diff options
Diffstat (limited to 'lib/Kiki.hs')
| -rw-r--r-- | lib/Kiki.hs | 47 |
1 files changed, 35 insertions, 12 deletions
diff --git a/lib/Kiki.hs b/lib/Kiki.hs index b1f7ad7..8a1878b 100644 --- a/lib/Kiki.hs +++ b/lib/Kiki.hs | |||
| @@ -82,6 +82,11 @@ run args x = | |||
| 82 | Left e -> hPutStrLn stderr $ usageErrorMessage e | 82 | Left e -> hPutStrLn stderr $ usageErrorMessage e |
| 83 | Right io -> io | 83 | Right io -> io |
| 84 | 84 | ||
| 85 | outputReport :: [(FilePath, KikiReportAction)] -> IO () | ||
| 86 | outputReport report = do | ||
| 87 | forM_ report $ \(fname,act) -> do | ||
| 88 | putStrLn $ fname ++ ": " ++ reportString act | ||
| 89 | |||
| 85 | importAndRefresh :: (FilePath -> FilePath) -> CommonArgsParsed -> IO () | 90 | importAndRefresh :: (FilePath -> FilePath) -> CommonArgsParsed -> IO () |
| 86 | importAndRefresh root cmn = do | 91 | importAndRefresh root cmn = do |
| 87 | let rootdir = do guard (root "x" /= "x") | 92 | let rootdir = do guard (root "x" /= "x") |
| @@ -195,8 +200,7 @@ importAndRefresh root cmn = do | |||
| 195 | } | 200 | } |
| 196 | -- if bUnprivileged then doNothing else mkdirFor torpath | 201 | -- if bUnprivileged then doNothing else mkdirFor torpath |
| 197 | KikiResult rt report <- runKeyRing (if bUnprivileged then nop else op) | 202 | KikiResult rt report <- runKeyRing (if bUnprivileged then nop else op) |
| 198 | forM_ report $ \(fname,act) -> do | 203 | outputReport report |
| 199 | putStrLn $ fname ++ ": " ++ reportString act | ||
| 200 | rt <- case rt of | 204 | rt <- case rt of |
| 201 | BadPassphrase -> | 205 | BadPassphrase -> |
| 202 | error "Operation requires correct passphrase. (Hint: Use --passphrase-fd=0 to input it on stdin.)" | 206 | error "Operation requires correct passphrase. (Hint: Use --passphrase-fd=0 to input it on stdin.)" |
| @@ -237,16 +241,35 @@ refreshCache rt rootdir = do | |||
| 237 | 241 | ||
| 238 | let grip = fingerprint wk | 242 | let grip = fingerprint wk |
| 239 | wkkd = rtKeyDB rt Map.! keykey wk | 243 | wkkd = rtKeyDB rt Map.! keykey wk |
| 240 | 244 | getSecret tag = sortOn (Down . timestamp) | |
| 241 | either warn (write $ mkpath "ipsec.d/private/" ++ Char8.unpack oname++".pem") $ do | 245 | $ getSubkeys Unsigned wk (keySubKeys wkkd) tag |
| 242 | -- Note: no sig check here. That may be incautious... | 246 | |
| 243 | let my_ipsecs :: [Packet] | 247 | let writeSecret tag path warning = do |
| 244 | my_ipsecs = sortOn (Down . timestamp) | 248 | let my_ks :: [Packet] |
| 245 | $ getSubkeys Unsigned wk (keySubKeys wkkd) "ipsec" | 249 | my_ks = getSecret "ipsec" |
| 246 | case my_ipsecs of | 250 | case my_ks of |
| 247 | ipsec:_ -> maybe (Left "unsupported ipsec key type") Right | 251 | sec:_ -> do report <- writeKeyToFile streaminfo { typ = PEMFile |
| 248 | $ secretPemFromPacket ipsec | 252 | , access = Sec |
| 249 | _ -> Left "missing ipsec key?" | 253 | , spill = KF_All |
| 254 | } | ||
| 255 | (ArgFile path) | ||
| 256 | sec | ||
| 257 | let ctx = Just $ InputFileContext "secring.gpg" "pubring.gpg" | ||
| 258 | outputReport $ map (first $ resolveForReport ctx) | ||
| 259 | $ filter ((/=ExportedSubkey) . snd) report | ||
| 260 | _ -> warn warning | ||
| 261 | |||
| 262 | writeSecret "ipsec" | ||
| 263 | (mkpath "ipsec.d/private/" ++ Char8.unpack oname++".pem") | ||
| 264 | "missing ipsec key?" | ||
| 265 | |||
| 266 | writeSecret "ssh-client" | ||
| 267 | (mkpath "root/.ssh/id_rsa") | ||
| 268 | "missing ssh-client key?" | ||
| 269 | |||
| 270 | writeSecret "ssh-server" | ||
| 271 | (mkpath "ssh_host_rsa_key") | ||
| 272 | "missing ssh host key?" | ||
| 250 | 273 | ||
| 251 | -- Finally, export public keys if they do not exist. | 274 | -- Finally, export public keys if they do not exist. |
| 252 | either warn (write $ mkpath "root/.ssh/id_rsa.pub") | 275 | either warn (write $ mkpath "root/.ssh/id_rsa.pub") |