-
Notifications
You must be signed in to change notification settings - Fork 164
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WIP: Add linux kernel keyring based credential helper (carry) #235
base: master
Are you sure you want to change the base?
Conversation
cc2ca30
to
651f225
Compare
keyctl/keyctl.go
Outdated
|
||
// getDefaultCredsStore is a helper function to get the default credsStore keyring | ||
func (k Keyctl) getDefaultCredsStore() (keyctl.NamedKeyring, error) { | ||
if persistent == 1 { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wondering why this check was (as persistent
is a const, and always 1
)
Might need to install dev keyctl cross pkg with xx |
Ah, yes; let me have a look later. Thought I'd give this one a quick go to see if it all worked, but definitely need to have a better look 😅 |
Codecov ReportPatch coverage has no change and project coverage change:
Additional details and impacted files@@ Coverage Diff @@
## master #235 +/- ##
==========================================
+ Coverage 55.55% 59.45% +3.89%
==========================================
Files 9 8 -1
Lines 666 582 -84
==========================================
- Hits 370 346 -24
+ Misses 253 199 -54
+ Partials 43 37 -6 ☔ View full report in Codecov by Sentry. |
Unrelated: Some warnings we can probably fix:
Some tests that are skipped that still mention travis CI (
|
This one is failing both sandboxed, and non-sandboxed; slightly different error though; Non-sandboxed (ubuntu 20.04);
Sandboxed: perhaps capabilities or seccomp?
https://man7.org/linux/man-pages/man3/keyctl_get_persistent.3.html
|
Slightly improved the errors to provide more details; Non-sandboxed (ubuntu 20.04);
Sandboxed:
|
Implement kernel kerying based credential helper for storing and retrieving secrets. Signed-off-by: Alakesh Haloi <alakeshh@amazon.com> Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
While pkg/errors is a great package, it's probably not needed for how it's used in this project, so let's replace with Go's native error wrapping. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
full diff: jsipprell/keyctl@v1.0.0...v1.0.3 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
4b932f7
to
5071773
Compare
Hello, @thaJeztah. I am intrigued by this PR. But I have a question. Can we retrieve the credential if the machine reboots? |
quick rebase of #214, and initial work on addressing some issues