summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorJoey Hess2016-06-13 17:47:18 -0400
committerJoey Hess2016-06-13 17:47:18 -0400
commit35026bbcb874f358b356a6941d2af5922671811a (patch)
tree04dc76047ced6879a6a8768ac7bf5db6eab2ccaa /src
parentdda77cb106076b71f96d20c77b53545fdc46658c (diff)
parenta7a3290c3f3f5f641df302ccb1757c5c4ecbaf3e (diff)
Merge remote-tracking branch 'spwhitton/insecure-sbuild-keygen'
Diffstat (limited to 'src')
-rw-r--r--src/Propellor/Property/Sbuild.hs18
1 files changed, 17 insertions, 1 deletions
diff --git a/src/Propellor/Property/Sbuild.hs b/src/Propellor/Property/Sbuild.hs
index 2647e69e..bfa264a8 100644
--- a/src/Propellor/Property/Sbuild.hs
+++ b/src/Propellor/Property/Sbuild.hs
@@ -66,6 +66,7 @@ module Propellor.Property.Sbuild (
-- blockNetwork,
installed,
keypairGenerated,
+ keypairInsecurelyGenerated,
shareAptCache,
usableBy,
) where
@@ -320,7 +321,22 @@ keypairGenerated = check (not <$> doesFileExist secKeyFile) $ go
go = tightenTargets $
cmdProperty "sbuild-update" ["--keygen"]
`assume` MadeChange
- secKeyFile = "/var/lib/sbuild/apt-keys/sbuild-key.sec"
+
+secKeyFile :: FilePath
+secKeyFile = "/var/lib/sbuild/apt-keys/sbuild-key.sec"
+
+-- | Generate the apt keys needed by sbuild using a low-quality source of
+-- randomness
+--
+-- Useful on throwaway build VMs.
+keypairInsecurelyGenerated :: Property DebianLike
+keypairInsecurelyGenerated = check (not <$> doesFileExist secKeyFile) go
+ where
+ go :: Property DebianLike
+ go = combineProperties "sbuild keyring insecurely generated" $ props
+ & Apt.installed ["rng-tools"]
+ & cmdProperty "rngd" ["-r", "/dev/urandom"] `assume` MadeChange
+ & keypairGenerated
-- another script from wiki.d.o/sbuild
ccachePrepared :: Property DebianLike