Conversation
simp_le.py
Outdated
There was a problem hiding this comment.
Ok, apparently a ChainFile behaves likes its name, it does not store the key even though the FullChainFile implementation suggests otherwise. So this part is not needed.
This becomes different with a change such as #33, should it always set the permission to 0600 for security reasons? If the user requires weaker permissions, the file can be touched before creating (or chmod can be invoked afterwards).
|
World readable private key? ouch! |
|
Updated patchset against latest master, added a rough separate test case as AccountKey got removed. |
simp_le.py
Outdated
There was a problem hiding this comment.
Please use gen_pkey: I'd like all tests to be self-contained within one script (e.g. so that they can be run from binaries created with PyInstaller), so we would have to inline entire key, which doesn't look great. If at some point that becomes of an performance concern, we will think about it then.
BTW if we were to use testdata, we would use pkg_resources to load such.
There was a problem hiding this comment.
I've tried that, but that seems to require so many indirections (implementation details) that I decided to use this approach instead. I have a small preference to fixed files for reproducibility and faster key generation.
Also, the current IOPlugin.Data thing does not scale, what about setting defaults to None? Something like (out of my head):
IOPlugin.Data.__defaults__ = (None, ) * 4Then it should become something like key_data = IOPlugin.Data(key=gen_pkey(1024)) (+ some indirections, I could not get this to work).
|
There are 3 parties potentially involved with the typical usage scenario:
If we assume that those three parties are different users (say
Restricting key file to I would like those kind of cases to be clearly sorted out (and by that I mean short design doc, possibly included in the repo itself) before merging. |
|
AFAIK apache runs as root to bind to privilaged ports and/or read the private key, and then spawns other processes as a non-privilaged user (e.g. I don't know if other web servers work similarly. |
Ensure that key files are not world-readable. temp_umask is based on test.support.temp_umask. Fixes kuba#29
Remove the need to specify every component of Data. Note that after this change, the IOPlugin.persisted interface may return None as falsive value. Since there is no identity check (x is False), it is fine. Also remove account_key and key from FullChainFile, it is not stored by ChainFile.
It is pretty important for keyfiles to be kept secret. Add a test that will catch possible changes that violate this.
|
Comments have been addressed, the code has also been made simpler (both the test and IOPlugin.Data values). |
|
When I said "design doc" I expected discussion about alternative solutions, giving it's pros and cons. Since you picked one particular implementation, it's rather hard to discuss it. I'm not convinced that the solution presented in this PR is the best one. Notably, that official client has similar problems, and AFAIK there might not be perfect solution to the problem - but at least I would like to know how much we are limited by chosen solution. Please keep PRs in their original scope. This is not the right place to discuss |
|
For example, why not simply allow |
3 participants
Ensure that key files are not world-readable.
temp_umask is based on test.support.temp_umask.
Fixes #29
If older Python versions do not have to be supported, then the test code could become something like: