alox-gandalf 0.0.10 → 0.0.11

data/exec/_gandalf

@@ -0,0 +1,16 @@
+#!/bin/bash
+
+if [[ "$#" > 0 ]]; then
+  GANDALF="$1"; shift
+fi
+
+if [[ -z "${GANDALF:-}" ]]; then
+  GANDALF="$(pwd -P)"
+fi
+
+export GANDALF
+
+if [[ ! -x "$(type -P gpg 2>&-)" ]]; then
+  echo "ERROR: could not find gpg tool" 1>&2
+  false
+fi

data/exec/_gandalf_

@@ -0,0 +1,24 @@
+function keys_path {
+  echo "$GANDALF/$(ryaml "$GANDALF/config/gandalf.yml" keys_path)"
+}
+
+function keys {
+  ryaml "$GANDALF/config/gandalf.yml" bundle "$nm_bundle" keys | awk '$1 == "-" { print $NF }' | xargs --
+}
+
+function secrets_path {
+  echo "$GANDALF/$(ryaml "$GANDALF/config/gandalf.yml" bundle "$nm_bundle" secrets_path)"
+}
+
+function recipients {
+  local _a
+  for _a in $(keys); do
+    echo -n " -r $_a"
+  done
+} 
+
+function gpg {
+  logger_info "gpg $@"
+  "$(type -P gpg)" "$@"
+}
+

data/exec/edit-secrets

@@ -0,0 +1,58 @@
+#!/bin/bash
+
+#/ NAME
+#/     edit bundle -- edit a password bundle
+#/
+#/ SYNOPSIS
+#/     edit bundle name
+
+# figure out the project root under which bin, lib live
+shome="$(cd -P -- "$(dirname -- "$BASH_SOURCE")/.." && pwd -P)"
+
+# load a jason bourne library
+source _jason
+require gandalf "${GANDALF:-}"
+require gandalf_
+
+readonly cfg_gandalf="$GANDALF/config/gandalf.yml"
+
+# entry point
+function main {
+  if [[ "$#" = 0 ]]; then
+    local default_bundle="$(ryaml $cfg_gandalf bundle default)"
+    if [[ -n "$default_bundle" ]]; then
+      set -- "$default_bundle" "$@"
+    fi
+  fi
+
+  if [[ "$#" = 0 ]]; then
+    logger_fatal "missing name of secrets bundle"
+    exit 1
+  fi
+
+  readonly local nm_bundle="$1"; shift
+  readonly local tmp_keyring="$(mktemp -t XXXXXXXXX)"
+
+  set +f
+  gpg --no-default-keyring --keyring "$tmp_keyring" --import "$(keys_path)/"*
+  set -f
+
+  readonly local tmp_container="$(mktemp -d -t XXXXXXXXX)"
+  readonly local tmp_buffer="$(TMPDIR="$tmp_container" mktemp -t XXXXXXXXX)"
+
+  git pull
+  gpg -a -d "$(secrets_path)/${nm_bundle}.gpg" > "$tmp_buffer"
+  "${EDITOR:-vim}" "$tmp_buffer"
+
+  readonly local tmp_bundle="$(mktemp -t XXXXXXXXX)"
+  if gpg --yes --trust-model always --no-default-keyring --keyring "$tmp_keyring" -a -e -o "$tmp_bundle" $(recipients) "$tmp_buffer"; then
+    mv -f "$tmp_bundle" "$(secrets_path)/$nm_bundle.gpg"
+  else
+    rm -f "$tmp_bundle"
+  fi
+
+  rm -f "$tmp_keyring" "$tmp_buffer"
+  rmdir "$tmp_container"
+}
+
+require sub "$BASH_SOURCE" "$@"

