mirror of
https://github.com/uqbar-dao/nectar.git
synced 2025-01-05 08:17:11 +03:00
resigning all caps on boot, compiling
This commit is contained in:
Drew Tada
parent
904309cd59
commit
0d52b41194
@ -187,7 +187,6 @@ async fn handle_kernel_request(
|
|||||||
};
|
};
|
||||||
|
|
||||||
// check cap sigs & transform valid to unsigned to be plugged into procs
|
// check cap sigs & transform valid to unsigned to be plugged into procs
|
||||||
let pk = signature::UnparsedPublicKey::new(&signature::ED25519, keypair.public_key());
|
|
||||||
let parent_caps: &HashMap<t::Capability, Vec<u8>> =
|
let parent_caps: &HashMap<t::Capability, Vec<u8>> =
|
||||||
&process_map.get(&km.source.process).unwrap().capabilities;
|
&process_map.get(&km.source.process).unwrap().capabilities;
|
||||||
let mut valid_capabilities: HashMap<t::Capability, Vec<u8>> = HashMap::new();
|
let mut valid_capabilities: HashMap<t::Capability, Vec<u8>> = HashMap::new();
|
||||||
@ -200,7 +199,9 @@ async fn handle_kernel_request(
|
|||||||
for cap in initial_capabilities {
|
for cap in initial_capabilities {
|
||||||
match parent_caps.get(&cap) {
|
match parent_caps.get(&cap) {
|
||||||
// NOTE: verifying sigs here would be unnecessary
|
// NOTE: verifying sigs here would be unnecessary
|
||||||
Some(sig) => valid_capabilities.insert(cap, sig.to_vec()),
|
Some(sig) => {
|
||||||
|
valid_capabilities.insert(cap, sig.to_vec());
|
||||||
|
}
|
||||||
None => {
|
None => {
|
||||||
println!(
|
println!(
|
||||||
"kernel: InitializeProcess caller {} doesn't have capability\r",
|
"kernel: InitializeProcess caller {} doesn't have capability\r",
|
||||||
|
|||||||
16
src/state.rs
16
src/state.rs
@ -41,6 +41,22 @@ pub async fn load_state(
|
|||||||
match db.get(&kernel_id) {
|
match db.get(&kernel_id) {
|
||||||
Ok(Some(value)) => {
|
Ok(Some(value)) => {
|
||||||
process_map = bincode::deserialize::<ProcessMap>(&value).unwrap();
|
process_map = bincode::deserialize::<ProcessMap>(&value).unwrap();
|
||||||
|
// if our networking key changed, we need to re-sign all local caps
|
||||||
|
process_map.iter().map(|(_id, process)| {
|
||||||
|
process.capabilities.iter().map(|(cap, sig)| {
|
||||||
|
if cap.issuer.node == our_name {
|
||||||
|
(
|
||||||
|
cap.clone(),
|
||||||
|
keypair
|
||||||
|
.sign(&rmp_serde::to_vec(&cap).unwrap())
|
||||||
|
.as_ref()
|
||||||
|
.to_vec(),
|
||||||
|
)
|
||||||
|
} else {
|
||||||
|
(cap.clone(), sig.clone())
|
||||||
|
}
|
||||||
|
})
|
||||||
|
});
|
||||||
}
|
}
|
||||||
Ok(None) => {
|
Ok(None) => {
|
||||||
bootstrap(
|
bootstrap(
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user