search

radicle-dev / radicle-link

The second iteration of the Radicle code collaboration protocol.
Other
423 stars 39 forks source link

rad-profile: the rad-profile CLI library #728

Closed FintanH closed 3 years ago

FintanH commented 3 years ago

Currently ssh_add is a stub since there is some reworking in thrussh required to get https://github.com/radicle-dev/radicle-keystore/pull/17 in.

FintanH commented 3 years ago

This is ready for some inspection :female_detective:

FintanH commented 3 years ago

oh lol, what do we do for Windows? :laughing: thrussh has no implementation for not(unix) :grimacing:

kim commented 3 years ago

thrussh has no implementation for not(unix)

Is this because std doesn't export UNIX domain sockets under windows? That's more a matter of policy it seems 0. Oh look, a yak!

FintanH commented 3 years ago

Is this because std doesn't export UNIX domain sockets under windows? That's more a matter of policy it seems [0]. Oh look, a yak!

Thanks for the pointer :) Well, this would mean that we'd have to also get tokio and smol to add the Windows support so that in turn it can be supported by thrussh.

image

kim commented 3 years ago

get tokio and smol to add the Windows support

Yeah right.

I think this is probably the point in time where we no longer pretend we could support Windows eventually (outside WSL, that is). Or else, someone steps up to become a maintainer for Windows-compat.

FintanH commented 3 years ago

I think this is probably the point in time where we no longer pretend we could support Windows eventually (outside WSL, that is). Or else, someone steps up to become a maintainer for Windows-compat.

I think we can at least punt on this for now with https://github.com/radicle-dev/radicle-link/pull/728/commits/a04a95407a54b0ea4a6120ecc8edf3433abe635a, but ya it doesn't seem feasible with all of us working on unix based machines as well.

The only other option I see is hiding all ssh-agent functionality behind a cfg(unix) and forcing windows users to use the prompt method of key access :upside_down_face:

FintanH commented 3 years ago

Cool beans! Are we concerned that there are no destructive actions at the moment, e.g. profile delete or ssh remove?

Very good point. Aside: it's funny ssh-add can also delete a key haha. But I don't see why we couldn't add destructive operations.

kim commented 3 years ago

it's funny ssh-add can also delete a key

From the agent, which is ephemeral storage. Think of it more as "unload key".

I believe it was mentioned in RFC #682 that secure long term storage of key material is still a concern.

FintanH commented 3 years ago

From the agent, which is ephemeral storage. Think of it more as "unload key".

Ya, good way of putting it. I was just musing about the name of add :)

I believe it was mentioned in RFC #682 that secure long term storage of key material is still a concern.

Long-term storage as well as rotation I would imagine