#
# patch "ChangeLog"
# from [e515f351203cbbb76453853ed4316f300572c411]
# to [a0176d1ce2159ad9ca88c5e135cc89126b660e96]
#
# patch "cert.cc"
# from [fdf5188e96328a6d86fcac31ff3caf0b8ebb7602]
# to [c475f03b34ae549434d09247abd7227b7c0a90f7]
#
# patch "commands.cc"
# from [30f92c2f7eee55dda3d43ae5643224edba7c59c1]
# to [3a5202dce2bd8a380ac9bf9b2ad736eca43dd25e]
#
# patch "database.cc"
# from [7a37326e3fb76c441dde9a7000a5cbf187696ea8]
# to [a3c4507bf09e5aade2dd702ddc8c91f51d51df12]
#
# patch "database.hh"
# from [be5bc6fef85bbfd317b0d94d1b6329167a015a28]
# to [4935d9f82c7eb489d96f79285db844a611c5a095]
#
# patch "key_store.cc"
# from [05ee19ff4146a3ef4b9b1751e5dbf39a55f26a50]
# to [12e5e98f0e37a8c9a48ac545358b9d8c316099e9]
#
# patch "keys.hh"
# from [37f54b83f95952ba438899513ca0991cc63d4d10]
# to [969e5b32cfc2d56bfe239077a3104767d9ad72d7]
#
# patch "schema.sql"
# from [513edf45fe7238d23513b7062d965000271e2d67]
# to [d25e530b103ebfafad30760aeac1dc01393e15f1]
#
# patch "schema_migration.cc"
# from [572aa9fa72d4f32c72120d2792b8e27961ffa610]
# to [6c6c942ba5f4bfafe82145ea516c57dc4a3c8b39]
#
# patch "tests/t_migrate_schema.at"
# from [2074b20ad00853b9490ce370b6e6002bf2fe52f2]
# to [be3ab9479b942b36b7b997abfa21f47e7457d78b]
#
========================================================================
--- ChangeLog e515f351203cbbb76453853ed4316f300572c411
+++ ChangeLog a0176d1ce2159ad9ca88c5e135cc89126b660e96
@@ -1,5 +1,18 @@
2005-09-27 Timothy Brownawell
+ Replace extract_keys command with a database migrator.
+ * database.{cc,hh}: Remove last traces of private keys in db.
+ * schema.sql: Remove private_keys table
+ * commands.cc (dropkey): private keys can no longer be in the db.
+ * schema_migration.cc: new migrator
+ * commands.cc: remove extract_keys
+ * tests/t_migrate_schema.at: update
+ * keys.hh, cert.cc, key_store.cc: keys_match doesn't work well on
+ privkeys. Don't use it.
+ * key_store.cc: Allow duplicate insertions, if they match.
+
+2005-09-27 Timothy Brownawell
+
* schema_migration.hh: migrate_depot_schema() doesn't really exist
* database.cc, schema_migration.{cc,hh}: migrate_monotone_schema
now takes an app_state * , so data can be moved to/from the database.
========================================================================
--- cert.cc fdf5188e96328a6d86fcac31ff3caf0b8ebb7602
+++ cert.cc c475f03b34ae549434d09247abd7227b7c0a90f7
@@ -368,8 +368,8 @@
{
// We really don't want the database key and the rcfile key
// to differ.
