diff options
author | David Bremner <david@tethera.net> | 2022-05-05 08:29:21 -0300 |
---|---|---|
committer | Sean Whitton <spwhitton@spwhitton.name> | 2022-05-05 12:26:10 -0700 |
commit | 8cfab42bc3a063f48a3934326818f1c5f2ca9721 (patch) | |
tree | a59b70aa5fd5ad6d977ad94ff4d727bd65b6ba19 /src/data | |
parent | 54d75297ea8b190a3b91bd662deb61e670e9f9ef (diff) | |
download | consfigurator-8cfab42bc3a063f48a3934326818f1c5f2ca9721.tar.gz |
refactor use of gnupg in CONSFIGURATOR.DATA.PGP
Add a new low level function GPG, and a function GPG-FILE-AS-STRING intended
for use in the pgp data source and the future pass(1) data source. Both of
these functions support a new parameter *DATA-SOURCE-GNUPGHOME*, which allows
the user (or test suite) to control where key material is stored for accessing
data sources.
Signed-off-by: David Bremner <david@tethera.net>
Diffstat (limited to 'src/data')
-rw-r--r-- | src/data/pgp.lisp | 19 | ||||
-rw-r--r-- | src/data/util.lisp | 24 |
2 files changed, 31 insertions, 12 deletions
diff --git a/src/data/pgp.lisp b/src/data/pgp.lisp index ef258d3..d0df280 100644 --- a/src/data/pgp.lisp +++ b/src/data/pgp.lisp @@ -51,20 +51,15 @@ (cons #'check #'extract)))) (defun read-store (location) - (handler-case - (safe-read-from-string - (run-program - (sh-escape (list "gpg" "--decrypt" location)) :output :string)) - (subprocess-error (error) - (missing-data-source "While attempt to decrypt, gpg exited with ~A" - (uiop:subprocess-error-code error))))) + (safe-read-from-string + (gpg-file-as-string location))) (defun put-store (location data) - (run-program (list "gpg" "--encrypt") - :input (make-string-input-stream - (with-standard-io-syntax - (prin1-to-string data))) - :output (unix-namestring location))) + (gpg '("--encrypt") + :input (make-string-input-stream + (with-standard-io-syntax + (prin1-to-string data))) + :output (unix-namestring location))) (defun data-assoc (iden1 iden2 data) (assoc (cons iden1 iden2) data diff --git a/src/data/util.lisp b/src/data/util.lisp index 3fd8895..871eb9a 100644 --- a/src/data/util.lisp +++ b/src/data/util.lisp @@ -1,6 +1,7 @@ ;;; Consfigurator -- Lisp declarative configuration management system ;;; Copyright (C) 2022 David Bremner <david@tethera.net> +;;; Copyright (C) 2021 Sean Whitton <spwhitton@spwhitton.name> ;;; This file is free software; you can redistribute it and/or modify ;;; it under the terms of the GNU General Public License as published by @@ -38,3 +39,26 @@ may contain '/' characters to map into multiple levels of directory." (uiop:relativize-pathname-directory (ensure-directory-pathname iden1)) base-dir)))) + +(defun gpg (args &key input output) + "Run gnupg, taking homedir from *DATA-SOURCE-GNUPGHOME* if set. + +INPUT and OUTPUT have the same meaning as for RUN-PROGRAM, except that OUTPUT +defaults to :STRING. The default return value is thus the output from gnupg, +as a string." + (run-program + `("gpg" + ,@(and *data-source-gnupghome* + (list "--homedir" (namestring *data-source-gnupghome*))) + ,@args) + :input input + :output (or output :string))) + +(defun gpg-file-as-string (location) + "Decrypt the contents of a gpg encrypted file at LOCATION, return as a +string." + (handler-case + (gpg (list "--decrypt" (unix-namestring location))) + (subprocess-error (error) + (missing-data-source "While attempt to decrypt ~A, gpg exited with ~A" + location (uiop:subprocess-error-code error))))) |