Compare only attributes we may have added #8
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Attempt to open an encrypted session when opening a session using the `dh-ietf1024-sha256-aes128-cbc-pkcs7` algorithm specified in the Secret Service specification. If we fail to open a session with that algorithm, fall back to a `plain` session. Use the AES key negotiated when opening the session to encrypt and decrypt the secrets exchanged with the Secret Service. The crypto routines in `crypto.go` have been taken from https://github.com/mvdan/bitw - my thanks go to Daniel Martí for writing this as it saved me a lot of headaches reading, understanding, implementing and testing the algorithms as specified in the various RFCs. A new dependency = `golang.org/x/[email protected]` has been added, used by the crypto routines needed to implemented encrypted sessions. Just the `golang.org/x/crypto/hkdf` package of that module is used. Turn off the `mnd` (magic number detector) linter as I prefer to decide when magic numbers are appropriate or not, and not just cargo-cult the idea that there should be none.
When retrieving secrets that match the attributes we have, ignore any attributes that we would not have added ourselves. It is conceivable that another service or the user adds additional attributes to a secret for their own purposes. We only care about exactly matching the attributes we would have added ourselves, so do just that.
Tidy up the `SecretService.Store()` method to move the unlock logic to the top of the function. This keeps code together - code for unlocking and code for creating the item. Reverse the test for prompting at the end of the function so it is the same as the `Delete()` method - i.e. early return for the non-prompt case. Keep code that does the same thing looking the same.
Upgrade gh from 2.54.0 to 2.55.0. This adds the `--editor`/`-e` flag to `gh pr create` which is closer in user interface to `hub pull-request`. This does not matter for this repository, but because this repo does use `gh` for releases, I need to upgrade it for personal reasons as it gets used whenever I run `gh` in this repo. Gen-command: hermit upgrade gh
camh-
force-pushed
the
encrypted-sessions
branch
from
ce35151 to
88ac9d6
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When retrieving secrets that match the attributes we have, ignore any
attributes that we would not have added ourselves. It is conceivable
that another service or the user adds additional attributes to a secret
for their own purposes. We only care about exactly matching the
attributes we would have added ourselves, so do just that.
While we're here, tidy up the
SecretService.Store()method and upgradethe
ghcommand managed by hermit