Radish alpha
h
heartwood
Radicle Heartwood Protocol & Stack
Radicle
Git (anonymous pull)
Log in to clone via SSH
Commits
node: Support systemd credential for passphrase
✗ CI failure Lorenz Leutgeb committed 7 months ago
commit 9fb3e1e7f36b3c9bcf021462cd01804c7c746f5e
parent 7aec84bf004c7853232e848196e2001a96e25491
3 failed (3 total) View logs
2 files changed +31 -6
modified CHANGELOG.md
@@ -16,11 +16,15 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- `rad issue` now uses `clap` to parse its command-line arguments.

   This affects error reporting as well as help output.

- `radicle-node` now supports systemd Credentials (refer to
- 
  <https://systemd.io/CREDENTIALS> for more information) to load
- 
  the secret key, in addition to the commandline argument
- 
  `--secret` (higher priority than the credential) and the
- 
  configuration file (lower priority than the credential).
- 
  The identifier of the credential is "xyz.radicle.node.secret".
+ 
  <https://systemd.io/CREDENTIALS> for more information) to load:
+ 
    1. The secret key, in addition to the commandline argument
+ 
       `--secret` (higher priority than the credential) and the
+ 
       configuration file (lower priority than the credential).
+ 
       The identifier of the credential is "xyz.radicle.node.secret".
+ 
    2. The optional passphrase for the secret key, in addition to the
+ 
       environment variable `RAD_PASSPHRASE` (lower priority than the
+ 
       credential).
+ 
       The identifier of the credential is "xyz.radicle.node.passphrase".



## Fixed Bugs
modified crates/radicle-node/src/main.rs
@@ -235,7 +235,28 @@ fn execute(options: Options) -> Result<(), ExecutionError> {
    log::info!(target: "node", "Version {} ({})", env!("RADICLE_VERSION"), env!("GIT_HEAD"));

    log::info!(target: "node", "Unlocking node keystore..");
- 
    let passphrase = profile::env::passphrase();
+ 
    let passphrase = None;
+
+ 
    #[cfg(all(feature = "systemd", target_os = "linux"))]
+ 
    let passphrase = passphrase.or_else(|| {
+ 
        const ID: &str = "xyz.radicle.node.passphrase";
+ 
        match radicle_systemd::credential::path(ID) {
+ 
            Err(err) => {
+ 
                log::warn!(target: "node", "Failed to obtain path of the passphrase file via systemd credential with '{ID}': {err}");
+ 
                None
+ 
            },
+ 
            Ok(Some(ref path)) => match std::fs::read_to_string(path) {
+ 
                Ok(passphrase) => Some(passphrase.into()),
+ 
                Err(err) => {
+ 
                    log::warn!(target: "node", "Failed to read passphrase from '{}': {err}", path.display());
+ 
                    None
+ 
                }
+ 
            }
+ 
            Ok(None) => None,
+ 
        }
+ 
    });
+
+ 
    let passphrase = passphrase.or_else(profile::env::passphrase);



    let secret_path = options.secret;