module Propellor.Gpg where import System.IO import System.Posix.IO import System.Posix.Terminal import Data.Maybe import Control.Monad import Control.Applicative import Prelude import Propellor.PrivData.Paths import Propellor.Message import Propellor.Git.Config import Utility.SafeCommand import Utility.Process import Utility.Process.NonConcurrent import Utility.Monad import Utility.Misc import Utility.Tmp import Utility.Env import Utility.Directory import Utility.Split -- | When at a tty, set GPG_TTY to point to the tty device. This is needed -- so that when gpg is run with stio connected to a pipe, it is still able -- to display password prompts at the console. -- -- This should not prevent gpg from using the GUI for prompting when one is -- available. setupGpgEnv :: IO () setupGpgEnv = checkhandles [stdInput, stdOutput, stdError] where checkhandles [] = return () checkhandles (h:hs) = do isterm <- queryTerminal h if isterm then do ttyname <- getTerminalName h -- do not overwrite setEnv "GPG_TTY" ttyname False else checkhandles hs type KeyId = String getGpgBin :: IO String getGpgBin = do gitGpgBin <- getGitConfigValue "gpg.program" case gitGpgBin of Nothing -> getEnvDefault "GNUPGBIN" "gpg" Just b -> return b -- Lists the keys in propellor's keyring. listPubKeys :: IO [KeyId] listPubKeys = do keyring <- privDataKeyring let listopts = [ "--list-public-keys" , "--with-colons" , "--fixed-list-mode" ] ++ useKeyringOpts keyring gpgbin <- getGpgBin parse . lines <$> readProcess gpgbin listopts where parse = mapMaybe (extract . split ":") extract ("pub":_:_:_:f:_) = Just f extract _ = Nothing -- Lists all of the user's secret keys. listSecretKeys :: IO [(KeyId, String)] listSecretKeys = do gpgbin <- getGpgBin parse . lines <$> readProcess gpgbin [ "--list-secret-keys" , "--with-colons" , "--fixed-list-mode" ] where parse = extract [] Nothing . map (split ":") extract c (Just keyid) (("uid":_:_:_:_:_:_:_:_:userid:_):rest) = extract ((keyid, userid):c) Nothing rest extract c (Just keyid) rest@(("sec":_):_) = extract ((keyid, ""):c) Nothing rest extract c (Just keyid) rest@(("pub":_):_) = extract ((keyid, ""):c) Nothing rest extract c (Just keyid) (_:rest) = extract c (Just keyid) rest extract c _ [] = c extract c _ (("sec":_:_:_:keyid:_):rest) = extract c (Just keyid) rest extract c k (_:rest) = extract c k rest useKeyringOpts :: FilePath -> [String] useKeyringOpts keyring = [ "--options" , "/dev/null" , "--no-default-keyring" , "--keyring", keyring ] addKey :: KeyId -> IO () addKey keyid = do gpgbin <- getGpgBin keyring <- privDataKeyring exitBool =<< allM (uncurry actionMessage) [ ("adding key to propellor's keyring", addkeyring keyring gpgbin) , ("staging propellor's keyring", gitAdd keyring) , ("updating encryption of any privdata", reencryptPrivData) , ("configuring git commit signing to use key", gitconfig gpgbin) , ("committing changes", gitCommitKeyRing "add-key") ] where addkeyring keyring' gpgbin' = do createDirectoryIfMissing True privDataDir boolSystem "sh" [ Param "-c" , Param $ gpgbin' ++ " --export " ++ keyid ++ " | gpg " ++ unwords (useKeyringOpts keyring' ++ ["--import"]) ] gitconfig gpgbin' = ifM (snd <$> processTranscript gpgbin' ["--list-secret-keys", keyid] Nothing) ( boolSystem "git" [ Param "config" , Param "user.signingkey" , Param keyid ] , do warningMessage $ "Cannot find a secret key for key " ++ keyid ++ ", so not configuring git user.signingkey to use this key." return True ) rmKey :: KeyId -> IO () rmKey keyid = do gpgbin <- getGpgBin keyring <- privDataKeyring exitBool =<< allM (uncurry actionMessage) [ ("removing key from propellor's keyring", rmkeyring keyring gpgbin) , ("staging propellor's keyring", gitAdd keyring) , ("updating encryption of any privdata", reencryptPrivData) , ("configuring git commit signing to not use key", gitconfig) , ("committing changes", gitCommitKeyRing "rm-key") ] where rmkeyring keyring' gpgbin' = boolSystem gpgbin' $ (map Param (useKeyringOpts keyring')) ++ [ Param "--batch" , Param "--yes" , Param "--delete-key", Param keyid ] gitconfig = ifM ((==) (keyid++"\n", True) <$> processTranscript "git" ["config", "user.signingkey"] Nothing) ( boolSystem "git" [ Param "config" , Param "--unset" , Param "user.signingkey" ] , return True ) reencryptPrivData :: IO Bool reencryptPrivData = do f <- privDataFile ifM (doesFileExist f) ( do gpgEncrypt f =<< gpgDecrypt f gitAdd f , return True ) gitAdd :: FilePath -> IO Bool gitAdd f = boolSystem "git" [ Param "add" , File f ] gitCommitKeyRing :: String -> IO Bool gitCommitKeyRing action = do keyring <- privDataKeyring privdata <- privDataFile -- Commit explicitly the keyring and privdata files, as other -- changes may be staged by the user and shouldn't be committed. tocommit <- filterM doesFileExist [ privdata, keyring] gitCommit (Just ("propellor " ++ action)) (map File tocommit) -- Adds --gpg-sign if there's a keyring. gpgSignParams :: [CommandParam] -> IO [CommandParam] gpgSignParams ps = do keyring <- privDataKeyring ifM (doesFileExist keyring) ( return (ps ++ [Param "--gpg-sign"]) , return ps ) -- Automatically sign the commit if there'a a keyring. gitCommit :: Maybe String -> [CommandParam] -> IO Bool gitCommit msg ps = do let ps' = Param "commit" : ps ++ maybe [] (\m -> [Param "-m", Param m]) msg ps'' <- gpgSignParams ps' boolSystemNonConcurrent "git" ps'' gpgDecrypt :: FilePath -> IO String gpgDecrypt f = do gpgbin <- getGpgBin ifM (doesFileExist f) ( writeReadProcessEnv gpgbin ["--decrypt", f] Nothing Nothing Nothing , return "" ) -- Encrypt file to all keys in propellor's keyring. gpgEncrypt :: FilePath -> String -> IO () gpgEncrypt f s = do gpgbin <- getGpgBin keyids <- listPubKeys let opts = [ "--default-recipient-self" , "--armor" , "--encrypt" , "--trust-model", "always" ] ++ concatMap (\k -> ["--recipient", k]) keyids encrypted <- writeReadProcessEnv gpgbin opts Nothing (Just writer) Nothing viaTmp writeFile f encrypted where writer h = hPutStr h s