set permissions for storage

LNP-BP · Apr 24, 2024 · 1dad729 · 1dad729
1 parent e64c371
commit 1dad729
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 1 deletion.
diff --git a/src/main.rs b/src/main.rs
@@ -93,10 +93,12 @@ pub enum Command {
         ssi: SsiQuery,
     },
 
+    /// Verify signature certificate
     Verify {
         /// Signature certificate to verify
         signature: SsiCert,
     },
+    //    Recover,
 }
 
 fn main() {
@@ -210,6 +212,20 @@ fn main() {
                 Err(err) => eprintln!("invalid: {err}"),
             }
             println!();
-        }
+        } /*
+          Command::Recover => {
+              use std::collections::HashSet;
+              let passwd = rpassword::prompt_password("Password for private key encryption: ")
+                  .expect("unable to read password");
+              let mut identities = HashSet::new();
+              for mut ssi in runtime.identities.iter().cloned() {
+                  let secret = runtime.find_signer(ssi.pk.fingerprint(), &passwd).unwrap();
+                  ssi.sig = secret.sk.sign(ssi.to_message());
+                  identities.push(ssi);
+              }
+              runtime.identities = identities;
+              runtime.store().unwrap()
+          }
+           */
     }
 }
diff --git a/src/runtime.rs b/src/runtime.rs
@@ -24,6 +24,7 @@ pub const SSI_DIR: &'static str = "~/.ssi";
 use std::collections::{BTreeSet, HashSet};
 use std::fs;
 use std::io::{self, BufRead, Write};
+use std::os::unix::fs::PermissionsExt;
 use std::path::PathBuf;
 
 use crate::baid64::Baid64ParseError;
@@ -62,6 +63,8 @@ impl SsiRuntime {
             .write(true)
             .create(true)
             .open(path)?;
+        let mut permissions = file.metadata()?.permissions();
+        permissions.set_mode(0o600);
         let reader = io::BufReader::new(file);
         let mut secrets = bset![];
         for line in reader.lines() {
@@ -76,6 +79,8 @@ impl SsiRuntime {
             .write(true)
             .create(true)
             .open(path)?;
+        let mut permissions = file.metadata()?.permissions();
+        permissions.set_mode(0o600);
         let reader = io::BufReader::new(file);
         let mut identities = set![];
         for line in reader.lines() {