From 168401644e0569ad25aec2e35a589fa73acf59f7 Mon Sep 17 00:00:00 2001 From: Kim Altintop Date: Wed, 29 Mar 2023 18:01:19 +0200 Subject: core: explicit root keys for identity Replace threshold on identities with a roles dictionary, where the only currently supported role is "root". Keys in the root role are eligible for identity document updates. This allows users to restrict identity edits to keys on secure storage, while still permitting signatures from weaker protected keys for other purposes. Signed-off-by: Kim Altintop --- src/cmd/id/init.rs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src/cmd/id') diff --git a/src/cmd/id/init.rs b/src/cmd/id/init.rs index 35d3bb8..f481f48 100644 --- a/src/cmd/id/init.rs +++ b/src/cmd/id/init.rs @@ -145,13 +145,14 @@ pub fn init(args: Init) -> cmd::Result { .map(metadata::Key::from) .chain(args.public) .collect::(); + let roles = metadata::identity::Roles::root(keys.keys().cloned().collect(), threshold); let meta = { let id = metadata::Identity { fmt_version: Default::default(), prev: None, keys, - threshold, + roles, mirrors: args.mirrors.into_iter().collect(), expires: args.expires, custom, -- cgit v1.2.3