# # # patch "app_state.cc" # from [1a3683fee7f41a225552d935d94bb3e44129c543] # to [a61299308bb07a57c8b5678640ff940ee2db0d5a] # # patch "app_state.hh" # from [945451bb366a61c4c9d3c695f4f3e3a996673c8c] # to [bd36f6ee540b63ccef2ecee1cdd0353c7ad36e6e] # # patch "automate.cc" # from [85d52e0308c064e80a40999c66e10face06cc0d0] # to [0446feeafe34cea813cda4b135c3439f562d903e] # # patch "cmd_db.cc" # from [feeeb817918df5167cc2e6a25788c3f961614d24] # to [d10b58e1e26edc1c8794f4034ecd95c38a4e839b] # # patch "cmd_key_cert.cc" # from [042786ef1018496fd4dc12f5f6e296e0c0fde96c] # to [3f2e18f03e88934ae3ef032a2f5892ecb24ae201] # # patch "cmd_list.cc" # from [e2c6d588da292154964b9849c7c8574d795281c4] # to [2f535360b35d1e2851b6862286548bacc198bd5a] # # patch "cmd_merging.cc" # from [5575758d81e847aa35ce6a9c43ac7d7f838684c6] # to [9422eb65503503e2d252471de548a64ddfe6ba6f] # # patch "cmd_netsync.cc" # from [7afe336c53764f6ea89c64a115d48731844c7417] # to [1c92b50b791690633a9979dfdf5b9e552ee3bb09] # # patch "cmd_othervcs.cc" # from [7137bb422db592314adc8f4763f8cbc030e2087b] # to [805ca2c1f8f3ec3a05a2b5a9cfb50ca7cbb7fba5] # # patch "cmd_packet.cc" # from [34e89ffed5af38b68772de5dd856a11aa31233e7] # to [c11efd7185369ad0de570b5bf9039af982bdfebe] # # patch "cmd_ws_commit.cc" # from [83ca6a8803315b4b45be54f47f1b69d88fcfe695] # to [f702e00ec483e72dc1fcfe58dbf88e20a4f9f907] # # patch "key_store.cc" # from [122f910da775017a2d086805c4e460b68b1a2fb0] # to [e95db9dc389f17a4c3e57c50c0c5e7aad1799f07] # # patch "key_store.hh" # from [c23fc37613716cae27681652cd917359280c2a61] # to [2e71dfcb623cb876f908cd8c3c095aba2bccd393] # # patch "monotone.cc" # from [8289cbcfbca10f561afa6e06bf279f6b70e93599] # to [2c9baedc7ac7d288f62bfdfb1bb44d711c6ea943] # ============================================================ --- app_state.cc 1a3683fee7f41a225552d935d94bb3e44129c543 +++ app_state.cc a61299308bb07a57c8b5678640ff940ee2db0d5a @@ -29,7 +29,7 @@ app_state::app_state() using std::vector; app_state::app_state() - : lua(this), keys(*this), db(lua), work(lua), + : lua(this), db(lua), work(lua), branch_is_sticky(false), mtn_automate_allowed(false) {} @@ -75,9 +75,12 @@ app_state::process_options() && !database_option.as_internal().empty()) db.set_filename(database_option); - if (keys.get_key_dir().as_internal().empty() - && !keydir_option.as_internal().empty()) - keys.set_key_dir(keydir_option); + if (!opts.key_dir_given && !opts.conf_dir_given) + { + I(opts.key_dir.empty()); + if (!keydir_option.empty()) + opts.key_dir = keydir_option; + } if (opts.branchname().empty() && !branch_option().empty()) { @@ -100,7 +103,7 @@ app_state::write_options() system_path keydir_option; database_option = db.get_filename(); - keydir_option = keys.get_key_dir(); + keydir_option = opts.key_dir; if (branch_is_sticky) branch_option = opts.branchname; ============================================================ --- app_state.hh 945451bb366a61c4c9d3c695f4f3e3a996673c8c +++ app_state.hh bd36f6ee540b63ccef2ecee1cdd0353c7ad36e6e @@ -13,7 +13,6 @@ #include "paths.hh" #include "options.hh" #include "lua_hooks.hh" -#include "key_store.hh" #include "database.hh" #include "work.hh" @@ -28,7 +27,6 @@ public: public: options opts; lua_hooks lua; - key_store keys; database db; workspace work; ============================================================ --- automate.cc 85d52e0308c064e80a40999c66e10face06cc0d0 +++ automate.cc 0446feeafe34cea813cda4b135c3439f562d903e @@ -29,6 +29,7 @@ #include "constants.hh" #include "inodeprint.hh" #include "keys.hh" +#include "key_store.hh" #include "file_io.hh" #include "packet.hh" #include "restrictions.hh" @@ -1737,6 +1738,7 @@ CMD_AUTOMATE(genkey, N_("KEYID PASSPHRAS F("wrong argument count")); CMD_REQUIRES_DATABASE(app); + key_store keys(app); rsa_keypair_id ident; internalize_rsa_keypair_id(idx(args, 0), ident); @@ -1744,7 +1746,7 @@ CMD_AUTOMATE(genkey, N_("KEYID PASSPHRAS utf8 passphrase = idx(args, 1); hexenc pubhash, privhash; - app.keys.create_key_pair(app.db, ident, &passphrase, &pubhash, &privhash); + keys.create_key_pair(app.db, ident, &passphrase, &pubhash, &privhash); basic_io::printer prt; basic_io::stanza stz; @@ -2067,14 +2069,15 @@ CMD_AUTOMATE(cert, N_("REVISION-ID NAME F("wrong argument count")); CMD_REQUIRES_DATABASE(app); - revision_id rid(idx(args, 0)()); + key_store keys(app); + revision_id rid(idx(args, 0)()); N(db.revision_exists(rid), F("no such revision '%s'") % rid); - cache_user_key(app.opts, app.lua, app.keys, app.db); + cache_user_key(app.opts, app.lua, keys, db); put_simple_revision_cert(rid, cert_name(idx(args, 1)()), - cert_value(idx(args, 2)()), db, app.keys); + cert_value(idx(args, 2)()), db, keys); } // Name: get_db_variables ============================================================ --- cmd_db.cc feeeb817918df5167cc2e6a25788c3f961614d24 +++ cmd_db.cc d10b58e1e26edc1c8794f4034ecd95c38a4e839b @@ -18,6 +18,7 @@ #include "app_state.hh" #include "project.hh" #include "keys.hh" +#include "key_store.hh" using std::cin; using std::cout; @@ -96,10 +97,12 @@ CMD(db_migrate, "migrate", "", CMD_REF(d "introduced in newer versions of monotone."), options::opts::none) { + key_store keys(app); + N(args.size() == 0, F("no arguments needed")); - app.db.migrate(app.keys); + app.db.migrate(keys); } CMD(db_execute, "execute", "", CMD_REF(db), "", @@ -221,6 +224,8 @@ CMD(db_changesetify, "changesetify", "", "", options::opts::none) { + key_store keys(app); + N(args.size() == 0, F("no arguments needed")); @@ -228,9 +233,9 @@ CMD(db_changesetify, "changesetify", "", app.db.check_is_not_rosterified(); // early short-circuit to avoid failure after lots of work - cache_user_key(app.opts, app.lua, app.keys, app.db); + cache_user_key(app.opts, app.lua, keys, app.db); - build_changesets_from_manifest_ancestry(app.db, app.keys, set()); + build_changesets_from_manifest_ancestry(app.db, keys, set()); } CMD(db_rosterify, "rosterify", "", CMD_REF(db), "", @@ -238,6 +243,8 @@ CMD(db_rosterify, "rosterify", "", CMD_R "", options::opts::drop_attr) { + key_store keys(app); + N(args.size() == 0, F("no arguments needed")); @@ -245,9 +252,9 @@ CMD(db_rosterify, "rosterify", "", CMD_R app.db.check_is_not_rosterified(); // early short-circuit to avoid failure after lots of work - cache_user_key(app.opts, app.lua, app.keys, app.db); + cache_user_key(app.opts, app.lua, keys, app.db); - build_roster_style_revs_from_manifest_style_revs(app.db, app.keys, + build_roster_style_revs_from_manifest_style_revs(app.db, keys, app.opts.attrs_to_drop); } @@ -384,9 +391,11 @@ CMD_HIDDEN(test_migration_step, "test_mi "schema in SCHEMA to its successor."), options::opts::none) { + key_store keys(app); + if (args.size() != 1) throw usage(execid); - app.db.test_migration_step(idx(args,0)(), app.keys); + app.db.test_migration_step(idx(args,0)(), keys); } CMD_HIDDEN(rev_height, "rev_height", "", CMD_REF(informative), N_("REV"), ============================================================ --- cmd_key_cert.cc 042786ef1018496fd4dc12f5f6e296e0c0fde96c +++ cmd_key_cert.cc 3f2e18f03e88934ae3ef032a2f5892ecb24ae201 @@ -18,6 +18,7 @@ #include "app_state.hh" #include "project.hh" #include "keys.hh" +#include "key_store.hh" using std::cout; using std::ostream_iterator; @@ -31,13 +32,15 @@ CMD(genkey, "genkey", "", CMD_REF(key_an "", options::opts::none) { + key_store keys(app); + if (args.size() != 1) throw usage(execid); rsa_keypair_id ident; internalize_rsa_keypair_id(idx(args, 0), ident); - app.keys.create_key_pair(app.db, ident); + keys.create_key_pair(app.db, ident); } CMD(dropkey, "dropkey", "", CMD_REF(key_and_cert), N_("KEYID"), @@ -45,13 +48,14 @@ CMD(dropkey, "dropkey", "", CMD_REF(key_ "", options::opts::none) { + key_store keys(app); bool key_deleted = false; + bool checked_db = false; if (args.size() != 1) throw usage(execid); rsa_keypair_id ident(idx(args, 0)()); - bool checked_db = false; if (app.db.database_specified()) { transaction_guard guard(app.db); @@ -65,10 +69,10 @@ CMD(dropkey, "dropkey", "", CMD_REF(key_ checked_db = true; } - if (app.keys.key_pair_exists(ident)) + if (keys.key_pair_exists(ident)) { P(F("dropping key pair '%s' from keystore") % ident); - app.keys.delete_key(ident); + keys.delete_key(ident); key_deleted = true; } @@ -87,13 +91,15 @@ CMD(passphrase, "passphrase", "", CMD_RE "", options::opts::none) { + key_store keys(app); + if (args.size() != 1) throw usage(execid); rsa_keypair_id ident; internalize_rsa_keypair_id(idx(args, 0), ident); - app.keys.change_key_passphrase(ident); + keys.change_key_passphrase(ident); P(F("passphrase changed")); } @@ -103,19 +109,21 @@ CMD(ssh_agent_export, "ssh_agent_export" "", options::opts::none) { + key_store keys(app); + if (args.size() > 1) throw usage(execid); rsa_keypair_id id; - get_user_key(id, app.opts, app.lua, app.keys, app.db); + get_user_key(id, app.opts, app.lua, keys, app.db); if (args.size() == 0) - app.keys.export_key_for_agent(id, cout); + keys.export_key_for_agent(id, cout); else { string external_path = system_path(idx(args, 0)).as_external(); ofstream fout(external_path.c_str(), ofstream::out); - app.keys.export_key_for_agent(id, fout); + keys.export_key_for_agent(id, fout); } } @@ -124,12 +132,14 @@ CMD(ssh_agent_add, "ssh_agent_add", "", "", options::opts::none) { + key_store keys(app); + if (args.size() > 1) throw usage(execid); rsa_keypair_id id; - get_user_key(id, app.opts, app.lua, app.keys, app.db); - app.keys.add_key_to_agent(id); + get_user_key(id, app.opts, app.lua, keys, app.db); + keys.add_key_to_agent(id); } CMD(cert, "cert", "", CMD_REF(key_and_cert), @@ -138,10 +148,12 @@ CMD(cert, "cert", "", CMD_REF(key_and_ce "", options::opts::none) { + key_store keys(app); + project_t project(app.db); + if ((args.size() != 3) && (args.size() != 2)) throw usage(execid); - project_t project(app.db); transaction_guard guard(app.db); revision_id rid; @@ -150,7 +162,7 @@ CMD(cert, "cert", "", CMD_REF(key_and_ce cert_name cname; internalize_cert_name(idx(args, 1), cname); - cache_user_key(app.opts, app.lua, app.keys, app.db); + cache_user_key(app.opts, app.lua, keys, app.db); cert_value val; if (args.size() == 3) @@ -162,7 +174,7 @@ CMD(cert, "cert", "", CMD_REF(key_and_ce val = cert_value(dat()); } - project.put_cert(app.keys, rid, cname, val); + project.put_cert(keys, rid, cname, val); guard.commit(); } @@ -172,11 +184,11 @@ CMD(trusted, "trusted", "", CMD_REF(key_ N_("The current settings are used to run the test."), options::opts::none) { + project_t project(app.db); + if (args.size() < 4) throw usage(execid); - project_t project(app.db); - set rids; expand_selector(app, project, idx(args, 0)(), rids); diagnose_ambiguous_expansion(project, idx(args, 0)(), rids); @@ -225,15 +237,17 @@ CMD(tag, "tag", "", CMD_REF(review), N_( "", options::opts::none) { + key_store keys(app); + project_t project(app.db); + if (args.size() != 2) throw usage(execid); - project_t project(app.db); revision_id r; complete(app, project, idx(args, 