some fixes
This commit is contained in:
parent
8001017338
commit
3b96f75c94
@ -76,9 +76,16 @@ impl ServicesContext {
|
||||
}
|
||||
self.protected_store = Some(protected_store.clone());
|
||||
|
||||
// Set up tablestore
|
||||
trace!("init table store");
|
||||
// Set up tablestore and crypto system
|
||||
trace!("create table store and crypto system");
|
||||
let table_store = TableStore::new(self.config.clone(), protected_store.clone());
|
||||
let crypto = Crypto::new(self.config.clone(), table_store.clone());
|
||||
table_store.set_crypto(crypto.clone());
|
||||
|
||||
// Initialize table store first, so crypto code can load caches
|
||||
// Tablestore can use crypto during init, just not any cached operations or things
|
||||
// that require flushing back to the tablestore
|
||||
trace!("init table store");
|
||||
if let Err(e) = table_store.init().await {
|
||||
error!("failed to init table store: {}", e);
|
||||
self.shutdown().await;
|
||||
@ -88,7 +95,6 @@ impl ServicesContext {
|
||||
|
||||
// Set up crypto
|
||||
trace!("init crypto");
|
||||
let crypto = Crypto::new(self.config.clone(), table_store.clone());
|
||||
if let Err(e) = crypto.init().await {
|
||||
error!("failed to init crypto: {}", e);
|
||||
self.shutdown().await;
|
||||
|
@ -132,10 +132,6 @@ impl Crypto {
|
||||
pub async fn init(&self) -> EyreResult<()> {
|
||||
trace!("Crypto::init");
|
||||
let table_store = self.unlocked_inner.table_store.clone();
|
||||
|
||||
// Set crypto for table store
|
||||
table_store.set_crypto(self.clone());
|
||||
|
||||
// Init node id from config
|
||||
if let Err(e) = self
|
||||
.unlocked_inner
|
||||
|
@ -48,7 +48,7 @@ impl TableStore {
|
||||
inner.crypto = Some(crypto);
|
||||
}
|
||||
|
||||
// Flush internal control state
|
||||
// Flush internal control state (must not use crypto)
|
||||
async fn flush(&self) {
|
||||
let (all_table_names_value, all_tables_db) = {
|
||||
let inner = self.inner.lock();
|
||||
@ -220,6 +220,7 @@ impl TableStore {
|
||||
) -> EyreResult<Vec<u8>> {
|
||||
// Check if we are to protect the key
|
||||
if device_encryption_key_password.is_empty() {
|
||||
debug!("no dek password");
|
||||
// Return the unprotected key bytes
|
||||
let mut out = Vec::with_capacity(4 + SHARED_SECRET_LENGTH);
|
||||
out.extend_from_slice(&dek.kind.0);
|
||||
@ -260,6 +261,7 @@ impl TableStore {
|
||||
.load_user_secret("device_encryption_key")
|
||||
.await?;
|
||||
let Some(dek_bytes) = dek_bytes else {
|
||||
debug!("no device encryption key");
|
||||
return Ok(None);
|
||||
};
|
||||
|
||||
@ -284,7 +286,7 @@ impl TableStore {
|
||||
.protected_store
|
||||
.remove_user_secret("device_encryption_key")
|
||||
.await?;
|
||||
trace!("removed device encryption key. existed: {}", existed);
|
||||
debug!("removed device encryption key. existed: {}", existed);
|
||||
return Ok(());
|
||||
};
|
||||
|
||||
@ -296,6 +298,7 @@ impl TableStore {
|
||||
let device_encryption_key_password =
|
||||
if let Some(new_device_encryption_key_password) = new_device_encryption_key_password {
|
||||
// Change password
|
||||
debug!("changing dek password");
|
||||
self.config
|
||||
.with_mut(|c| {
|
||||
c.protected_store.device_encryption_key_password =
|
||||
@ -305,6 +308,7 @@ impl TableStore {
|
||||
.unwrap()
|
||||
} else {
|
||||
// Get device encryption key protection password if we have it
|
||||
debug!("saving with existing dek password");
|
||||
let c = self.config.get();
|
||||
c.protected_store.device_encryption_key_password.clone()
|
||||
};
|
||||
@ -319,7 +323,7 @@ impl TableStore {
|
||||
.protected_store
|
||||
.save_user_secret("device_encryption_key", &dek_bytes)
|
||||
.await?;
|
||||
trace!("saving device encryption key. existed: {}", existed);
|
||||
debug!("saving device encryption key. existed: {}", existed);
|
||||
Ok(())
|
||||
}
|
||||
|
||||
|
@ -244,6 +244,13 @@ pub fn process_command_line() -> EyreResult<(Settings, ArgMatches)> {
|
||||
if matches.occurrences_of("delete-table-store") != 0 {
|
||||
settingsrw.core.table_store.delete = true;
|
||||
}
|
||||
if matches.occurrences_of("password") != 0 {
|
||||
settingsrw.core.protected_store.device_encryption_key_password = matches.value_of("password").unwrap().to_owned();
|
||||
}
|
||||
if matches.occurrences_of("new-password") != 0 {
|
||||
settingsrw.core.protected_store.new_device_encryption_key_password = Some(matches.value_of("new-password").unwrap().to_owned());
|
||||
}
|
||||
|
||||
if matches.occurrences_of("dump-txt-record") != 0 {
|
||||
// Turn off terminal logging so we can be interactive
|
||||
settingsrw.logging.terminal.enabled = false;
|
||||
|
Loading…
Reference in New Issue
Block a user