From f3c5e20fa5b21f3317f63bbcc2d43d708d2ae736 Mon Sep 17 00:00:00 2001 From: FĂ©lix Sipma Date: Wed, 16 Dec 2015 15:18:19 +0100 Subject: Gpg: parse GpgKeyType in keyImported (cherry picked from commit cdd1e093118b5eeab7743be7e2ec959980716145) --- src/Propellor/Property/Gpg.hs | 28 +++++++++++++++++++++------- 1 file changed, 21 insertions(+), 7 deletions(-) (limited to 'src/Propellor') diff --git a/src/Propellor/Property/Gpg.hs b/src/Propellor/Property/Gpg.hs index 0423806c..dae6e5d7 100644 --- a/src/Propellor/Property/Gpg.hs +++ b/src/Propellor/Property/Gpg.hs @@ -12,6 +12,8 @@ installed = Apt.installed ["gnupg"] -- A numeric id, or a description of the key, in a form understood by gpg. newtype GpgKeyId = GpgKeyId { getGpgKeyId :: String } +data GpgKeyType = GpgPubKey | GpgPrivKey + -- | Sets up a user with a gpg key from the privdata. -- -- Note that if a secret key is exported using gpg -a --export-secret-key, @@ -21,19 +23,31 @@ newtype GpgKeyId = GpgKeyId { getGpgKeyId :: String } -- Recommend only using this for low-value dedicated role keys. -- No attempt has been made to scrub the key out of memory once it's used. keyImported :: GpgKeyId -> User -> Property HasInfo -keyImported key@(GpgKeyId keyid) user@(User u) = check (not <$> hasPubKey key user) prop +keyImported key@(GpgKeyId keyid) user@(User u) = prop `requires` installed where desc = u ++ " has gpg key " ++ show keyid prop = withPrivData src (Context keyid) $ \getkey -> - property desc $ getkey $ \key' -> makeChange $ - withHandle StdinHandle createProcessSuccess - (proc "su" ["-c", "gpg --import", u]) $ \h -> do - fileEncoding h - hPutStr h (unlines (privDataLines key')) - hClose h + property desc $ getkey $ \key' -> do + let keylines = privDataLines key' + ifM (liftIO $ hasGpgKey (parse keylines)) + (return NoChange + , makeChange $ withHandle StdinHandle createProcessSuccess + (proc "su" ["-c", "gpg --import", u]) $ \h -> do + fileEncoding h + hPutStr h (unlines keylines) + hClose h + ) src = PrivDataSource GpgKey "Either a gpg public key, exported with gpg --export -a, or a gpg private key, exported with gpg --export-secret-key -a" + parse ("-----BEGIN PGP PUBLIC KEY BLOCK-----":_) = Just GpgPubKey + parse ("-----BEGIN PGP PRIVATE KEY BLOCK-----":_) = Just GpgPrivKey + parse _ = Nothing + + hasGpgKey Nothing = error $ "Failed to run gpg parser on armored key " ++ keyid + hasGpgKey (Just GpgPubKey) = hasPubKey key user + hasGpgKey (Just GpgPrivKey) = hasPrivKey key user + dotDir :: User -> IO FilePath dotDir (User u) = do home <- homeDirectory <$> getUserEntryForName u -- cgit v1.2.3