laumann/pijul - Change DWSAYGVEOR4D2EKIICEZUWCRGJTUXQQLOUWMYIFV7XN62K44F4FAC

Update codebase to use new identity management

This also adds some support for caching user secrets where appropriate, so it should make interaction with remotes have less friction.

Created by finchie on August 16, 2022

DWSAYGVEOR4D2EKIICEZUWCRGJTUXQQLOUWMYIFV7XN62K44F4FAC

Dependencies

In channels

main

Change contents

Replacement in pijul/src/commands/tag.rs at line 86 [5.74]

B:BD[5.1480] → [6.1081:1133]

    pub fn run(self) -> Result<(), anyhow::Error> {

[5.1480]

[5.1538]

    pub async fn run(self) -> Result<(), anyhow::Error> {

Replacement in pijul/src/commands/tag.rs at line 126 [5.74]

B:BD[5.2976] → [5.2976:3053]

                let header = header(author.as_deref(), message, timestamp)?;

[5.2976]

[3.74]

                let header = header(author.as_deref(), message, timestamp).await?;

Replacement in pijul/src/commands/tag.rs at line 270 [5.74]
B:BD[5.4613] → [5.4613:4624]
```
fn header(
```
[5.4613]
[5.4624]
```
async fn header(
```

Replacement in pijul/src/commands/tag.rs at line 280 [5.74]

∅:D[7.44] → [8.757:1002]

∅:D[9.13668] → [8.757:1002]

B:BD[8.757] → [8.757:1002]

B:BD[8.1002] → [9.13669:13820]

∅:D[7.84] → [8.1034:1044]

∅:D[9.13820] → [8.1034:1044]

B:BD[8.1034] → [8.1034:1044]

    } else if let Some(mut dir) = crate::config::global_config_dir() {
        dir.push("publickey.json");
        if let Ok(key) = std::fs::File::open(&dir) {
            let k: libpijul::key::PublicKey = serde_json::from_reader(key).unwrap();
            b.insert("key".to_string(), k.key);
        } else {
            bail!("No identity configured yet. Please use `pijul key` to create one")
        }

[9.13668]

[8.1044]

    } else if let Some(_dir) = crate::config::global_config_dir() {
        let k = crate::identity::public_key(&crate::identity::choose_identity_name(false).await?)?;
        b.insert("key".to_string(), k.key);

Insertion in pijul/src/commands/record.rs at line 50 [10.101759]

[10.102757]

    /// Identity to sign changes with
    #[clap(long = "identity")]
    pub identity: Option<String>,

Replacement in pijul/src/commands/record.rs at line 65 [10.101759]
B:BD[10.102774] → [6.1370:1422]
```
    pub fn run(self) -> Result<(), anyhow::Error> {
```
[10.102774]
[9.13911]
```
    pub async fn run(self) -> Result<(), anyhow::Error> {
```
Replacement in pijul/src/commands/record.rs at line 132 [10.101759]
B:BD[10.104017] → [11.203:230]
```
            self.header()?
```
[10.104017]
[10.104043]
```
            self.header().await?
```

Replacement in pijul/src/commands/record.rs at line 145 [10.101759]

B:BD[8.1069] → [4.0:43]

        let (_, key) = super::load_key()?;

[8.1069]

[8.1910]

        let (_, key) = crate::identity::decrypt_secret_key(
            &crate::identity::choose_identity_name(false).await?,
            None,
        )?;

Deletion in pijul/src/commands/record.rs at line 176 [10.101759]

B:BD[9.14174] → [9.14174:14266]

                path.push("publickey.json");
                std::fs::File::create(&path)?;

Replacement in pijul/src/commands/record.rs at line 210 [10.101759]

B:BD[10.105380] → [11.231:293]

    fn header(&self) -> Result<ChangeHeader, anyhow::Error> {

[10.105380]

[11.293]

    async fn header(&self) -> Result<ChangeHeader, anyhow::Error> {

Replacement in pijul/src/commands/record.rs at line 216 [10.101759]

∅:D[7.129] → [8.2177:2438]

∅:D[9.14377] → [8.2177:2438]

B:BD[8.2177] → [8.2177:2438]

B:BD[8.2438] → [9.14378:14430]

∅:D[9.14430] → [7.173:284]

B:BD[7.173] → [7.173:284]

∅:D[7.284] → [8.2474:2488]

B:BD[8.2474] → [8.2474:2488]

