diff options
author | Joey Hess <joeyh@joeyh.name> | 2016-09-22 12:33:26 -0400 |
---|---|---|
committer | Joey Hess <joeyh@joeyh.name> | 2016-09-22 12:33:26 -0400 |
commit | 336a7003b59df18326d396846bacbb69f119c7c7 (patch) | |
tree | cb17dbc1d4b6c07517e4e391f57e766e47dc4f17 | |
parent | 188cb6942a43b033d4ac8e233955522dd36a70f2 (diff) | |
download | keysafe-336a7003b59df18326d396846bacbb69f119c7c7.tar.gz |
change backup log format so it can also log when backup of a key was skipped
This will be used later when keysafe --autostart prompts if the user wants
to back up their gpg key. Making the change now before the backup log
format gets frozen.
This commit was sponsored by Josh Taylor on Patreon.
-rw-r--r-- | BackupLog.hs (renamed from BackupRecord.hs) | 62 | ||||
-rw-r--r-- | keysafe.cabal | 2 | ||||
-rw-r--r-- | keysafe.hs | 6 |
3 files changed, 40 insertions, 30 deletions
diff --git a/BackupRecord.hs b/BackupLog.hs index 88a9b68..8e48bcd 100644 --- a/BackupRecord.hs +++ b/BackupLog.hs @@ -5,11 +5,11 @@ {-# LANGUAGE DeriveGeneric, BangPatterns #-} -module BackupRecord where +module BackupLog where import Types -import Types.Cost import Types.Server +import Types.Cost import Utility.UserInfo import GHC.Generics import Data.Time.Clock.POSIX @@ -20,7 +20,13 @@ import System.Directory import System.Posix.Files import qualified Data.ByteString.Lazy as B --- | Record of a backup. +data BackupLog = BackupLog POSIXTime BackupEvent + deriving (Show, Generic) + +instance ToJSON BackupLog +instance FromJSON BackupLog + +-- | Log of a backup. -- -- If an attacker cracks the user's system and finds this stored -- on it, it should not help them recover keys from keysafe. @@ -31,41 +37,45 @@ import qualified Data.ByteString.Lazy as B -- Including the password entropy does let an attacker avoid trying -- weak passwords and go right to passwords that are strong enough, but -- this should only half the password crack time at worst. -data BackupRecord = BackupRecord - { backupDate :: POSIXTime - , backupServers :: [ServerName] - , secretKeySource :: SecretKeySource - , passwordEntropy :: Int - } deriving (Show, Generic) +data BackupEvent = BackupSkipped SecretKeySource | BackupMade + { backupServers :: [ServerName] + , backupSecretKeySource :: SecretKeySource + , backupPasswordEntropy :: Int + } + deriving (Show, Generic) --- BackupRecord is serialized as JSON. -instance ToJSON BackupRecord -instance FromJSON BackupRecord +instance ToJSON BackupEvent +instance FromJSON BackupEvent -mkBackupRecord :: [Server] -> SecretKeySource -> Entropy UnknownPassword -> IO BackupRecord -mkBackupRecord servers sks (Entropy n) = BackupRecord +mkBackupLog :: BackupEvent -> IO BackupLog +mkBackupLog evt = BackupLog <$> getPOSIXTime - <*> pure (map serverName servers) - <*> pure sks - <*> pure n + <*> pure evt + +backupMade :: [Server] -> SecretKeySource -> Entropy UnknownPassword -> BackupEvent +backupMade servers sks (Entropy n) = BackupMade + { backupServers = map serverName servers + , backupSecretKeySource = sks + , backupPasswordEntropy = n + } -backupRecordFile :: IO FilePath -backupRecordFile = do +backupLogFile :: IO FilePath +backupLogFile = do home <- myHomeDir return $ home </> ".keysafe/backup.log" -readBackupRecords :: IO [BackupRecord] -readBackupRecords = do - f <- backupRecordFile +readBackupLogs :: IO [BackupLog] +readBackupLogs = do + f <- backupLogFile e <- doesFileExist f if e then fromMaybe [] . decode <$> B.readFile f else return [] -storeBackupRecord :: BackupRecord -> IO () -storeBackupRecord r = do - !rs <- readBackupRecords - f <- backupRecordFile +storeBackupLog :: BackupLog -> IO () +storeBackupLog r = do + !rs <- readBackupLogs + f <- backupLogFile let d = takeDirectory f createDirectoryIfMissing True d setFileMode d $ diff --git a/keysafe.cabal b/keysafe.cabal index dc90e3c..02622b7 100644 --- a/keysafe.cabal +++ b/keysafe.cabal @@ -78,7 +78,7 @@ Executable keysafe Extra-Libraries: argon2 Other-Modules: AutoStart - BackupRecord + BackupLog Benchmark ByteStrings Crypto.Argon2.FFI @@ -19,7 +19,7 @@ import Cost import SecretKey import Share import Storage -import BackupRecord +import BackupLog import AutoStart import HTTP.Server import ServerBackup @@ -114,10 +114,10 @@ backup cmdline storagelocations ui tunables secretkeysource secretkey = do _ <- sis `seq` addpercent 25 let step = 50 `div` sum (map S.size shares) storeShares storagelocations sis shares (addpercent step) - backuprecord <- mkBackupRecord (mapMaybe getServer locs) secretkeysource passwordentropy + backuplog <- mkBackupLog $ backupMade (mapMaybe getServer locs) secretkeysource passwordentropy case r of StoreSuccess -> do - storeBackupRecord backuprecord + storeBackupLog backuplog if queued then do willautostart <- isAutoStartFileInstalled |