From 81d0698d5aaf430352621c9fb4d7d0338f5cda52 Mon Sep 17 00:00:00 2001
From: Daira Hopwood <daira@jacaranda.org>
Date: Sun, 18 Nov 2012 02:19:14 +0000
Subject: [PATCH] scripts/debug.py: remove display of lease information and
 secrets. This version replaces the expiration field with '-' instead of '0',
 per Zooko's comments.

Signed-off-by: David-Sarah Hopwood <david-sarah@jacaranda.org>
---
 src/allmydata/scripts/debug.py     | 128 ++++++-----------------------
 src/allmydata/test/test_cli.py     |  88 +-------------------
 src/allmydata/test/test_mutable.py |   1 -
 src/allmydata/test/test_system.py  |   3 -
 4 files changed, 29 insertions(+), 191 deletions(-)

diff --git a/src/allmydata/scripts/debug.py b/src/allmydata/scripts/debug.py
index fedd6985..34e6e545 100644
--- a/src/allmydata/scripts/debug.py
+++ b/src/allmydata/scripts/debug.py
@@ -15,7 +15,6 @@ class DumpOptions(BaseOptions):
 
     optFlags = [
         ["offsets", None, "Display a table of section offsets."],
-        ["leases-only", None, "Dump leases but not CHK contents."],
         ]
 
     def getUsage(self, width=None):
@@ -57,9 +56,7 @@ def dump_immutable_share(options):
 
     out = options.stdout
     f = ShareFile(options['filename'])
-    if not options["leases-only"]:
-        dump_immutable_chk_share(f, out, options)
-    dump_immutable_lease_info(f, out)
+    dump_immutable_chk_share(f, out, options)
     print >>out
     return 0
 
@@ -143,19 +140,6 @@ def dump_immutable_chk_share(f, out, options):
             name = {"data": "block data"}.get(k,k)
             offset = f._data_offset + offsets[k]
             print >>out, "  %20s: %s   (0x%x)" % (name, offset, offset)
-        print >>out, "%20s: %s" % ("leases", f._lease_offset)
-
-def dump_immutable_lease_info(f, out):
-    # display lease information too
-    print >>out
-    leases = list(f.get_leases())
-    if leases:
-        for i,lease in enumerate(leases):
-            when = format_expiration_time(lease.expiration_time)
-            print >>out, " Lease #%d: owner=%d, expire in %s" \
-                  % (i, lease.owner_num, when)
-    else:
-        print >>out, " No leases."
 
 def format_expiration_time(expiration_time):
     now = time.time()
@@ -175,11 +159,9 @@ def dump_mutable_share(options):
     m = MutableShareFile(options['filename'])
     f = open(options['filename'], "rb")
     WE, nodeid = m._read_write_enabler_and_nodeid(f)
-    num_extra_leases = m._read_num_extra_leases(f)
     data_length = m._read_data_length(f)
     extra_lease_offset = m._read_extra_lease_offset(f)
     container_size = extra_lease_offset - m.DATA_OFFSET
-    leases = list(m._enumerate_leases(f))
 
     share_type = "unknown"
     f.seek(m.DATA_OFFSET)
@@ -196,21 +178,8 @@ def dump_mutable_share(options):
     print >>out, " share_type: %s" % share_type
     print >>out, " write_enabler: %s" % base32.b2a(WE)
     print >>out, " WE for nodeid: %s" % idlib.nodeid_b2a(nodeid)
-    print >>out, " num_extra_leases: %d" % num_extra_leases
     print >>out, " container_size: %d" % container_size
     print >>out, " data_length: %d" % data_length
-    if leases:
-        for (leasenum, lease) in leases:
-            print >>out
-            print >>out, " Lease #%d:" % leasenum
-            print >>out, "  ownerid: %d" % lease.owner_num
-            when = format_expiration_time(lease.expiration_time)
-            print >>out, "  expires in %s" % when
-            print >>out, "  renew_secret: %s" % base32.b2a(lease.renew_secret)
-            print >>out, "  cancel_secret: %s" % base32.b2a(lease.cancel_secret)
-            print >>out, "  secrets are for nodeid: %s" % idlib.nodeid_b2a(lease.nodeid)
-    else:
-        print >>out, "No leases."
     print >>out
 
