It turns out the bate secret key for machine files already has the pubkey
cached in it by libsodium, so I dropped that.
I'm also going to drop it from the internals, it seems simpler
- Save with 0400 perms so PTTH won't accidentally serve them
- Save D-Bus machine ID if possible to detect when keys accidentally change machines
- Add random schema version
There's a lot of missing pieces, but the big picture is like this:
- Use 2 completely separate HTTP streams, and try to keep them alive as long
as possible, each in basically half-duplex mode
- Each stream has a long-running PUT and GET, sort of like station307
- Each end has to be terminated by a native app that either connects to a local
TCP server, or acts as a local TCP server
- No clue how it would work for multiple connections on the same port. Poorly,
I guess?
- It's probably gonna run like garbage because we're splitting TCP into
2 TCP streams, and although backpressure might work, the ACKs will be less
efficient. And the congestion control might get confused
My only goal is to tunnel Tracy over it, so that I can have that remotely.
This won't affect anything, because I had manually written the not_after for
the testing keys. Even the automated tests weren't using the new_30_day
function
_