From a5b739af6d20312d47ab75a63bc4fbfd847b65a6 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Mon, 31 Mar 2014 15:52:40 -0400 Subject: out of band keyring transfer is not necessary, since repo is cloned securely --- Makefile | 2 +- Propellor/CmdLine.hs | 24 +++--------------------- README | 6 +----- propellor.cabal | 2 -- 4 files changed, 5 insertions(+), 29 deletions(-) diff --git a/Makefile b/Makefile index a30015e7..f2996fe3 100644 --- a/Makefile +++ b/Makefile @@ -11,7 +11,7 @@ build: deps dist/setup-config ln -sf dist/build/propellor/propellor deps: - @if [ $$(whoami) = root ]; then apt-get -y install gnupg ghc cabal-install libghc-missingh-dev libghc-ansi-terminal-dev libghc-ifelse-dev libghc-unix-compat-dev libghc-hslogger-dev libghc-base64-bytestring-dev; fi || true + @if [ $$(whoami) = root ]; then apt-get -y install gnupg ghc cabal-install libghc-missingh-dev libghc-ansi-terminal-dev libghc-ifelse-dev libghc-unix-compat-dev libghc-hslogger-dev; fi || true dist/setup-config: propellor.cabal cabal configure diff --git a/Propellor/CmdLine.hs b/Propellor/CmdLine.hs index e57d70b7..bd69528e 100644 --- a/Propellor/CmdLine.hs +++ b/Propellor/CmdLine.hs @@ -3,14 +3,10 @@ module Propellor.CmdLine where import System.Environment import Data.List import System.Exit -import qualified Data.ByteString.Lazy as BL -import qualified Data.ByteString.Base64.Lazy as B64 -import Data.Bits.Utils import Propellor import Utility.FileMode import Utility.SafeCommand -import Utility.Data data CmdLine = Run HostName @@ -83,12 +79,7 @@ spin host = do hClose fromh status <- getstatus fromh `catchIO` error "protocol error" case status of - HaveKeyRing -> finish - NeedKeyRing -> do - d <- w82s . BL.unpack . B64.encode - <$> BL.readFile keyring - senddata toh keyring keyringMarker d - finish + Ready -> finish NeedGitClone -> do hClose toh hClose fromh @@ -148,7 +139,7 @@ sendGitClone host url = do , "rm -f " ++ remotebundle ] -data BootStrapStatus = HaveKeyRing | NeedKeyRing | NeedGitClone +data BootStrapStatus = Ready | NeedGitClone deriving (Read, Show, Eq) type Marker = String @@ -157,9 +148,6 @@ type Marked = String statusMarker :: Marker statusMarker = "STATUS" -keyringMarker :: Marker -keyringMarker = "KEYRING" - privDataMarker :: String privDataMarker = "PRIVDATA " @@ -177,19 +165,13 @@ fromMarked marker s boot :: [Property] -> IO () boot props = do - havering <- doesFileExist keyring - putStrLn $ toMarked statusMarker $ show $ if havering then HaveKeyRing else NeedKeyRing + putStrLn $ toMarked statusMarker $ show Ready hFlush stdout reply <- hGetContentsStrict stdin makePrivDataDir maybe noop (writeFileProtected privDataLocal) $ fromMarked privDataMarker reply - case eitherToMaybe . B64.decode . BL.pack . s2w8 =<< fromMarked keyringMarker reply of - Nothing -> noop - Just d -> do - writeFileProtected keyring "" - BL.writeFile keyring d ensureProperties props addKey :: String -> IO () diff --git a/README b/README index ce9769c0..2013799b 100644 --- a/README +++ b/README @@ -54,7 +54,7 @@ for available fields. It's often easiest for a remote host to use a git:// or http:// url to its origin repository, rather than ssh://. So, to avoid a MITM -attack, propellor checks that the top commit in the git repository is gpg +attack, propellor checks that any commit it fetched from origin is gpg signed by a trusted gpg key, and refuses to deploy it otherwise. This is only done when privdata/keyring.gpg exists. To set it up: @@ -62,8 +62,4 @@ This is only done when privdata/keyring.gpg exists. To set it up: gpg --gen-key # only if you don't already have a gpg key propellor --add-key $MYKEYID -The keyring.gpg can be checked into git, but to ensure that it's -used from the beginning when bootstrapping, propellor --spin -transfers it to the host using ssh. - [1] http://reclass.pantsfullofunix.net/ diff --git a/propellor.cabal b/propellor.cabal index 80a05f46..6807ef45 100644 --- a/propellor.cabal +++ b/propellor.cabal @@ -26,7 +26,6 @@ Description: Executable propellor Main-Is: config.hs GHC-Options: -Wall - Extensions: PackageImports Build-Depends: MissingH, directory, filepath, base >= 4.5, base < 5, IfElse, process, bytestring, hslogger, unix-compat, ansi-terminal, containers, base64-bytestring @@ -36,7 +35,6 @@ Executable propellor Library GHC-Options: -Wall - Extensions: PackageImports Build-Depends: MissingH, directory, filepath, base >= 4.5, base < 5, IfElse, process, bytestring, hslogger, unix-compat, ansi-terminal, containers, dataenc -- cgit v1.2.3