distinguish between cached and uncached creds
p2p and multicast creds are not cached the same way that s3 and webdav creds are. The difference is that p2p and multicast obtain the creds themselves, as part of a process like pairing. So they're storing the only extant copy of the creds. In s3 and webdav etc the creds are provided by the cloud storage provider. This is a fine difference, but I do think it's a reasonable difference. If the user wants to prevent s3 and webdav etc creds from being stored unencrypted on disk, they won't feel the same about p2p auth tokens used for tor, or a multicast encryption key, or for that matter their local ssh private key. This commit was sponsored by Fernando Jimenez on Patreon.
This commit is contained in:
parent
736ecbe4b8
commit
e89bb4361b
4 changed files with 28 additions and 28 deletions
|
@ -65,7 +65,7 @@ repoP2PAddress _ = Nothing
|
|||
-- | Load known P2P addresses for this repository.
|
||||
loadP2PAddresses :: Annex [P2PAddress]
|
||||
loadP2PAddresses = mapMaybe unformatP2PAddress . maybe [] lines
|
||||
<$> readCacheCreds p2pAddressCredsFile
|
||||
<$> readCreds p2pAddressCredsFile
|
||||
|
||||
-- | Store a new P2P address for this repository.
|
||||
storeP2PAddress :: P2PAddress -> Annex ()
|
||||
|
@ -74,9 +74,9 @@ storeP2PAddress addr = do
|
|||
unless (addr `elem` addrs) $ do
|
||||
let s = unlines $ map formatP2PAddress (addr:addrs)
|
||||
let tmpnam = p2pAddressCredsFile ++ ".new"
|
||||
writeCacheCreds s tmpnam
|
||||
tmpf <- cacheCredsFile tmpnam
|
||||
destf <- cacheCredsFile p2pAddressCredsFile
|
||||
writeCreds s tmpnam
|
||||
tmpf <- credsFile tmpnam
|
||||
destf <- credsFile p2pAddressCredsFile
|
||||
-- This may be run by root, so make the creds file
|
||||
-- and directory have the same owner and group as
|
||||
-- the git repository directory has.
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue