signer: deprecate KeyId() #1364
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
006c9f5 to
2356c0e
Compare
a78a8f7 to
5ca447c
Compare
|
cc @bradfitz for review! |
bradfitz
reviewed
Jan 23, 2021
pkg/schema/sign.go
Outdated
| privateKey = v | ||
| case string: | ||
| privateKey, err = jsonsign.EntityFromSecring(keyID, v) | ||
| privateKey, err = jsonsign.EntityFromSecring(fingerprint[32:], v) |
There was a problem hiding this comment.
what's the intention of this [32:] here? not obvious.
There was a problem hiding this comment.
This PR was based on the master branch before #1363 was merged. Back then, EntityFromSecring would not accept a fingerprint, so I took the last 8 from the fingerprint to get the short id. In retrospect I should have used the last 16 to get the long id instead however the plan was always to pass the full fingerprint once the other PR was merged. I have just modified my PR to do just that.
Eventually EntityFromSecring can stop accepting long/short ids and require fingerprints when we are done with cleaning up other things.
5ca447c to
de4fd62
Compare
`signer.KeyId()` was only used in a counter-productive way by comparing it with half of a long ID. Also use this opportunity to return the full fingerprint from ParseArmoredPublicKey. NewSigner was the only caller of this function.
de4fd62 to
59a77f3
Compare
|
cc @bradfitz for a second round of review! |
bradfitz
approved these changes
Jan 24, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Noticed this while working on #1363.
I think we should use fingerprints as much as possible and revert to shorter ids only when necessary, possibly fully deprecating short ids if that is possible. This PR is one step towards this. I intend to open a couple of follow-up PRs improving on this, propagating fingerprints where it makes sense and using them as much as possible.