cadey
/
propellor
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Convert GpgKeyId to newtype

This commit is contained in:
Joey Hess 2014-11-15 17:02:25 -04:00
parent 7902f705b0
commit 8d91b5de6b
6 changed files with 12 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
config-joey.hs
View File

@ -23,6 +23,7 @@ import qualified Propellor.Property.Apache as Apache
import qualified Propellor.Property.Postfix as Postfix import qualified Propellor.Property.Postfix as Postfix
import qualified Propellor.Property.Grub as Grub import qualified Propellor.Property.Grub as Grub
import qualified Propellor.Property.Obnam as Obnam import qualified Propellor.Property.Obnam as Obnam
import qualified Propellor.Property.Gpg as Gpg
import qualified Propellor.Property.HostingProvider.DigitalOcean as DigitalOcean import qualified Propellor.Property.HostingProvider.DigitalOcean as DigitalOcean
import qualified Propellor.Property.HostingProvider.CloudAtCost as CloudAtCost import qualified Propellor.Property.HostingProvider.CloudAtCost as CloudAtCost
import qualified Propellor.Property.HostingProvider.Linode as Linode import qualified Propellor.Property.HostingProvider.Linode as Linode
@ -122,7 +123,7 @@ kite = standardSystemUnhardened "kite.kitenet.net" Unstable "amd64"
, "--exclude=/home/joey/lib" , "--exclude=/home/joey/lib"
, "--exclude=.*/tmp/" , "--exclude=.*/tmp/"
, "--one-file-system" , "--one-file-system"
] Obnam.OnlyClient "98147487" ] Obnam.OnlyClient (Gpg.GpgKeyId "98147487")
`requires` Ssh.keyImported SshRsa "root" `requires` Ssh.keyImported SshRsa "root"
(Context "kite.kitenet.net") (Context "kite.kitenet.net")
`requires` Ssh.knownHost hosts "eubackup.kitenet.net" "root" `requires` Ssh.knownHost hosts "eubackup.kitenet.net" "root"

1
debian/changelog vendored
View File

@ -4,6 +4,7 @@ propellor (0.9.3) UNRELEASED; urgency=medium
* Can be used to configure tor hidden services. Thanks, Félix Sipma. * Can be used to configure tor hidden services. Thanks, Félix Sipma.
* When multiple gpg keys are added, ensure that the privdata file * When multiple gpg keys are added, ensure that the privdata file
can be decrypted by all of them. can be decrypted by all of them.
* Convert GpgKeyId to newtype.
-- Joey Hess <joeyh@debian.org> Mon, 10 Nov 2014 11:15:27 -0400 -- Joey Hess <joeyh@debian.org> Mon, 10 Nov 2014 11:15:27 -0400

2
propellor.cabal
View File

@ -1,5 +1,5 @@
Name: propellor Name: propellor
Version: 0.9.2 Version: 0.9.3
Cabal-Version: >= 1.6 Cabal-Version: >= 1.6
License: BSD3 License: BSD3
Maintainer: Joey Hess <joey@kitenet.net> Maintainer: Joey Hess <joey@kitenet.net>

8
src/Propellor/Property/Gpg.hs
View File

@ -9,7 +9,8 @@ import System.PosixCompat
installed :: Property installed :: Property
installed = Apt.installed ["gnupg"] installed = Apt.installed ["gnupg"]
type GpgKeyId = String -- A numeric id, or a description of the key, in a form understood by gpg.
newtype GpgKeyId = GpgKeyId { getGpgKeyId :: String }
-- | Sets up a user with a gpg key from the privdata. -- | Sets up a user with a gpg key from the privdata.
-- --
@ -19,11 +20,8 @@ type GpgKeyId = String
-- --
-- Recommend only using this for low-value dedicated role keys. -- Recommend only using this for low-value dedicated role keys.
-- No attempt has been made to scrub the key out of memory once it's used. -- No attempt has been made to scrub the key out of memory once it's used.
--
-- The GpgKeyId does not have to be a numeric id; it can just as easily
-- be a description of the key.
keyImported :: GpgKeyId -> UserName -> Property keyImported :: GpgKeyId -> UserName -> Property
keyImported keyid user = flagFile' prop genflag keyImported (GpgKeyId keyid) user = flagFile' prop genflag
`requires` installed `requires` installed
where where
desc = user ++ " has gpg key " ++ show keyid desc = user ++ " has gpg key " ++ show keyid