data/exec/new-key

@@ -0,0 +1,46 @@
+#!/bin/bash
+
+#/ NAME
+#/     new key -- create a new gpg key
+#/
+#/ SYNOPSIS
+#/     new key email
+
+# figure out the project root under which bin, lib live
+shome="$(cd -P -- "$(dirname -- "$BASH_SOURCE")/.." && pwd -P)"
+
+# load a jason bourne library
+source _jason
+require gandalf "${GANDALF:-}"
+require gandalf_
+
+readonly cfg_gandalf="$GANDALF/config/gandalf.yml"
+
+# entry point
+function main {
+  if [[ "$#" = 0 ]]; then
+    logger_fatal "missing email"
+    exit 1
+  fi
+
+  readonly local email="$1"; shift
+  readonly local tmp_genkey="$(mktemp -t XXXXXXXXX)"
+
+  cat > "$tmp_genkey" <<EOF
+Key-Type: RSA
+Key-Length: 2048
+Subkey-Type: RSA
+Subkey-Length: 2048
+Name-Email: $email
+Expire-Date: 1y
+%commit
+EOF
+
+  gpg --batch --gen-key "$tmp_genkey"
+  rm -f "$tmp_genkey"
+  gpg --edit-key "$email" passwd save
+
+  gpg --export -a "$email" > "$(keys_path)/$email"
+}
+
+require sub "$BASH_SOURCE" "$@"

data/exec/new-secrets

@@ -0,0 +1,43 @@
+#!/bin/bash
+
+#/ NAME
+#/     new bundle -- create a new password bundle
+#/
+#/ SYNOPSIS
+#/     new bundle name
+
+# figure out the project root under which bin, lib live
+shome="$(cd -P -- "$(dirname -- "$BASH_SOURCE")/.." && pwd -P)"
+
+# load a jason bourne library
+source _jason
+require gandalf "${GANDALF:-}"
+require gandalf_
+
+readonly cfg_gandalf="$GANDALF/config/gandalf.yml"
+
+# entry point
+function main {
+  if [[ "$#" = 0 ]]; then
+    logger_fatal "missing name of secrets bundle"
+    exit 1
+  fi
+
+  readonly local nm_bundle="$1"; shift
+  readonly local tmp_keyring="$(mktemp -t XXXXXXXXX)"
+
+  set -x
+  keys
+  set +x
+
+  local _rcpt
+  for _rcpt in $(keys); do
+    gpg --no-default-keyring --keyring "$tmp_keyring" --import "$(keys_path)/$_rcpt"
+  done
+
+  echo "---" | gpg --no-default-keyring --keyring "$tmp_keyring" -a -e -o "$(secrets_path)/$nm_bundle.gpg" $(recipients)
+
+  rm -f "$tmp_keyring"
+}
+
+require sub "$BASH_SOURCE" "$@"

data/exec/show-secrets

@@ -0,0 +1,38 @@
+#!/bin/bash
+
+#/ NAME
+#/     list bundle -- list the bundle for a bundle
+#/
+#/ SYNOPSIS
+#/     list bundle name
+
+# figure out the project root under which bin, lib live
+shome="$(cd -P -- "$(dirname -- "$BASH_SOURCE")/.." && pwd -P)"
+
+# load a jason bourne library
+source _jason
+require gandalf "${GANDALF:-}"
+require gandalf_
+
+readonly cfg_gandalf="$GANDALF/config/gandalf.yml"
+
+# entry point
+function main {
+  if [[ "$#" = 0 ]]; then
+    local default_bundle="$(ryaml $cfg_gandalf bundle default)"
+    if [[ -n "$default_bundle" ]]; then
+      set -- "$default_bundle" "$@"
+    fi
+  fi
+
+  if [[ "$#" = 0 ]]; then
+    logger_fatal "missing name of secrets bundle"
+    exit 1
+  fi
+
+  readonly local nm_bundle="$1"; shift
+
+  gpg -a -d "$(secrets_path)/${nm_bundle}.gpg"
+}
+
+require sub "$BASH_SOURCE" "$@"

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: alox-gandalf
 version: !ruby/object:Gem::Version
-  version: 0.0.10
+  version: 0.0.11
   prerelease: 
 platform: ruby
 authors:
@@ -19,7 +19,13 @@ email:
 executables: []
 extensions: []
 extra_rdoc_files: []
-files: []
+files:
+- exec/_gandalf
+- exec/_gandalf_
+- exec/edit-secrets
+- exec/new-key
+- exec/new-secrets
+- exec/show-secrets
 homepage: https://github.com/destructuring/gandalf
 licenses: []
 post_install_message: