summaryrefslogtreecommitdiff
path: root/lib/Kiki.hs
diff options
context:
space:
mode:
Diffstat (limited to 'lib/Kiki.hs')
-rw-r--r--lib/Kiki.hs25
1 files changed, 16 insertions, 9 deletions
diff --git a/lib/Kiki.hs b/lib/Kiki.hs
index 258892f..e36e41a 100644
--- a/lib/Kiki.hs
+++ b/lib/Kiki.hs
@@ -279,13 +279,7 @@ importAndRefresh root cmn cipher = do
279 279
280 let sshcpath = fromMaybe "" rootdir ++ osHomeDir ++ ".ssh/id_rsa" 280 let sshcpath = fromMaybe "" rootdir ++ osHomeDir ++ ".ssh/id_rsa"
281 sshspath = fromMaybe "" rootdir ++ "/etc/ssh/ssh_host_rsa_key" 281 sshspath = fromMaybe "" rootdir ++ "/etc/ssh/ssh_host_rsa_key"
282 op = 282 mktorkey = ( torgen , case torgen of
283 KeyRingOperation
284 { opFiles =
285 Map.fromList $
286 [ ( HomeSec, buildStreamInfo KF_All KeyRingFile )
287 , ( HomePub, (buildStreamInfo KF_All KeyRingFile) { access = Pub } )
288 , ( torgen , case torgen of
289 FileDesc _ -> StreamInfo { typ = PEMFile 283 FileDesc _ -> StreamInfo { typ = PEMFile
290 , fill = KF_Match "tor" 284 , fill = KF_Match "tor"
291 , spill = KF_Match "tor" 285 , spill = KF_Match "tor"
@@ -293,11 +287,19 @@ importAndRefresh root cmn cipher = do
293 , initializer = NoCreate 287 , initializer = NoCreate
294 , transforms = [] } 288 , transforms = [] }
295 _ -> strm { spill = KF_Match "tor" }) 289 _ -> strm { spill = KF_Match "tor" })
290 op =
291 KeyRingOperation
292 { opFiles =
293 Map.fromList $
294 [ ( HomeSec, buildStreamInfo KF_All KeyRingFile )
295 , ( HomePub, (buildStreamInfo KF_All KeyRingFile) { access = Pub } )
296 , mktorkey
296 , ( Generate 1 (GenRSA (2048 `div` 8)), strm { spill = KF_Match "ipsec" }) 297 , ( Generate 1 (GenRSA (2048 `div` 8)), strm { spill = KF_Match "ipsec" })
297 , ( ArgFile sshcpath, (peminfo 2048 "ssh-client") ) 298 , ( ArgFile sshcpath, (peminfo 2048 "ssh-client") )
298 , ( ArgFile sshspath, (peminfo 2048 "ssh-server") ) 299 , ( ArgFile sshspath, (peminfo 2048 "ssh-server") )
299 , ( Generate 2 (GenRSA (4096 `div` 8)), strm { spill = KF_Match "encrypt" }) 300 , ( Generate 2 (GenRSA (4096 `div` 8)), strm { spill = KF_Match "encrypt" })
300 , ( Generate 3 (GenRSA (4096 `div` 8)), strm { spill = KF_Match "sign" }) 301 , ( Generate 3 GenEd25519, strm { spill = KF_Match "sign" })
302 , ( Generate 4 GenCv25519, strm { spill = KF_Match "tox-id" })
301 ] 303 ]
302 , opPassphrases = withAgent $ pwds ++ do pfd <- maybeToList passfd 304 , opPassphrases = withAgent $ pwds ++ do pfd <- maybeToList passfd
303 return $ PassphraseSpec Nothing Nothing pfd 305 return $ PassphraseSpec Nothing Nothing pfd
@@ -310,11 +312,16 @@ importAndRefresh root cmn cipher = do
310 -- so we'll sync the keyrings at least. 312 -- so we'll sync the keyrings at least.
311 [ ( HomeSec, buildStreamInfo KF_All KeyRingFile ) 313 [ ( HomeSec, buildStreamInfo KF_All KeyRingFile )
312 , ( HomePub, (buildStreamInfo KF_All KeyRingFile) { access = Pub } ) 314 , ( HomePub, (buildStreamInfo KF_All KeyRingFile) { access = Pub } )
315 , mktorkey -- We'll also add the torkey and UID since
316 -- otherwise this will be a strange keyring.
313 ] 317 ]
314 , opPassphrases = withAgent $ do pfd <- maybeToList passfd 318 , opPassphrases = withAgent $ do pfd <- maybeToList passfd
315 return $ PassphraseSpec Nothing Nothing pfd 319 return $ PassphraseSpec Nothing Nothing pfd
316 , opHome=homespec, opTransforms = [] 320 , opHome=homespec
321 , opTransforms = []
317 } 322 }
323 when (not bUnprivileged) $ do
324 hPutStrLn stderr "Insufficient privilege generating system service keys."
318 -- Run the all-in-one operation that generates or imports all subkeys. 325 -- Run the all-in-one operation that generates or imports all subkeys.
319 KikiResult rt report <- runKeyRing (if bUnprivileged then nop else op) 326 KikiResult rt report <- runKeyRing (if bUnprivileged then nop else op)
320 outputReport report 327 outputReport report
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-01 02:34:57 +0000