summaryrefslogtreecommitdiff
path: root/src/Propellor/Property/Gpg.hs
diff options
context:
space:
mode:
authorFĂ©lix Sipma2015-12-16 15:18:19 +0100
committerJoey Hess2015-12-16 12:05:08 -0400
commitf3c5e20fa5b21f3317f63bbcc2d43d708d2ae736 (patch)
treed781862410f41175e983f884abdef8a946865996 /src/Propellor/Property/Gpg.hs
parent50da0a84568d12f7c072e2bea0cb3546e37af226 (diff)
Gpg: parse GpgKeyType in keyImported
(cherry picked from commit cdd1e093118b5eeab7743be7e2ec959980716145)
Diffstat (limited to 'src/Propellor/Property/Gpg.hs')
-rw-r--r--src/Propellor/Property/Gpg.hs28
1 files changed, 21 insertions, 7 deletions
diff --git a/src/Propellor/Property/Gpg.hs b/src/Propellor/Property/Gpg.hs
index 0423806c..dae6e5d7 100644
--- a/src/Propellor/Property/Gpg.hs
+++ b/src/Propellor/Property/Gpg.hs
@@ -12,6 +12,8 @@ installed = Apt.installed ["gnupg"]
-- A numeric id, or a description of the key, in a form understood by gpg.
newtype GpgKeyId = GpgKeyId { getGpgKeyId :: String }
+data GpgKeyType = GpgPubKey | GpgPrivKey
+
-- | Sets up a user with a gpg key from the privdata.
--
-- Note that if a secret key is exported using gpg -a --export-secret-key,
@@ -21,19 +23,31 @@ newtype GpgKeyId = GpgKeyId { getGpgKeyId :: String }
-- Recommend only using this for low-value dedicated role keys.
-- No attempt has been made to scrub the key out of memory once it's used.
keyImported :: GpgKeyId -> User -> Property HasInfo
-keyImported key@(GpgKeyId keyid) user@(User u) = check (not <$> hasPubKey key user) prop
+keyImported key@(GpgKeyId keyid) user@(User u) = prop
`requires` installed
where
desc = u ++ " has gpg key " ++ show keyid
prop = withPrivData src (Context keyid) $ \getkey ->
- property desc $ getkey $ \key' -> makeChange $
- withHandle StdinHandle createProcessSuccess
- (proc "su" ["-c", "gpg --import", u]) $ \h -> do
- fileEncoding h
- hPutStr h (unlines (privDataLines key'))
- hClose h
+ property desc $ getkey $ \key' -> do
+ let keylines = privDataLines key'
+ ifM (liftIO $ hasGpgKey (parse keylines))
+ (return NoChange
+ , makeChange $ withHandle StdinHandle createProcessSuccess
+ (proc "su" ["-c", "gpg --import", u]) $ \h -> do
+ fileEncoding h
+ hPutStr h (unlines keylines)
+ hClose h
+ )
src = PrivDataSource GpgKey "Either a gpg public key, exported with gpg --export -a, or a gpg private key, exported with gpg --export-secret-key -a"
+ parse ("-----BEGIN PGP PUBLIC KEY BLOCK-----":_) = Just GpgPubKey
+ parse ("-----BEGIN PGP PRIVATE KEY BLOCK-----":_) = Just GpgPrivKey
+ parse _ = Nothing
+
+ hasGpgKey Nothing = error $ "Failed to run gpg parser on armored key " ++ keyid
+ hasGpgKey (Just GpgPubKey) = hasPubKey key user
+ hasGpgKey (Just GpgPrivKey) = hasPrivKey key user
+
dotDir :: User -> IO FilePath
dotDir (User u) = do
home <- homeDirectory <$> getUserEntryForName u