     if share_type == "SDMF":
@@ -288,7 +257,7 @@ def dump_SDMF_share(m, length, options):
         print >>out, " Section Offsets:"
         def printoffset(name, value, shift=0):
             print >>out, "%s%20s: %s   (0x%x)" % (" "*shift, name, value, value)
-        printoffset("first lease", m.HEADER_SIZE)
+        printoffset("end of header", m.HEADER_SIZE)
         printoffset("share data", m.DATA_OFFSET)
         o_seqnum = m.DATA_OFFSET + struct.calcsize(">B")
         printoffset("seqnum", o_seqnum, 2)
@@ -302,7 +271,6 @@ def dump_SDMF_share(m, length, options):
             offset = m.DATA_OFFSET + offsets[k]
             printoffset(name, offset, 2)
         f = open(options['filename'], "rb")
-        printoffset("extra leases", m._read_extra_lease_offset(f) + 4)
         f.close()
 
     print >>out
@@ -383,7 +351,7 @@ def dump_MDMF_share(m, length, options):
         print >>out, " Section Offsets:"
         def printoffset(name, value, shift=0):
             print >>out, "%s%.20s: %s   (0x%x)" % (" "*shift, name, value, value)
-        printoffset("first lease", m.HEADER_SIZE, 2)
+        printoffset("end of header", m.HEADER_SIZE, 2)
         printoffset("share data", m.DATA_OFFSET, 2)
         o_seqnum = m.DATA_OFFSET + struct.calcsize(">B")
         printoffset("seqnum", o_seqnum, 4)
@@ -399,7 +367,6 @@ def dump_MDMF_share(m, length, options):
             offset = m.DATA_OFFSET + offsets[k]
             printoffset(name, offset, 4)
         f = open(options['filename'], "rb")
-        printoffset("extra leases", m._read_extra_lease_offset(f) + 4, 2)
         f.close()
 
     print >>out
@@ -411,11 +378,7 @@ class DumpCapOptions(BaseOptions):
         return "Usage: tahoe [global-opts] debug dump-cap [options] FILECAP"
     optParameters = [
         ["nodeid", "n",
-         None, "Specify the storage server nodeid (ASCII), to construct WE and secrets."],
-        ["client-secret", "c", None,
-         "Specify the client's base secret (ASCII), to construct secrets."],
-        ["client-dir", "d", None,
-         "Specify the client's base directory, from which a -c secret will be read."],
+         None, "Specify the storage server nodeid (ASCII), to construct the write enabler."],
         ]
     def parseArgs(self, cap):
         self.cap = cap
@@ -433,16 +396,14 @@ This may be useful to determine if a read-cap and a write-cap refer to the
 same time, or to extract the storage-index from a file-cap (to then use with
 find-shares)
 
-If additional information is provided (storage server nodeid and/or client
-base secret), this command will compute the shared secrets used for the
-write-enabler and for lease-renewal.
+For mutable write-caps, if the storage server nodeid is provided, this command
+will compute the write enabler.
 """
         return t
 
 
 def dump_cap(options):
     from allmydata import uri
-    from allmydata.util import base32
     from base64 import b32decode
     import urlparse, urllib
 
@@ -451,15 +412,6 @@ def dump_cap(options):
     nodeid = None
     if options['nodeid']:
         nodeid = b32decode(options['nodeid'].upper())
-    secret = None
-    if options['client-secret']:
-        secret = base32.a2b(options['client-secret'])
-    elif options['client-dir']:
-        secretfile = os.path.join(options['client-dir'], "private", "secret")
-        try:
-            secret = base32.a2b(open(secretfile, "r").read().strip())
-        except EnvironmentError:
-            pass
 
     if cap.startswith("http"):
         scheme, netloc, path, params, query, fragment = urlparse.urlparse(cap)
@@ -469,29 +421,9 @@ def dump_cap(options):
     u = uri.from_string(cap)
 
     print >>out
-    dump_uri_instance(u, nodeid, secret, out)
-
-def _dump_secrets(storage_index, secret, nodeid, out):
-    from allmydata.util import hashutil
-    from allmydata.util import base32
+    dump_uri_instance(u, nodeid, out)
 
