summaryrefslogtreecommitdiff
path: root/src/Propellor
diff options
context:
space:
mode:
Diffstat (limited to 'src/Propellor')
-rw-r--r--src/Propellor/CmdLine.hs3
-rw-r--r--src/Propellor/Gpg.hs56
-rw-r--r--src/Propellor/Types/CmdLine.hs1
3 files changed, 40 insertions, 20 deletions
diff --git a/src/Propellor/CmdLine.hs b/src/Propellor/CmdLine.hs
index 95a633ec..0cc8294d 100644
--- a/src/Propellor/CmdLine.hs
+++ b/src/Propellor/CmdLine.hs
@@ -26,6 +26,7 @@ usage h = hPutStrLn h $ unlines
, " propellor hostname"
, " propellor --spin targethost [--via relayhost]"
, " propellor --add-key keyid"
+ , " propellor --rm-key keyid"
, " propellor --set field context"
, " propellor --dump field context"
, " propellor --edit field context"
@@ -50,6 +51,7 @@ processCmdLine = go =<< getArgs
<*> pure (Just r)
_ -> Spin <$> mapM hostname ps <*> pure Nothing
go ("--add-key":k:[]) = return $ AddKey k
+ go ("--rm-key":k:[]) = return $ RmKey k
go ("--set":f:c:[]) = withprivfield f c Set
go ("--unset":f:c:[]) = withprivfield f c Unset
go ("--dump":f:c:[]) = withprivfield f c Dump
@@ -100,6 +102,7 @@ defaultMain hostlist = do
go _ (Edit field context) = editPrivData field context
go _ ListFields = listPrivDataFields hostlist
go _ (AddKey keyid) = addKey keyid
+ go _ (RmKey keyid) = rmKey keyid
go _ c@(ChrootChain _ _ _ _) = Chroot.chain hostlist c
go _ (DockerChain hn cid) = Docker.chain hostlist hn cid
go _ (DockerInit hn) = Docker.init hn
diff --git a/src/Propellor/Gpg.hs b/src/Propellor/Gpg.hs
index f2ae8f9a..46f2c7d9 100644
--- a/src/Propellor/Gpg.hs
+++ b/src/Propellor/Gpg.hs
@@ -41,10 +41,10 @@ useKeyringOpts =
addKey :: KeyId -> IO ()
addKey keyid = exitBool =<< allM (uncurry actionMessage)
[ ("adding key to propellor's keyring", addkeyring)
- , ("staging propellor's keyring", gitadd keyring)
- , ("updating encryption of any privdata", reencryptprivdata)
+ , ("staging propellor's keyring", gitAdd keyring)
+ , ("updating encryption of any privdata", reencryptPrivData)
, ("configuring git signing to use key", gitconfig)
- , ("committing changes", gitcommit)
+ , ("committing changes", gitCommitKeyRing "add-key")
]
where
addkeyring = do
@@ -55,18 +55,6 @@ addKey keyid = exitBool =<< allM (uncurry actionMessage)
unwords (useKeyringOpts ++ ["--import"])
]
- reencryptprivdata = ifM (doesFileExist privDataFile)
- ( do
- gpgEncrypt privDataFile =<< gpgDecrypt privDataFile
- gitadd privDataFile
- , return True
- )
-
- gitadd f = boolSystem "git"
- [ Param "add"
- , File f
- ]
-
gitconfig = ifM (snd <$> processTranscript "gpg" ["--list-secret-keys", keyid] Nothing)
( boolSystem "git"
[ Param "config"
@@ -78,11 +66,39 @@ addKey keyid = exitBool =<< allM (uncurry actionMessage)
return True
)
- gitcommit = gitCommit
- [ File keyring
- , Param "-m"
- , Param "propellor addkey"
- ]
+rmKey :: KeyId -> IO ()
+rmKey keyid = exitBool =<< allM (uncurry actionMessage)
+ [ ("removing key from propellor's keyring", rmkeyring)
+ , ("staging propellor's keyring", gitAdd keyring)
+ , ("updating encryption of any privdata", reencryptPrivData)
+ , ("committing changes", gitCommitKeyRing "rm-key")
+ ]
+ where
+ rmkeyring = boolSystem "gpg" $
+ (map Param useKeyringOpts) ++
+ [Param "--delete-key", Param keyid]
+
+reencryptPrivData :: IO Bool
+reencryptPrivData = ifM (doesFileExist privDataFile)
+ ( do
+ gpgEncrypt privDataFile =<< gpgDecrypt privDataFile
+ gitAdd privDataFile
+ , return True
+ )
+
+gitAdd :: FilePath -> IO Bool
+gitAdd f = boolSystem "git"
+ [ Param "add"
+ , File f
+ ]
+
+gitCommitKeyRing :: String -> IO Bool
+gitCommitKeyRing action = gitCommit
+ [ File keyring
+ , File privDataFile
+ , Param "-m"
+ , Param ("propellor " ++ action)
+ ]
-- Adds --gpg-sign if there's a keyring.
gpgSignParams :: [CommandParam] -> IO [CommandParam]
diff --git a/src/Propellor/Types/CmdLine.hs b/src/Propellor/Types/CmdLine.hs
index 96949957..50908514 100644
--- a/src/Propellor/Types/CmdLine.hs
+++ b/src/Propellor/Types/CmdLine.hs
@@ -15,6 +15,7 @@ data CmdLine
| Edit PrivDataField Context
| ListFields
| AddKey String
+ | RmKey String
| Merge
| Serialized CmdLine
| Continue CmdLine