Ssh.hostKey and Ssh.hostKeys no longer install public keys from the privdata.
Instead, the public keys of a host should be set using Ssh.pubKey.
This commit is contained in:
parent
84685f24c9
commit
a2bb647827
|
@ -8,6 +8,9 @@ propellor (1.3.0) UNRELEASED; urgency=medium
|
||||||
* Added support for DNSSEC.
|
* Added support for DNSSEC.
|
||||||
* sshPubKey is renamed to Ssh.pubKey, and has an added SshKeyType
|
* sshPubKey is renamed to Ssh.pubKey, and has an added SshKeyType
|
||||||
parameter. (API change)
|
parameter. (API change)
|
||||||
|
* Ssh.hostKey and Ssh.hostKeys no longer install public keys from
|
||||||
|
the privdata. Instead, the public keys of a host should be set using
|
||||||
|
Ssh.pubKey.
|
||||||
* Ssh.hostKeys now also installs any available SshEd25519 keys.
|
* Ssh.hostKeys now also installs any available SshEd25519 keys.
|
||||||
* Fix build with process 1.2.1.0.
|
* Fix build with process 1.2.1.0.
|
||||||
|
|
||||||
|
|
|
@ -95,21 +95,25 @@ hostKeys :: IsContext c => c -> Property
|
||||||
hostKeys ctx = propertyList "known ssh host keys" $
|
hostKeys ctx = propertyList "known ssh host keys" $
|
||||||
map (flip hostKey ctx) [minBound..maxBound]
|
map (flip hostKey ctx) [minBound..maxBound]
|
||||||
|
|
||||||
-- | Installs a single ssh host key.
|
-- | Installs a single ssh host key of a particular type.
|
||||||
--
|
--
|
||||||
-- The private key comes from the privdata.
|
-- The private key comes from the privdata;
|
||||||
--
|
-- the public key is set using 'pubKey'.
|
||||||
-- The public key is set using 'pubKey'.
|
|
||||||
hostKey :: IsContext c => SshKeyType -> c -> Property
|
hostKey :: IsContext c => SshKeyType -> c -> Property
|
||||||
hostKey keytype context = combineProperties desc
|
hostKey keytype context = combineProperties desc
|
||||||
[ installkey (keysrc ".pub" (SshPubKey keytype "")) (install writeFile ".pub")
|
[ property desc $ do
|
||||||
, installkey (keysrc "" (SshPrivKey keytype "")) (install writeFileProtected "")
|
v <- M.lookup keytype <$> getPubKey
|
||||||
|
case v of
|
||||||
|
Just k -> install writeFile ".pub" k
|
||||||
|
Nothing -> do
|
||||||
|
warningMessage $ "Missing ssh pubKey " ++ show keytype
|
||||||
|
return FailedChange
|
||||||
|
, withPrivData (keysrc "" (SshPrivKey keytype "")) context $ \getkey ->
|
||||||
|
property desc $ getkey $ install writeFileProtected ""
|
||||||
]
|
]
|
||||||
`onChange` restarted
|
`onChange` restarted
|
||||||
where
|
where
|
||||||
desc = "known ssh host key (" ++ fromKeyType keytype ++ ")"
|
desc = "known ssh host key (" ++ fromKeyType keytype ++ ")"
|
||||||
installkey p a = withPrivData p context $ \getkey ->
|
|
||||||
property desc $ getkey a
|
|
||||||
install writer ext key = do
|
install writer ext key = do
|
||||||
let f = "/etc/ssh/ssh_host_" ++ fromKeyType keytype ++ "_key" ++ ext
|
let f = "/etc/ssh/ssh_host_" ++ fromKeyType keytype ++ "_key" ++ ext
|
||||||
s <- liftIO $ readFileStrict f
|
s <- liftIO $ readFileStrict f
|
||||||
|
|
Loading…
Reference in New Issue