-    if secret:
-        crs = hashutil.my_renewal_secret_hash(secret)
-        print >>out, " client renewal secret:", base32.b2a(crs)
-        frs = hashutil.file_renewal_secret_hash(crs, storage_index)
-        print >>out, " file renewal secret:", base32.b2a(frs)
-        if nodeid:
-            renew = hashutil.bucket_renewal_secret_hash(frs, nodeid)
-            print >>out, " lease renewal secret:", base32.b2a(renew)
-        ccs = hashutil.my_cancel_secret_hash(secret)
-        print >>out, " client cancel secret:", base32.b2a(ccs)
-        fcs = hashutil.file_cancel_secret_hash(ccs, storage_index)
-        print >>out, " file cancel secret:", base32.b2a(fcs)
-        if nodeid:
-            cancel = hashutil.bucket_cancel_secret_hash(fcs, nodeid)
-            print >>out, " lease cancel secret:", base32.b2a(cancel)
-
-def dump_uri_instance(u, nodeid, secret, out, show_header=True):
+def dump_uri_instance(u, nodeid, out, show_header=True):
     from allmydata import uri
     from allmydata.storage.server import si_b2a
     from allmydata.util import base32, hashutil
@@ -505,7 +437,6 @@ def dump_uri_instance(u, nodeid, secret, out, show_header=True):
         print >>out, " size:", u.size
         print >>out, " k/N: %d/%d" % (u.needed_shares, u.total_shares)
         print >>out, " storage index:", si_b2a(u.get_storage_index())
-        _dump_secrets(u.get_storage_index(), secret, nodeid, out)
     elif isinstance(u, uri.CHKFileVerifierURI):
         if show_header:
             print >>out, "CHK Verifier URI:"
@@ -531,7 +462,6 @@ def dump_uri_instance(u, nodeid, secret, out, show_header=True):
             we = hashutil.ssk_write_enabler_hash(u.writekey, nodeid)
             print >>out, " write_enabler:", base32.b2a(we)
             print >>out
-        _dump_secrets(u.get_storage_index(), secret, nodeid, out)
     elif isinstance(u, uri.ReadonlySSKFileURI):
         if show_header:
             print >>out, "SDMF Read-only URI:"
@@ -556,7 +486,6 @@ def dump_uri_instance(u, nodeid, secret, out, show_header=True):
             we = hashutil.ssk_write_enabler_hash(u.writekey, nodeid)
             print >>out, " write_enabler:", base32.b2a(we)
             print >>out
-        _dump_secrets(u.get_storage_index(), secret, nodeid, out)
     elif isinstance(u, uri.ReadonlyMDMFFileURI):
         if show_header:
             print >>out, "MDMF Read-only URI:"
@@ -573,37 +502,37 @@ def dump_uri_instance(u, nodeid, secret, out, show_header=True):
     elif isinstance(u, uri.ImmutableDirectoryURI): # CHK-based directory
         if show_header:
             print >>out, "CHK Directory URI:"
-        dump_uri_instance(u._filenode_uri, nodeid, secret, out, False)
+        dump_uri_instance(u._filenode_uri, nodeid, out, False)
     elif isinstance(u, uri.ImmutableDirectoryURIVerifier):
         if show_header:
             print >>out, "CHK Directory Verifier URI:"
-        dump_uri_instance(u._filenode_uri, nodeid, secret, out, False)
+        dump_uri_instance(u._filenode_uri, nodeid, out, False)
 
     elif isinstance(u, uri.DirectoryURI): # SDMF-based directory
         if show_header:
             print >>out, "Directory Writeable URI:"
-        dump_uri_instance(u._filenode_uri, nodeid, secret, out, False)
+        dump_uri_instance(u._filenode_uri, nodeid, out, False)
     elif isinstance(u, uri.ReadonlyDirectoryURI):
         if show_header:
             print >>out, "Directory Read-only URI:"
-        dump_uri_instance(u._filenode_uri, nodeid, secret, out, False)
+        dump_uri_instance(u._filenode_uri, nodeid, out, False)
     elif isinstance(u, uri.DirectoryURIVerifier):
         if show_header:
             print >>out, "Directory Verifier URI:"
-        dump_uri_instance(u._filenode_uri, nodeid, secret, out, False)
+        dump_uri_instance(u._filenode_uri, nodeid, out, False)
 
     elif isinstance(u, uri.MDMFDirectoryURI): # MDMF-based directory
         if show_header:
             print >>out, "Directory Writeable URI:"
-        dump_uri_instance(u._filenode_uri, nodeid, secret, out, False)
+        dump_uri_instance(u._filenode_uri, nodeid, out, False)
     elif isinstance(u, uri.ReadonlyMDMFDirectoryURI):
         if show_header:
             print >>out, "Directory Read-only URI:"
-        dump_uri_instance(u._filenode_uri, nodeid, secret, out, False)
+        dump_uri_instance(u._filenode_uri, nodeid, out, False)
     elif isinstance(u, uri.MDMFDirectoryURIVerifier):
         if show_header:
             print >>out, "Directory Verifier URI:"
-        dump_uri_instance(u._filenode_uri, nodeid, secret, out, False)
+        dump_uri_instance(u._filenode_uri, nodeid, out, False)
 
     else:
         print >>out, "unknown cap type"
@@ -681,8 +610,9 @@ of each share. Run it like this:
 
 The lines it emits will look like the following:
 
- CHK $SI $k/$N $filesize $UEB_hash $expiration $abspath_sharefile
- SDMF $SI $k/$N $filesize $seqnum/$roothash $expiration $abspath_sharefile
+ CHK $SI $k/$N $filesize $UEB_hash - $abspath_sharefile
+ SDMF $SI $k/$N $filesize $seqnum/$roothash - $abspath_sharefile
+ MDMF $SI $k/$N $filesize $seqnum/$roothash - $abspath_sharefile
  UNKNOWN $abspath_sharefile
 
 This command can be used to build up a catalog of shares from many storage
@@ -723,9 +653,6 @@ def describe_share(abs_sharefile, si_s, shnum_s, now, out):
         m = MutableShareFile(abs_sharefile)
         WE, nodeid = m._read_write_enabler_and_nodeid(f)
         data_length = m._read_data_length(f)
-        expiration_time = min( [lease.expiration_time
-                                for (i,lease) in m._enumerate_leases(f)] )
-        expiration = max(0, expiration_time - now)
 
         share_type = "unknown"
         f.seek(m.DATA_OFFSET)
@@ -752,10 +679,10 @@ def describe_share(abs_sharefile, si_s, shnum_s, now, out):
              pubkey, signature, share_hash_chain, block_hash_tree,
              share_data, enc_privkey) = pieces
 
-            print >>out, "SDMF %s %d/%d %d #%d:%s %d %s" % \
+            print >>out, "SDMF %s %d/%d %d #%d:%s - %s" % \
                   (si_s, k, N, datalen,
                    seqnum, base32.b2a(root_hash),
-                   expiration, quote_output(abs_sharefile))
+                   quote_output(abs_sharefile))
         elif share_type == "MDMF":
             from allmydata.mutable.layout import MDMFSlotReadProxy
             fake_shnum = 0
@@ -781,10 +708,10 @@ def describe_share(abs_sharefile, si_s, shnum_s, now, out):
             verinfo = extract(p.get_verinfo)
             (seqnum, root_hash, salt_to_use, segsize, datalen, k, N, prefix,
              offsets) = verinfo
-            print >>out, "MDMF %s %d/%d %d #%d:%s %d %s" % \
+            print >>out, "MDMF %s %d/%d %d #%d:%s - %s" % \
                   (si_s, k, N, datalen,
                    seqnum, base32.b2a(root_hash),
-                   expiration, quote_output(abs_sharefile))
+                   quote_output(abs_sharefile))
         else:
             print >>out, "UNKNOWN mutable %s" % quote_output(abs_sharefile)
 
@@ -804,10 +731,6 @@ def describe_share(abs_sharefile, si_s, shnum_s, now, out):
         sf = ShareFile(abs_sharefile)
         bp = ImmediateReadBucketProxy(sf)
 
-        expiration_time = min( [lease.expiration_time
-                                for lease in sf.get_leases()] )
-        expiration = max(0, expiration_time - now)
-
         UEB_data = call(bp.get_uri_extension)
         unpacked = uri.unpack_extension_readable(UEB_data)
 
@@ -816,9 +739,8 @@ def describe_share(abs_sharefile, si_s, shnum_s, now, out):
         filesize = unpacked["size"]
         ueb_hash = unpacked["UEB_hash"]
 
-        print >>out, "CHK %s %d/%d %d %s %d %s" % (si_s, k, N, filesize,
-                                                   ueb_hash, expiration,
-                                                   quote_output(abs_sharefile))
+        print >>out, "CHK %s %d/%d %d %s - %s" % (si_s, k, N, filesize, ueb_hash,
+                                                  quote_output(abs_sharefile))
 
     else:
         print >>out, "UNKNOWN really-unknown %s" % quote_output(abs_sharefile)
diff --git a/src/allmydata/test/test_cli.py b/src/allmydata/test/test_cli.py
index 3c73d706..0754bd6c 100644
--- a/src/allmydata/test/test_cli.py
+++ b/src/allmydata/test/test_cli.py
@@ -102,10 +102,6 @@ class CLI(CLITestMixin, unittest.TestCase):
         self.failUnless("k/N: 25/100" in output, output)
         self.failUnless("storage index: hdis5iaveku6lnlaiccydyid7q" in output, output)
 
-        output = self._dump_cap("--client-secret", "5s33nk3qpvnj2fw3z4mnm2y6fa",
-                                u.to_string())
-        self.failUnless("client renewal secret: znxmki5zdibb5qlt46xbdvk2t55j7hibejq3i5ijyurkr6m6jkhq" in output, output)
-
         output = self._dump_cap(u.get_verify_cap().to_string())
         self.failIf("key: " in output, output)
         self.failUnless("UEB hash: nf3nimquen7aeqm36ekgxomalstenpkvsdmf6fplj7swdatbv5oa" in output, output)
@@ -140,31 +136,8 @@ class CLI(CLITestMixin, unittest.TestCase):
         self.failUnless("storage index: nt4fwemuw7flestsezvo2eveke" in output, output)
         self.failUnless("fingerprint: 737p57x6737p57x6737p57x6737p57x6737p57x6737p57x6737a" in output, output)
 
-        output = self._dump_cap("--client-secret", "5s33nk3qpvnj2fw3z4mnm2y6fa",
-                                u.to_string())
-        self.failUnless("file renewal secret: arpszxzc2t6kb4okkg7sp765xgkni5z7caavj7lta73vmtymjlxq" in output, output)
-
-        fileutil.make_dirs("cli/test_dump_cap/private")
-        fileutil.write("cli/test_dump_cap/private/secret", "5s33nk3qpvnj2fw3z4mnm2y6fa\n")
-        output = self._dump_cap("--client-dir", "cli/test_dump_cap",
-                                u.to_string())
-        self.failUnless("file renewal secret: arpszxzc2t6kb4okkg7sp765xgkni5z7caavj7lta73vmtymjlxq" in output, output)
-
-        output = self._dump_cap("--client-dir", "cli/test_dump_cap_BOGUS",
-                                u.to_string())
-        self.failIf("file renewal secret:" in output, output)
-
-        output = self._dump_cap("--nodeid", "tqc35esocrvejvg4mablt6aowg6tl43j",
-                                u.to_string())
+        output = self._dump_cap("--nodeid", "tqc35esocrvejvg4mablt6aowg6tl43j", u.to_string())
         self.failUnless("write_enabler: mgcavriox2wlb5eer26unwy5cw56elh3sjweffckkmivvsxtaknq" in output, output)
-        self.failIf("file renewal secret:" in output, output)
-
-        output = self._dump_cap("--nodeid", "tqc35esocrvejvg4mablt6aowg6tl43j",
-                                "--client-secret", "5s33nk3qpvnj2fw3z4mnm2y6fa",
-                                u.to_string())
-        self.failUnless("write_enabler: mgcavriox2wlb5eer26unwy5cw56elh3sjweffckkmivvsxtaknq" in output, output)
-        self.failUnless("file renewal secret: arpszxzc2t6kb4okkg7sp765xgkni5z7caavj7lta73vmtymjlxq" in output, output)
-        self.failUnless("lease renewal secret: 7pjtaumrb7znzkkbvekkmuwpqfjyfyamznfz4bwwvmh4nw33lorq" in output, output)
 
         u = u.get_readonly()
         output = self._dump_cap(u.to_string())
@@ -191,31 +164,8 @@ class CLI(CLITestMixin, unittest.TestCase):
         self.failUnless("storage index: nt4fwemuw7flestsezvo2eveke" in output, output)
         self.failUnless("fingerprint: 737p57x6737p57x6737p57x6737p57x6737p57x6737p57x6737a" in output, output)
 