        } else if let Some(mut dir) = crate::config::global_config_dir() {
            dir.push("publickey.json");
            if let Ok(key) = std::fs::File::open(&dir) {
                let k: libpijul::key::PublicKey = serde_json::from_reader(key).unwrap();
                b.insert("key".to_string(), k.key);
            } else {
                bail!("No identity configured yet. Please use `pijul key` to create one")
            }

[9.14377]

[8.2488]

        } else {
            let public_key = crate::identity::public_key(
                &self
                    .identity
                    .clone()
                    .unwrap_or(crate::identity::choose_identity_name(false).await?),
            );
            b.insert("key".to_string(), public_key?.key);

Insertion in pijul/src/commands/record.rs at line 225 [10.101759]
[8.2498]
[9.14431]
Replacement in pijul/src/commands/protocol.rs at line 12 [10.123281]
∅:D[12.3078] → [13.1962:1987]
∅:D[14.15149] → [13.1962:1987]
B:BD[10.123476] → [13.1962:1987]
```
use log::{debug, error};
```
[14.15149]
[10.123476]
```
use log::{debug, error, warn};
```

Deletion in pijul/src/commands/protocol.rs at line 374 [10.123281]

B:BD[15.359] → [15.359:752]

fn get_public_key() -> Result<libpijul::key::PublicKey, anyhow::Error> {
    if let Some(mut dir) = crate::config::global_config_dir() {
        dir.push("publickey.json");
        if let Ok(mut pkf) = std::fs::File::open(&dir) {
            if let Ok(pkf) = serde_json::from_reader(&mut pkf) {
                return Ok(pkf);
            }
        }
    }
    bail!("No public key found")
}

Replacement in pijul/src/commands/protocol.rs at line 391 [10.123281]

B:BD[15.1259] → [15.1259:1864]

B:BD[15.1864] → [15.1864:1915]

B:BD[15.1915] → [15.1915:2178]

            let public_key: libpijul::key::PublicKey = if let Ok(pk) = get_public_key() {
                pk
            } else {
                return Ok(());
            };
            if !done.insert(public_key.key.clone()) {
                return Ok(());
            }
            if let Ok((config, last_modified)) = crate::config::Global::load() {
                serde_json::to_writer(
                    &mut o,
                    &crate::Identity {
                        public_key,
                        email: config.author.email,
                        name: config.author.full_name,
                        login: config.author.name,
                        origin: String::new(),
                        last_modified,
                    },
                )
                .unwrap();
                writeln!(o)?;
            } else {
                debug!("no global config");
            }

[15.1259]

[15.2178]

            warn!("Skipping serializing old public key format.");
            return Ok(());

Replacement in pijul/src/commands/mod.rs at line 59 [10.133619]
B:BD[16.91] → [8.2522:2547]
```
mod key;
pub use key::*;
```
[16.91]
[8.2547]
```
mod identity;
pub use identity::*;
```
Replacement in pijul/src/commands/mod.rs at line 280 [10.133619]
B:BD[7.357] → [7.357:398]
```
#[derive(Debug, Serialize, Deserialize)]
```
[7.357]
[7.398]
```
#[derive(Clone, Debug, Serialize, Deserialize)]
```
Deletion in pijul/src/commands/mod.rs at line 282 [10.133619]
B:BD[7.420] → [9.19978:20024]
```
    pub public_key: libpijul::key::PublicKey,
```
Insertion in pijul/src/commands/mod.rs at line 291 [10.133619]
[9.20225]
[9.20225]
```
    pub public_key: libpijul::key::PublicKey,
```

Deletion in pijul/src/commands/mod.rs at line 294 [10.133619]

B:BD[9.20228] → [4.67:157]

∅:D[4.157] → [9.20290:20787]

B:BD[9.20290] → [9.20290:20787]

B:BD[9.20787] → [4.158:229]

∅:D[4.229] → [9.20828:21042]

B:BD[9.20828] → [9.20828:21042]

