diff options
| author | joe <joe@jerkface.net> | 2016-05-01 22:51:52 +0000 |
|---|---|---|
| committer | joe <joe@jerkface.net> | 2016-05-01 22:51:52 +0000 |
| commit | 1822704b7cb39eb890b81b270143e7d9eb319f2b (patch) | |
| tree | 69577e12c3eb10321f5ee1fadbbdaaf75e23e1ed /lib/Kiki.hs | |
| parent | 0350974ec8a91127d0c43dc826234774181544b7 (diff) | |
Handle ipsec.secret
Diffstat (limited to 'lib/Kiki.hs')
| -rw-r--r-- | lib/Kiki.hs | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/lib/Kiki.hs b/lib/Kiki.hs index 121826b..dc228bb 100644 --- a/lib/Kiki.hs +++ b/lib/Kiki.hs | |||
| @@ -271,6 +271,10 @@ refreshCache rt rootdir = do | |||
| 271 | wr f bs | 271 | wr f bs |
| 272 | write = write' writeFile | 272 | write = write' writeFile |
| 273 | writeL = write' L.writeFile | 273 | writeL = write' L.writeFile |
| 274 | writeL077 f bs = do | ||
| 275 | old_umask <- setFileCreationMask 0o077 | ||
| 276 | writeL f bs | ||
| 277 | setFileCreationMask old_umask | ||
| 274 | 278 | ||
| 275 | let names = do wk <- rtWorkingKey rt | 279 | let names = do wk <- rtWorkingKey rt |
| 276 | -- XXX unnecessary signature check | 280 | -- XXX unnecessary signature check |
| @@ -313,6 +317,11 @@ refreshCache rt rootdir = do | |||
| 313 | (mkpath "ipsec.d/private/" ++ Char8.unpack oname++".pem") | 317 | (mkpath "ipsec.d/private/" ++ Char8.unpack oname++".pem") |
| 314 | "missing ipsec key?" | 318 | "missing ipsec key?" |
| 315 | 319 | ||
| 320 | -- TODO: probably we should add multiple entries for the case that there | ||
| 321 | -- are multiple secret master-keys each with distinct tor and ipsec keys. | ||
| 322 | writeL077 (mkpath "ipsec.secrets") | ||
| 323 | $ ": RSA /var/cache/kiki/config/ipsec.d/private/" <> oname <> ".pem" | ||
| 324 | |||
| 316 | writeSecret "ssh-client" | 325 | writeSecret "ssh-client" |
| 317 | (mkpath "root/.ssh/id_rsa") | 326 | (mkpath "root/.ssh/id_rsa") |
| 318 | "missing ssh-client key?" | 327 | "missing ssh-client key?" |