0)(), r); - cache_user_key(app.opts, app.lua, app.keys, app.db); - project.put_tag(app.keys, r, idx(args, 1)()); + cache_user_key(app.opts, app.lua, keys, app.db); + project.put_tag(keys, r, idx(args, 1)()); } @@ -243,15 +257,17 @@ CMD(testresult, "testresult", "", CMD_RE "", options::opts::none) { + key_store keys(app); + project_t project(app.db); + if (args.size() != 2) throw usage(execid); - project_t project(app.db); revision_id r; complete(app, project, idx(args, 0)(), r); - cache_user_key(app.opts, app.lua, app.keys, app.db); - cert_revision_testresult(r, idx(args, 1)(), app.db, app.keys); + cache_user_key(app.opts, app.lua, keys, app.db); + cert_revision_testresult(r, idx(args, 1)(), app.db, keys); } @@ -260,17 +276,19 @@ CMD(approve, "approve", "", CMD_REF(revi "", options::opts::branch) { + key_store keys(app); + project_t project(app.db); + if (args.size() != 1) throw usage(execid); - project_t project(app.db); revision_id r; complete(app, project, idx(args, 0)(), r); guess_branch(r, app.opts, project); N(app.opts.branchname() != "", F("need --branch argument for approval")); - cache_user_key(app.opts, app.lua, app.keys, app.db); - project.put_revision_in_branch(app.keys, r, app.opts.branchname); + cache_user_key(app.opts, app.lua, keys, app.db); + project.put_revision_in_branch(keys, r, app.opts.branchname); } CMD(suspend, "suspend", "", CMD_REF(review), N_("REVISION"), @@ -278,17 +296,19 @@ CMD(suspend, "suspend", "", CMD_REF(revi "", options::opts::branch) { + key_store keys(app); + project_t project(app.db); + if (args.size() != 1) throw usage(execid); - project_t project(app.db); revision_id r; complete(app, project, idx(args, 0)(), r); guess_branch(r, app.opts, project); N(app.opts.branchname() != "", F("need --branch argument to suspend")); - cache_user_key(app.opts, app.lua, app.keys, app.db); - project.suspend_revision_in_branch(app.keys, r, app.opts.branchname); + cache_user_key(app.opts, app.lua, keys, app.db); + project.suspend_revision_in_branch(keys, r, app.opts.branchname); } CMD(comment, "comment", "", CMD_REF(review), N_("REVISION [COMMENT]"), @@ -296,7 +316,9 @@ CMD(comment, "comment", "", CMD_REF(revi "", options::opts::none) { + key_store keys(app); project_t project(app.db); + if (args.size() != 1 && args.size() != 2) throw usage(execid); @@ -317,8 +339,8 @@ CMD(comment, "comment", "", CMD_REF(revi revision_id r; complete(app, project, idx(args, 0)(), r); - cache_user_key(app.opts, app.lua, app.keys, app.db); - cert_revision_comment(r, comment, app.db, app.keys); + cache_user_key(app.opts, app.lua, keys, app.db); + cert_revision_comment(r, comment, app.db, keys); } // Local Variables: ============================================================ --- cmd_list.cc e2c6d588da292154964b9849c7c8574d795281c4 +++ cmd_list.cc 2f535360b35d1e2851b6862286548bacc198bd5a @@ -23,6 +23,7 @@ #include "database.hh" #include "globish.hh" #include "keys.hh" +#include "key_store.hh" #include "restrictions.hh" #include "revision.hh" #include "simplestring_xform.hh" @@ -157,6 +158,8 @@ CMD(keys, "keys", "", CMD_REF(list), "[P "", options::opts::depth | options::opts::exclude) { + key_store keys(app); + vector pubs; vector privkeys; globish pattern("*"); @@ -166,13 +169,10 @@ CMD(keys, "keys", "", CMD_REF(list), "[P throw usage(execid); if (app.db.database_specified()) - { - transaction_guard guard(app.db, false); - app.db.get_key_ids(pattern, pubs); - guard.commit(); - } - app.keys.get_key_ids(pattern, privkeys); + app.db.get_key_ids(pattern, pubs); + keys.get_key_ids(pattern, privkeys); + // true if it is in the database, false otherwise map pubkeys; for (vector::const_iterator i = pubs.begin(); @@ -196,7 +196,7 @@ CMD(keys, "keys", "", CMD_REF(list), "[P base64 pub_key; keypair priv_key; app.db.get_key(*i, pub_key); - app.keys.get_key_pair(*i, priv_key); + keys.get_key_pair(*i, priv_key); if (!keys_match(*i, pub_key, *i, priv_key.pub)) bad_keys.insert(*i); } @@ -218,7 +218,7 @@ CMD(keys, "keys", "", CMD_REF(list), "[P else { keypair kp; - app.keys.get_key_pair(keyid, kp); + keys.get_key_pair(keyid, kp); pub_encoded = kp.pub; } key_hash_code(keyid, pub_encoded, hash_code); @@ -229,7 +229,7 @@ CMD(keys, "keys", "", CMD_REF(list), "[P } if (!all_in_db) cout << (F("(*) - only in %s/") - % app.keys.get_key_dir()) << '\n'; + % keys.get_key_dir()) << '\n'; cout << '\n'; } @@ -241,7 +241,7 @@ CMD(keys, "keys", "", CMD_REF(list), "[P { keypair kp; hexenc hash_code; - app.keys.get_key_pair(*i, kp); + keys.get_key_pair(*i, kp); key_hash_code(*i, kp.priv, hash_code); cout << hash_code << ' ' << *i << '\n'; } @@ -574,6 +574,7 @@ CMD_AUTOMATE(keys, "", F("no arguments needed")); CMD_REQUIRES_DATABASE(app); + key_store keys(app); vector dbkeys; vector kskeys; @@ -582,12 +583,8 @@ CMD_AUTOMATE(keys, "", vector, vector > > items; if (db.database_specified()) - { - transaction_guard guard(db, false); - db.get_key_ids(dbkeys); - guard.commit(); - } - key_store & keys = app.keys; + db.get_key_ids(dbkeys); + keys.get_key_ids(kskeys); for (vector::iterator i = dbkeys.begin(); ============================================================ --- cmd_merging.cc 5575758d81e847aa35ce6a9c43ac7d7f838684c6 +++ cmd_merging.cc 9422eb65503503e2d252471de548a64ddfe6ba6f @@ -27,6 +27,7 @@ #include "project.hh" #include "simplestring_xform.hh" #include "keys.hh" +#include "key_store.hh" using std::cout; using std::make_pair; @@ -376,6 +377,9 @@ CMD(merge, "merge", "", CMD_REF(tree), " "", options::opts::branch | options::opts::date | options::opts::author) { + key_store keys(app); + project_t project(app.db); + typedef std::pair revpair; typedef set::const_iterator rid_set_iter; @@ -385,7 +389,6 @@ CMD(merge, "merge", "", CMD_REF(tree), " N(app.opts.branchname() != "", F("please specify a branch, with --branch=BRANCH")); - project_t project(app.db); set heads; project.get_branch_heads(app.opts.branchname, heads, app.opts.ignore_suspend_certs); @@ -401,7 +404,7 @@ CMD(merge, "merge", "", CMD_REF(tree), " % heads.size() % app.opts.branchname); // avoid failure after lots of work - cache_user_key(app.opts, app.lua, app.keys, app.db); + cache_user_key(app.opts, app.lua, keys, app.db); map heads_for_ancestor; set ancestors; @@ -457,7 +460,7 @@ CMD(merge, "merge", "", CMD_REF(tree), " merge_two(p.first, p.second, app.opts.branchname, string("merge"), std::cout, false, - project, app.opts, app.lua, app.keys); + project, app.opts, app.lua, keys); ancestors.clear(); heads_for_ancestor.clear(); @@ -477,7 +480,7 @@ CMD(merge, "merge", "", CMD_REF(tree), " I(i == heads.end()); merge_two(left, right, app.opts.branchname, string("merge"), - std::cout, false, project, app.opts, app.lua, app.keys); + std::cout, false, project, app.opts, app.lua, keys); P(F("note: your workspaces have not been updated")); } @@ -494,39 +497,39 @@ CMD(propagate, "propagate", "", CMD_REF( process(app, make_command_id("tree merge_into_dir"), a); } +// This is a special merge operator, but very useful for people +// maintaining "slightly disparate but related" trees. It does a one-way +// merge; less powerful than putting things in the same branch and also +// more flexible. +// +// 1. Check to see if src and dst branches are merged, if not abort, if so +// call heads N1 and N2 respectively. +// +// 2. (FIXME: not yet present) Run the hook propagate ("src-branch", +// "dst-branch", N1, N2) which gives the user a chance to massage N1 into +// a state which is likely to "merge nicely" with N2, eg. edit pathnames, +// omit optional files of no interest. +// +// 3. Do a normal 2 or 3-way merge on N1 and N2, depending on the +// existence of common ancestors. +// +// 4. Save the results as the delta (N2,M), the ancestry edges (N1,M) +// and (N2,M), and the cert (N2,dst). +// +// There are also special cases we have to check for where no merge is +// actually necessary, because there hasn't been any divergence since the +// last time propagate was run. +// +// If dir is not the empty string, rename the root of N1 to have the name +// 'dir' in the merged tree. (ie, it has name "basename(dir)", and its +// parent node is "N2.get_node(dirname(dir))") CMD(merge_into_dir, "merge_into_dir", "", CMD_REF(tree), N_("SOURCE-BRANCH DEST-BRANCH DIR"), N_("Merges one branch into a subdirectory in another branch"), "", options::opts::date | options::opts::author | options::opts::message | options::opts::msgfile) { - // This is a special merge operator, but very useful for people - // maintaining "slightly disparate but related" trees. It does a one-way - // merge; less powerful than putting things in the same branch and also - // more flexible. - // - // 1. Check to see if src and dst branches are merged, if not abort, if so - // call heads N1 and N2 respectively. - // - // 2. (FIXME: not yet present) Run the hook propagate ("src-branch", - // "dst-branch", N1, N2) which gives the user a chance to massage N1 into - // a state which is likely to "merge nicely" with N2, eg. edit pathnames, - // omit optional files of no interest. - // - // 3. Do a normal 2 or 3-way merge on N1 and N2, depending on the - // existence of common ancestors. - // - // 4. Save the results as the delta (N2,M), the ancestry edges (N1,M) - // and (N2,M), and the cert (N2,dst). - // - // There are also special cases we have to check for where no merge is - // actually necessary, because there hasn't been any divergence since the - // last time propagate was run. - // - // If dir is not the empty string, rename the root of N1 to have the name - // 'dir' in the merged tree. (ie, it has name "basename(dir)", and its - // parent node is "N2.get_node(dirname(dir))") - + key_store keys(app); project_t project(app.db); set src_heads, dst_heads; @@ -555,7 +558,7 @@ CMD(merge_into_dir, "merge_into_dir", "" return; } - cache_user_key(app.opts, app.lua, app.keys, app.db); + cache_user_key(app.opts, app.lua, keys, app.db); P(F("propagating %s -> %s") % idx(args,0) % idx(args,1)); P(F("[left] %s") % *src_i); @@ -567,7 +570,7 @@ CMD(merge_into_dir, "merge_into_dir", "" P(F("no merge necessary; putting %s in branch '%s'") % (*src_i) % idx(args, 1)()); transaction_guard guard(app.db); - project.put_revision_in_branch(app.keys, *src_i, + project.put_revision_in_branch(keys, *src_i, branch_name(idx(args, 1)())); guard.commit(); } @@ -650,7 +653,7 @@ CMD(merge_into_dir, "merge_into_dir", "" % idx(args, 1) % (*dst_i)).str()); project.put_standard_certs_from_options(app.opts, app.lua, - app.keys, + keys, merged, branch_name(idx(args, 1)()), log_message); @@ -774,9 +777,10 @@ CMD(explicit_merge, "explicit_merge", "" "DEST-BRANCH."), options::opts::date | options::opts::author) { + key_store keys(app); + project_t project(app.db); revision_id left, right; branch_name branch; - project_t project(app.db); if (args.size() != 3) throw usage(execid); @@ -793,9 +797,9 @@ CMD(explicit_merge, "explicit_merge", "" F("%s is already an ancestor of %s") % right % left); // avoid failure after lots of