B:BD[9.21042] → [17.60:69]

fn load_key() -> Result<(libpijul::key::SecretKey, libpijul::key::SKey), anyhow::Error> {
    if let Some(mut dir) = crate::config::global_config_dir() {
        dir.push("secretkey.json");
        if let Ok(key) = std::fs::File::open(&dir) {
            let k: libpijul::key::SecretKey = serde_json::from_reader(key)?;
            let pass = if k.encryption.is_some() {
                Some(rpassword::read_password_from_tty(Some(&format!(
                    "Password for {:?}: ",
                    dir
                )))?)
            } else {
                None
            };
            let sk = k.load(pass.as_deref())?;
            Ok((k, sk))
        } else {
            bail!("Secret key not found, please use `pijul key generate` and try again")
        }
    } else {
        bail!("Secret key not found, please use `pijul key generate` and try again")
    }
}

Deletion in pijul/src/commands/log.rs at line 84 [10.134376]

B:BD[4.244] → [4.244:466]

        let mut global_id_path = crate::config::global_config_dir();
        if let Some(ref mut gl) = global_id_path {
            gl.push("identities")
        }
        debug!("global_id_path = {:?}", global_id_path);

Deletion in pijul/src/commands/log.rs at line 89 [10.134376]
B:BD[18.1608] → [4.467:495]
```
            global_id_path,
```
Deletion in pijul/src/commands/log.rs at line 267 [10.134376]
B:BD[19.7422] → [4.496:533]
```
    global_id_path: Option<PathBuf>,
```
Deletion in pijul/src/commands/log.rs at line 316 [10.134376]
B:BD[19.10433] → [4.536:598]
```
        let mut global_id_path = self.global_id_path.clone();
```

Replacement in pijul/src/commands/log.rs at line 336 [10.134376]

B:BD[20.1350] → [4.599:871]

                    let entry = self.mk_log_entry(
                        &mut authors,
                        &mut id_path,
                        &mut global_id_path,
                        h.into(),
                        Some(mrk.into()),
                    )?;

[20.1350]

[20.1482]

                    let entry =
                        self.mk_log_entry(&mut authors, &mut id_path, h.into(), Some(mrk.into()))?;

Deletion in pijul/src/commands/log.rs at line 359 [10.134376]
B:BD[19.12405] → [4.872:918]
```
        global_id_path: &mut Option<PathBuf>,
```

Replacement in pijul/src/commands/log.rs at line 382 [10.134376]

B:BD[19.13299] → [4.995:1745]

                            debug!("{:?} {:?}", global_id_path, id);
                            if let Some(ref mut global_id_path) = global_id_path {
                                if id.is_none() {
                                    global_id_path.push(e.key());
                                    debug!("{:?}", global_id_path);
                                    if let Ok(f) = std::fs::File::open(&global_id_path) {
                                        if let Ok(id_) = serde_json::from_reader(f) {
                                            id = Some(id_)
                                        } else {
                                            debug!("wrong identity for {:?}", e.key());
                                        }

[19.13299]

[4.1745]

                            debug!("{:?}", id);
                            if let Ok(identities) = crate::identity::Complete::load_all() {
                                for identity in identities {
                                    if &identity.identity.public_key.key == e.key() {
                                        id = Some(identity.identity);

Deletion in pijul/src/commands/log.rs at line 388 [10.134376]

B:BD[4.1783] → [4.1783:1841]

                                    global_id_path.pop();

Replacement in pijul/src/remote/ssh.rs at line 3 [10.25380]
B:BD[10.25667] → [10.25667:25699]
```
use std::path::{Path, PathBuf};
```
[10.25667]
[21.0]
```
use std::path::PathBuf;
```

Replacement in pijul/src/remote/ssh.rs at line 123 [10.25380]

B:BD[2.138] → [2.138:233]

                self.auth_pk(&mut h, &mut key_path).await || self.auth_password(&mut h).await?

[2.138]

[2.233]

                let mut stderr = std::io::stderr();
                writeln!(stderr, "Warning: Unable to automatically authenticate with server. Please make sure your SSH keys have been uploaded to the Nest.")?;
                writeln!(stderr, "For more information, please visit https://pijul.org/manual/the_nest/public_keys.html#ssh-public-keys")?;
                self.auth_password(&mut h).await?

Replacement in pijul/src/remote/ssh.rs at line 133 [10.25380]

B:BD[10.28303] → [14.7903:7942]

            bail!("Not authenticated")

[10.28303]

[10.28359]

            bail!("Not authenticated. Please check your credentials and try again.");

Deletion in pijul/src/remote/ssh.rs at line 211 [10.25380]

B:BD[10.30396] → [10.30396:30403]

B:BD[10.30403] → [22.344:481]

B:BD[22.481] → [23.0:63]

∅:D[23.63] → [10.30498:30537]

∅:D[22.481] → [10.30498:30537]

B:BD[10.30498] → [10.30498:30537]

B:BD[10.30537] → [24.1618:1878]

∅:D[24.1878] → [10.30582:30825]

B:BD[10.30582] → [10.30582:30825]

B:BD[10.30825] → [24.1879:1951]

∅:D[24.1951] → [10.30898:31112]

B:BD[10.30898] → [10.30898:31112]

    }
    async fn auth_pk(
        &self,
        h: &mut thrussh::client::Handle<SshClient>,
        key_path: &mut PathBuf,
    ) -> bool {
        if h.is_closed() {
            return false;
        }
        let mut authenticated = false;
        let mut keys = Vec::new();
        if let Some(ref file) = self.config.identity_file {
            keys.push(file.as_str())
        } else {
            keys.push("id_ed25519");
            keys.push("id_rsa");
        }
        for k in keys.iter() {
            key_path.push(k);
            let k = if let Some(k) = load_secret_key(&key_path, k) {
                k
            } else {
                key_path.pop();
                continue;
            };
            if let Ok(auth) = h
                .authenticate_publickey(&self.config.user, Arc::new(k))
                .await
            {
                authenticated = auth
            }
            key_path.pop();
            if authenticated {
                return true;
            }
        }
        false

Deletion in pijul/src/remote/ssh.rs at line 220 [10.25380]
∅:D[23.131] → [10.31219:31323]
∅:D[22.617] → [10.31219:31323]
B:BD[10.31219] → [10.31219:31323]
B:BD[10.31323] → [24.1952:2004]
∅:D[24.2004] → [10.31356:31370]
B:BD[10.31356] → [10.31356:31370]
B:BD[10.31370] → [24.2005:2093]
∅:D[24.2093] → [10.31438:31446]
B:BD[10.31438] → [10.31438:31446]
```
        let pass = rpassword::read_password_from_tty(Some(&format!(
            "Password for {}@{}: ",
            self.config.user, self.config.host_name
        )))?;
        h.authenticate_password(self.config.user.to_string(), &pass)
            .await
    }
}
```

Replacement in pijul/src/remote/ssh.rs at line 221 [10.25380]

B:BD[10.31447] → [25.238:406]

∅:D[25.406] → [10.31595:31641]

B:BD[10.31595] → [10.31595:31641]

B:BD[10.31641] → [22.618:679]

∅:D[22.679] → [10.31717:32070]

B:BD[10.31717] → [10.31717:32070]

B:BD[10.32070] → [26.0:87]

∅:D[26.87] → [10.32167:32203]

B:BD[10.32167] → [10.32167:32203]

pub fn load_secret_key<P: AsRef<Path>>(key_path: P, k: &str) -> Option<thrussh_keys::key::KeyPair> {
    match thrussh_keys::load_secret_key(key_path.as_ref(), None) {
        Ok(k) => Some(k),
        Err(e) => {
            if let thrussh_keys::Error::KeyIsEncrypted = e {
                let pass = if let Ok(pass) =
                    rpassword::read_password_from_tty(Some(&format!("Password for key {:?}: ", k)))
                {
                    pass
                } else {
                    return None;
                };
                if pass.is_empty() {
                    return None;
                }
                if let Ok(k) = thrussh_keys::load_secret_key(&key_path, Some(&pass)) {
                    return Some(k);

[10.31447]

[10.32203]

        // Authentication can be attempted multiple times
        let mut authenticated = false;
        let username = format!("{}@{}", self.config.user, self.config.host_name);
        // Try authenticate using the user's keyring
        if let Ok(password) = keyring::Entry::new("pijul", &username).get_password() {
            authenticated = h
                .authenticate_password(self.config.user.to_string(), &password)
                .await?;
        }
        // Try authenticate using user's password
        if !authenticated {
            let password = dialoguer::Password::with_theme(
                crate::config::load_theme()
                    .expect("Could not load config")
                    .as_ref(),
            )
            .with_prompt(format!("Password for {username}"))
            .allow_empty_password(true)
            .interact()
            .unwrap();
            authenticated = h
                .authenticate_password(self.config.user.to_string(), &password)
                .await?;
            // If the new password is valid, update the keyring to match
            if authenticated {
                match keyring::Entry::new("pijul", &username).set_password(&password) {
                    Err(e) => writeln!(
                        std::io::stderr(),
                        "Warning: could not write new password to keychain: {e}"
                    )
                    .unwrap(),
                    _ => (),

Deletion in pijul/src/remote/ssh.rs at line 259 [10.25380]
B:BD[10.32235] → [10.32235:32252]
```
            None
```
Insertion in pijul/src/remote/ssh.rs at line 260 [10.25380]
[10.32262]
[10.32262]
```
        Ok(authenticated)
```
Replacement in libpijul/src/key.rs at line 19 [8.5013]
B:BD[8.5695] → [8.5695:5729]
```
#[derive(Serialize, Deserialize)]
```
[8.5695]
[8.5729]
```
#[derive(Clone, Debug, Serialize, Deserialize)]
```
Replacement in libpijul/src/key.rs at line 319 [8.5013]
∅:D[9.40384] → [8.14834:14868]
B:BD[8.14834] → [8.14834:14868]
```
#[derive(Serialize, Deserialize)]
```
[9.40384]
[8.14868]
```
#[derive(Clone, Debug, Serialize, Deserialize)]
```
Replacement in libpijul/src/key.rs at line 324 [8.5013]
B:BD[8.14910] → [8.14910:14944]
```
#[derive(Serialize, Deserialize)]
```
[8.14910]
[8.14944]
```
#[derive(Clone, Debug, Serialize, Deserialize)]
```

Update codebase to use new identity management

Dependencies

In channels

Change contents

Replacement in pijul/src/commands/tag.rs at line 86 [5.74]

Replacement in pijul/src/commands/tag.rs at line 126 [5.74]

Replacement in pijul/src/commands/tag.rs at line 270 [5.74]

Replacement in pijul/src/commands/tag.rs at line 280 [5.74]

Insertion in pijul/src/commands/record.rs at line 50 [10.101759]

Replacement in pijul/src/commands/record.rs at line 65 [10.101759]

Replacement in pijul/src/commands/record.rs at line 132 [10.101759]

Replacement in pijul/src/commands/record.rs at line 145 [10.101759]

Deletion in pijul/src/commands/record.rs at line 176 [10.101759]

Replacement in pijul/src/commands/record.rs at line 210 [10.101759]

Replacement in pijul/src/commands/record.rs at line 216 [10.101759]

Insertion in pijul/src/commands/record.rs at line 225 [10.101759]

Replacement in pijul/src/commands/protocol.rs at line 12 [10.123281]

Deletion in pijul/src/commands/protocol.rs at line 374 [10.123281]

Replacement in pijul/src/commands/protocol.rs at line 391 [10.123281]

Replacement in pijul/src/commands/mod.rs at line 59 [10.133619]

Replacement in pijul/src/commands/mod.rs at line 280 [10.133619]

Deletion in pijul/src/commands/mod.rs at line 282 [10.133619]

Insertion in pijul/src/commands/mod.rs at line 291 [10.133619]

Deletion in pijul/src/commands/mod.rs at line 294 [10.133619]

Deletion in pijul/src/commands/log.rs at line 84 [10.134376]

Deletion in pijul/src/commands/log.rs at line 89 [10.134376]

Deletion in pijul/src/commands/log.rs at line 267 [10.134376]

Deletion in pijul/src/commands/log.rs at line 316 [10.134376]

Replacement in pijul/src/commands/log.rs at line 336 [10.134376]

Deletion in pijul/src/commands/log.rs at line 359 [10.134376]

Replacement in pijul/src/commands/log.rs at line 382 [10.134376]

Deletion in pijul/src/commands/log.rs at line 388 [10.134376]

Replacement in pijul/src/remote/ssh.rs at line 3 [10.25380]

Replacement in pijul/src/remote/ssh.rs at line 123 [10.25380]

Replacement in pijul/src/remote/ssh.rs at line 133 [10.25380]

Deletion in pijul/src/remote/ssh.rs at line 211 [10.25380]

Deletion in pijul/src/remote/ssh.rs at line 220 [10.25380]

Replacement in pijul/src/remote/ssh.rs at line 221 [10.25380]

Deletion in pijul/src/remote/ssh.rs at line 259 [10.25380]

Insertion in pijul/src/remote/ssh.rs at line 260 [10.25380]

Replacement in libpijul/src/key.rs at line 19 [8.5013]

Replacement in libpijul/src/key.rs at line 319 [8.5013]

Replacement in libpijul/src/key.rs at line 324 [8.5013]