"GOT", but the "O" is a cute, smiling pufferfish. Index | Thread | Search

From:
Omar Polo <op@omarpolo.com>
Subject:
Re: initial gotd-secrets.conf implementation
To:
Stefan Sperling <stsp@stsp.name>
Cc:
gameoftrees@openbsd.org
Date:
Sun, 08 Sep 2024 10:14:15 +0200

Download raw body.

Thread
On 2024/09/07 22:11:53 +0200, Stefan Sperling <stsp@stsp.name> wrote:
> On Sat, Sep 07, 2024 at 05:01:42PM +0200, Omar Polo wrote:
> > This is a first implementation of the mechanism discusse in the 'RFC:
> > secrets for gotd' thread.  The overall idea is to move the
> > authentication data (username and password) for HTTP notifications in a
> > separate file, and the HMAC secret too.
> > 
> > This different file, gotd-secrets.conf, is meant to be root-owned,
> > unlike gotd.conf which has to be world-readable for gitwrapper to work.
> > 
> > What's still missing:
> > 
> >  - checking the permissions on the file
> >  - improving the documentation
> > 
> > We're also currently using the username as "key" in gotd.conf, which is
> > fine but slightly annoying since we might want to have multiple
> > notifications that are using the same username but different password.
> > This is something that I've overlooked in the RFC thread and only
> > realized while implementing it.
> 
> Indeed, which should adjust things to solve this problem.
> Ideally we'll nail this down before shipping another release, such
> that this problem only ever exists in development versions.

Yep, that's my plan as well.  I just thought in this case it would have
been better to improve in-tree.

For that there are two ways I guess:

 - using the second field for both data, as in `auth label flan:password` or
 - adding another field for the password, as in `auth label flan password`

The latter is probably cleaner.

> > Still, this is a starting point and we
> > can improve in tree I believe.
> 
> Yes, agreed. Ok by me.
> 
> I would prefer to avoid linking secrets.c into gitwrapper, but we
> can fix that later. This might require running a separate binary
> to parse the secrets file, or perhaps just moving some mfunctions
> to different .c files will be enough.

I have to pull in secrets.c in gitwrapper because I'm using
gotd_secrets_get() in parse.y that is also pulled in by gitwrapper.
I could add a dummy implementation of it in gitwrapper to satisfy lld,
or maybe add a secrets-dummy.c file with only that function in it.