Push scraps to yard via CLI

[surprisetalk]

The following serves a directory of scraps over the network:

echo "123" > /var/scrap/yard/example.scrap
scrap yard serve /var/scrap/yard

But we also want to enable folks to remotely (and securely) push scraps to a yard:

cat fib.scrap \
  | scrap yard push sarah/fib \
      --yard yard.scrap.land \
      --key ~/.ssh/id_scrap

We could implement the CLI command like so:

def yard_push(): 
    input = sys.stdin.read()
    flat = to_flat(input)
    with open(args.key, encoding="utf-8") as f:
        key = f.read()
    requests.post(
        f"https://yard.scrap.land/{args.dir}", 
        data=to_flat({
            "sig": sign(flat, key),
            "data": input,
        })
    )

On the server side, we can start out by storing a directory of public keys like so:

mkdir -p /var/scrap/keys
cp ~/.ssh/id_scrap.pub /var/scrap/keys/sarah
scrap yard serve /var/scrap/yard --keys /var/scrap/keys --port 8080 &
scrap yard push sarah/fib --yard :8080 --key ~/.ssh/id_scrap < fib.scrap

[tekknolagi]

It seems interesting. I feel wary of rolling our own crypto. What existing (extremely widely deployed) software can we lean on here? Last time we went for this I was thinking about Git

[surprisetalk]

The auth handler could be as simple as this:

@app.route('/<path>', methods=['POST'])
def push_scrap(path):
    top, scrap_path = scrap_path.split('/', 1)
    scrap = Deserialize(request.data)
    with open(os.path.join(KEYS_PATH, top), "rb") as key_file:
        pub_key = load_ssh_public_key(key_file.read())
    public_key.verify(
        base64.b64decode(scrap.sig),
        scrap.data,
        padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH),
        hashes.SHA256()
    )
    with open(os.path.join(top, f"{scrap_path}.scrap"), "w") as f:
        f.write(scrap)
    return nil, 204

We're just verifying that the sig matches the key 🤠 We can keep things real spartan for now haha