summaryrefslogtreecommitdiff
path: root/src/Propellor
diff options
context:
space:
mode:
authorJoey Hess2015-01-04 16:10:24 -0400
committerJoey Hess2015-01-04 16:10:36 -0400
commita2bb647827ee7eea0c038fdd40d1bd65c0d7a2c8 (patch)
tree05cb35c40ea8dcde654c72b185673fe9ccab43a4 /src/Propellor
parent84685f24c9614d5f2c19851b4c63744bcb037241 (diff)
Ssh.hostKey and Ssh.hostKeys no longer install public keys from the privdata.
Instead, the public keys of a host should be set using Ssh.pubKey.
Diffstat (limited to 'src/Propellor')
-rw-r--r--src/Propellor/Property/Ssh.hs20
1 files changed, 12 insertions, 8 deletions
diff --git a/src/Propellor/Property/Ssh.hs b/src/Propellor/Property/Ssh.hs
index 301c628b..8642d990 100644
--- a/src/Propellor/Property/Ssh.hs
+++ b/src/Propellor/Property/Ssh.hs
@@ -95,21 +95,25 @@ hostKeys :: IsContext c => c -> Property
hostKeys ctx = propertyList "known ssh host keys" $
map (flip hostKey ctx) [minBound..maxBound]
--- | Installs a single ssh host key.
+-- | Installs a single ssh host key of a particular type.
--
--- The private key comes from the privdata.
---
--- The public key is set using 'pubKey'.
+-- The private key comes from the privdata;
+-- the public key is set using 'pubKey'.
hostKey :: IsContext c => SshKeyType -> c -> Property
hostKey keytype context = combineProperties desc
- [ installkey (keysrc ".pub" (SshPubKey keytype "")) (install writeFile ".pub")
- , installkey (keysrc "" (SshPrivKey keytype "")) (install writeFileProtected "")
+ [ property desc $ do
+ v <- M.lookup keytype <$> getPubKey
+ case v of
+ Just k -> install writeFile ".pub" k
+ Nothing -> do
+ warningMessage $ "Missing ssh pubKey " ++ show keytype
+ return FailedChange
+ , withPrivData (keysrc "" (SshPrivKey keytype "")) context $ \getkey ->
+ property desc $ getkey $ install writeFileProtected ""
]
`onChange` restarted
where
desc = "known ssh host key (" ++ fromKeyType keytype ++ ")"
- installkey p a = withPrivData p context $ \getkey ->
- property desc $ getkey a
install writer ext key = do
let f = "/etc/ssh/ssh_host_" ++ fromKeyType keytype ++ "_key" ++ ext
s <- liftIO $ readFileStrict f