From 83b19b06f27a36c5ae0af7982663f08ae721e073 Mon Sep 17 00:00:00 2001 From: Sean Whitton Date: Sat, 11 Jun 2016 20:41:39 +0900 Subject: Sbuild.keypairInsecurelyGenerated --- src/Propellor/Property/Sbuild.hs | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) (limited to 'src/Propellor/Property') diff --git a/src/Propellor/Property/Sbuild.hs b/src/Propellor/Property/Sbuild.hs index 2647e69e..fbc0642a 100644 --- a/src/Propellor/Property/Sbuild.hs +++ b/src/Propellor/Property/Sbuild.hs @@ -66,6 +66,7 @@ module Propellor.Property.Sbuild ( -- blockNetwork, installed, keypairGenerated, + keypairInsecurelyGenerated, shareAptCache, usableBy, ) where @@ -320,7 +321,21 @@ keypairGenerated = check (not <$> doesFileExist secKeyFile) $ go go = tightenTargets $ cmdProperty "sbuild-update" ["--keygen"] `assume` MadeChange - secKeyFile = "/var/lib/sbuild/apt-keys/sbuild-key.sec" + +secKeyFile :: FilePath +secKeyFile = "/var/lib/sbuild/apt-keys/sbuild-key.sec" + +-- | Generate the apt keys needed by sbuild using a low-quality source of +-- randomness +-- +-- Useful on throwaway build VMs. +keypairInsecurelyGenerated :: Property DebianLike +keypairInsecurelyGenerated = check (not <$> doesFileExist secKeyFile) $ go + `requires` Apt.installed ["rng-tools"] + where + go :: Property DebianLike + go = (cmdProperty "rngd" ["-r", "/dev/urandom"] `assume` MadeChange) + `before` keypairGenerated -- another script from wiki.d.o/sbuild ccachePrepared :: Property DebianLike -- cgit v1.2.3 From f72439bbeff763bd9d74f66beed864f5764cd7a3 Mon Sep 17 00:00:00 2001 From: Sean Whitton Date: Sun, 12 Jun 2016 13:21:28 +0900 Subject: tidy Sbuild.keypairInsecurelyGenerated --- src/Propellor/Property/Sbuild.hs | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'src/Propellor/Property') diff --git a/src/Propellor/Property/Sbuild.hs b/src/Propellor/Property/Sbuild.hs index fbc0642a..bfa264a8 100644 --- a/src/Propellor/Property/Sbuild.hs +++ b/src/Propellor/Property/Sbuild.hs @@ -330,12 +330,13 @@ secKeyFile = "/var/lib/sbuild/apt-keys/sbuild-key.sec" -- -- Useful on throwaway build VMs. keypairInsecurelyGenerated :: Property DebianLike -keypairInsecurelyGenerated = check (not <$> doesFileExist secKeyFile) $ go - `requires` Apt.installed ["rng-tools"] +keypairInsecurelyGenerated = check (not <$> doesFileExist secKeyFile) go where go :: Property DebianLike - go = (cmdProperty "rngd" ["-r", "/dev/urandom"] `assume` MadeChange) - `before` keypairGenerated + go = combineProperties "sbuild keyring insecurely generated" $ props + & Apt.installed ["rng-tools"] + & cmdProperty "rngd" ["-r", "/dev/urandom"] `assume` MadeChange + & keypairGenerated -- another script from wiki.d.o/sbuild ccachePrepared :: Property DebianLike -- cgit v1.2.3