~fkfd/picross

This thread contains a patchset. You're looking at the original emails, but you may wish to use the patch review UI. Review patch
2 2

[PATCH] TOFU: Create file if it didn't exist

Details
Message ID
<20201130052826.80154-1-zachdecook@librem.one>
DKIM signature
missing
Download raw message
Patch: +2 -0
---

Notes:
    Note that we should probably support ~/.local/share/gemini/known_hosts
    (but that uses a different fingerprint format, so we may have to mind for backwards compatibility)

 picross/tofu.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/picross/tofu.py b/picross/tofu.py
index d2fc3d8..f188e9a 100644
--- a/picross/tofu.py
+++ b/picross/tofu.py
@@ -36,6 +36,8 @@ class TofuDatabase:
    def read(self) -> list:
        """Reads all TOFU entries from DB
        """
        if not self.db_file.exists():
            open(self.db_file, 'a').close()
        with open(self.db_file) as f:
            reader = csv.reader(f)
            tofu_entries = [
-- 
2.29.2
Details
Message ID
<4AFC1BF2-8810-41FA-868B-46CA09831637@macaw.me>
In-Reply-To
<20201130052826.80154-1-zachdecook@librem.one> (view parent)
DKIM signature
missing
Download raw message
On November 30, 2020 5:28:27 AM UTC, Zach DeCook <zachdecook@librem.one> wrote:
>---
>
>Notes:
> Note that we should probably support ~/.local/share/gemini/known_hosts
>(but that uses a different fingerprint format, so we may have to mind
>for backwards compatibility)
>
> picross/tofu.py | 2 ++
> 1 file changed, 2 insertions(+)
>
>diff --git a/picross/tofu.py b/picross/tofu.py
>index d2fc3d8..f188e9a 100644
>--- a/picross/tofu.py
>+++ b/picross/tofu.py
>@@ -36,6 +36,8 @@ class TofuDatabase:
>     def read(self) -> list:
>         """Reads all TOFU entries from DB
>         """
>+        if not self.db_file.exists():
>+            open(self.db_file, 'a').close()
>         with open(self.db_file) as f:
>             reader = csv.reader(f)
>             tofu_entries = [

Hi Zach,

This mail is to acknowledge that I have received the patch, but due to the fact that I'm not on my dev machine, I can't test it right now (though I'm 95% sure it'll work).

Will test it out on Saturday, thanks for the patch!

Speaking of  ~/.local/share/gemini/known_hosts, which I was not aware of, I plan to search through the list archive and find out.

~fkfd
Details
Message ID
<7E2A6C1E-1C50-4CE3-91E0-9AEE63763F45@librem.one>
In-Reply-To
<4AFC1BF2-8810-41FA-868B-46CA09831637@macaw.me> (view parent)
DKIM signature
missing
Download raw message
I think actually the TOFU code in this project is bad.
It sends two requests to the server, of which, only the first has the certificate checked (a MITM could let the first request pass, then intercept the second-- which is the one which actually carries the data).

Also, I believe the first request (made by ssl.getCertificate) is not a valid gemini request. Most servers allow it to work, but notably gmnisrv doesn't. I think that behavior is described by https://lists.sr.ht/~sircmpwn/gmni-discuss/%3C053b05cef8f6918e1d5caa47d44dc70b8311f91d.camel%40mycanofbeans.com%3E#%3CC7CNVUUNIV1G.2Q9ITTBUGVV68@taiga%3E
Reply to thread Export thread (mbox)