Convert GpgKeyId to newtype

config-joey.hs

@@ -23,6 +23,7 @@ import qualified Propellor.Property.Apache as Apache
 import qualified Propellor.Property.Postfix as Postfix
 import qualified Propellor.Property.Grub as Grub
 import qualified Propellor.Property.Obnam as Obnam
+import qualified Propellor.Property.Gpg as Gpg
 import qualified Propellor.Property.HostingProvider.DigitalOcean as DigitalOcean
 import qualified Propellor.Property.HostingProvider.CloudAtCost as CloudAtCost
 import qualified Propellor.Property.HostingProvider.Linode as Linode
@@ -122,7 +123,7 @@ kite = standardSystemUnhardened "kite.kitenet.net" Unstable "amd64"
 		, "--exclude=/home/joey/lib"
 		, "--exclude=.*/tmp/"
 		, "--one-file-system"
-		] Obnam.OnlyClient "98147487"
+		] Obnam.OnlyClient (Gpg.GpgKeyId "98147487")
 		`requires` Ssh.keyImported SshRsa "root"
 			(Context "kite.kitenet.net")
 		`requires` Ssh.knownHost hosts "eubackup.kitenet.net" "root"

debian/changelog

@@ -4,6 +4,7 @@ propellor (0.9.3) UNRELEASED; urgency=medium
   * Can be used to configure tor hidden services. Thanks, Félix Sipma.
   * When multiple gpg keys are added, ensure that the privdata file
     can be decrypted by all of them.
+  * Convert GpgKeyId to newtype.
 
  -- Joey Hess <joeyh@debian.org>  Mon, 10 Nov 2014 11:15:27 -0400
 

propellor.cabal

@@ -1,5 +1,5 @@
 Name: propellor
-Version: 0.9.2
+Version: 0.9.3
 Cabal-Version: >= 1.6
 License: BSD3
 Maintainer: Joey Hess <joey@kitenet.net>

src/Propellor/Property/Gpg.hs

@@ -9,7 +9,8 @@ import System.PosixCompat
 installed :: Property
 installed = Apt.installed ["gnupg"]
 
-type GpgKeyId = String
+-- A numeric id, or a description of the key, in a form understood by gpg.
+newtype GpgKeyId = GpgKeyId { getGpgKeyId :: String }
 
 -- | Sets up a user with a gpg key from the privdata.
 --
@@ -19,11 +20,8 @@ type GpgKeyId = String
 --
 -- Recommend only using this for low-value dedicated role keys.
 -- No attempt has been made to scrub the key out of memory once it's used.
---
--- The GpgKeyId does not have to be a numeric id; it can just as easily
--- be a description of the key.
 keyImported :: GpgKeyId -> UserName -> Property
-keyImported keyid user = flagFile' prop genflag
+keyImported (GpgKeyId keyid) user = flagFile' prop genflag
 	`requires` installed
   where
 	desc = user ++ " has gpg key " ++ show keyid

src/Propellor/Property/Obnam.hs

@@ -48,8 +48,10 @@ backup dir crontimes params numclients =
 -- into root's keyring using Propellor.Property.Gpg.keyImported
 backupEncrypted :: FilePath -> Cron.CronTimes -> [ObnamParam] -> NumClients -> Gpg.GpgKeyId -> Property
 backupEncrypted dir crontimes params numclients keyid =
-	backup dir crontimes (("--encrypt-with=" ++ keyid):params) numclients
+	backup dir crontimes params' numclients
 		`requires` Gpg.keyImported keyid "root"
+  where
+	params' = ("--encrypt-with=" ++ Gpg.getGpgKeyId keyid) : params
 
 -- | Does a backup, but does not automatically restore.
 backup' :: FilePath -> Cron.CronTimes -> [ObnamParam] -> NumClients -> Property

src/Propellor/Property/SiteSpecific/JoeySites.hs

@@ -144,9 +144,8 @@ gitServer hosts = propertyList "git.kitenet.net setup"
 	[ Obnam.latestVersion
 	, Obnam.backupEncrypted "/srv/git" "33 3 * * *"
 		[ "--repository=sftp://2318@usw-s002.rsync.net/~/git.kitenet.net"
-		, "--encrypt-with=1B169BE1"
 		, "--client-name=wren" -- historical
-		] Obnam.OnlyClient "1B169BE1"
+		] Obnam.OnlyClient (Gpg.GpgKeyId "1B169BE1")
 		`requires` Ssh.keyImported SshRsa "root" (Context "git.kitenet.net")
 		`requires` Ssh.knownHost hosts "usw-s002.rsync.net" "root"
 		`requires` Ssh.authorizedKeys "family" (Context "git.kitenet.net")
@@ -283,7 +282,7 @@ gitAnnexDistributor = combineProperties "git-annex distributor, including rsync
 	, endpoint "/srv/web/downloads.kitenet.net/git-annex/autobuild"
 	, endpoint "/srv/web/downloads.kitenet.net/git-annex/autobuild/x86_64-apple-mavericks"
 	-- git-annex distribution signing key
-	, Gpg.keyImported "89C809CB" "joey"
+	, Gpg.keyImported (Gpg.GpgKeyId "89C809CB") "joey"
 	]
   where
 	endpoint d = combineProperties ("endpoint " ++ d)