From 72713cadcc4ff1b6594f2e648e5672764326cdd7 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Wed, 23 Sep 2015 13:59:59 -0400 Subject: Added --rm-key. --- debian/changelog | 6 +++++ src/Propellor/CmdLine.hs | 3 +++ src/Propellor/Gpg.hs | 56 +++++++++++++++++++++++++++--------------- src/Propellor/Types/CmdLine.hs | 1 + 4 files changed, 46 insertions(+), 20 deletions(-) diff --git a/debian/changelog b/debian/changelog index ff634ad6..91f78be7 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +propellor (2.8.1) UNRELEASED; urgency=medium + + * Added --rm-key. + + -- Joey Hess Wed, 23 Sep 2015 13:50:01 -0400 + propellor (2.8.0) unstable; urgency=medium * Added Propellor.Property.Rsync. diff --git a/src/Propellor/CmdLine.hs b/src/Propellor/CmdLine.hs index 95a633ec..0cc8294d 100644 --- a/src/Propellor/CmdLine.hs +++ b/src/Propellor/CmdLine.hs @@ -26,6 +26,7 @@ usage h = hPutStrLn h $ unlines , " propellor hostname" , " propellor --spin targethost [--via relayhost]" , " propellor --add-key keyid" + , " propellor --rm-key keyid" , " propellor --set field context" , " propellor --dump field context" , " propellor --edit field context" @@ -50,6 +51,7 @@ processCmdLine = go =<< getArgs <*> pure (Just r) _ -> Spin <$> mapM hostname ps <*> pure Nothing go ("--add-key":k:[]) = return $ AddKey k + go ("--rm-key":k:[]) = return $ RmKey k go ("--set":f:c:[]) = withprivfield f c Set go ("--unset":f:c:[]) = withprivfield f c Unset go ("--dump":f:c:[]) = withprivfield f c Dump @@ -100,6 +102,7 @@ defaultMain hostlist = do go _ (Edit field context) = editPrivData field context go _ ListFields = listPrivDataFields hostlist go _ (AddKey keyid) = addKey keyid + go _ (RmKey keyid) = rmKey keyid go _ c@(ChrootChain _ _ _ _) = Chroot.chain hostlist c go _ (DockerChain hn cid) = Docker.chain hostlist hn cid go _ (DockerInit hn) = Docker.init hn diff --git a/src/Propellor/Gpg.hs b/src/Propellor/Gpg.hs index f2ae8f9a..46f2c7d9 100644 --- a/src/Propellor/Gpg.hs +++ b/src/Propellor/Gpg.hs @@ -41,10 +41,10 @@ useKeyringOpts = addKey :: KeyId -> IO () addKey keyid = exitBool =<< allM (uncurry actionMessage) [ ("adding key to propellor's keyring", addkeyring) - , ("staging propellor's keyring", gitadd keyring) - , ("updating encryption of any privdata", reencryptprivdata) + , ("staging propellor's keyring", gitAdd keyring) + , ("updating encryption of any privdata", reencryptPrivData) , ("configuring git signing to use key", gitconfig) - , ("committing changes", gitcommit) + , ("committing changes", gitCommitKeyRing "add-key") ] where addkeyring = do @@ -55,18 +55,6 @@ addKey keyid = exitBool =<< allM (uncurry actionMessage) unwords (useKeyringOpts ++ ["--import"]) ] - reencryptprivdata = ifM (doesFileExist privDataFile) - ( do - gpgEncrypt privDataFile =<< gpgDecrypt privDataFile - gitadd privDataFile - , return True - ) - - gitadd f = boolSystem "git" - [ Param "add" - , File f - ] - gitconfig = ifM (snd <$> processTranscript "gpg" ["--list-secret-keys", keyid] Nothing) ( boolSystem "git" [ Param "config" @@ -78,11 +66,39 @@ addKey keyid = exitBool =<< allM (uncurry actionMessage) return True ) - gitcommit = gitCommit - [ File keyring - , Param "-m" - , Param "propellor addkey" - ] +rmKey :: KeyId -> IO () +rmKey keyid = exitBool =<< allM (uncurry actionMessage) + [ ("removing key from propellor's keyring", rmkeyring) + , ("staging propellor's keyring", gitAdd keyring) + , ("updating encryption of any privdata", reencryptPrivData) + , ("committing changes", gitCommitKeyRing "rm-key") + ] + where + rmkeyring = boolSystem "gpg" $ + (map Param useKeyringOpts) ++ + [Param "--delete-key", Param keyid] + +reencryptPrivData :: IO Bool +reencryptPrivData = ifM (doesFileExist privDataFile) + ( do + gpgEncrypt privDataFile =<< gpgDecrypt privDataFile + gitAdd privDataFile + , return True + ) + +gitAdd :: FilePath -> IO Bool +gitAdd f = boolSystem "git" + [ Param "add" + , File f + ] + +gitCommitKeyRing :: String -> IO Bool +gitCommitKeyRing action = gitCommit + [ File keyring + , File privDataFile + , Param "-m" + , Param ("propellor " ++ action) + ] -- Adds --gpg-sign if there's a keyring. gpgSignParams :: [CommandParam] -> IO [CommandParam] diff --git a/src/Propellor/Types/CmdLine.hs b/src/Propellor/Types/CmdLine.hs index 96949957..50908514 100644 --- a/src/Propellor/Types/CmdLine.hs +++ b/src/Propellor/Types/CmdLine.hs @@ -15,6 +15,7 @@ data CmdLine | Edit PrivDataField Context | ListFields | AddKey String + | RmKey String | Merge | Serialized CmdLine | Continue CmdLine -- cgit v1.2.3