work - cache_user_key(app.opts, app.lua, app.keys, app.db); + cache_user_key(app.opts, app.lua, keys, app.db); merge_two(left, right, branch, string("explicit merge"), - std::cout, false, project, app.opts, app.lua, app.keys); + std::cout, false, project, app.opts, app.lua, keys); } CMD(show_conflicts, "show_conflicts", "", CMD_REF(informative), N_("REV REV"), ============================================================ --- cmd_netsync.cc 7afe336c53764f6ea89c64a115d48731844c7417 +++ cmd_netsync.cc 1c92b50b791690633a9979dfdf5b9e552ee3bb09 @@ -5,6 +5,7 @@ #include "netcmd.hh" #include "globish.hh" #include "keys.hh" +#include "key_store.hh" #include "cert.hh" #include "revision.hh" #include "ui.hh" @@ -37,23 +38,23 @@ extract_address(args_vector const & args static void extract_address(args_vector const & args, utf8 & addr, - app_state & app) + options & opts, database & db) { if (args.size() >= 1) { addr = idx(args, 0); - if (!app.db.var_exists(default_server_key) || app.opts.set_default) + if (!db.var_exists(default_server_key) || opts.set_default) { P(F("setting default server to %s") % addr()); - app.db.set_var(default_server_key, var_value(addr())); + db.set_var(default_server_key, var_value(addr())); } } else { - N(app.db.var_exists(default_server_key), + N(db.var_exists(default_server_key), F("no server given and no default server set")); var_value addr_value; - app.db.get_var(default_server_key, addr_value); + db.get_var(default_server_key, addr_value); addr = utf8(addr_value()); L(FL("using default server address: %s") % addr()); } @@ -63,10 +64,13 @@ find_key(utf8 const & addr, find_key(utf8 const & addr, globish const & include, globish const & exclude, - app_state & app, + options & opts, + lua_hooks & lua, + key_store & keys, + database & db, bool needed = true) { - if (app.opts.signing_key() != "") + if (!opts.signing_key().empty()) return; rsa_keypair_id key; @@ -78,62 +82,65 @@ find_key(utf8 const & addr, host = utf8(u.host); if (needed && (key().empty() - || !app.lua.hook_get_netsync_key(host, include, exclude, key))) - get_user_key(key, app.opts, app.lua, app.keys, app.db); + || !lua.hook_get_netsync_key(host, include, exclude, key))) + get_user_key(key, opts, lua, keys, db); - app.opts.signing_key = key; + opts.signing_key = key; } static void find_key_if_needed(utf8 const & addr, globish const & include, globish const & exclude, - app_state & app, + options & opts, + lua_hooks & lua, + key_store & keys, + database & db, bool needed = true) { uri u; parse_uri(addr(), u); - if (app.lua.hook_use_transport_auth(u)) - find_key(addr, include, exclude, app, needed); + if (lua.hook_use_transport_auth(u)) + find_key(addr, include, exclude, opts, lua, keys, db, needed); } static void extract_patterns(args_vector const & args, globish & include_pattern, globish & exclude_pattern, - app_state & app) + options & opts, database & db) { - if (args.size() >= 2 || app.opts.exclude_given) + if (args.size() >= 2 || opts.exclude_given) { E(args.size() >= 2, F("no branch pattern given")); include_pattern = globish(args.begin() + 1, args.end()); - exclude_pattern = globish(app.opts.exclude_patterns); + exclude_pattern = globish(opts.exclude_patterns); - if (!app.db.var_exists(default_include_pattern_key) - || app.opts.set_default) + if (!db.var_exists(default_include_pattern_key) + || opts.set_default) { P(F("setting default branch include pattern to '%s'") % include_pattern); - app.db.set_var(default_include_pattern_key, var_value(include_pattern())); + db.set_var(default_include_pattern_key, var_value(include_pattern())); } - if (!app.db.var_exists(default_exclude_pattern_key) - || app.opts.set_default) + if (!db.var_exists(default_exclude_pattern_key) + || opts.set_default) { P(F("setting default branch exclude pattern to '%s'") % exclude_pattern); - app.db.set_var(default_exclude_pattern_key, var_value(exclude_pattern())); + db.set_var(default_exclude_pattern_key, var_value(exclude_pattern())); } } else { - N(app.db.var_exists(default_include_pattern_key), + N(db.var_exists(default_include_pattern_key), F("no branch pattern given and no default pattern set")); var_value pattern_value; - app.db.get_var(default_include_pattern_key, pattern_value); + db.get_var(default_include_pattern_key, pattern_value); include_pattern = globish(pattern_value()); L(FL("using default branch include pattern: '%s'") % include_pattern); - if (app.db.var_exists(default_exclude_pattern_key)) + if (db.var_exists(default_exclude_pattern_key)) { - app.db.get_var(default_exclude_pattern_key, pattern_value); + db.get_var(default_exclude_pattern_key, pattern_value); exclude_pattern = globish(pattern_value()); } else @@ -150,19 +157,22 @@ CMD(push, "push", "", CMD_REF(network), options::opts::set_default | options::opts::exclude | options::opts::key_to_push) { + key_store keys(app); + project_t project(app.db); + utf8 addr; globish include_pattern, exclude_pattern; - extract_address(args, addr, app); - extract_patterns(args, include_pattern, exclude_pattern, app); - find_key_if_needed(addr, include_pattern, exclude_pattern, app); + extract_address(args, addr, app.opts, app.db); + extract_patterns(args, include_pattern, exclude_pattern, app.opts, app.db); + find_key_if_needed(addr, include_pattern, exclude_pattern, + app.opts, app.lua, keys, app.db); std::list uris; uris.push_back(addr); - project_t