On 18/06/07, Gavin Beatty <[EMAIL PROTECTED]> wrote:
The problem stems from storing configs in a git repository. Here, all files are either chmoded 0655 or 0755 meaning anyone knowing where to look can find my wpa2 passphrase. What I would _like_ is for ordinary user gavin (who owns the repository), to be able to `sudo make install`, be asked for the symmetric key passphrase for the file (via gpg), cmake to install the decrypted file and remove it post install. This way I only have to store the encrypted file in the repository and the unfortunately permissive permissions are not an issue.Thanks for your tips. On 17/06/07, Jack Kelly <[EMAIL PROTECTED]> wrote: > Gavin Beatty wrote: > > Hello, > > > > Apologies if this is silly/misplaced/misguided. > > > > I'd like a way to automate decrypting (via gpg) a file, installing the > > decrypted form and removing the temporary decrypted file from the > > cmake dir. > > > > I have tried: > > <code> > > MACRO(ETC_WPA_INSTALL src) > > EXEC_PROGRAM(gpg > > ARGS -o ${src} -d "${src}.encrypted" > > ) > > INSTALL(FILES ${src} > > DESTINATION /etc/wpa_supplicant > > PERMISSIONS OWNER_READ OWNER_WRITE > > RENAME wpa_supplicant.conf > > ) > > FILE(REMOVE ${src}) > > ENDMACRO(ETC_WPA_INSTALL src) > > </code> > > > > but the INSTALL doesn't actually run until `make install` (as > > expected) whereas everything else does. So I get a decrypted file > > which is immediately removed when I run `cmake .`! How silly of me > > > > Is there a way to have the decryption as a dependency of install > > target and have the removal at the end also? > > > > How would you implement this? > > Something to think about: > You want to decrypt and install the file without leaving it around in > the build dir. Why? If you're doing an install, the person installing it > should be root and therefore trustworthy (they'll have read access to > /etc/wpa_supplicant.conf, anyway). Then there's the problem of the > decryption key. If your build system can get this key, surely the user > can, too. > > Killing the make process at the right moment would leave the decrypted > file lying around, as well. > > Is what you think you want what you actually need? > > Perhaps you should look at INSTALL(CODE "<Some CMake Code>") which > executes CMake code during installation. I'll stab in the dark here with: > > FIND_PROGRAM(INSTALL_EXECUTABLE install) > IF(NOT INSTALL_EXECUTABLE) > # Die, somehow > ENDIF(NOT INSTALL_EXECUTABLE) > > FIND_PROGRAM(GPG_EXECUTABLE gpg) > IF(NOT GPG_EXECUTABLE) > # Die > ENDIF(NOT GPG_EXECUTABLE) > > MACRO(ETC_WPA_INSTALL FILE) > EXEC_PROGRAM(${GPG_EXECUTABLE} ARGS -o ${FILE} -d ${FILE}.encrypted) > EXEC_PROGRAM(${INSTALL_EXECUTABLE) -m 600 ${FILE} > /etc/wpa_supplicant/wpa_supplicant.conf) > FILE(REMOVE ${FILE}) > ENDMACRO(ETC_WPA_INSTALL) > > INSTALL(CODE "ETC_WPA_INSTALL(file)") > > This isn't so great because it depends on an install program, but it > might get you thinking. > > -- Jack > _______________________________________________ > CMake mailing list > [email protected] > http://www.cmake.org/mailman/listinfo/cmake > -- www.mathsoc.com
-- www.mathsoc.com _______________________________________________ CMake mailing list [email protected] http://www.cmake.org/mailman/listinfo/cmake
