diff options
| -rw-r--r-- | debian/changelog | 6 | ||||
| -rw-r--r-- | doc/security.mdwn | 2 | ||||
| -rw-r--r-- | src/Propellor/CmdLine.hs | 3 | ||||
| -rw-r--r-- | src/Propellor/Gpg.hs | 69 | ||||
| -rw-r--r-- | src/Propellor/Types/CmdLine.hs | 1 |
5 files changed, 60 insertions, 21 deletions
diff --git a/debian/changelog b/debian/changelog index ff634ad6..91f78be7 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +propellor (2.8.1) UNRELEASED; urgency=medium + + * Added --rm-key. + + -- Joey Hess <id@joeyh.name> Wed, 23 Sep 2015 13:50:01 -0400 + propellor (2.8.0) unstable; urgency=medium * Added Propellor.Property.Rsync. diff --git a/doc/security.mdwn b/doc/security.mdwn index 831b2b41..8a23d30c 100644 --- a/doc/security.mdwn +++ b/doc/security.mdwn @@ -24,7 +24,7 @@ to bootstrap propellor on a new host, it transfers the local git repositry to the remote host over ssh. After that, the host knows the gpg key, and will use it to verify git fetches. -Since the propoellor git repository is public, you can't store +Since the propellor git repository is public, you can't store in cleartext private data such as passwords, ssh private keys, etc. Instead, `propellor --spin $host` looks for a diff --git a/src/Propellor/CmdLine.hs b/src/Propellor/CmdLine.hs index 95a633ec..0cc8294d 100644 --- a/src/Propellor/CmdLine.hs +++ b/src/Propellor/CmdLine.hs @@ -26,6 +26,7 @@ usage h = hPutStrLn h $ unlines , " propellor hostname" , " propellor --spin targethost [--via relayhost]" , " propellor --add-key keyid" + , " propellor --rm-key keyid" , " propellor --set field context" , " propellor --dump field context" , " propellor --edit field context" @@ -50,6 +51,7 @@ processCmdLine = go =<< getArgs <*> pure (Just r) _ -> Spin <$> mapM hostname ps <*> pure Nothing go ("--add-key":k:[]) = return $ AddKey k + go ("--rm-key":k:[]) = return $ RmKey k go ("--set":f:c:[]) = withprivfield f c Set go ("--unset":f:c:[]) = withprivfield f c Unset go ("--dump":f:c:[]) = withprivfield f c Dump @@ -100,6 +102,7 @@ defaultMain hostlist = do go _ (Edit field context) = editPrivData field context go _ ListFields = listPrivDataFields hostlist go _ (AddKey keyid) = addKey keyid + go _ (RmKey keyid) = rmKey keyid go _ c@(ChrootChain _ _ _ _) = Chroot.chain hostlist c go _ (DockerChain hn cid) = Docker.chain hostlist hn cid go _ (DockerInit hn) = Docker.init hn diff --git a/src/Propellor/Gpg.hs b/src/Propellor/Gpg.hs index f2ae8f9a..84f67dc1 100644 --- a/src/Propellor/Gpg.hs +++ b/src/Propellor/Gpg.hs @@ -41,10 +41,10 @@ useKeyringOpts = addKey :: KeyId -> IO () addKey keyid = exitBool =<< allM (uncurry actionMessage) [ ("adding key to propellor's keyring", addkeyring) - , ("staging propellor's keyring", gitadd keyring) - , ("updating encryption of any privdata", reencryptprivdata) - , ("configuring git signing to use key", gitconfig) - , ("committing changes", gitcommit) + , ("staging propellor's keyring", gitAdd keyring) + , ("updating encryption of any privdata", reencryptPrivData) + , ("configuring git commit signing to use key", gitconfig) + , ("committing changes", gitCommitKeyRing "add-key") ] where addkeyring = do @@ -55,18 +55,6 @@ addKey keyid = exitBool =<< allM (uncurry actionMessage) unwords (useKeyringOpts ++ ["--import"]) ] - reencryptprivdata = ifM (doesFileExist privDataFile) - ( do - gpgEncrypt privDataFile =<< gpgDecrypt privDataFile - gitadd privDataFile - , return True - ) - - gitadd f = boolSystem "git" - [ Param "add" - , File f - ] - gitconfig = ifM (snd <$> processTranscript "gpg" ["--list-secret-keys", keyid] Nothing) ( boolSystem "git" [ Param "config" @@ -78,11 +66,52 @@ addKey keyid = exitBool =<< allM (uncurry actionMessage) return True ) - gitcommit = gitCommit - [ File keyring - , Param "-m" - , Param "propellor addkey" +rmKey :: KeyId -> IO () +rmKey keyid = exitBool =<< allM (uncurry actionMessage) + [ ("removing key from propellor's keyring", rmkeyring) + , ("staging propellor's keyring", gitAdd keyring) + , ("updating encryption of any privdata", reencryptPrivData) + , ("configuring git commit signing to not use key", gitconfig) + , ("committing changes", gitCommitKeyRing "rm-key") + ] + where + rmkeyring = boolSystem "gpg" $ + (map Param useKeyringOpts) ++ + [ Param "--batch" + , Param "--yes" + , Param "--delete-key", Param keyid ] + + gitconfig = ifM ((==) (keyid++"\n", True) <$> processTranscript "git" ["config", "user.signingkey"] Nothing) + ( boolSystem "git" + [ Param "config" + , Param "--unset" + , Param "user.signingkey" + ] + , return True + ) + +reencryptPrivData :: IO Bool +reencryptPrivData = ifM (doesFileExist privDataFile) + ( do + gpgEncrypt privDataFile =<< gpgDecrypt privDataFile + gitAdd privDataFile + , return True + ) + +gitAdd :: FilePath -> IO Bool +gitAdd f = boolSystem "git" + [ Param "add" + , File f + ] + +gitCommitKeyRing :: String -> IO Bool +gitCommitKeyRing action = gitCommit + [ File keyring + , File privDataFile + , Param "-m" + , Param ("propellor " ++ action) + ] -- Adds --gpg-sign if there's a keyring. gpgSignParams :: [CommandParam] -> IO [CommandParam] diff --git a/src/Propellor/Types/CmdLine.hs b/src/Propellor/Types/CmdLine.hs index 96949957..50908514 100644 --- a/src/Propellor/Types/CmdLine.hs +++ b/src/Propellor/Types/CmdLine.hs @@ -15,6 +15,7 @@ data CmdLine | Edit PrivDataField Context | ListFields | AddKey String + | RmKey String | Merge | Serialized CmdLine | Continue CmdLine |