Migrate `pijul::identity::Complete::prove` to `pijul::remote::prove`

finchie

Aug 17, 2023, 5:27 AM

5Z2Y7VGVHJ7A6UPSEAPFVMIB5J7YHSI6WWHUUUYVLDJ56XSNCXKQC

Dependencies

[2] ABQDWHNG Migrate from `pijul::repository` to `pijul-repository`
[3] Y2Y4OOIE Move `pijul::DEFAULT_CHANNEL` to `libpijul`
[4] 32G3GOK7 Migrate from `dialoguer` to `pijul-interaction`
[5] 44RUBHRE Only re-prove identity when credentials change
[6] YV63XF6Z Fixing a conflict
[7] 6FRPUHWK Fix identity tests
[8] LZOGKBJX new command `pijul client` for authenticating to a HTTP server
[9] Y6TBQN7M Automatically format `pijul` crate
[10] 4KJ45IJL Implement new identity management
[11] MEK57BAD Optional user in ssh_remote, allows to fix the key proof in `pijul id ed`
[12] BV4PLHOV Remove dependency on `once_cell`
[13] 4RV7T4SR Migrate from `pijul::config` to `pijul-config`
[14] 4OJWMSOW Fully replace crate::Identity
[15] IKZBGTGQ Handle absence of keyring as warning rather than error
[*] SXEYMYF7 Fixing the bad changes in history (unfortunately, by rebooting).
[*] MU5GSJAW Partial push and pull (WARNING: breaks the existing protocol)
[*] L4JXJHWX pijul/*: reorganize imports and remove extern crate

Change contents

edit in pijul/src/remote/mod.rs at line 2

[18.884]

[19.406]

use std::io::Write;
edit in pijul/src/remote/mod.rs at line 17

[19.457]

[5.246]

use crate::identity::Complete;
edit in pijul/src/remote/mod.rs at line 63

[17.53367]

[17.53367]

}

/// Associate a generated key with a remote identity. Patches authored
/// by unproven keys will only display the key as the author.
pub async fn prove(
identity: &Complete,
origin: Option<&str>,
no_cert_check: bool,
) -> Result<(), anyhow::Error> {
let remote = origin.unwrap_or(&identity.config.author.origin);
let mut stderr = std::io::stderr();
writeln!(
stderr,
"Linking identity `{}` with {}@{}",
&identity.name, &identity.config.author.username, remote
)?;

let mut remote = if let Ok(repo) = Repository::find_root(None) {
repository(
&repo,
None,
Some(&identity.config.author.username),
&remote,
libpijul::DEFAULT_CHANNEL,
no_cert_check,
false,
)
.await?
} else {
unknown_remote(
None,
Some(&identity.config.author.username),
&remote,
libpijul::DEFAULT_CHANNEL,
no_cert_check,
false,
)
.await?
};

let (key, _password) = identity
.credentials
.clone()
.unwrap()
.decrypt(&identity.name)?;
remote.prove(key).await?;

Ok(())
edit in pijul/src/identity/mod.rs at line 41

[5.16968]→[5.16968:16999](∅→∅)

pub use create::NO_CERT_CHECK;
replacement in pijul/src/identity/mod.rs at line 173

[5.5265]→[5.5265:5303](∅→∅)

credentials: Option<Credentials>,

[5.5265]

[5.17573]

pub credentials: Option<Credentials>,
edit in pijul/src/identity/create.rs at line 3

[5.8674]→[2.812:865](∅→∅)

use crate::remote;
use pijul_repository::Repository;
replacement in pijul/src/identity/create.rs at line 9

[5.28494]→[5.70:101](∅→∅)

use log::{debug, error, warn};

[5.28494]

[4.1126]

use log::{debug, warn};
edit in pijul/src/identity/create.rs at line 11

[5.657]→[5.327:352](∅→∅),[4.1175]→[5.327:352](∅→∅),[5.8770]→[5.327:352](∅→∅)

use std::sync::OnceLock;
edit in pijul/src/identity/create.rs at line 12

[5.50]→[5.28571:28572](∅→∅),[5.483]→[5.28571:28572](∅→∅),[5.8770]→[5.28571:28572](∅→∅),[5.28571]→[5.28571:28572](∅→∅),[5.28572]→[5.353:413](∅→∅)

pub static NO_CERT_CHECK: OnceLock<bool> = OnceLock::new();
edit in pijul/src/identity/create.rs at line 97

[5.10536]→[5.10536:10537](∅→∅),[5.10537]→[4.1991:2018](∅→∅),[4.2018]→[5.10585:10660](∅→∅),[5.10585]→[5.10585:10660](∅→∅),[5.10660]→[4.2019:2051](∅→∅),[4.2051]→[5.10687:10722](∅→∅),[5.10687]→[5.10687:10722](∅→∅),[5.10722]→[5.256:305](∅→∅)

if Confirm::new()?
.with_prompt("Do you want to link this identity to a remote?")
.with_default(true)
.interact()?
{
new_identity.prompt_remote().await?;
replacement in pijul/src/identity/create.rs at line 98

[5.306]→[5.306:492](∅→∅),[5.492]→[4.2052:2081](∅→∅),[4.2081]→[5.528:841](∅→∅),[5.528]→[5.528:841](∅→∅)

// There are 3 cases that require re-proving:
// 1: new identity (replace_current == None)
// 2: new secret key
// 3. new username/origin
if !will_replace
|| self.secret_key() != new_identity.secret_key()
|| (&self.config.author.origin, &self.config.author.username)
!= (
&new_identity.config.author.origin,
&new_identity.config.author.username,
)

[5.306]

[5.841]

if link_remote {
if Confirm::new()?
.with_prompt("Do you want to link this identity to a remote?")
.with_default(true)
.interact()?
replacement in pijul/src/identity/create.rs at line 104

[5.855]→[5.855:974](∅→∅),[5.974]→[5.3418:3493](∅→∅),[5.3493]→[5.1043:1505](∅→∅),[5.1043]→[5.1043:1505](∅→∅)

// Prove the identity to the server
if link_remote
&& new_identity
.prove(None, *NO_CERT_CHECK.get_or_init(|| false))
.await
.is_err()
{
error!("Could not prove identity `{}`. Please check your credentials & network connection. If you are on an enterprise network, perhaps try running with `--no-cert-check`. Your data is safe but will not be connected to {} without runnning `pijul identity prove {}`", new_identity.name, new_identity.config.author.origin, new_identity.name);
}

[5.855]

[5.1505]

new_identity.prompt_remote().await?;
} else {
// The user wants an 'offline' identity, so make sure not to store login info
new_identity.config.key_path = None;
new_identity.config.author.username = String::new();
new_identity.config.author.origin = String::new();
edit in pijul/src/identity/create.rs at line 111

[5.1519]→[5.3674:3958](∅→∅),[5.10782]→[5.3674:3958](∅→∅)

} else {
// The user wants an 'offline' identity, so make sure not to store login info
new_identity.config.key_path = None;
new_identity.config.author.username = String::new();
new_identity.config.author.origin = String::new();
edit in pijul/src/identity/create.rs at line 264

[5.36754]→[5.36754:36755](∅→∅),[5.36755]→[5.36755:36896](∅→∅),[5.36896]→[5.3494:3696](∅→∅),[5.3696]→[5.36978:37060](∅→∅),[5.36978]→[5.36978:37060](∅→∅),[5.37060]→[5.1590:1638](∅→∅),[5.1638]→[5.3697:3758](∅→∅),[5.1719]→[5.37154:37166](∅→∅),[5.3758]→[5.37154:37166](∅→∅),[5.4661]→[5.37154:37166](∅→∅),[5.13814]→[5.37154:37166](∅→∅),[5.37154]→[5.37154:37166](∅→∅)

/// Associate a generated key with a remote identity. Patches authored
/// by unproven keys will only display the key as the author.
pub async fn prove(
&self,
origin: Option<&str>,
no_cert_check: bool,
) -> Result<(), anyhow::Error> {
let remote = origin.unwrap_or(&self.config.author.origin);
let mut stderr = std::io::stderr();
writeln!(
stderr,
"Linking identity `{}` with {}@{}",
&self.name, &self.config.author.username, remote
)?;
edit in pijul/src/identity/create.rs at line 265

[5.13871]→[5.37218:37291](∅→∅),[5.37218]→[5.37218:37291](∅→∅),[5.37291]→[2.866:921](∅→∅),[2.921]→[5.3784:3883](∅→∅),[5.3784]→[5.3784:3883](∅→∅),[5.3883]→[3.0:43](∅→∅),[3.43]→[5.3923:4011](∅→∅),[5.3923]→[5.3923:4011](∅→∅),[5.4011]→[5.38042:38059](∅→∅),[5.38042]→[5.38042:38059](∅→∅),[5.38059]→[5.4012:4154](∅→∅),[5.4154]→[3.44:87](∅→∅),[3.87]→[5.4194:4282](∅→∅),[5.4194]→[5.4194:4282](∅→∅),[5.4282]→[5.38107:38119](∅→∅),[5.38107]→[5.38107:38119](∅→∅),[5.38119]→[5.13872:13959](∅→∅),[5.13959]→[5.38194:38228](∅→∅),[5.38194]→[5.38194:38228](∅→∅),[5.38228]→[5.38228:38251](∅→∅)

let mut remote = if let Ok(repo) = Repository::find_root(None) {
remote::repository(
&repo,
None,
Some(&self.config.author.username),
&remote,
libpijul::DEFAULT_CHANNEL,
no_cert_check,
false,
)
.await?
} else {
crate::remote::unknown_remote(
None,
Some(&self.config.author.username),
&remote,
libpijul::DEFAULT_CHANNEL,
no_cert_check,
false,
)
.await?
};

let (key, _password) = self.credentials.clone().unwrap().decrypt(&self.name)?;
remote.prove(key).await?;

Ok(())
}
edit in pijul/src/commands/identity.rs at line 2

[5.1210]

[5.1210]

use crate::remote;
replacement in pijul/src/commands/identity.rs at line 11

[5.41098]→[5.0:15](∅→∅)

use log::warn;

[5.41098]

[4.2784]

use log::{info, warn};
edit in pijul/src/commands/identity.rs at line 245

[5.48608]→[5.48608:48707](∅→∅)

crate::identity::NO_CERT_CHECK
.set(self.no_cert_check)
.unwrap();
edit in pijul/src/commands/identity.rs at line 260

[5.49384]

[5.49384]

if let Err(_) = remote::prove(&identity, None, self.no_cert_check).await {
warn!("Could not prove identity `{}`. Please check your credentials & network connection. If you are on an enterprise network, perhaps try running with `--no-cert-check`. Your data is safe but will not be connected to {} without runnning `pijul identity prove {}`", identity.name, identity.config.author.origin, identity.name);
} else {
info!("Identity `{}` was proved to the server", identity);
}
replacement in pijul/src/commands/identity.rs at line 273

[5.49589]→[5.49589:49687](∅→∅),[5.49687]→[5.4467:4533](∅→∅),[5.4533]→[5.49734:49763](∅→∅),[5.49734]→[5.49734:49763](∅→∅)

Complete::load(&identity_name.unwrap_or(choose_identity_name(no_prompt).await?))?
.prove(server.as_deref(), self.no_cert_check)
.await?;

[5.49589]

[5.49763]

let identity_name =
&identity_name.unwrap_or(choose_identity_name(no_prompt).await?);
let loaded_identity = Complete::load(identity_name)?;
remote::prove(&loaded_identity, server.as_deref(), self.no_cert_check).await?;
replacement in pijul/src/commands/identity.rs at line 409

[5.55297]→[5.19453:19511](∅→∅)

old_identity.replace_with(new_identity)?;

[5.55297]

[5.55730]

old_identity.clone().replace_with(new_identity.clone())?;

// There are 2 cases that require re-proving:
// 1: new secret key
// 2. new username/origin
if !options.no_link {
if new_identity.secret_key() != old_identity.secret_key()
|| old_identity.config.author != new_identity.config.author
{
let prove_result =
remote::prove(&new_identity, None, self.no_cert_check).await;

if let Err(_) = prove_result {
warn!("Could not prove identity `{}`. Please check your credentials & network connection. If you are on an enterprise network, perhaps try running with `--no-cert-check`. Your data is safe but will not be connected to {} without runnning `pijul identity prove {}`", new_identity.name, new_identity.config.author.origin, new_identity.name);
} else {
info!("Identity `{}` was proved to the server", new_identity);
}
}
}