summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Makefile2
-rw-r--r--Propellor/CmdLine.hs24
-rw-r--r--README6
-rw-r--r--propellor.cabal2
4 files changed, 5 insertions, 29 deletions
diff --git a/Makefile b/Makefile
index a30015e7..f2996fe3 100644
--- a/Makefile
+++ b/Makefile
@@ -11,7 +11,7 @@ build: deps dist/setup-config
ln -sf dist/build/propellor/propellor
deps:
- @if [ $$(whoami) = root ]; then apt-get -y install gnupg ghc cabal-install libghc-missingh-dev libghc-ansi-terminal-dev libghc-ifelse-dev libghc-unix-compat-dev libghc-hslogger-dev libghc-base64-bytestring-dev; fi || true
+ @if [ $$(whoami) = root ]; then apt-get -y install gnupg ghc cabal-install libghc-missingh-dev libghc-ansi-terminal-dev libghc-ifelse-dev libghc-unix-compat-dev libghc-hslogger-dev; fi || true
dist/setup-config: propellor.cabal
cabal configure
diff --git a/Propellor/CmdLine.hs b/Propellor/CmdLine.hs
index e57d70b7..bd69528e 100644
--- a/Propellor/CmdLine.hs
+++ b/Propellor/CmdLine.hs
@@ -3,14 +3,10 @@ module Propellor.CmdLine where
import System.Environment
import Data.List
import System.Exit
-import qualified Data.ByteString.Lazy as BL
-import qualified Data.ByteString.Base64.Lazy as B64
-import Data.Bits.Utils
import Propellor
import Utility.FileMode
import Utility.SafeCommand
-import Utility.Data
data CmdLine
= Run HostName
@@ -83,12 +79,7 @@ spin host = do
hClose fromh
status <- getstatus fromh `catchIO` error "protocol error"
case status of
- HaveKeyRing -> finish
- NeedKeyRing -> do
- d <- w82s . BL.unpack . B64.encode
- <$> BL.readFile keyring
- senddata toh keyring keyringMarker d
- finish
+ Ready -> finish
NeedGitClone -> do
hClose toh
hClose fromh
@@ -148,7 +139,7 @@ sendGitClone host url = do
, "rm -f " ++ remotebundle
]
-data BootStrapStatus = HaveKeyRing | NeedKeyRing | NeedGitClone
+data BootStrapStatus = Ready | NeedGitClone
deriving (Read, Show, Eq)
type Marker = String
@@ -157,9 +148,6 @@ type Marked = String
statusMarker :: Marker
statusMarker = "STATUS"
-keyringMarker :: Marker
-keyringMarker = "KEYRING"
-
privDataMarker :: String
privDataMarker = "PRIVDATA "
@@ -177,19 +165,13 @@ fromMarked marker s
boot :: [Property] -> IO ()
boot props = do
- havering <- doesFileExist keyring
- putStrLn $ toMarked statusMarker $ show $ if havering then HaveKeyRing else NeedKeyRing
+ putStrLn $ toMarked statusMarker $ show Ready
hFlush stdout
reply <- hGetContentsStrict stdin
makePrivDataDir
maybe noop (writeFileProtected privDataLocal) $
fromMarked privDataMarker reply
- case eitherToMaybe . B64.decode . BL.pack . s2w8 =<< fromMarked keyringMarker reply of
- Nothing -> noop
- Just d -> do
- writeFileProtected keyring ""
- BL.writeFile keyring d
ensureProperties props
addKey :: String -> IO ()
diff --git a/README b/README
index ce9769c0..2013799b 100644
--- a/README
+++ b/README
@@ -54,7 +54,7 @@ for available fields.
It's often easiest for a remote host to use a git:// or http://
url to its origin repository, rather than ssh://. So, to avoid a MITM
-attack, propellor checks that the top commit in the git repository is gpg
+attack, propellor checks that any commit it fetched from origin is gpg
signed by a trusted gpg key, and refuses to deploy it otherwise.
This is only done when privdata/keyring.gpg exists. To set it up:
@@ -62,8 +62,4 @@ This is only done when privdata/keyring.gpg exists. To set it up:
gpg --gen-key # only if you don't already have a gpg key
propellor --add-key $MYKEYID
-The keyring.gpg can be checked into git, but to ensure that it's
-used from the beginning when bootstrapping, propellor --spin
-transfers it to the host using ssh.
-
[1] http://reclass.pantsfullofunix.net/
diff --git a/propellor.cabal b/propellor.cabal
index 80a05f46..6807ef45 100644
--- a/propellor.cabal
+++ b/propellor.cabal
@@ -26,7 +26,6 @@ Description:
Executable propellor
Main-Is: config.hs
GHC-Options: -Wall
- Extensions: PackageImports
Build-Depends: MissingH, directory, filepath, base >= 4.5, base < 5,
IfElse, process, bytestring, hslogger, unix-compat, ansi-terminal,
containers, base64-bytestring
@@ -36,7 +35,6 @@ Executable propellor
Library
GHC-Options: -Wall
- Extensions: PackageImports
Build-Depends: MissingH, directory, filepath, base >= 4.5, base < 5,
IfElse, process, bytestring, hslogger, unix-compat, ansi-terminal,
containers, dataenc