core: explicit root keys for identity

Replace threshold on identities with a roles dictionary, where the only currently supported role is "root". Keys in the root role are eligible for identity document updates. This allows users to restrict identity edits to keys on secure storage, while still permitting signatures from weaker protected keys for other purposes. Signed-off-by: Kim Altintop <kim@eagain.io>
author: Kim Altintop <kim@eagain.io> 2023-03-29 18:01:19 +0200
committer: Kim Altintop <kim@eagain.io> 2023-03-29 18:01:19 +0200
commit: 168401644e0569ad25aec2e35a589fa73acf59f7 (patch)
tree: b5e4e2c6089fd62adc4bc7ef94e3c5a71f1a9dfd /src/cmd/id.rs
parent: a273c0fa68a65b88878b0f568e49042a91b44350 (diff)
1 files changed, 10 insertions, 6 deletions
diff --git a/src/cmd/id.rs b/src/cmd/id.rs
index 57e79b0..9f1de7e 100644
--- a/src/cmd/id.rs
+++ b/src/cmd/id.rs
@@ -3,7 +3,6 @@
 
 use std::{
     collections::BTreeSet,
-    num::NonZeroUsize,
     path::PathBuf,
 };
 
@@ -134,7 +133,8 @@ pub fn identity_ref(id: Either<&IdentityId, &git2::Config>) -> cmd::Result<Refna
 #[derive(serde::Serialize, serde::Deserialize)]
 struct Editable {
     keys: metadata::KeySet<'static>,
-    threshold: NonZeroUsize,
+    #[serde(flatten)]
+    roles: metadata::identity::Roles,
     mirrors: BTreeSet<Url>,
     expires: Option<metadata::DateTime>,
     custom: metadata::Custom,
@@ -144,7 +144,7 @@ impl From<metadata::Identity> for Editable {
     fn from(
         metadata::Identity {
             keys,
-            threshold,
+            roles,
             mirrors,
             expires,
             custom,
@@ -153,7 +153,7 @@ impl From<metadata::Identity> for Editable {
     ) -> Self {
         Self {
             keys,
-            threshold,
+            roles,
             mirrors,
             expires,
             custom,
@@ -167,19 +167,23 @@ impl TryFrom<Editable> for metadata::Identity {
     fn try_from(
         Editable {
             keys,
-            threshold,
+            roles,
             mirrors,
             expires,
             custom,
         }: Editable,
     ) -> Result<Self, Self::Error> {
         ensure!(!keys.is_empty(), "keys cannot be empty");
+        ensure!(
+            !roles.is_threshold(),
+            "flat threshold is deprecated, please specify the root keys explicity"
+        );
 
         Ok(Self {
             fmt_version: Default::default(),
             prev: None,
             keys,
-            threshold,
+            roles,
             mirrors,
             expires,
             custom,
author	Kim Altintop <kim@eagain.io>	2023-03-29 18:01:19 +0200
committer	Kim Altintop <kim@eagain.io>	2023-03-29 18:01:19 +0200
commit	168401644e0569ad25aec2e35a589fa73acf59f7 (patch)
tree	b5e4e2c6089fd62adc4bc7ef94e3c5a71f1a9dfd /src/cmd/id.rs
parent	a273c0fa68a65b88878b0f568e49042a91b44350 (diff)