project(app.db); run_netsync_protocol(client_voice, source_role, uris, include_pattern, exclude_pattern, - project, app.keys, app.lua, app.opts); + project, keys, app.lua, app.opts); } CMD(pull, "pull", "", CMD_REF(network), @@ -172,11 +182,15 @@ CMD(pull, "pull", "", CMD_REF(network), "from the netsync server at the address ADDRESS."), options::opts::set_default | options::opts::exclude) { + key_store keys(app); + project_t project(app.db); + utf8 addr; globish include_pattern, exclude_pattern; - extract_address(args, addr, app); - extract_patterns(args, include_pattern, exclude_pattern, app); - find_key_if_needed(addr, include_pattern, exclude_pattern, app, false); + extract_address(args, addr, app.opts, app.db); + extract_patterns(args, include_pattern, exclude_pattern, app.opts, app.db); + find_key_if_needed(addr, include_pattern, exclude_pattern, + app.opts, app.lua, keys, app.db, false); if (app.opts.signing_key() == "") P(F("doing anonymous pull; use -kKEYNAME if you need authentication")); @@ -184,10 +198,9 @@ CMD(pull, "pull", "", CMD_REF(network), std::list uris; uris.push_back(addr); - project_t project(app.db); run_netsync_protocol(client_voice, sink_role, uris, include_pattern, exclude_pattern, - project, app.keys, app.lua, app.opts); + project, keys, app.lua, app.opts); } CMD(sync, "sync", "", CMD_REF(network), @@ -198,19 +211,22 @@ CMD(sync, "sync", "", CMD_REF(network), options::opts::set_default | options::opts::exclude | options::opts::key_to_push) { + key_store keys(app); + project_t project(app.db); + utf8 addr; globish include_pattern, exclude_pattern; - extract_address(args, addr, app); - extract_patterns(args, include_pattern, exclude_pattern, app); - find_key_if_needed(addr, include_pattern, exclude_pattern, app); + extract_address(args, addr, app.opts, app.db); + extract_patterns(args, include_pattern, exclude_pattern, app.opts, app.db); + find_key_if_needed(addr, include_pattern, exclude_pattern, + app.opts, app.lua, keys, app.db, false); std::list uris; uris.push_back(addr); - project_t project(app.db); run_netsync_protocol(client_voice, source_and_sink_role, uris, include_pattern, exclude_pattern, - project, app.keys, app.lua, app.opts); + project, keys, app.lua, app.opts); } class dir_cleanup_helper @@ -296,11 +312,13 @@ CMD(clone, "clone", "", CMD_REF(network) app.db.set_var(default_server_key, var_value(addr())); } + key_store keys(app); + project_t project(app.db); globish include_pattern(app.opts.branchname()); globish exclude_pattern(app.opts.exclude_patterns); find_key_if_needed(addr, include_pattern, exclude_pattern, - app, false); + app.opts, app.lua, keys, app.db, false); if (app.opts.signing_key() == "") P(F("doing anonymous pull; use -kKEYNAME if you need authentication")); @@ -328,10 +346,9 @@ CMD(clone, "clone", "", CMD_REF(network) std::list uris; uris.push_back(addr); - project_t project(app.db); run_netsync_protocol(client_voice, sink_role, uris, include_pattern, exclude_pattern, - project, app.keys, app.lua, app.opts); + project, keys, app.lua, app.opts); change_current_working_dir(workspace_dir); @@ -435,6 +452,8 @@ CMD_NO_WORKSPACE(serve, "serve", "", CMD if (!args.empty()) throw usage(execid); + key_store keys(app); + project_t project(app.db); pid_file pid(app.opts.pidfile); app.db.ensure_open(); @@ -446,18 +465,19 @@ CMD_NO_WORKSPACE(serve, "serve", "", CMD "(see hook persist_phrase_ok())")); if (!app.opts.bind_uris.empty()) - find_key(*app.opts.bind_uris.begin(), globish("*"), globish(""), app); + find_key(*app.opts.bind_uris.begin(), globish("*"), globish(""), + app.opts, app.lua, keys, app.db); else - find_key(utf8(), globish("*"), globish(""), app); + find_key(utf8(), globish("*"), globish(""), + app.opts, app.lua, keys, app.db); } else if (!app.opts.bind_stdio) W(F("The --no-transport-auth option is usually only used " "in combination with --stdio")); - project_t project(app.db); run_netsync_protocol(server_voice, source_and_sink_role, app.opts.bind_uris, globish("*"), globish(""), - project, app.keys, app.lua, app.opts); + project, keys, app.lua, app.opts); } // Local Variables: ============================================================ --- cmd_othervcs.cc 7137bb422db592314adc8f4763f8cbc030e2087b +++ cmd_othervcs.cc 805ca2c1f8f3ec3a05a2b5a9cfb50ca7cbb7fba5 @@ -13,6 +13,7 @@ #include "project.hh" #include "rcs_import.hh" #include "keys.hh" +#include "key_store.hh" using std::vector; @@ -38,6 +39,9 @@ CMD(cvs_import, "cvs_import", "", CMD_RE "", options::opts::branch) { + key_store keys(app); + project_t project(app.db); + if (args.size() != 1) throw usage(execid); @@ -49,14 +53,12 @@ CMD(cvs_import, "cvs_import", "", CMD_RE F("path %s does not exist") % cvsroot, F("'%s' is not a directory") % cvsroot); - project_t project(app.db); - // make sure we can sign certs using the selected key; also requests // the password (if necessary) up front rather than after some arbitrary // amount of work - cache_user_key(app.opts, app.lua, app.keys, app.db); + cache_user_key(app.opts, app.lua, keys, app.db); - import_cvs_repo(cvsroot, app.keys, project, app.opts.branchname); + import_cvs_repo(cvsroot, keys, project, app.opts.branchname); } ============================================================ --- cmd_packet.cc 34e89ffed5af38b68772de5dd856a11aa31233e7 +++ cmd_packet.cc c11efd7185369ad0de570b5bf9039af982bdfebe @@ -13,6 +13,7 @@ #include "cmd.hh" #include "app_state.hh" +#include "key_store.hh" #include "packet.hh" using std::cin; @@ -25,6 +26,8 @@ CMD(pubkey, "pubkey", "", CMD_REF(packet "", options::opts::none) { + key_store