pub fn resolve_key_path(
root: &Path,
value: &str,
) -> Result<PathBuf, ConfigError>Expand description
Resolve a configured signing-key path against root.
Policy from the security hardening follow-up:
- relative paths are allowed only under
<repo>/.mkit/keys/ - absolute paths are allowed only under the home directory of the
process’s effective uid (looked up via
getpwuid_r(geteuid()), not$HOME, so a hostile parent can’t setHOME=/and admit every absolute path).