treaty: userspace permissions #164
Draft
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
In addition to serving the docket file over the network, we now also include the bill and seal files for a desk. It is important for other ships to be able to inspect these prior to attempting an install of the desk: they will need to grant the permissions from the seal file for it to be able to run at all. The bill file helps clarify some of the agent->app mappings that may be needed for rendering the permissions, and also lets clients check for agent conflicts ahead of time. Some unfinished work herein. There is no state adapter. There is no backwards compatibility (outside of the bare minimal logic).
The previous commit added some versioned treaty subscription affordances, but didn't actually do the required legwork of version negotiation to make this useful. Here, we implement a /version subscription endpoint into treaty, and use it for version negotiation. A nack means they're still on v0. An ack is expected to be followed by a fact containing an indication of v1, in response to which we leave all outgoing old-style subscriptions and replace them with new-style ones. To try and upgrade all existing subscriptions, we make sure to retry version negotiation whenever an old-style subscription gets kicked. When treaty upgrades, it kicks all incoming old-style subscriptions, and attempts version negotiation with everyone it's subscribed to. We track versions we've negotiated in state. Before we send new subscriptions, we want to know the version, and so track "pending treaty subscriptions" in state also. Incidentially we also remove :direct from state, which was getting properly book-kept, but not actually used for anything.
This is more direct and explicit. It would also let us make permission scope tighter, if it wasn't for docket still wanting to poke kiln for installation matters.
In +on-peek, we were using +ca instead of +cc to access +cg. This should work for the exact things we use there, but will silently break as soon as we start using any data from the bowl in the code being invoked. So, we simply replace these invocations with :cc instead.
The small amount of code duplication is fine here.
Docket may or may not want to do more things.
For whatever reason, doing so would result in a kick being given on a duct whose next wire is /clay/lu/load, but clay is not expecting and thus not prepared to handle kicks from any userspace subscription.
This was dropping things on the floor. Now it doesn't.
Not at all unimportant for version negotigation to work.
For looking at desk.bill and desk.seal files.
They were still pointing to the "current" type, but that's v1.
We weren't setting up the clay subscriptions correctly, and not loading in the current bill and seal where we should've been. Now we make sure to scry out the current bill and seal for whatever desks we're publishing.
Includes two approaches to sorting/rendering. May or may not need to be revamped wrt reinvented frontend needs, but having a decent base for "describing" permissions in a hoon library seems important.
3 tasks
14 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Companion PR to urbit/urbit#6493, see that for details.
tldr: treaty has been updated to propagate the
/desk.billand/desk.sealfiles' contents alongside other application metadata. This information will become important for determining whether or not to install an app, and for the backend to grant it its required permissions ahead of install.Draft because:
/lib/perms.hoonhints at a structure by which the frontend may render permissions, but... there is no frontend implementation yet. We may or may not want to make that part of this PR. Regardless, it needs to happen prior to release.