summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--config-joey.hs3
-rw-r--r--debian/changelog1
-rw-r--r--propellor.cabal2
-rw-r--r--src/Propellor/Property/Gpg.hs8
-rw-r--r--src/Propellor/Property/Obnam.hs4
-rw-r--r--src/Propellor/Property/SiteSpecific/JoeySites.hs5
6 files changed, 12 insertions, 11 deletions
diff --git a/config-joey.hs b/config-joey.hs
index 583c3bd5..ee0c54a8 100644
--- a/config-joey.hs
+++ b/config-joey.hs
@@ -23,6 +23,7 @@ import qualified Propellor.Property.Apache as Apache
import qualified Propellor.Property.Postfix as Postfix
import qualified Propellor.Property.Grub as Grub
import qualified Propellor.Property.Obnam as Obnam
+import qualified Propellor.Property.Gpg as Gpg
import qualified Propellor.Property.HostingProvider.DigitalOcean as DigitalOcean
import qualified Propellor.Property.HostingProvider.CloudAtCost as CloudAtCost
import qualified Propellor.Property.HostingProvider.Linode as Linode
@@ -122,7 +123,7 @@ kite = standardSystemUnhardened "kite.kitenet.net" Unstable "amd64"
, "--exclude=/home/joey/lib"
, "--exclude=.*/tmp/"
, "--one-file-system"
- ] Obnam.OnlyClient "98147487"
+ ] Obnam.OnlyClient (Gpg.GpgKeyId "98147487")
`requires` Ssh.keyImported SshRsa "root"
(Context "kite.kitenet.net")
`requires` Ssh.knownHost hosts "eubackup.kitenet.net" "root"
diff --git a/debian/changelog b/debian/changelog
index 3fef3404..b3a8a20c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,6 +4,7 @@ propellor (0.9.3) UNRELEASED; urgency=medium
* Can be used to configure tor hidden services. Thanks, FĂ©lix Sipma.
* When multiple gpg keys are added, ensure that the privdata file
can be decrypted by all of them.
+ * Convert GpgKeyId to newtype.
-- Joey Hess <joeyh@debian.org> Mon, 10 Nov 2014 11:15:27 -0400
diff --git a/propellor.cabal b/propellor.cabal
index 4da14192..8e552f2d 100644
--- a/propellor.cabal
+++ b/propellor.cabal
@@ -1,5 +1,5 @@
Name: propellor
-Version: 0.9.2
+Version: 0.9.3
Cabal-Version: >= 1.6
License: BSD3
Maintainer: Joey Hess <joey@kitenet.net>
diff --git a/src/Propellor/Property/Gpg.hs b/src/Propellor/Property/Gpg.hs
index b4698663..5819ea7b 100644
--- a/src/Propellor/Property/Gpg.hs
+++ b/src/Propellor/Property/Gpg.hs
@@ -9,7 +9,8 @@ import System.PosixCompat
installed :: Property
installed = Apt.installed ["gnupg"]
-type GpgKeyId = String
+-- A numeric id, or a description of the key, in a form understood by gpg.
+newtype GpgKeyId = GpgKeyId { getGpgKeyId :: String }
-- | Sets up a user with a gpg key from the privdata.
--
@@ -19,11 +20,8 @@ type GpgKeyId = String
--
-- Recommend only using this for low-value dedicated role keys.
-- No attempt has been made to scrub the key out of memory once it's used.
---
--- The GpgKeyId does not have to be a numeric id; it can just as easily
--- be a description of the key.
keyImported :: GpgKeyId -> UserName -> Property
-keyImported keyid user = flagFile' prop genflag
+keyImported (GpgKeyId keyid) user = flagFile' prop genflag
`requires` installed
where
desc = user ++ " has gpg key " ++ show keyid
diff --git a/src/Propellor/Property/Obnam.hs b/src/Propellor/Property/Obnam.hs
index e18ca3f9..4dc895ef 100644
--- a/src/Propellor/Property/Obnam.hs
+++ b/src/Propellor/Property/Obnam.hs
@@ -48,8 +48,10 @@ backup dir crontimes params numclients =
-- into root's keyring using Propellor.Property.Gpg.keyImported
backupEncrypted :: FilePath -> Cron.CronTimes -> [ObnamParam] -> NumClients -> Gpg.GpgKeyId -> Property
backupEncrypted dir crontimes params numclients keyid =
- backup dir crontimes (("--encrypt-with=" ++ keyid):params) numclients
+ backup dir crontimes params' numclients
`requires` Gpg.keyImported keyid "root"
+ where
+ params' = ("--encrypt-with=" ++ Gpg.getGpgKeyId keyid) : params
-- | Does a backup, but does not automatically restore.
backup' :: FilePath -> Cron.CronTimes -> [ObnamParam] -> NumClients -> Property
diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs
index 7b8216fb..4a95067f 100644
--- a/src/Propellor/Property/SiteSpecific/JoeySites.hs
+++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs
@@ -144,9 +144,8 @@ gitServer hosts = propertyList "git.kitenet.net setup"
[ Obnam.latestVersion
, Obnam.backupEncrypted "/srv/git" "33 3 * * *"
[ "--repository=sftp://2318@usw-s002.rsync.net/~/git.kitenet.net"
- , "--encrypt-with=1B169BE1"
, "--client-name=wren" -- historical
- ] Obnam.OnlyClient "1B169BE1"
+ ] Obnam.OnlyClient (Gpg.GpgKeyId "1B169BE1")
`requires` Ssh.keyImported SshRsa "root" (Context "git.kitenet.net")
`requires` Ssh.knownHost hosts "usw-s002.rsync.net" "root"
`requires` Ssh.authorizedKeys "family" (Context "git.kitenet.net")
@@ -283,7 +282,7 @@ gitAnnexDistributor = combineProperties "git-annex distributor, including rsync
, endpoint "/srv/web/downloads.kitenet.net/git-annex/autobuild"
, endpoint "/srv/web/downloads.kitenet.net/git-annex/autobuild/x86_64-apple-mavericks"
-- git-annex distribution signing key
- , Gpg.keyImported "89C809CB" "joey"
+ , Gpg.keyImported (Gpg.GpgKeyId "89C809CB") "joey"
]
where
endpoint d = combineProperties ("endpoint " ++ d)