-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ability to disable non default signature algorithm(s) #5
Open
bobhageman
wants to merge
17
commits into
bwesterb:master
Choose a base branch
from
privacybydesign:master
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from 3 commits
Commits
Show all changes
17 commits
Select commit
Hold shift + click to select a range
9d4b869
chore: update dependencies
bobhageman bdd928e
feat: option to disable default signing algorithm
bobhageman bc4a775
chore: fix typo
bobhageman fef1bc8
feat: add docker support
bobhageman bfbab04
improve: make build static
bobhageman 9e38615
improve: use non-root user and configurable locations
bobhageman 46c1c2a
s/secrests/secrets/
sanderhollaar 612e0f1
improve: simplify secrets location
bobhageman 7594cbe
Merge pull request #5 from privacybydesign/disable-algorithm
bobhageman d53a271
feat: build and publish container to ghcr workflow
bobhageman 335da4f
chore: add newline to end of file
bobhageman 757ff9c
Merge pull request #6 from privacybydesign/dockerize
bobhageman 174f11a
relax file permission check on Ed25519KeyPath
sanderhollaar d5a2f5e
remove Ed25519KeyPath permission check
sanderhollaar fb5f005
Merge pull request #7 from privacybydesign/relax-file-permission-chec…
sanderhollaar 808d59a
fileInfo declared and not used
sanderhollaar 7520baa
Merge pull request #8 from privacybydesign/relax-file-permission-chec…
sanderhollaar File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,15 +1,36 @@ | ||
| module github.com/bwesterb/atumd | ||
|
|
||
| go 1.14 | ||
| go 1.19 | ||
|
|
||
| require ( | ||
| github.com/bwesterb/go-atum v1.1.5 | ||
| github.com/bwesterb/go-pow v1.0.0 | ||
| github.com/bwesterb/go-xmssmt v1.5.2 | ||
| github.com/go-chi/cors v1.2.1 | ||
| github.com/prometheus/client_golang v1.12.2 | ||
| github.com/prometheus/common v0.35.0 // indirect | ||
| golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d | ||
| google.golang.org/protobuf v1.28.0 // indirect | ||
| github.com/prometheus/client_golang v1.17.0 | ||
| golang.org/x/crypto v0.14.0 | ||
| gopkg.in/yaml.v2 v2.4.0 | ||
| ) | ||
|
|
||
| require ( | ||
| github.com/beorn7/perks v1.0.1 // indirect | ||
| github.com/bwesterb/byteswriter v1.0.0 // indirect | ||
| github.com/cespare/xxhash v1.1.0 // indirect | ||
| github.com/cespare/xxhash/v2 v2.2.0 // indirect | ||
| github.com/edsrzf/mmap-go v1.1.0 // indirect | ||
| github.com/golang/protobuf v1.5.3 // indirect | ||
| github.com/hashicorp/errwrap v1.1.0 // indirect | ||
| github.com/hashicorp/go-multierror v1.1.1 // indirect | ||
| github.com/kr/text v0.2.0 // indirect | ||
| github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect | ||
| github.com/nightlyone/lockfile v1.0.0 // indirect | ||
| github.com/prometheus/client_model v0.4.1-0.20230718164431-9a2bf3000d16 // indirect | ||
| github.com/prometheus/common v0.44.0 // indirect | ||
| github.com/prometheus/procfs v0.11.1 // indirect | ||
| github.com/templexxx/cpu v0.0.9 // indirect | ||
| github.com/templexxx/xorsimd v0.4.1 // indirect | ||
| github.com/timshannon/bolthold v0.0.0-20210913165410-232392fc8a6a // indirect | ||
| go.etcd.io/bbolt v1.3.6 // indirect | ||
| golang.org/x/sys v0.13.0 // indirect | ||
| google.golang.org/protobuf v1.31.0 // indirect | ||
| ) |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This presumes that either there only will be two signature algorithms supported or that you'd only want to enable one of them. It seems more logical to me to have an option
enabledSigAlgs, and then perhaps interpret the first as the default.Why do you want to disable one of them btw?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Currently Yivi is creating a PoC moving the infrastructure into a cloud agnostic environment. Since we are only using ed25519 and we need atumd to be stateless, this small change is (for us) the least intrusive way to make that happen. No change in config needed to keep the current situation running while it is possible to disable all other algorithms (for now only XMSS[MT]) except the default one in our cloud setup.
Thought this could be a nice addition in functionality, hence the pr. On the other hand I also agree with you that the other way around with an option like
enabledSigAlgswould be a nice approach.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sgtm!