cokiki replace ssh-server key.

author: joe <joe@jerkface.net> 2016-04-25 21:02:28 -0400
committer: joe <joe@jerkface.net> 2016-04-25 21:02:28 -0400
commit: 334525e552b1da967c9f5b0576473c13bd2fd896 (patch)
tree: a1b4522259a69e52579957931f68c221f5ad3a02 /lib
parent: 1bac5f8f59ee84cbd0ec674323236e1c22c1bbc0 (diff)
2 files changed, 37 insertions, 1 deletions
diff --git a/lib/KeyRing.hs b/lib/KeyRing.hs
index 74b883f..8a4d870 100644
--- a/lib/KeyRing.hs
+++ b/lib/KeyRing.hs
@@ -329,7 +329,7 @@ data StreamInfo = StreamInfo
    -- ^ If 'typ' is 'PEMFile' and an 'External' 'initializer' string is set,
    -- then it is interpretted as a shell command that may be used to create
    -- the key if it does not exist.
-    , transforms :: [Transform] 
+    , transforms :: [Transform]
    -- ^ Per-file transformations that occur before the contents of a file are
    -- spilled into the common pool.
    }
@@ -431,6 +431,9 @@ data Transform =
        | DeleteSubkeyByFingerprint String
        -- ^ Delete the subkey specified by the given fingerprint and any
        -- associated signatures on that key.
+        | DeleteSubkeyByUsage String
+        -- ^ Delete the subkey specified by the given fingerprint and any
+        -- associated signatures on that key.
 deriving (Eq,Ord,Show)
 -- | This type describes an idempotent transformation (merge or import) on a
@@ -2695,6 +2698,13 @@ resolveTransform (DeleteSubkeyByFingerprint fp) rt kd@(KeyData k ksigs umap subm
        guard (map toUpper fp == fingerprint (packet (subkeyMappedPacket sub)))
        return k
+resolveTransform (DeleteSubkeyByUsage tag) rt kd@(KeyData k ksigs umap submap) = fmap (SubKeyDeletion topk) subk
+ where
+    topk = keykey $ packet k -- key to master of key to be deleted
+    subk = do
+        (k,SubKey p sigs) <- Map.toList submap
+        take 1 $ filter (has_tag tag) $ map (packet . fst) sigs
+        return k
 -- | Load and update key files according to the specified 'KeyRingOperation'.
 runKeyRing :: KeyRingOperation -> IO (KikiResult KeyRingRuntime)
diff --git a/lib/Kiki.hs b/lib/Kiki.hs
index 575cf26..be99ed8 100644
--- a/lib/Kiki.hs
+++ b/lib/Kiki.hs
@@ -39,6 +39,15 @@ refresh root homepass = do
 data CommonArgsParsed = CommonArgsParsed { cap_homespec :: Maybe String, cap_passfd :: Maybe InputFile }
+streaminfo :: StreamInfo
+streaminfo = StreamInfo
+    { fill = KF_None
+    , spill = KF_None
+    , typ = KeyRingFile
+    , initializer = NoCreate
+    , access = AutoAccess
+    , transforms = []
+    }
 minimalOp :: CommonArgsParsed -> KeyRingOperation
 minimalOp cap = op
@@ -167,3 +176,20 @@ sshblobFromPacket k = blob
                <$> optional (arg "--homedir")
                <*> optional (FileDesc <$> read <$> arg "--passphrase-fd")
+replaceSshServerKeys root cmn = do
+    let homepass' = cmn { cap_homespec = fmap root (cap_homespec cmn) }
+        replaceSSH op = op { opFiles = files }
+            where
+                files = Map.adjust delssh HomeSec
+                        $ Map.adjust delssh HomePub
+                        $ Map.insert (ArgFile $ root "/etc/ssh/ssh_host_rsa_key") strm $ opFiles op
+                strm = streaminfo { typ = PEMFile, spill = KF_Match "ssh-server", access = Sec }
+                delssh strm = strm { transforms = DeleteSubkeyByUsage "ssh-server" : transforms strm
+                                   , fill = KF_All }
+    KikiResult r report <- runKeyRing $ minimalOp homepass'
+    case r of
+        KikiSuccess rt -> Kiki.refreshCache rt $ case root "" of
+                                                    "/" -> Nothing
+                                                    ""  -> Nothing
+                                                    pth -> Just pth
+        err            -> hPutStrLn stderr $ errorString err
author	joe <joe@jerkface.net>	2016-04-25 21:02:28 -0400
committer	joe <joe@jerkface.net>	2016-04-25 21:02:28 -0400
commit	334525e552b1da967c9f5b0576473c13bd2fd896 (patch)
tree	a1b4522259a69e52579957931f68c221f5ad3a02 /lib
parent	1bac5f8f59ee84cbd0ec674323236e1c22c1bbc0 (diff)

