From 72713cadcc4ff1b6594f2e648e5672764326cdd7 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Wed, 23 Sep 2015 13:59:59 -0400 Subject: Added --rm-key. --- src/Propellor/CmdLine.hs | 3 +++ src/Propellor/Gpg.hs | 56 +++++++++++++++++++++++++++--------------- src/Propellor/Types/CmdLine.hs | 1 + 3 files changed, 40 insertions(+), 20 deletions(-) (limited to 'src') diff --git a/src/Propellor/CmdLine.hs b/src/Propellor/CmdLine.hs index 95a633ec..0cc8294d 100644 --- a/src/Propellor/CmdLine.hs +++ b/src/Propellor/CmdLine.hs @@ -26,6 +26,7 @@ usage h = hPutStrLn h $ unlines , " propellor hostname" , " propellor --spin targethost [--via relayhost]" , " propellor --add-key keyid" + , " propellor --rm-key keyid" , " propellor --set field context" , " propellor --dump field context" , " propellor --edit field context" @@ -50,6 +51,7 @@ processCmdLine = go =<< getArgs <*> pure (Just r) _ -> Spin <$> mapM hostname ps <*> pure Nothing go ("--add-key":k:[]) = return $ AddKey k + go ("--rm-key":k:[]) = return $ RmKey k go ("--set":f:c:[]) = withprivfield f c Set go ("--unset":f:c:[]) = withprivfield f c Unset go ("--dump":f:c:[]) = withprivfield f c Dump @@ -100,6 +102,7 @@ defaultMain hostlist = do go _ (Edit field context) = editPrivData field context go _ ListFields = listPrivDataFields hostlist go _ (AddKey keyid) = addKey keyid + go _ (RmKey keyid) = rmKey keyid go _ c@(ChrootChain _ _ _ _) = Chroot.chain hostlist c go _ (DockerChain hn cid) = Docker.chain hostlist hn cid go _ (DockerInit hn) = Docker.init hn diff --git a/src/Propellor/Gpg.hs b/src/Propellor/Gpg.hs index f2ae8f9a..46f2c7d9 100644 --- a/src/Propellor/Gpg.hs +++ b/src/Propellor/Gpg.hs @@ -41,10 +41,10 @@ useKeyringOpts = addKey :: KeyId -> IO () addKey keyid = exitBool =<< allM (uncurry actionMessage) [ ("adding key to propellor's keyring", addkeyring) - , ("staging propellor's keyring", gitadd keyring) - , ("updating encryption of any privdata", reencryptprivdata) + , ("staging propellor's keyring", gitAdd keyring) + , ("updating encryption of any privdata", reencryptPrivData) , ("configuring git signing to use key", gitconfig) - , ("committing changes", gitcommit) + , ("committing changes", gitCommitKeyRing "add-key") ] where addkeyring = do @@ -55,18 +55,6 @@ addKey keyid = exitBool =<< allM (uncurry actionMessage) unwords (useKeyringOpts ++ ["--import"]) ] - reencryptprivdata = ifM (doesFileExist privDataFile) - ( do - gpgEncrypt privDataFile =<< gpgDecrypt privDataFile - gitadd privDataFile - , return True - ) - - gitadd f = boolSystem "git" - [ Param "add" - , File f - ] - gitconfig = ifM (snd <$> processTranscript "gpg" ["--list-secret-keys", keyid] Nothing) ( boolSystem "git" [ Param "config" @@ -78,11 +66,39 @@ addKey keyid = exitBool =<< allM (uncurry actionMessage) return True ) - gitcommit = gitCommit - [ File keyring - , Param "-m" - , Param "propellor addkey" - ] +rmKey :: KeyId -> IO () +rmKey keyid = exitBool =<< allM (uncurry actionMessage) + [ ("removing key from propellor's keyring", rmkeyring) + , ("staging propellor's keyring", gitAdd keyring) + , ("updating encryption of any privdata", reencryptPrivData) + , ("committing changes", gitCommitKeyRing "rm-key") + ] + where + rmkeyring = boolSystem "gpg" $ + (map Param useKeyringOpts) ++ + [Param "--delete-key", Param keyid] + +reencryptPrivData :: IO Bool +reencryptPrivData = ifM (doesFileExist privDataFile) + ( do + gpgEncrypt privDataFile =<< gpgDecrypt privDataFile + gitAdd privDataFile + , return True + ) + +gitAdd :: FilePath -> IO Bool +gitAdd f = boolSystem "git" + [ Param "add" + , File f + ] + +gitCommitKeyRing :: String -> IO Bool +gitCommitKeyRing action = gitCommit + [ File keyring + , File privDataFile + , Param "-m" + , Param ("propellor " ++ action) + ] -- Adds --gpg-sign if there's a keyring. gpgSignParams :: [CommandParam] -> IO [CommandParam] diff --git a/src/Propellor/Types/CmdLine.hs b/src/Propellor/Types/CmdLine.hs index 96949957..50908514 100644 --- a/src/Propellor/Types/CmdLine.hs +++ b/src/Propellor/Types/CmdLine.hs @@ -15,6 +15,7 @@ data CmdLine | Edit PrivDataField Context | ListFields | AddKey String + | RmKey String | Merge | Serialized CmdLine | Continue CmdLine -- cgit v1.3-2-g0d8e From 4ded5bf3d9cd878d00adc7b9a6063b44d528094c Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Wed, 23 Sep 2015 14:26:26 -0400 Subject: remove git signing key when it's the key to be removed --- src/Propellor/Gpg.hs | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/Propellor/Gpg.hs b/src/Propellor/Gpg.hs index 46f2c7d9..84f67dc1 100644 --- a/src/Propellor/Gpg.hs +++ b/src/Propellor/Gpg.hs @@ -43,7 +43,7 @@ addKey keyid = exitBool =<< allM (uncurry actionMessage) [ ("adding key to propellor's keyring", addkeyring) , ("staging propellor's keyring", gitAdd keyring) , ("updating encryption of any privdata", reencryptPrivData) - , ("configuring git signing to use key", gitconfig) + , ("configuring git commit signing to use key", gitconfig) , ("committing changes", gitCommitKeyRing "add-key") ] where @@ -71,12 +71,25 @@ rmKey keyid = exitBool =<< allM (uncurry actionMessage) [ ("removing key from propellor's keyring", rmkeyring) , ("staging propellor's keyring", gitAdd keyring) , ("updating encryption of any privdata", reencryptPrivData) + , ("configuring git commit signing to not use key", gitconfig) , ("committing changes", gitCommitKeyRing "rm-key") ] where rmkeyring = boolSystem "gpg" $ (map Param useKeyringOpts) ++ - [Param "--delete-key", Param keyid] + [ Param "--batch" + , Param "--yes" + , Param "--delete-key", Param keyid + ] + + gitconfig = ifM ((==) (keyid++"\n", True) <$> processTranscript "git" ["config", "user.signingkey"] Nothing) + ( boolSystem "git" + [ Param "config" + , Param "--unset" + , Param "user.signingkey" + ] + , return True + ) reencryptPrivData :: IO Bool reencryptPrivData = ifM (doesFileExist privDataFile) -- cgit v1.3-2-g0d8e