Change 16076
Use a TRUST_FINGERPRINTS file to decide which p4 trust fingerprints to accept.
If we receive a request that is *not* in this file, and this setting is used, we reject it. This is our recommendation for production servers.
The ENABLE_AUTOMATIC_TRUST is only to be used for testing servers. We need this because of a high-cost of the Qt test framework.
Revised upon request of Alan Teague and Doug Scheirer.
If we receive a request that is *not* in this file, and this setting is used, we reject it. This is our recommendation for production servers.
The ENABLE_AUTOMATIC_TRUST is only to be used for testing servers. We need this because of a high-cost of the Qt test framework.
Revised upon request of Alan Teague and Doug Scheirer.
0 comments
Log in to comment
Tip: Use n and p to cycle through the changes.
|
|
+ if trusted.include?(fprint) + p4.run_trust('-f', '-i', fprint) + end + elsif HWSSettings.system.ENABLE_AUTOMATIC_TRUST == true + p4.run_trust('-y', '-f')
gnicol (on auth.rb, line 123) commented
9 years ago
I really don't think passing -f here is reasonable. I'd love to hear your thoughts on it though perhaps I'm missing something. |
| ·0 | |
|
|
|
|
|
+ if trusted.include?(fprint) + p4.run_trust('-f', '-i', fprint) + end + elsif HWSSettings.system.ENABLE_AUTOMATIC_TRUST == true + p4.run_trust('-y', '-f')
tjuricek (on auth.rb, line 123) commented
9 years ago
First, this is the desire of Alan, primarily. So he might have more of an explanation. As I understand it, the auto setting is really needed only for testing internally. The framework the Helix Sync team uses regenerates trust fingerprints constantly. For production, and Helix Cloud is the primary target here, they will have a single cert shared for all of their instances (and there's one per project). So they just only want that one fingerprint, but they want it trusted automatically on all services. I'm sure other scenarios will pop up. |
| ·0 | |
|
|