diff --git a/lib/KeyRing.hs b/lib/KeyRing.hs index 74b883f..8a4d870 100644 --- a/lib/KeyRing.hs +++ b/lib/KeyRing.hs
@@ -329,7 +329,7 @@ data StreamInfo = StreamInfo
329	-- ^ If 'typ' is 'PEMFile' and an 'External' 'initializer' string is set,	329	-- ^ If 'typ' is 'PEMFile' and an 'External' 'initializer' string is set,
330	-- then it is interpretted as a shell command that may be used to create	330	-- then it is interpretted as a shell command that may be used to create
331	-- the key if it does not exist.	331	-- the key if it does not exist.
332	, transforms :: [Transform]	332	, transforms :: [Transform]
333	-- ^ Per-file transformations that occur before the contents of a file are	333	-- ^ Per-file transformations that occur before the contents of a file are
334	-- spilled into the common pool.	334	-- spilled into the common pool.
335	}	335	}
@@ -431,6 +431,9 @@ data Transform =
431	\| DeleteSubkeyByFingerprint String	431	\| DeleteSubkeyByFingerprint String
432	-- ^ Delete the subkey specified by the given fingerprint and any	432	-- ^ Delete the subkey specified by the given fingerprint and any
433	-- associated signatures on that key.	433	-- associated signatures on that key.
		434	\| DeleteSubkeyByUsage String
		435	-- ^ Delete the subkey specified by the given fingerprint and any
		436	-- associated signatures on that key.
434	deriving (Eq,Ord,Show)	437	deriving (Eq,Ord,Show)
435		438
436	-- \| This type describes an idempotent transformation (merge or import) on a	439	-- \| This type describes an idempotent transformation (merge or import) on a
@@ -2695,6 +2698,13 @@ resolveTransform (DeleteSubkeyByFingerprint fp) rt kd@(KeyData k ksigs umap subm
2695	guard (map toUpper fp == fingerprint (packet (subkeyMappedPacket sub)))	2698	guard (map toUpper fp == fingerprint (packet (subkeyMappedPacket sub)))
2696	return k	2699	return k
2697		2700
		2701	resolveTransform (DeleteSubkeyByUsage tag) rt kd@(KeyData k ksigs umap submap) = fmap (SubKeyDeletion topk) subk
		2702	where
		2703	topk = keykey $ packet k -- key to master of key to be deleted
		2704	subk = do
		2705	(k,SubKey p sigs) <- Map.toList submap
		2706	take 1 $ filter (has_tag tag) $ map (packet . fst) sigs
		2707	return k
2698		2708
2699	-- \| Load and update key files according to the specified 'KeyRingOperation'.	2709	-- \| Load and update key files according to the specified 'KeyRingOperation'.
2700	runKeyRing :: KeyRingOperation -> IO (KikiResult KeyRingRuntime)	2710	runKeyRing :: KeyRingOperation -> IO (KikiResult KeyRingRuntime)


diff --git a/lib/Kiki.hs b/lib/Kiki.hs index 575cf26..be99ed8 100644 --- a/lib/Kiki.hs +++ b/lib/Kiki.hs
@@ -39,6 +39,15 @@ refresh root homepass = do
39		39
40	data CommonArgsParsed = CommonArgsParsed { cap_homespec :: Maybe String, cap_passfd :: Maybe InputFile }	40	data CommonArgsParsed = CommonArgsParsed { cap_homespec :: Maybe String, cap_passfd :: Maybe InputFile }
41		41
		42	streaminfo :: StreamInfo
		43	streaminfo = StreamInfo
		44	{ fill = KF_None
		45	, spill = KF_None
		46	, typ = KeyRingFile
		47	, initializer = NoCreate
		48	, access = AutoAccess
		49	, transforms = []
		50	}
42		51
43	minimalOp :: CommonArgsParsed -> KeyRingOperation	52	minimalOp :: CommonArgsParsed -> KeyRingOperation
44	minimalOp cap = op	53	minimalOp cap = op
@@ -167,3 +176,20 @@ sshblobFromPacket k = blob
167	<$> optional (arg "--homedir")	176	<$> optional (arg "--homedir")
168	<*> optional (FileDesc <$> read <$> arg "--passphrase-fd")	177	<*> optional (FileDesc <$> read <$> arg "--passphrase-fd")
169		178
		179	replaceSshServerKeys root cmn = do
		180	let homepass' = cmn { cap_homespec = fmap root (cap_homespec cmn) }
		181	replaceSSH op = op { opFiles = files }
		182	where
		183	files = Map.adjust delssh HomeSec
		184	$ Map.adjust delssh HomePub
		185	$ Map.insert (ArgFile $ root "/etc/ssh/ssh_host_rsa_key") strm $ opFiles op
		186	strm = streaminfo { typ = PEMFile, spill = KF_Match "ssh-server", access = Sec }
		187	delssh strm = strm { transforms = DeleteSubkeyByUsage "ssh-server" : transforms strm
		188	, fill = KF_All }
		189	KikiResult r report <- runKeyRing $ minimalOp homepass'
		190	case r of
		191	KikiSuccess rt -> Kiki.refreshCache rt $ case root "" of
		192	"/" -> Nothing
		193	"" -> Nothing
		194	pth -> Just pth
		195	err -> hPutStrLn stderr $ errorString err