From 8d91b5de6b43333ba77974053cdcdfa87409fb62 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sat, 15 Nov 2014 17:02:25 -0400 Subject: Convert GpgKeyId to newtype --- src/Propellor/Property/Gpg.hs | 8 +++----- src/Propellor/Property/Obnam.hs | 4 +++- src/Propellor/Property/SiteSpecific/JoeySites.hs | 5 ++--- 3 files changed, 8 insertions(+), 9 deletions(-) (limited to 'src/Propellor') diff --git a/src/Propellor/Property/Gpg.hs b/src/Propellor/Property/Gpg.hs index b4698663..5819ea7b 100644 --- a/src/Propellor/Property/Gpg.hs +++ b/src/Propellor/Property/Gpg.hs @@ -9,7 +9,8 @@ import System.PosixCompat installed :: Property installed = Apt.installed ["gnupg"] -type GpgKeyId = String +-- A numeric id, or a description of the key, in a form understood by gpg. +newtype GpgKeyId = GpgKeyId { getGpgKeyId :: String } -- | Sets up a user with a gpg key from the privdata. -- @@ -19,11 +20,8 @@ type GpgKeyId = String -- -- Recommend only using this for low-value dedicated role keys. -- No attempt has been made to scrub the key out of memory once it's used. --- --- The GpgKeyId does not have to be a numeric id; it can just as easily --- be a description of the key. keyImported :: GpgKeyId -> UserName -> Property -keyImported keyid user = flagFile' prop genflag +keyImported (GpgKeyId keyid) user = flagFile' prop genflag `requires` installed where desc = user ++ " has gpg key " ++ show keyid diff --git a/src/Propellor/Property/Obnam.hs b/src/Propellor/Property/Obnam.hs index e18ca3f9..4dc895ef 100644 --- a/src/Propellor/Property/Obnam.hs +++ b/src/Propellor/Property/Obnam.hs @@ -48,8 +48,10 @@ backup dir crontimes params numclients = -- into root's keyring using Propellor.Property.Gpg.keyImported backupEncrypted :: FilePath -> Cron.CronTimes -> [ObnamParam] -> NumClients -> Gpg.GpgKeyId -> Property backupEncrypted dir crontimes params numclients keyid = - backup dir crontimes (("--encrypt-with=" ++ keyid):params) numclients + backup dir crontimes params' numclients `requires` Gpg.keyImported keyid "root" + where + params' = ("--encrypt-with=" ++ Gpg.getGpgKeyId keyid) : params -- | Does a backup, but does not automatically restore. backup' :: FilePath -> Cron.CronTimes -> [ObnamParam] -> NumClients -> Property diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs index 7b8216fb..4a95067f 100644 --- a/src/Propellor/Property/SiteSpecific/JoeySites.hs +++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs @@ -144,9 +144,8 @@ gitServer hosts = propertyList "git.kitenet.net setup" [ Obnam.latestVersion , Obnam.backupEncrypted "/srv/git" "33 3 * * *" [ "--repository=sftp://2318@usw-s002.rsync.net/~/git.kitenet.net" - , "--encrypt-with=1B169BE1" , "--client-name=wren" -- historical - ] Obnam.OnlyClient "1B169BE1" + ] Obnam.OnlyClient (Gpg.GpgKeyId "1B169BE1") `requires` Ssh.keyImported SshRsa "root" (Context "git.kitenet.net") `requires` Ssh.knownHost hosts "usw-s002.rsync.net" "root" `requires` Ssh.authorizedKeys "family" (Context "git.kitenet.net") @@ -283,7 +282,7 @@ gitAnnexDistributor = combineProperties "git-annex distributor, including rsync , endpoint "/srv/web/downloads.kitenet.net/git-annex/autobuild" , endpoint "/srv/web/downloads.kitenet.net/git-annex/autobuild/x86_64-apple-mavericks" -- git-annex distribution signing key - , Gpg.keyImported "89C809CB" "joey" + , Gpg.keyImported (Gpg.GpgKeyId "89C809CB") "joey" ] where endpoint d = combineProperties ("endpoint " ++ d) -- cgit v1.3-2-g0d8e