- N(keys_match(id, kskeys.priv, id, luakeys.priv)
- && keys_match(id, kskeys.pub, id, luakeys.pub),
+ N(/*keys_match(id, kskeys.priv, id, luakeys.priv)
+ && */keys_match(id, kskeys.pub, id, luakeys.pub),
F("mismatch between key '%s' in key store"
" and get_key_pair hook") % id);
}
========================================================================
--- commands.cc 30f92c2f7eee55dda3d43ae5643224edba7c59c1
+++ commands.cc 3a5202dce2bd8a380ac9bf9b2ad736eca43dd25e
@@ -873,16 +873,6 @@
key_deleted = true;
}
- if (app.db.private_key_exists(ident))
- {
- P(F("dropping private key '%s' from database\n\n") % ident);
- W(F("the private key data may not have been erased from the\n"
- "database. it is recommended that you use 'db dump' and\n"
- "'db load' to be sure."));
- app.db.delete_private_key(ident);
- key_deleted = true;
- }
-
if (app.keys.key_pair_exists(ident))
{
P(F("dropping key pair '%s' from key store\n\n") % ident);
@@ -3782,30 +3772,4 @@
app.db.clear_var(k);
}
-CMD(extract_keys, N_("debug"), N_(""),
- N_("copy all private keys in the database into the keystore"),
- OPT_NONE)
-{
- std::vector privkeys;
- app.db.get_private_keys(privkeys);
- for (std::vector::const_iterator i = privkeys.begin();
- i != privkeys.end(); ++i)
- {
- base64< arc4 > old_priv;
- app.db.get_key(*i, old_priv);
- // convert it to a newstyle key
- keypair kp;
- migrate_private_key(app, *i, old_priv, kp);
-
- // check the public key matches
- base64< rsa_pub_key > pub;
- app.db.get_key(*i, pub);
- MM(pub);
- MM(kp.pub);
- N(keys_match(*i, pub, *i, kp.pub), F("public and private keys for %s don't match") % (*i)());
-
- app.keys.put_key_pair(*i, kp);
- }
-}
-
}; // namespace commands
========================================================================
--- database.cc 7a37326e3fb76c441dde9a7000a5cbf187696ea8
+++ database.cc a3c4507bf09e5aade2dd702ddc8c91f51d51df12
@@ -66,7 +66,7 @@
// non-alphabetic ordering of tables in sql source files. we could create
// a temporary db, write our intended schema into it, and read it back,
// but this seems like it would be too rude. possibly revisit this issue.
- schema("1509fd75019aebef5ac3da3a5edf1312393b70e9"),
+ schema("bd86f9a90b5d552f0be1fa9aee847ea0f317778b"),
__sql(NULL),
transaction_level(0)
{}
@@ -514,22 +514,6 @@
++pubkeys;
}
}
-
- {
- // rehash all privkeys
- results res;
- fetch(res, 2, any_rows, "SELECT id, keydata FROM private_keys");
- execute("DELETE FROM private_keys");
- for (size_t i = 0; i < res.size(); ++i)
- {
- hexenc tmp;
- key_hash_code(rsa_keypair_id(res[i][0]), base64< rsa_priv_key >(res[i][1]), tmp);
- execute("INSERT INTO private_keys VALUES(?, ?, ?)",
- tmp().c_str(), res[i][0].c_str(), res[i][1].c_str());
- ++privkeys;
- }
- }
-
guard.commit();
}
@@ -1480,12 +1464,6 @@
get_keys("public_keys", keys);
}
-void
-database::get_private_keys(vector & keys)
-{
- get_keys("private_keys", keys);
-}
-
bool
database::public_key_exists(hexenc const & hash)
{
@@ -1512,20 +1490,6 @@
return false;
}
-bool
-database::private_key_exists(rsa_keypair_id const & id)
-{
- results res;
- fetch(res, one_col, any_rows,
- "SELECT id FROM private_keys WHERE id = ?",
- id().c_str());
- I((res.size() == 1) || (res.size() == 0));
- if (res.size() == 1)
- return true;
- return false;
-}
-
-
void
database::get_pubkey(hexenc const & hash,
rsa_keypair_id & id,
@@ -1564,24 +1528,6 @@
}
void
-database::get_key(rsa_keypair_id const & priv_id,
- base64< arc4 > & priv_encoded)
-{
- results res;
- fetch(res, one_col, one_col,
- "SELECT keydata FROM private_keys WHERE id = ?",
- priv_id().c_str());
- priv_encoded = res[0][0];
-}
-
-void
-database::delete_private_key(rsa_keypair_id const & pub_id)
-{
- execute("DELETE FROM private_keys WHERE id = ?",
- pub_id().c_str());
