||
|
||||
cacheCredsFile :: FilePath -> Annex FilePath
|
||||
cacheCredsFile basefile = do
|
||||
credsFile :: FilePath -> Annex FilePath
|
||||
credsFile basefile = do
|
||||
d <- fromRepo gitAnnexCredsDir
|
||||
return $ d </> basefile
|
||||
|
||||
existsCacheCredPair :: CredPairStorage -> Annex Bool
|
||||
existsCacheCredPair storage =
|
||||
liftIO . doesFileExist =<< cacheCredsFile (credPairFile storage)
|
||||
|
||||
encodeCredPair :: CredPair -> Creds
|
||||
encodeCredPair (l, p) = unlines [l, p]
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue