summaryrefslogtreecommitdiff
path: root/src/Propellor/Property/Gpg.hs
diff options
context:
space:
mode:
authorFĂ©lix Sipma2015-12-14 09:28:32 +0100
committerJoey Hess2015-12-16 12:05:01 -0400
commit50da0a84568d12f7c072e2bea0cb3546e37af226 (patch)
tree84478b15596f0717730a1042b2e32070c57b9c8b /src/Propellor/Property/Gpg.hs
parentf77badde96531d3723c633084dd82597214d0f38 (diff)
Gpg.keyImported: check if a pubKey is imported instead of using a flagfile
(cherry picked from commit 9712d125a2c3e3c609b68d9958207c251ba005ac)
Diffstat (limited to 'src/Propellor/Property/Gpg.hs')
-rw-r--r--src/Propellor/Property/Gpg.hs9
1 files changed, 3 insertions, 6 deletions
diff --git a/src/Propellor/Property/Gpg.hs b/src/Propellor/Property/Gpg.hs
index 34c077bb..0423806c 100644
--- a/src/Propellor/Property/Gpg.hs
+++ b/src/Propellor/Property/Gpg.hs
@@ -21,19 +21,16 @@ newtype GpgKeyId = GpgKeyId { getGpgKeyId :: String }
-- Recommend only using this for low-value dedicated role keys.
-- No attempt has been made to scrub the key out of memory once it's used.
keyImported :: GpgKeyId -> User -> Property HasInfo
-keyImported (GpgKeyId keyid) user@(User u) = flagFile' prop genflag
+keyImported key@(GpgKeyId keyid) user@(User u) = check (not <$> hasPubKey key user) prop
`requires` installed
where
desc = u ++ " has gpg key " ++ show keyid
- genflag = do
- d <- dotDir user
- return $ d </> ".propellor-imported-keyid-" ++ keyid
prop = withPrivData src (Context keyid) $ \getkey ->
- property desc $ getkey $ \key -> makeChange $
+ property desc $ getkey $ \key' -> makeChange $
withHandle StdinHandle createProcessSuccess
(proc "su" ["-c", "gpg --import", u]) $ \h -> do
fileEncoding h
- hPutStr h (unlines (privDataLines key))
+ hPutStr h (unlines (privDataLines key'))
hClose h
src = PrivDataSource GpgKey "Either a gpg public key, exported with gpg --export -a, or a gpg private key, exported with gpg --export-secret-key -a"