Google Git
Sign in
vanadium / release.go.x.ref / 10a4adef29efa61b39daf9afb175ac20e30a2daa^! / .
commit10a4adef29efa61b39daf9afb175ac20e30a2daa[log] [tgz]
authorRyan Brown <ribrdb@google.com>Tue Feb 10 13:17:18 2015 -0800
committerRyan Brown <ribrdb@google.com>Tue Feb 10 13:17:21 2015 -0800
treeb2bf020bc0703fe5c0575303f7b9a354cb67fa24
parent0e088c6b9c304465aa84ff4bc1102b41ae598809 [diff]
veyron/modules/lib/shell, veyron/security/agent/agentd: Update coments.

Change-Id: If5f98a535ed6bc1537e07e48a353c00e9765c3f6

diff --git a/lib/modules/shell.go b/lib/modules/shell.go
index cfdfc73..2daef38 100644
--- a/lib/modules/shell.go
+++ b/lib/modules/shell.go

@@ -233,13 +233,12 @@
 // from the OS environment, those in this Shell and those provided as a
 // parameter to it. In general, it prefers values from its parameter over
 // those from the Shell, over those from the OS. However, the VeyronCredentials
-// environment variable is handled specially.
+// and agent FdEnvVar variables will never use the value from the Shell or OS.
 //
-// If the VeyronCredentials environment variable is set in 'env' then that
-// is the value that gets used. If the shell's VeyronCredentials are set then
-// VeyronCredentials for the command are set to a freshly created directory
-// specifying a principal blessed by the shell's credentials. In all other
-// cases VeyronCredentials for the command remains unset.
+// If the shell is managing principals, the command is configured to
+// connect to the shell's agent.
+// To override this, or if the shell is not managing principals, set
+// the VeyronCredentials environment variable in the 'env' parameter.
 //
 // The Shell tracks all of the Handles that it creates so that it can shut
 // them down when asked to. The returned Handle may be non-nil even when an

diff --git a/security/agent/agentd/main.go b/security/agent/agentd/main.go
index fe26023..41e533f 100644
--- a/security/agent/agentd/main.go
+++ b/security/agent/agentd/main.go

@@ -62,6 +62,12 @@
 		return 1
 	}
 
+	// This is a bit tricky. We're trying to share the runtime's
+	// veyron.credentials flag.  However we need to parse it before
+	// creating the runtime.  We depend on the profile's init() function
+	// calling flags.CreateAndRegister(flag.CommandLine, flags.Runtime)
+	// This will read the VEYRON_CREDENTIALS env var, then our call to
+	// flag.Parse() will take any override passed on the command line.
 	var dir string
 	if f := flag.Lookup("veyron.credentials").Value; true {
 		dir = f.String()