4
src/Propellor/Property/Obnam.hs
View File

@ -48,8 +48,10 @@ backup dir crontimes params numclients =
-- into root's keyring using Propellor.Property.Gpg.keyImported -- into root's keyring using Propellor.Property.Gpg.keyImported
backupEncrypted :: FilePath -> Cron.CronTimes -> [ObnamParam] -> NumClients -> Gpg.GpgKeyId -> Property backupEncrypted :: FilePath -> Cron.CronTimes -> [ObnamParam] -> NumClients -> Gpg.GpgKeyId -> Property
backupEncrypted dir crontimes params numclients keyid = backupEncrypted dir crontimes params numclients keyid =
backup dir crontimes (("--encrypt-with=" ++ keyid):params) numclients backup dir crontimes params' numclients
`requires` Gpg.keyImported keyid "root" `requires` Gpg.keyImported keyid "root"
where
params' = ("--encrypt-with=" ++ Gpg.getGpgKeyId keyid) : params
-- | Does a backup, but does not automatically restore. -- | Does a backup, but does not automatically restore.
backup' :: FilePath -> Cron.CronTimes -> [ObnamParam] -> NumClients -> Property backup' :: FilePath -> Cron.CronTimes -> [ObnamParam] -> NumClients -> Property

5
src/Propellor/Property/SiteSpecific/JoeySites.hs
View File

@ -144,9 +144,8 @@ gitServer hosts = propertyList "git.kitenet.net setup"
[ Obnam.latestVersion [ Obnam.latestVersion
, Obnam.backupEncrypted "/srv/git" "33 3 * * *" , Obnam.backupEncrypted "/srv/git" "33 3 * * *"
[ "--repository=sftp://2318@usw-s002.rsync.net/~/git.kitenet.net" [ "--repository=sftp://2318@usw-s002.rsync.net/~/git.kitenet.net"
, "--encrypt-with=1B169BE1"
, "--client-name=wren" -- historical , "--client-name=wren" -- historical
] Obnam.OnlyClient "1B169BE1" ] Obnam.OnlyClient (Gpg.GpgKeyId "1B169BE1")
`requires` Ssh.keyImported SshRsa "root" (Context "git.kitenet.net") `requires` Ssh.keyImported SshRsa "root" (Context "git.kitenet.net")
`requires` Ssh.knownHost hosts "usw-s002.rsync.net" "root" `requires` Ssh.knownHost hosts "usw-s002.rsync.net" "root"
`requires` Ssh.authorizedKeys "family" (Context "git.kitenet.net") `requires` Ssh.authorizedKeys "family" (Context "git.kitenet.net")
@ -283,7 +282,7 @@ gitAnnexDistributor = combineProperties "git-annex distributor, including rsync
, endpoint "/srv/web/downloads.kitenet.net/git-annex/autobuild" , endpoint "/srv/web/downloads.kitenet.net/git-annex/autobuild"
, endpoint "/srv/web/downloads.kitenet.net/git-annex/autobuild/x86_64-apple-mavericks" , endpoint "/srv/web/downloads.kitenet.net/git-annex/autobuild/x86_64-apple-mavericks"
-- git-annex distribution signing key -- git-annex distribution signing key
, Gpg.keyImported "89C809CB" "joey" , Gpg.keyImported (Gpg.GpgKeyId "89C809CB") "joey"
] ]
where where
endpoint d = combineProperties ("endpoint " ++ d) endpoint d = combineProperties ("endpoint " ++ d)