keys(app); + if (args.size() != 1) throw usage(execid); @@ -36,10 +39,10 @@ CMD(pubkey, "pubkey", "", CMD_REF(packet app.db.get_key(ident, key); exists = true; } - if (app.keys.key_pair_exists(ident)) + if (keys.key_pair_exists(ident)) { keypair kp; - app.keys.get_key_pair(ident, kp); + keys.get_key_pair(ident, kp); key = kp.pub; exists = true; } @@ -55,17 +58,19 @@ CMD(privkey, "privkey", "", CMD_REF(pack "", options::opts::none) { + key_store keys(app); + if (args.size() != 1) throw usage(execid); rsa_keypair_id ident(idx(args, 0)()); - N(app.keys.key_pair_exists(ident), + N(keys.key_pair_exists(ident), F("public and private key '%s' do not exist in keystore") % idx(args, 0)()); packet_writer pw(cout); keypair kp; - app.keys.get_key_pair(ident, kp); + keys.get_key_pair(ident, kp); pw.consume_key_pair(ident, kp); } @@ -76,15 +81,19 @@ namespace struct packet_db_writer : public packet_consumer { - app_state & app; + database & db; + key_store & keys; + public: - packet_db_writer(app_state & app) : app(app) {} + packet_db_writer(database & db, key_store & keys) + : db(db), keys(keys) + {} virtual ~packet_db_writer() {} virtual void consume_file_data(file_id const & ident, file_data const & dat) { - transaction_guard guard(app.db); - app.db.put_file(ident, dat); + transaction_guard guard(db); + db.put_file(ident, dat); guard.commit(); } @@ -92,45 +101,45 @@ namespace file_id const & new_id, file_delta const & del) { - transaction_guard guard(app.db); - app.db.put_file_version(old_id, new_id, del); + transaction_guard guard(db); + db.put_file_version(old_id, new_id, del); guard.commit(); } virtual void consume_revision_data(revision_id const & ident, revision_data const & dat) { - transaction_guard guard(app.db); - app.db.put_revision(ident, dat); + transaction_guard guard(db); + db.put_revision(ident, dat); guard.commit(); } virtual void consume_revision_cert(revision const & t) { - transaction_guard guard(app.db); - app.db.put_revision_cert(t); + transaction_guard guard(db); + db.put_revision_cert(t); guard.commit(); } virtual void consume_public_key(rsa_keypair_id const & ident, base64< rsa_pub_key > const & k) { - transaction_guard guard(app.db); - app.db.put_key(ident, k); + transaction_guard guard(db); + db.put_key(ident, k); guard.commit(); } virtual void consume_key_pair(rsa_keypair_id const & ident, keypair const & kp) { - app.keys.put_key_pair(ident, kp); + keys.put_key_pair(ident, kp); } virtual void consume_old_private_key(rsa_keypair_id const & ident, base64 const & k) { base64 dummy; - app.keys.migrate_old_key_pair(ident, k, dummy); + keys.migrate_old_key_pair(ident, k, dummy); } }; } @@ -141,7 +150,8 @@ CMD(read, "read", "", CMD_REF(packet_io) N_("If no files are provided, the standard input is used."), options::opts::none) { - packet_db_writer dbw(app); + key_store keys(app); + packet_db_writer dbw(app.db, keys); size_t count = 0; if (args.empty()) { ============================================================ --- cmd_ws_commit.cc 83ca6a8803315b4b45be54f47f1b69d88fcfe695 +++ cmd_ws_commit.cc f702e00ec483e72dc1fcfe58dbf88e20a4f9f907 @@ -24,6 +24,7 @@ #include "project.hh" #include "basic_io.hh" #include "keys.hh" +#include "key_store.hh" using std::cout; using std::make_pair; @@ -335,11 +336,12 @@ CMD(disapprove, "disapprove", "", CMD_RE options::opts::branch | options::opts::messages | options::opts::date | options::opts::author) { + key_store keys(app); + project_t project(app.db); + if (args.size() != 1) throw usage(execid); - project_t project(app.db); - utf8 log_message(""); bool log_message_given; revision_id r; @@ -357,7 +359,7 @@ CMD(disapprove, "disapprove", "", CMD_RE process_commit_message_args(log_message_given, log_message, app, utf8((FL("disapproval of revision '%s'") % r).str())); - cache_user_key(app.opts, app.lua, app.keys, app.db); + cache_user_key(app.opts, app.lua, keys, app.db); edge_entry const & old_edge (*rev.edges.begin()); app.db.get_revision_manifest(edge_old_revision(old_edge), @@ -380,7 +382,7 @@ CMD(disapprove, "disapprove", "", CMD_RE calculate_ident(rdat, inv_id); app.db.put_revision(inv_id, rdat); - project.put_standard_certs_from_options(app.opts, app.lua, app.keys, + project.put_standard_certs_from_options(app.opts, app.lua, keys, inv_id, app.opts.branchname, log_message); guard.commit(); @@ -1050,6 +1052,9 @@ CMD(commit, "commit", "ci", CMD_REF(work | options::opts::date | options::opts::author | options::opts::depth | options::opts::exclude) { + key_store keys(app); + project_t project(app.db); + utf8 log_message(""); bool log_message_given; revision_t restricted_rev; @@ -1058,9 +1063,7 @@ CMD(commit, "commit", "ci", CMD_REF(work temp_node_id_source nis; cset excluded; - project_t project(app.db); app.require_workspace(); - app.make_branch_sticky(); app.work.get_parent_rosters(old_rosters, app.db); app.work.get_current_roster_shape(new_roster, app.db, nis); @@ -1151,7 +1154,7 @@ CMD(commit, "commit", "ci", CMD_REF(work message_validated, reason); N(message_validated, F("log message rejected by hook: %s") % reason); - cache_user_key(app.opts, app.lua, app.keys, app.db); + cache_user_key(app.opts, app.lua, keys, app.db); // for the divergence check, below set heads; @@ -1241,7 +1244,7 @@ CMD(commit, "commit", "ci", CMD_REF(work app.db.put_revision(restricted_rev_id, rdat); } - project.put_standard_certs_from_options(app.opts, app.lua, app.keys, + project.put_standard_certs_from_options(app.opts, app.lua, keys, restricted_rev_id, app.opts.branchname, log_message); ============================================================ --- key_store.cc 122f910da775017a2d086805c4e460b68b1a2fb0 +++ key_store.cc e95db9dc389f17a4c3e57c50c0c5e7aad1799f07 @@ -40,9 +40,10 @@ struct key_store_state struct key_store_state { - system_path key_dir; + system_path const key_dir; + string const ssh_sign_mode; bool have_read; - app_state & app; + lua_hooks & lua; map keys; map, rsa_keypair_id> hashes; @@ -54,7 +55,8 @@ struct key_store_state scoped_ptr agent; key_store_state(app_state & app) - : key_dir(app.opts.conf_dir / "keys"), have_read(false), app(app) + : key_dir(app.opts.key_dir), ssh_sign_mode(app.opts.ssh_sign), + have_read(false), lua(app.lua) {} // internal methods @@ -146,21 +148,6 @@ key_store::~key_store() key_store::~key_store() {} -void -key_store::set_key_dir(system_path const & kd) -{ - if (s->key_dir == kd) - return; - - // Changing the key directory wipes the internal cache of keys. - s->key_dir = kd; - s->have_read = false; - s->keys.clear(); - s->hashes.clear(); - s->signer_cache.clear(); - s->privkey_cache.clear(); -} - system_path const & key_store::get_key_dir() { @@ -403,7 +390,7 @@ key_store_state::decrypt_private_key(rsa utf8 phrase; string lua_phrase; // See whether a lua hook will tell us the passphrase. - if (!force_from_user && app.lua.hook_get_passphrase(id, lua_phrase)) + if (!force_from_user && lua.hook_get_passphrase(id, lua_phrase)) phrase = utf8(lua_phrase); else get_passphrase(phrase, id, false, false); @@ -439,7 +426,7 @@ key_store_state::decrypt_private_key(rsa F("failed to extract RSA private key from PKCS#8 keypair")); // Cache the decrypted key if we're allowed. - if (app.lua.hook_persist_phrase_ok()) + if (lua.hook_persist_phrase_ok()) safe_insert(privkey_cache, make_pair(id, priv_key)); return priv_key; @@ -449,7 +436,7 @@ key_store::cache_decrypted_key(const rsa key_store::cache_decrypted_key(const rsa_keypair_id & id) { signing_key = id; - if (s->app.lua.hook_persist_phrase_ok()) + if (s->lua.hook_persist_phrase_ok()) s->decrypt_private_key(id); } @@ -573,8 +560,6 @@ key_store::make_signature(database & db, string const & tosign, base64 & signature) { - const string & opt_ssh_sign = s->app.opts.ssh_sign; - keypair key; get_key_pair(id, key); @@ -586,12 +571,12 @@ key_store::make_signature(database & db, ssh_agent & agent = s->get_agent(); //sign with ssh-agent (if connected) - N(agent.connected() || opt_ssh_sign != "only", + N(agent.connected() || s->ssh_sign_mode != "only", F("You have chosen to sign only with ssh-agent but ssh-agent" " does not seem to be running.")); - if (opt_ssh_sign == "yes" - || opt_ssh_sign == "check" - || opt_ssh_sign == "only") + if (s->ssh_sign_mode == "yes" + || s->ssh_sign_mode == "check" + || s->ssh_sign_mode == "only") { if (agent.connected()) { //grab the monotone public key as an RSA_PublicKey @@ -617,12 +602,12 @@ key_store::make_signature(database & db, string ssh_sig = sig_string; - N(ssh_sig.length() > 0 || opt_ssh_sign != "only", + N(ssh_sig.length() > 0 || s->ssh_sign_mode != "only", F("You don't seem to have your monotone key imported ")); if (ssh_sig.length() <= 0 - || opt_ssh_sign == "check" - || opt_ssh_sign == "no") + || s->ssh_sign_mode == "check" + || s->ssh_sign_mode == "no") { SecureVector sig; @@ -632,7 +617,7 @@ key_store::make_signature(database & db, // something. bool persist_phrase = (!s->signer_cache.empty() - || s->app.lua.hook_persist_phrase_ok()); + || s->lua.hook_persist_phrase_ok()); shared_ptr signer; shared_ptr priv_key; @@ -643,8 +628,8 @@ key_store::make_signature(database & db, { priv_key = s->decrypt_private_key(id); if (agent.connected() - && opt_ssh_sign != "only" - && opt_ssh_sign != "no") { + && s->ssh_sign_mode != "only" + && s->ssh_sign_mode != "no") { L(FL("make_signature: adding private key (%s) to ssh-agent") % id()); agent.add_identity(*priv_key, id()); } @@ -661,7 +646,7 @@ key_store::make_signature(database & db, sig_string = string(reinterpret_cast(sig.begin()), sig.size()); } - if (opt_ssh_sign == "check" && ssh_sig.length() > 0) + if (s->ssh_sign_mode == "check" && ssh_sig.length() > 0) { E(ssh_sig == sig_string, F("make_signature: ssh signature (%i) != monotone signature (%i)\n" @@ -737,7 +722,7 @@ key_store_state::migrate_old_key_pair // See whether a lua hook will tell us the passphrase. string lua_phrase; - if (app.lua.hook_get_passphrase(id, lua_phrase)) + if (lua.hook_get_passphrase(id, lua_phrase)) phrase = utf8(lua_phrase); else get_passphrase(phrase, id, false, false); ============================================================ --- key_store.hh c23fc37613716cae27681652cd917359280c2a61 +++ key_store.hh 2e71dfcb623cb876f908cd8c3c095aba2bccd393 @@ -24,7 +24,6 @@ public: key_store(app_state & a); ~key_store(); - void set_key_dir(system_path const & kd); system_path const & get_key_dir(); // Basic key I/O ============================================================ --- monotone.cc 8289cbcfbca10f561afa6e06bf279f6b70e93599 +++ monotone.cc 2c9baedc7ac7d288f62bfdfb1bb44d711c6ea943 @@ -212,12 +212,6 @@ cpp_main(int argc, char ** argv) app.db.set_filename(app.opts.dbname); } - if (app.opts.key_dir_given || app.opts.conf_dir_given) - { - if (!app.opts.key_dir.empty()) - app.keys.set_key_dir(app.opts.key_dir); - } - // at this point we allow a workspace (meaning search for it // and if found read _MTN/options, but don't use the data quite // yet, and read all the monotonercs). Processing the data