[Pkg-javascript-commits] [node-keygrip] 42/68: Remove default key generation and associated expectations.
Andrew Kelley
andrewrk-guest at moszumanska.debian.org
Fri Jun 27 22:13:27 UTC 2014
This is an automated email from the git hooks/post-receive script.
andrewrk-guest pushed a commit to branch master
in repository node-keygrip.
commit 26e7e2a8ac9a8c4c3b68b8a15112597b7eb14061
Author: Grant Goodale <ggoodale at gmail.com>
Date: Fri Dec 20 20:54:41 2013 -0800
Remove default key generation and associated expectations.
Currently, the npm install process attempts to run install.js via node (or
nodejs if you're on debian) to generate a default set of keys. Rather than
try to make this work for all possible platform/shell combinations, remove
the install script and the logic that attempts to load default keys. Throw
if no keys are specified at initialization.
This is a breaking change for those relying on the old behaviour, but if
you're relying on keying material that lives under node_modules, it's time
to reevaluate your security processes anyway.
Note that tests are now executable via ```npm test```... on every platform
except debian. (Sorry about that. ln -s is your friend.)
---
index.js | 15 ++-------------
install.js | 7 -------
package.json | 2 +-
test.js | 12 +++++++-----
4 files changed, 10 insertions(+), 26 deletions(-)
diff --git a/index.js b/index.js
index b7a1ef9..d2c75a8 100644
--- a/index.js
+++ b/index.js
@@ -1,23 +1,12 @@
var crypto = require("crypto")
- , path = require("path")
- , fs = require("fs")
-
- , existsSync = fs.existsSync || path.existsSync
-
- , keysPath = path.join(__dirname, "defaultKeys.json")
- , defaults = existsSync(keysPath)
- ? JSON.parse(fs.readFileSync(keysPath))
- : undefined
-
+
function Keygrip(keys, algorithm, encoding) {
if (!algorithm) algorithm = "sha1";
if (!encoding) encoding = "base64";
if (!(this instanceof Keygrip)) return new Keygrip(keys, algorithm, encoding)
if (!keys || !(0 in keys)) {
- if (keys = defaults) console.warn("No keys specified, using defaults instead.")
-
- else throw "Keys must be provided or default keys must exist."
+ throw "Keys must be provided."
}
function sign(data, key) {
diff --git a/install.js b/install.js
deleted file mode 100644
index 9afac64..0000000
--- a/install.js
+++ /dev/null
@@ -1,7 +0,0 @@
-require("fs").writeFileSync("./defaultKeys.json",
- JSON.stringify([
- Array(33).join("x").replace(/x/g, function() {
- return (Math.random() * 16|0).toString(16)
- })
- ])
-)
diff --git a/package.json b/package.json
index cad0644..96f54e9 100644
--- a/package.json
+++ b/package.json
@@ -3,7 +3,7 @@
"version": "0.2.4",
"description": "Key signing and verification for rotated credentials",
"scripts": {
- "install": "[ -x /usr/bin/nodejs ] && /usr/bin/nodejs ./install.js || node ./install.js"
+ "test": "node test.js"
},
"repository": {
"type": "git",
diff --git a/test.js b/test.js
index 6e3afb6..7fe7352 100644
--- a/test.js
+++ b/test.js
@@ -5,11 +5,13 @@ var assert = require("assert")
, Keygrip = require("./")
, keylist, keys, hash, index
-// keygrip takes an array of keys, but if none exist,
-// it uses the defaults created during npm installation.
-// (but it'll will warn you)
-console.log("Ignore this message:")
-keys = new Keygrip(/* empty list */)
+// keygrip takes an array of keys. If missing or empty, it will throw.
+assert.throws(function() {
+ keys = new Keygrip(/* empty list */);
+}, /must be provided/);
+
+// Randomly generated key - don't use this for something real. Don't be that person.
+keys = new Keygrip(['06ae66fdc6c2faf5a401b70e0bf885cb']);
// .sign returns the hash for the first key
// all hashes are SHA1 HMACs in url-safe base64
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-javascript/node-keygrip.git
More information about the Pkg-javascript-commits
mailing list