Skip to content

foundation for 'trust' model #386

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 34 commits into from
Apr 17, 2022
Merged

foundation for 'trust' model #386

merged 34 commits into from
Apr 17, 2022

Conversation

Byron
Copy link
Member

@Byron Byron commented Apr 15, 2022
edited
Loading

See https://github.com/libgit2/libgit2/releases/tag/v1.4.3 and https://github.blog/2022-04-12-git-security-vulnerability-announced/

Tasks

Byron added 18 commits April 15, 2022 12:39
@Byron
An empty crate for git-sec (#386)
96a922c
@Byron
Release git-sec v0.0.0
07efb6f
@Byron
add frame for git-credentials crate (#386)
be7a9cf 
It will hold the current credentials helper implementation and might
contain more one day.

Primarily meant to interface with `git-sec` when needed, even though
currently it deals with git directly.
@Byron
Release git-credentials v0.0.0
7db45ab
@Byron
force re-installing from crates.io (#386)
670fb9b 
Otherwise we wouldn't know if the dependency resolution breaks.
@Byron
fill git-credentials with existing impleemntation (#386)
6016c22
@Byron
better package size display; add new crates to size-check (#386)
0dfbeea
@Byron
reduce API surface (#386)
6df2881
@Byron
feat: add Identity type (#386)
cdf3c3e
@Byron
feat: use git-sec::Identity type (#386)
3d339d5 
It's shared across crates.
@Byron
feat!: use git-credentials in git-protocol (#386)
32dc182
@Byron
fix installation test on windows (#386)
5cf8c27
@Byron
change!: remove Identity in favor of identity::Account module; ad…
37a607d 
…d `identity::UserId` (#386)

As the fewest consumers will be able to deal with multiple identities,
remove the enumeration approach in favor of individual type which deal
with one specific way of identifying a user.
@Byron
adapt to changes in git-sec (#386)
c5e2346
@Byron
feat: obtain identities from_path() or from_process() (#386)
f607797
@Byron
refactor (#386)
a58d2cf
@Byron
refactor so that the windows implementation can happen (#386)
7bbe44c 
For posterity, using the windows API is absolutely terrible and
I hope I don't have to do it again anytime soon.

More importantly, I hope that it works nonetheless.
@Byron
turn on fast windows testing of git-sec for now (#386)
d6c6ec6
Byron added a commit that referenced this pull request Apr 15, 2022
@Byron
see if this makes a difference on windows (#386)
0173b44
Byron added a commit that referenced this pull request Apr 15, 2022
@Byron
see if this makes a difference on windows (#386)
11be325
Byron added a commit that referenced this pull request Apr 15, 2022
@Byron
see if this makes a difference on windows (#386)
0e2f1df
Byron added a commit that referenced this pull request Apr 15, 2022
@Byron
see if this makes a difference on windows (#386)
467e146
Byron added a commit that referenced this pull request Apr 15, 2022
@Byron
see if this makes a difference on windows (#386)
0387efc
Byron added a commit that referenced this pull request Apr 15, 2022
@Byron
see if this makes a difference on windows (#386)
e91450b
Byron added a commit that referenced this pull request Apr 15, 2022
@Byron
see if this makes a difference on windows (#386)
ce6855c
Byron added a commit that referenced this pull request Apr 15, 2022
@Byron
see if this makes a difference on windows (#386)
872c941
Byron added a commit that referenced this pull request Apr 15, 2022
@Byron
see if this makes a difference on windows (#386)
1fdf39f
Byron added a commit that referenced this pull request Apr 15, 2022
@Byron
see if this makes a difference on windows (#386)
48f76cc
Byron added a commit that referenced this pull request Apr 16, 2022
@Byron
See if checking for membership instead works (#386)
ded5555 
Inspired by this suggestion.

microsoft/windows-rs#1697
Byron added 8 commits April 16, 2022 11:41
@Byron
refactor (#386)
9a3f0ba
@Byron
a sketch on how to deal with permissions for executables (#386)
c066069
@Byron
more details for path permissions (#386)
ca26659
@Byron
abstractions which should be powerful enough to handle our use-cases (#…
b0d06ca 
…386)
@Byron
refactor (#386)
0e74c71
@Byron
fully typed access control with tagged permissions (#386)
a43e25b 
Is it desirable have permissions tagged like this?
These would typically show up in options, and I have a feeling it makes
them more descriptive. That's all really.
@Byron
don't assume repos with work-trees are non-bare; make git-sec manadat…
9c4516d 
…ory (#386)

There is also the notion of a 'main' worktree, the one we usually
get when cloning non-bare. And we can currently instantiate a Repository
from a worktree that isn't the main one.
@Byron
A first PoC to show how the permissions model works in practice (#386)
67d5837 
Hence, when opening a repository permissions are already derived
from Trust, and next up is to figure out how to get there so that
open/discover can decide what to do while being configurable in full.
Byron added a commit that referenced this pull request Apr 17, 2022
@Byron
fix: Interpret PermissionDenied as reason to retry on lock acquisit…
73ecb40 
…ion failure. (#386)

Evidence from CI suggests that on windows 'AlreadyExists' isn't the
common error code. Instead, maybe due to racyness, it can also emit
PermissionDenied errors which we now handle specifically.
Byron added 6 commits April 17, 2022 17:19
@Byron
more expressive and fuiture-proof handling of git dir access controls (
b1d319b 
…#386)
@Byron
change!: path::discover::existing() -> path::discover() (#386)
2e39b0e
@Byron
refactor (#386)
b9e307b
@Byron
change!: integrate trust model into repository discovery (#386)
80e8fd4 
That way it's possible to ignore repositories which effectively
aren't owned by the current user, or to not ignore them (default)
but assign tigher permissions to the repository.
@Byron
change!: simplify Permission type radically `(#386)
f00f4a4
@Byron
Sketch Permissions for git-config (#386)
8443330 
It should be possible to control which configuration files are loaded
and contribute to the overall configuration. This goes along with
at some point allowing to obtain only values which are from trusted
configuration files, based on the trust specification passed when
loading the configuration.
@Byron Byron merged commit 2fe70f9 into main Apr 17, 2022
@Byron Byron deleted the git-sec branch April 18, 2022 02:40
Byron added a commit that referenced this pull request Apr 23, 2022
@Byron
Use strict ownership semantics on windows as well (#386)
84023cb 
Thanks microsoft/windows-rs#1697 (comment)
for figuring this out.
@EliahKagan EliahKagan mentioned this pull request Aug 29, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Byron