summaryrefslogtreecommitdiff
path: root/src/Propellor
diff options
context:
space:
mode:
authorJoey Hess2014-11-11 12:58:53 -0400
committerJoey Hess2014-11-11 12:58:53 -0400
commit84304821bebf9b794fae56f616b50ae1d06014d2 (patch)
treee43b936fc51e9c2bb75399cd23885dcb8b4b661c /src/Propellor
parentf559ccaf738535ad4b0ebb0b520542055d8ae305 (diff)
propellor spin
Diffstat (limited to 'src/Propellor')
-rw-r--r--src/Propellor/CmdLine.hs3
-rw-r--r--src/Propellor/Gpg.hs101
-rw-r--r--src/Propellor/Keyring.hs50
-rw-r--r--src/Propellor/PrivData.hs31
-rw-r--r--src/Propellor/PrivData/Paths.hs12
5 files changed, 117 insertions, 80 deletions
diff --git a/src/Propellor/CmdLine.hs b/src/Propellor/CmdLine.hs
index 51ff2095..c3b792d1 100644
--- a/src/Propellor/CmdLine.hs
+++ b/src/Propellor/CmdLine.hs
@@ -13,7 +13,8 @@ import System.Posix.IO
import Data.Time.Clock.POSIX
import Propellor
-import Propellor.Keyring
+import Propellor.PrivData.Paths
+import Propellor.Gpg
import qualified Propellor.Property.Docker as Docker
import qualified Propellor.Property.Docker.Shim as DockerShim
import Utility.FileMode
diff --git a/src/Propellor/Gpg.hs b/src/Propellor/Gpg.hs
new file mode 100644
index 00000000..c65d06ec
--- /dev/null
+++ b/src/Propellor/Gpg.hs
@@ -0,0 +1,101 @@
+module Propellor.Gpg where
+
+import Control.Applicative
+import System.IO
+import System.FilePath
+import System.Directory
+import Data.Maybe
+import Data.List.Utils
+
+import Propellor.PrivData.Paths
+import Utility.SafeCommand
+import Utility.Process
+import Utility.Monad
+import Utility.Misc
+import Utility.Tmp
+
+type KeyId = String
+
+keyring :: FilePath
+keyring = privDataDir </> "keyring.gpg"
+
+listPubKeys :: IO [KeyId]
+listPubKeys = parse . lines <$> readProcess "gpg" listopts
+ where
+ listopts = useKeyringOpts ++ ["--with-colons", "--list-public-keys"]
+ parse = mapMaybe (keyIdField . split ":")
+ keyIdField ("pub":_:_:_:f:_) = Just f
+ keyIdField _ = Nothing
+
+useKeyringOpts :: [String]
+useKeyringOpts =
+ [ "--options"
+ , "/dev/null"
+ , "--no-default-keyring"
+ , "--keyring", keyring
+ ]
+
+addKey :: KeyId -> IO ()
+addKey keyid = exitBool =<< allM id
+ [ gpg, gitadd keyring, reencryptprivdata, gitconfig, gitcommit ]
+ where
+ gpg = do
+ createDirectoryIfMissing True privDataDir
+ boolSystem "sh"
+ [ Param "-c"
+ , Param $ "gpg --export " ++ keyid ++ " | gpg " ++
+ unwords (useKeyringOpts ++ ["--import"])
+ ]
+
+ reencryptprivdata = ifM (doesFileExist privDataFile)
+ ( do
+ gpgEncrypt privDataFile =<< gpgDecrypt privDataFile
+ gitadd privDataFile
+ , return True
+ )
+
+ gitadd f = boolSystem "git"
+ [ Param "add"
+ , File f
+ ]
+
+ gitconfig = boolSystem "git"
+ [ Param "config"
+ , Param "user.signingkey"
+ , Param keyid
+ ]
+
+ gitcommit = gitCommit
+ [ File keyring
+ , Param "-m"
+ , Param "propellor addkey"
+ ]
+
+{- Automatically sign the commit if there'a a keyring. -}
+gitCommit :: [CommandParam] -> IO Bool
+gitCommit ps = do
+ k <- doesFileExist keyring
+ boolSystem "git" $ catMaybes $
+ [ Just (Param "commit")
+ , if k then Just (Param "--gpg-sign") else Nothing
+ ] ++ map Just ps
+
+gpgDecrypt :: FilePath -> IO String
+gpgDecrypt f = ifM (doesFileExist f)
+ ( readProcess "gpg" ["--decrypt", f]
+ , return ""
+ )
+
+gpgEncrypt :: FilePath -> String -> IO ()
+gpgEncrypt f s = do
+ keyids <- listPubKeys
+ let opts =
