diff options
author | joe <joe@jerkface.net> | 2016-04-24 15:07:25 -0400 |
---|---|---|
committer | joe <joe@jerkface.net> | 2016-04-24 15:07:25 -0400 |
commit | c725029f61f75b1a6be3ce9c258b4f244853532b (patch) | |
tree | 09677dc2c99b7163ea4faa7073511755a96d9969 /kiki.hs | |
parent | 51bc655f4b0acb30ff873c8c32c9aacb1408258e (diff) |
Renamed usage tag strongswan -> ipsec.
Diffstat (limited to 'kiki.hs')
-rw-r--r-- | kiki.hs | 16 |
1 files changed, 8 insertions, 8 deletions
@@ -1547,7 +1547,7 @@ kiki "init-key" args = do | |||
1547 | { opFiles = Map.fromList $ | 1547 | { opFiles = Map.fromList $ |
1548 | [ ( HomeSec, buildStreamInfo KF_All KeyRingFile ) | 1548 | [ ( HomeSec, buildStreamInfo KF_All KeyRingFile ) |
1549 | , ( HomePub, (buildStreamInfo KF_All KeyRingFile) { access = Pub } ) | 1549 | , ( HomePub, (buildStreamInfo KF_All KeyRingFile) { access = Pub } ) |
1550 | , ( ArgFile ipsecpath, peminfo 1024 "strongswan" ) | 1550 | , ( ArgFile ipsecpath, peminfo 1024 "ipsec" ) |
1551 | , ( ArgFile sshcpath, peminfo 2048 "ssh-client" ) | 1551 | , ( ArgFile sshcpath, peminfo 2048 "ssh-client" ) |
1552 | , ( ArgFile sshspath, peminfo 2048 "ssh-server" ) ] | 1552 | , ( ArgFile sshspath, peminfo 2048 "ssh-server" ) ] |
1553 | , opPassphrases = [ PassphraseMemoizer (rtPassphrases rt) ] | 1553 | , opPassphrases = [ PassphraseMemoizer (rtPassphrases rt) ] |
@@ -1571,9 +1571,9 @@ kiki "init-key" args = do | |||
1571 | 1571 | ||
1572 | -- Finally, export public keys if they do not exist. | 1572 | -- Finally, export public keys if they do not exist. |
1573 | let writeFileWARNING fname bs = do | 1573 | let writeFileWARNING fname bs = do |
1574 | --TODO | 1574 | --TODO |
1575 | hPutStrLn stderr $ fname ++ ": DID NOT CHECK TRUST (TODO)" | 1575 | hPutStrLn stderr $ fname ++ ": DID NOT CHECK TRUST (TODO)" |
1576 | writeFile fname bs | 1576 | writeFile fname bs |
1577 | flip (maybe $ warn "missing working key?") (rtGrip rt) $ \grip -> do | 1577 | flip (maybe $ warn "missing working key?") (rtGrip rt) $ \grip -> do |
1578 | gotc <- doesFileExist (sshcpathpub) | 1578 | gotc <- doesFileExist (sshcpathpub) |
1579 | when (not gotc) $ do | 1579 | when (not gotc) $ do |
@@ -1588,7 +1588,7 @@ kiki "init-key" args = do | |||
1588 | goti <- doesFileExist (ipsecpathpub) | 1588 | goti <- doesFileExist (ipsecpathpub) |
1589 | when (not goti) $ do | 1589 | when (not goti) $ do |
1590 | either warn (writeFile $ ipsecpathpub) | 1590 | either warn (writeFile $ ipsecpathpub) |
1591 | $ show_pem' "strongswan" grip (rtKeyDB rt) pemFromPacket | 1591 | $ show_pem' "ipsec" grip (rtKeyDB rt) pemFromPacket |
1592 | else return () | 1592 | else return () |
1593 | 1593 | ||
1594 | 1594 | ||
@@ -1607,7 +1607,7 @@ kiki "init-key" args = do | |||
1607 | their_master = packet $ keyMappedPacket kd | 1607 | their_master = packet $ keyMappedPacket kd |
1608 | -- We find all cross-certified ipsec keys for the given cross-certified onion name. | 1608 | -- We find all cross-certified ipsec keys for the given cross-certified onion name. |
1609 | ipsecs = sortOn (Down . timestamp) | 1609 | ipsecs = sortOn (Down . timestamp) |
1610 | $ getCrossSignedSubkeys their_master (keySubKeys kd) "strongswan" | 1610 | $ getCrossSignedSubkeys their_master (keySubKeys kd) "ipsec" |
1611 | forM_ (take 1 ipsecs) $ \k -> do | 1611 | forM_ (take 1 ipsecs) $ \k -> do |
1612 | goti <- doesFileExist (cpath) | 1612 | goti <- doesFileExist (cpath) |
1613 | when (not goti) $ do | 1613 | when (not goti) $ do |
@@ -1693,7 +1693,7 @@ kiki "tar" args = do | |||
1693 | tarContent rt spec pubpem knownhosts secpem = ipsecs ++ sshs ++ secrets "root" | 1693 | tarContent rt spec pubpem knownhosts secpem = ipsecs ++ sshs ++ secrets "root" |
1694 | where | 1694 | where |
1695 | ipsecs = do | 1695 | ipsecs = do |
1696 | (kk,ipsec,sigs) <- selectPublicKeyAndSigs (KeyUidMatch "",Just "strongswan") (rtKeyDB rt) | 1696 | (kk,ipsec,sigs) <- selectPublicKeyAndSigs (KeyUidMatch "",Just "ipsec") (rtKeyDB rt) |
1697 | let kd = (rtKeyDB rt Map.! kk) | 1697 | let kd = (rtKeyDB rt Map.! kk) |
1698 | k = packet $ keyMappedPacket kd | 1698 | k = packet $ keyMappedPacket kd |
1699 | (addr,(onames,ns)) = getHostnames kd | 1699 | (addr,(onames,ns)) = getHostnames kd |
@@ -1729,7 +1729,7 @@ tarContent rt spec pubpem knownhosts secpem = ipsecs ++ sshs ++ secrets "root" | |||
1729 | return $ spem (dir $ homedir ++ "/.ssh/" ++ sshkeyname k) k | 1729 | return $ spem (dir $ homedir ++ "/.ssh/" ++ sshkeyname k) k |
1730 | sshsvr = spem (dir "etc/ssh/ssh_host_rsa_key") <$> lookupSecret "ssh-host" kd | 1730 | sshsvr = spem (dir "etc/ssh/ssh_host_rsa_key") <$> lookupSecret "ssh-host" kd |
1731 | ipseckey = do | 1731 | ipseckey = do |
1732 | k <- lookupSecret "strongswan" kd | 1732 | k <- lookupSecret "ipsec" kd |
1733 | oname <- fst . snd $ getHostnames kd | 1733 | oname <- fst . snd $ getHostnames kd |
1734 | return $ spem (dir $ "etc/ipsec.d/private/"++Char8.unpack oname++".pem") k | 1734 | return $ spem (dir $ "etc/ipsec.d/private/"++Char8.unpack oname++".pem") k |
1735 | torkey ++ sshcli ++ sshsvr ++ ipseckey | 1735 | torkey ++ sshcli ++ sshsvr ++ ipseckey |