-}
-
-void
database::delete_public_key(rsa_keypair_id const & pub_id)
{
execute("DELETE FROM public_keys WHERE id = ?",
@@ -2060,16 +2006,7 @@
pattern.c_str());
for (size_t i = 0; i < res.size(); ++i)
- completions.insert(make_pair(key_id(res[i][0]), utf8(res[i][1])));
-
- res.clear();
-
- fetch(res, 2, any_rows,
- "SELECT hash, id FROM private_keys WHERE hash GLOB ?",
- pattern.c_str());
-
- for (size_t i = 0; i < res.size(); ++i)
- completions.insert(make_pair(key_id(res[i][0]), utf8(res[i][1])));
+ completions.insert(make_pair(key_id(res[i][0]), utf8(res[i][1])));
}
using selectors::selector_type;
========================================================================
--- database.hh be5bc6fef85bbfd317b0d94d1b6329167a015a28
+++ database.hh 4935d9f82c7eb489d96f79285db844a611c5a095
@@ -320,13 +320,10 @@
void get_key_ids(std::string const & pattern,
std::vector & pubkeys);
- void get_private_keys(std::vector & privkeys);
-
void get_public_keys(std::vector & pubkeys);
bool public_key_exists(hexenc const & hash);
bool public_key_exists(rsa_keypair_id const & id);
- bool private_key_exists(rsa_keypair_id const & id);
void get_pubkey(hexenc const & hash,
@@ -339,10 +336,6 @@
void put_key(rsa_keypair_id const & id,
base64 const & pub_encoded);
- void get_key(rsa_keypair_id const & id,
- base64< arc4 > & priv_encoded);
- void delete_private_key(rsa_keypair_id const & pub_id);
-
void delete_public_key(rsa_keypair_id const & pub_id);
// note: this section is ridiculous. please do something about it.
========================================================================
--- key_store.cc 05ee19ff4146a3ef4b9b1751e5dbf39a55f26a50
+++ key_store.cc 12e5e98f0e37a8c9a48ac545358b9d8c316099e9
@@ -208,11 +208,22 @@
{
maybe_read_key_dir();
L(F("putting key pair '%s'") % ident);
- I(keys.insert(std::make_pair(ident, kp)).second);
- hexenc hash;
- key_hash_code(ident, kp.pub, hash);
- I(hashes.insert(std::make_pair(hash, ident)).second);
- write_key(ident);
+ std::pair::iterator, bool> res;
+ res = keys.insert(std::make_pair(ident, kp));
+ if (res.second)
+ {
+ hexenc hash;
+ key_hash_code(ident, kp.pub, hash);
+ I(hashes.insert(std::make_pair(hash, ident)).second);
+ write_key(ident);
+ }
+ else
+ {
+ E(/*keys_match(ident, res.first->second.priv, ident, kp.priv)
+ && */keys_match(ident, res.first->second.pub, ident, kp.pub),
+ F("Cannot store key '%s'; a different key by that name exists.")
+ % ident);
+ }
}
void
========================================================================
--- keys.hh 37f54b83f95952ba438899513ca0991cc63d4d10
+++ keys.hh 969e5b32cfc2d56bfe239077a3104767d9ad72d7
@@ -80,11 +80,11 @@
base64 const & key1,
rsa_keypair_id const & id2,
base64 const & key2);
-
+/* Doesn't work
bool keys_match(rsa_keypair_id const & id1,
base64< rsa_priv_key > const & key1,
rsa_keypair_id const & id2,
base64< rsa_priv_key > const & key2);
+*/
-
#endif // __KEYS_HH__
========================================================================
--- schema.sql 513edf45fe7238d23513b7062d965000271e2d67
+++ schema.sql d25e530b103ebfafad30760aeac1dc01393e15f1
@@ -71,13 +71,6 @@
keydata not null -- RSA public params
);
-CREATE TABLE private_keys
- (
- hash not null unique, -- hash of remaining fields separated by ":"
- id primary key, -- as in public_keys (same identifiers, in fact)
- keydata not null -- encrypted RSA private params
- );
-
CREATE TABLE manifest_certs
(
hash not null unique, -- hash of remaining fields separated by ":"
========================================================================
--- schema_migration.cc 572aa9fa72d4f32c72120d2792b8e27961ffa610
+++ schema_migration.cc 6c6c942ba5f4bfafe82145ea516c57dc4a3c8b39
@@ -9,6 +9,7 @@
#include
#include
#include
+#include