pluralsh / plural-cli

cli for the plural platform
MIT License
27 stars 10 forks source link

Fix order in which fingerprints are evaluated #415

Closed michaeljguarino closed 1 year ago

michaeljguarino commented 1 year ago

Summary

this needs to be done on the key generated from the provider, not at the start

Test Plan

tbd

Checklist

zreigz commented 1 year ago

@michaeljguarino This solution also doesn't work. We still compare two different encryption keys. The SHA is generated from ~/.plural/key When we import some repo from another user the key is always different than ours. The validation was added to check if the current encryption key is different from the one that was used during repo init. The sharing scenario will always fail in this case. In my opinion, we should add a user email address to the .keyid file and validate the key when the emails are equal

zreigz commented 1 year ago

Also plural init can't decrypt the repo

michaeljguarino commented 1 year ago

This should extract the key from the crypto provider, in the case of sharing that will be the key decrypted from w/in .plural-crypt. Have you tested it to confirm it doesn't work? If not we probably just need to tweak some of the validation

michaeljguarino commented 1 year ago

@zreigz fixed the bug with latest commit

zreigz commented 1 year ago

@michaeljguarino I have fixed a few issues and tested it again. Adde e2e test for repo sharing passed. PTAL and we can merge it

michaeljguarino commented 1 year ago

@zreigz lgtm (can't approve though since it's my PR i think)