From 1822704b7cb39eb890b81b270143e7d9eb319f2b Mon Sep 17 00:00:00 2001
From: joe <joe@jerkface.net>
Date: Sun, 1 May 2016 22:51:52 +0000
Subject: Handle ipsec.secret

---
 lib/Kiki.hs | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'lib/Kiki.hs')

diff --git a/lib/Kiki.hs b/lib/Kiki.hs
index 121826b..dc228bb 100644
--- a/lib/Kiki.hs
+++ b/lib/Kiki.hs
@@ -271,6 +271,10 @@ refreshCache rt rootdir = do
             wr f bs
         write = write' writeFile
         writeL = write' L.writeFile
+        writeL077 f bs = do
+            old_umask <- setFileCreationMask 0o077
+            writeL f bs
+            setFileCreationMask old_umask
 
     let names = do wk <- rtWorkingKey rt
                    -- XXX unnecessary signature check
@@ -313,6 +317,11 @@ refreshCache rt rootdir = do
                 (mkpath "ipsec.d/private/" ++ Char8.unpack oname++".pem")
                 "missing ipsec key?"
 
+    -- TODO: probably we should add multiple entries for the case that there
+    -- are multiple secret master-keys each with distinct tor and ipsec keys.
+    writeL077 (mkpath "ipsec.secrets")
+        $ ": RSA /var/cache/kiki/config/ipsec.d/private/" <> oname <> ".pem"
+
     writeSecret "ssh-client"
                 (mkpath "root/.ssh/id_rsa")
                 "missing ssh-client key?"
-- 
cgit v1.2.3