-        output = self._dump_cap("--client-secret", "5s33nk3qpvnj2fw3z4mnm2y6fa",
-                                u.to_string())
-        self.failUnless("file renewal secret: arpszxzc2t6kb4okkg7sp765xgkni5z7caavj7lta73vmtymjlxq" in output, output)
-
-        fileutil.make_dirs("cli/test_dump_cap/private")
-        fileutil.write("cli/test_dump_cap/private/secret", "5s33nk3qpvnj2fw3z4mnm2y6fa\n")
-        output = self._dump_cap("--client-dir", "cli/test_dump_cap",
-                                u.to_string())
-        self.failUnless("file renewal secret: arpszxzc2t6kb4okkg7sp765xgkni5z7caavj7lta73vmtymjlxq" in output, output)
-
-        output = self._dump_cap("--client-dir", "cli/test_dump_cap_BOGUS",
-                                u.to_string())
-        self.failIf("file renewal secret:" in output, output)
-
-        output = self._dump_cap("--nodeid", "tqc35esocrvejvg4mablt6aowg6tl43j",
-                                u.to_string())
+        output = self._dump_cap("--nodeid", "tqc35esocrvejvg4mablt6aowg6tl43j", u.to_string())
         self.failUnless("write_enabler: mgcavriox2wlb5eer26unwy5cw56elh3sjweffckkmivvsxtaknq" in output, output)
-        self.failIf("file renewal secret:" in output, output)
-
-        output = self._dump_cap("--nodeid", "tqc35esocrvejvg4mablt6aowg6tl43j",
-                                "--client-secret", "5s33nk3qpvnj2fw3z4mnm2y6fa",
-                                u.to_string())
-        self.failUnless("write_enabler: mgcavriox2wlb5eer26unwy5cw56elh3sjweffckkmivvsxtaknq" in output, output)
-        self.failUnless("file renewal secret: arpszxzc2t6kb4okkg7sp765xgkni5z7caavj7lta73vmtymjlxq" in output, output)
-        self.failUnless("lease renewal secret: 7pjtaumrb7znzkkbvekkmuwpqfjyfyamznfz4bwwvmh4nw33lorq" in output, output)
 
         u = u.get_readonly()
         output = self._dump_cap(u.to_string())
@@ -252,10 +202,6 @@ class CLI(CLITestMixin, unittest.TestCase):
         self.failUnless("k/N: 25/100" in output, output)
         self.failUnless("storage index: hdis5iaveku6lnlaiccydyid7q" in output, output)
 
-        output = self._dump_cap("--client-secret", "5s33nk3qpvnj2fw3z4mnm2y6fa",
-                                u.to_string())
-        self.failUnless("file renewal secret: csrvkjgomkyyyil5yo4yk5np37p6oa2ve2hg6xmk2dy7kaxsu6xq" in output, output)
-
         u = u.get_verify_cap()
         output = self._dump_cap(u.to_string())
         self.failUnless("CHK Directory Verifier URI:" in output, output)
@@ -280,21 +226,8 @@ class CLI(CLITestMixin, unittest.TestCase):
                         output)
         self.failUnless("fingerprint: 737p57x6737p57x6737p57x6737p57x6737p57x6737p57x6737a" in output, output)
 
-        output = self._dump_cap("--client-secret", "5s33nk3qpvnj2fw3z4mnm2y6fa",
-                                u.to_string())
-        self.failUnless("file renewal secret: arpszxzc2t6kb4okkg7sp765xgkni5z7caavj7lta73vmtymjlxq" in output, output)
-
-        output = self._dump_cap("--nodeid", "tqc35esocrvejvg4mablt6aowg6tl43j",
-                                u.to_string())
+        output = self._dump_cap("--nodeid", "tqc35esocrvejvg4mablt6aowg6tl43j", u.to_string())
         self.failUnless("write_enabler: mgcavriox2wlb5eer26unwy5cw56elh3sjweffckkmivvsxtaknq" in output, output)
-        self.failIf("file renewal secret:" in output, output)
-
-        output = self._dump_cap("--nodeid", "tqc35esocrvejvg4mablt6aowg6tl43j",
-                                "--client-secret", "5s33nk3qpvnj2fw3z4mnm2y6fa",
-                                u.to_string())
-        self.failUnless("write_enabler: mgcavriox2wlb5eer26unwy5cw56elh3sjweffckkmivvsxtaknq" in output, output)
-        self.failUnless("file renewal secret: arpszxzc2t6kb4okkg7sp765xgkni5z7caavj7lta73vmtymjlxq" in output, output)
-        self.failUnless("lease renewal secret: 7pjtaumrb7znzkkbvekkmuwpqfjyfyamznfz4bwwvmh4nw33lorq" in output, output)
 
