Merge pull request #7615 from ipfs/fix/keystore-rotate

fix(key): dont allow backup key to be named 'self'

Author: aschmahmann

core/commands/keystore.go

@@ -442,6 +442,7 @@ var keyRotateCmd = &cmds.Command{
 		Tagline: "Rotates the ipfs identity.",
 		ShortDescription: `
 Generates a new ipfs identity and saves it to the ipfs config file.
+Your existing identity key will be backed up in the Keystore.
 The daemon must not be running when calling this command.
 
 ipfs uses a repository in the local file system. By default, the repo is
@@ -453,7 +454,7 @@ environment variable:
 	},
 	Arguments: []cmds.Argument{},
 	Options: []cmds.Option{
-		cmds.StringOption(oldKeyOptionName, "o", "Keystore name for the old/rotated-out key."),
+		cmds.StringOption(oldKeyOptionName, "o", "Keystore name to use for backing up your existing identity"),
 		cmds.StringOption(keyStoreTypeOptionName, "t", "type of the key to create: rsa, ed25519").WithDefault(keyStoreAlgorithmDefault),
 		cmds.IntOption(keyStoreSizeOptionName, "s", "size of the key to generate"),
 	},
@@ -482,6 +483,9 @@ environment variable:
 		if !ok {
 			return fmt.Errorf("keystore name for backing up old key must be provided")
 		}
+		if oldKey == "self" {
+			return fmt.Errorf("keystore name for back up cannot be named 'self'")
+		}
 		return doRotate(os.Stdout, cctx.ConfigRoot, oldKey, algorithm, nBitsForKeypair, nBitsGiven)
 	},
 }

test/sharness/t0027-rotate.sh

@@ -46,6 +46,12 @@ test_rotate() {
         esac
         '
 
+        test_expect_success "'ipfs key rotate -o self' should fail" '
+        echo "Error: keystore name for back up cannot be named '\''self'\''" >expected-self
+        test_must_fail ipfs key rotate -o self 2>actual-self &&
+        test_cmp expected-self actual-self
+        '
+
         test_expect_success "Compare second ID and key to first" '
         ipfs id -f="<id>" > second_id &&
         ipfs id -f="<pubkey>" > second_key &&