From: Brian Warner Date: Mon, 11 Jun 2012 01:14:55 +0000 (-0700) Subject: client.py: rename "server key" to "node key", use old name if present X-Git-Url: https://git.rkrishnan.org/specifications/%5B/%5D%20/flags/install.html?a=commitdiff_plain;h=bf416af49ed74057c84a05a65b12cd8cfac924f4;p=tahoe-lafs%2Ftahoe-lafs.git client.py: rename "server key" to "node key", use old name if present This prepares for invitation-based reciprocal-permission Accounting. In the scheme I'm developing, nodes publish "I accept shares from Y" messages, which are assembled into a graph, and server will accept shares from any client node reachable in this graph. For this to work, the serverX->clientY edge must be connectable to the serverY->clientZ edge, which means "clientY" and "serverY" must be connected. If clientY and serverY are two distinct keys, they must be cross-signed. Life is easier if there's just one key "Y", rather than distinct client- and server- keys. Calling this one key "server.privkey" would be confusing. "node.privkey" and "node.pubkey" makes more sense. One-server-per-node is a pretty easy restriction. Originally I was thinking that the client.key should be provided in each webapi call, just like a filecap is, making a single node useable by multiple users (Accounting principals), and not providing any ambient storage authority. But I've been unable to think of a comfortable WUI for that (at least without requiring javascript), nor a friendly way to transfer account authority (e.g. writecaps that include storage authority). So I'm more willing to have one-client-per-node these days. (and note that this rename doesn't seriously preclude many-clients-per-node or zero-clients-per-node anyways, it just makes one-client-per-node less awkward) --- diff --git a/src/allmydata/client.py b/src/allmydata/client.py index d42b6acf..1e4479bb 100644 --- a/src/allmydata/client.py +++ b/src/allmydata/client.py @@ -198,15 +198,20 @@ class Client(node.Node, pollmixin.PollMixin): self.convergence = base32.a2b(convergence_s) self._secret_holder = SecretHolder(lease_secret, self.convergence) - def _maybe_create_server_key(self): + def _maybe_create_node_key(self): # we only create the key once. On all subsequent runs, we re-use the # existing key def _make_key(): sk_vs,vk_vs = keyutil.make_keypair() return sk_vs+"\n" - sk_vs = self.get_or_create_private_config("server.privkey", _make_key) + # for a while (between releases, before 1.10) this was known as + # server.privkey, but now it lives in node.privkey. This fallback can + # be removed after 1.10 is released. + sk_vs = self.get_private_config("server.privkey", None) + if not sk_vs: + sk_vs = self.get_or_create_private_config("node.privkey", _make_key) sk,vk_vs = keyutil.parse_privkey(sk_vs.strip()) - self.write_config("server.pubkey", vk_vs+"\n") + self.write_config("node.pubkey", vk_vs+"\n") self._server_key = sk def _init_permutation_seed(self, ss): @@ -236,7 +241,7 @@ class Client(node.Node, pollmixin.PollMixin): return readonly = self.get_config("storage", "readonly", False, boolean=True) - self._maybe_create_server_key() + self._maybe_create_node_key() storedir = os.path.join(self.basedir, self.STOREDIR)