Added SSH Key comment field and fixed build for other users #190
Conversation
| @@ -9,6 +9,7 @@ protocol AgentStatusCheckerProtocol: ObservableObject { | |||
| class AgentStatusChecker: ObservableObject, AgentStatusCheckerProtocol { | |||
|
|
|||
| @Published var running: Bool = false | |||
| let bundleID = Bundle.main.bundleIdentifier!.replacingOccurrences(of: "Host", with: "SecretAgent") | |||
There was a problem hiding this comment.
Overall big 👍 these changes.
This doesn't really need to be a property on the class though I don't think, you can just move this into the secretAgentProcesses block.
There was a problem hiding this comment.
Bundle.main.bundleIdentifier!.replacingOccurrences(of: "Host", with: "SecretAgent") this bit is repeated a couple times – might make sense to have a Bundle extension in SecretKit with like hostBundleID and agentBundleID properties.
| @@ -4,7 +4,8 @@ import AppKit | |||
| import OSLog | |||
|
|
|||
| struct LaunchAgentController { | |||
|
|
|||
|
|
|||
| let bundleID = Bundle.main.bundleIdentifier!.replacingOccurrences(of: "Host", with: "SecretAgent") | |||
There was a problem hiding this comment.
Hey @lavalleeale – thanks for the PR, sorry it took me so long to review.
Overall got some good changes – I think there might be a better storage strategy possible that we should experiment with though.
| @State private var name = "" | ||
| @State private var requiresAuthentication = true | ||
| let defaults = UserDefaults.standard |
There was a problem hiding this comment.
I'm not crazy about having this info stored in UserDefaults/View tbh, particularly for the SEP keys.
My inclination would be to add a kSecAttrComment at the key creation
and read that out into a new property on Secret
There was a problem hiding this comment.
(disclaimer: I haven't personally tested this yet so it might run into some issues, the SEP can be a bit weird that way sometimes)
We'll probably also need to figure out an approach for SmartCards.
| @@ -9,6 +9,7 @@ protocol AgentStatusCheckerProtocol: ObservableObject { | |||
| class AgentStatusChecker: ObservableObject, AgentStatusCheckerProtocol { | |||
|
|
|||
| @Published var running: Bool = false | |||
| let bundleID = Bundle.main.bundleIdentifier!.replacingOccurrences(of: "Host", with: "SecretAgent") | |||
There was a problem hiding this comment.
Bundle.main.bundleIdentifier!.replacingOccurrences(of: "Host", with: "SecretAgent") this bit is repeated a couple times – might make sense to have a Bundle extension in SecretKit with like hostBundleID and agentBundleID properties.
|
|
||
| func save() { | ||
| try! store.create(name: name, requiresAuthentication: requiresAuthentication) | ||
| if comment != "" { | ||
| defaults.set(comment, forKey: name) |
There was a problem hiding this comment.
Having the comment be the default is nice 👍
(when we switch to the comment being on the keychain entry, I think it probably makes sense to just to do this at view time, and not bake it in to the stored secret. This will make it nicer if the user changes their username, or has secrets created before this).
|
@maxgoedjen I believe you tagged the wrong guy 😉 |
|
@vladimyr betrayed by autocomplete! |
|
Hey, maybe I just read wrong, but I was under the impression that |
I'm not sure about that tbh, you could be right there. I'm not terribly concerned with that if it is the case tho, since keys are basically immutable as is. |
|
@lavalleeale looks like unit tests failed to build |
SecretKit/Common/bundleIDs.swift
Outdated
| // | ||
| // bundleIDs.swift | ||
| // SecretKit | ||
| // | ||
| // Created by Alex lavallee on 12/27/20. | ||
| // Copyright © 2020 Max Goedjen. All rights reserved. | ||
| // | ||
|
|
There was a problem hiding this comment.
| // | |
| // bundleIDs.swift | |
| // SecretKit | |
| // | |
| // Created by Alex lavallee on 12/27/20. | |
| // Copyright © 2020 Max Goedjen. All rights reserved. | |
| // |
|
Sorry about that, TIL that Xcode stores a reference of all the files in the project in the same file where it stores signing data |
|
All good, I miss it about half the time myself ;) |
|
So is there anything else in the PR that you want me to fix? |
|
Hey @lavalleeale – sorry to be a bummer about this but I'm still pretty uncomfortable about storing metadata like this outside of the SEP. If we can find a way to remedy that I'd be receptive to a PR along those lines. (I'd also still gratefully merge the changes you made to the project to simplify signing/bundle IDs, if you'd be willing to split that out into a separate PR). |
|
I sketched out a few ideas we might be able to use to address this in #201 – it's probably a nontrivial amount of work so don't feel obligated to take it on yourself, I'll take a look at implementing for probably ~2.2.0 or so. |
|
I'll take a look at the metadata idea, but comments are a part of the public key, which should be fine if it is public, right? |
To an extent. Like if you were looking at my keys on https://github.com/maxgoedjen.keys it's fine that you see the comments there. Having the comments be in a non-locked-down area like user defaults can potentially leak what services you're using (ie, another process could see that I use GitHub, that I have another Mac named XYZ, etc) which IMO somewhat violates the security expectations people have of the app. |
|
I'm just saying that the last field in the public key is the comment, maybe specify it is part of the public key? |
No description provided.