+ [ "--default-recipient-self"
+ , "--armor"
+ , "--encrypt"
+ ] ++ concatMap (\k -> ["--recipient", k]) keyids
+ encrypted <- writeReadProcessEnv "gpg" opts
+ Nothing
+ (Just $ flip hPutStr s)
+ Nothing
+ viaTmp writeFile f encrypted
diff --git a/src/Propellor/Keyring.hs b/src/Propellor/Keyring.hs
deleted file mode 100644
index c3018eb9..00000000
--- a/src/Propellor/Keyring.hs
+++ /dev/null
@@ -1,50 +0,0 @@
-module Propellor.Keyring where
-
-import Propellor
-import Utility.SafeCommand
-
-keyring :: FilePath
-keyring = privDataDir </> "keyring.gpg"
-
-addKey :: String -> IO ()
-addKey keyid = exitBool =<< allM id [ gpg, gitadd, gitconfig, gitcommit ]
- where
- gpg = do
- createDirectoryIfMissing True privDataDir
- boolSystem "sh"
- [ Param "-c"
- , Param $ "gpg --export " ++ keyid ++ " | gpg " ++
- unwords (gpgopts ++ ["--import"])
- ]
- gitadd = boolSystem "git"
- [ Param "add"
- , File keyring
- ]
-
- gitconfig = boolSystem "git"
- [ Param "config"
- , Param "user.signingkey"
- , Param keyid
- ]
-
- gitcommit = gitCommit
- [ File keyring
- , Param "-m"
- , Param "propellor addkey"
- ]
-
- gpgopts =
- [ "--options"
- , "/dev/null"
- , "--no-default-keyring"
- , "--keyring", keyring
- ]
-
-{- Automatically sign the commit if there'a a keyring. -}
-gitCommit :: [CommandParam] -> IO Bool
-gitCommit ps = do
- k <- doesFileExist keyring
- boolSystem "git" $ catMaybes $
- [ Just (Param "commit")
- , if k then Just (Param "--gpg-sign") else Nothing
- ] ++ map Just ps
diff --git a/src/Propellor/PrivData.hs b/src/Propellor/PrivData.hs
index f55ab74c..a5150432 100644
--- a/src/Propellor/PrivData.hs
+++ b/src/Propellor/PrivData.hs
@@ -3,7 +3,6 @@
module Propellor.PrivData where
import Control.Applicative
-import System.FilePath
import System.IO
import System.Directory
import Data.Maybe
@@ -19,10 +18,11 @@ import Propellor.Types
import Propellor.Types.Info
import Propellor.Message
import Propellor.Info
+import Propellor.Gpg
+import Propellor.PrivData.Paths
import Utility.Monad
import Utility.PartialPrelude
import Utility.Exception
-import Utility.Process
import Utility.Tmp
import Utility.SafeCommand
import Utility.Misc
@@ -146,30 +146,3 @@ decryptPrivData = fromMaybe M.empty . readish <$> gpgDecrypt privDataFile
makePrivDataDir :: IO ()
makePrivDataDir = createDirectoryIfMissing False privDataDir
-
-privDataDir :: FilePath
-privDataDir = "privdata"
-
-privDataFile :: FilePath
-privDataFile = privDataDir </> "privdata.gpg"
-
-privDataLocal :: FilePath
-privDataLocal = privDataDir </> "local"
-
-gpgDecrypt :: FilePath -> IO String
-gpgDecrypt f = ifM (doesFileExist f)
- ( readProcess "gpg" ["--decrypt", f]
- , return ""
- )
-
-gpgEncrypt :: FilePath -> String -> IO ()
-gpgEncrypt f s = do
- encrypted <- writeReadProcessEnv "gpg"
- [ "--default-recipient-self"
- , "--armor"
- , "--encrypt"
- ]
- Nothing
- (Just $ flip hPutStr s)
- Nothing
- viaTmp writeFile f encrypted
diff --git a/src/Propellor/PrivData/Paths.hs b/src/Propellor/PrivData/Paths.hs
new file mode 100644
index 00000000..7c29f1bf
--- /dev/null
+++ b/src/Propellor/PrivData/Paths.hs
@@ -0,0 +1,12 @@
+module Propellor.PrivData.Paths where
+
+import System.FilePath
+
+privDataDir :: FilePath
+privDataDir = "privdata"
+
+privDataFile :: FilePath
+privDataFile = privDataDir </> "privdata.gpg"
+
+privDataLocal :: FilePath
+privDataLocal = privDataDir </> "local"