distinguish between cached and uncached creds

p2p and multicast creds are not cached the same way that s3 and webdav
creds are. The difference is that p2p and multicast obtain the creds
themselves, as part of a process like pairing. So they're storing the
only extant copy of the creds. In s3 and webdav etc the creds are
provided by the cloud storage provider.

This is a fine difference, but I do think it's a reasonable difference.
If the user wants to prevent s3 and webdav etc creds from being stored
unencrypted on disk, they won't feel the same about p2p auth tokens
used for tor, or a multicast encryption key, or for that matter their
local ssh private key.

This commit was sponsored by Fernando Jimenez on Patreon.
This commit is contained in:
Joey Hess 2018-12-04 14:02:37 -04:00
parent 736ecbe4b8
commit e89bb4361b
No known key found for this signature in database
GPG key ID: DB12DB0FF05F8F38
4 changed files with 28 additions and 28 deletions

View file

@ -65,7 +65,7 @@ repoP2PAddress _ = Nothing
-- | Load known P2P addresses for this repository.
loadP2PAddresses :: Annex [P2PAddress]
loadP2PAddresses = mapMaybe unformatP2PAddress . maybe [] lines
<$> readCacheCreds p2pAddressCredsFile
<$> readCreds p2pAddressCredsFile
-- | Store a new P2P address for this repository.
storeP2PAddress :: P2PAddress -> Annex ()
@ -74,9 +74,9 @@ storeP2PAddress addr = do
unless (addr `elem` addrs) $ do
let s = unlines $ map formatP2PAddress (addr:addrs)
let tmpnam = p2pAddressCredsFile ++ ".new"
writeCacheCreds s tmpnam
tmpf <- cacheCredsFile tmpnam
destf <- cacheCredsFile p2pAddressCredsFile
writeCreds s tmpnam
tmpf <- credsFile tmpnam
destf <- credsFile p2pAddressCredsFile
-- This may be run by root, so make the creds file
-- and directory have the same owner and group as
-- the git repository directory has.