         u = u.get_readonly()
         output = self._dump_cap(u.to_string())
@@ -324,21 +257,8 @@ class CLI(CLITestMixin, unittest.TestCase):
                         output)
         self.failUnless("fingerprint: 737p57x6737p57x6737p57x6737p57x6737p57x6737p57x6737a" in output, output)
 
-        output = self._dump_cap("--client-secret", "5s33nk3qpvnj2fw3z4mnm2y6fa",
-                                u.to_string())
-        self.failUnless("file renewal secret: arpszxzc2t6kb4okkg7sp765xgkni5z7caavj7lta73vmtymjlxq" in output, output)
-
-        output = self._dump_cap("--nodeid", "tqc35esocrvejvg4mablt6aowg6tl43j",
-                                u.to_string())
-        self.failUnless("write_enabler: mgcavriox2wlb5eer26unwy5cw56elh3sjweffckkmivvsxtaknq" in output, output)
-        self.failIf("file renewal secret:" in output, output)
-
-        output = self._dump_cap("--nodeid", "tqc35esocrvejvg4mablt6aowg6tl43j",
-                                "--client-secret", "5s33nk3qpvnj2fw3z4mnm2y6fa",
-                                u.to_string())
+        output = self._dump_cap("--nodeid", "tqc35esocrvejvg4mablt6aowg6tl43j", u.to_string())
         self.failUnless("write_enabler: mgcavriox2wlb5eer26unwy5cw56elh3sjweffckkmivvsxtaknq" in output, output)
-        self.failUnless("file renewal secret: arpszxzc2t6kb4okkg7sp765xgkni5z7caavj7lta73vmtymjlxq" in output, output)
-        self.failUnless("lease renewal secret: 7pjtaumrb7znzkkbvekkmuwpqfjyfyamznfz4bwwvmh4nw33lorq" in output, output)
 
         u = u.get_readonly()
         output = self._dump_cap(u.to_string())
diff --git a/src/allmydata/test/test_mutable.py b/src/allmydata/test/test_mutable.py
index 890d294e..cd355cf7 100644
--- a/src/allmydata/test/test_mutable.py
+++ b/src/allmydata/test/test_mutable.py
@@ -3131,7 +3131,6 @@ class Version(GridTestMixin, unittest.TestCase, testutil.ShouldFailMixin, \
             lines = set(output.splitlines())
             self.failUnless("Mutable slot found:" in lines, output)
             self.failUnless(" share_type: MDMF" in lines, output)
-            self.failUnless(" num_extra_leases: 0" in lines, output)
             self.failUnless(" MDMF contents:" in lines, output)
             self.failUnless("  seqnum: 1" in lines, output)
             self.failUnless("  required_shares: 3" in lines, output)
diff --git a/src/allmydata/test/test_system.py b/src/allmydata/test/test_system.py
index 3b23b2f6..0f35f4ea 100644
--- a/src/allmydata/test/test_system.py
+++ b/src/allmydata/test/test_system.py
@@ -510,9 +510,6 @@ class SystemTest(SystemTestMixin, RunBinTahoeMixin, unittest.TestCase):
                 self.failUnless("share_type: SDMF\n" in output)
                 peerid = idlib.nodeid_b2a(self.clients[client_num].nodeid)
                 self.failUnless(" WE for nodeid: %s\n" % peerid in output)
-                self.failUnless(" num_extra_leases: 0\n" in output)
-                self.failUnless("  secrets are for nodeid: %s\n" % peerid
-                                in output)
                 self.failUnless(" SDMF contents:\n" in output)
                 self.failUnless("  seqnum: 1\n" in output)
                 self.failUnless("  required_shares: 3\n" in output)
-- 
2.45.2