arver 0.0.5 → 0.1.0

data/CHANGELOG.textile

@@ -1,4 +1,9 @@
-=== 0.0.4 2012-04-30
+=== 0.1.0 2012-04-30
+
+* Fixed documentation
+* Let's call this a release!
+
+=== 0.0.5 2012-04-30
 
 * Updated to run with ruby 1.9
 * Validate gpg fingerprints

data/README.textile

@@ -1,53 +1,73 @@
 h1. arver
 
-* https://git.codecoop.org/projects/arver
-
-h2. DESCRIPTION:
+h2. Synopsis
 
 arver is a tool to manage encrypted harddisks.
 
-Imagine you are a collective with several admin members. Your servers have 
-diffrent LUKS encrypted devices.
-
-Either you would need 1 password for every device which everyone needs to know
-or you use arver! Arver has 1 password for each device and for each member. This
-password is stored encrypted with the personal gpg-key in the data directory.
-The admins only need to know the password to the their own gpg secret key.
-
-This has the following advantages:
-
-* No need to share passwords or password patterns
-** Often people share passwords amongst each another. This has the drawback that
-   in case of an emergency every password needs to be changed. Which means that
-   everyone else needs to learn a bunch of new passwords and changing these
-   passwords is also quite cumbersome and time consuming.
-** As the amount of passwords might grow with your disks and hosts you will start
-   using a password pattern to derive passwords for each disk from that pattern.
-   This has the drawback that you can hardly share only partial access to disks
-   with a certain admin, as if she knows the pattern she will also likely have
-   access to every other disk. Furthermore, if once one password is leaked and
-   the patter is easily visible, all the other passwords are also compromised.
-* Managing your encrypted harddisks is scriptable, which means that you can
-  recover much faster from outages
-* Revoking access for an admin is scriptable and therefore done in one call and
-  also much safer than revoking manually for each disk.
-* Finer grained access. As for each user and each disk there will be a seperate
-  password by design. You can also grant access to certain disks also only
-  selectively. So for example new admins in your group can only open the disks
-  for your most important services or for which they are respnsible, while access
-  to the other disks is restriced to other admins.
+It is tailored for fine-grained access control to LUKS encrypted harddisks by 
+many users. Additionally it supports automation through scripts and facilitates
+key distribution. 
+
+As an example it can be used in an organisation to grant access to encrypted 
+partitions to a team of admins.
+
+h2. Addressed Problems
+
+In a traditional setup with multiple LUKS devices most organisations resort
+to password sharing. This has multiple drawbacks, which arver tries to address:
+
+* In case of an emergency or scheduled password change, everyone needs to learn
+  a bunch of new passwords and changing them is cumbersome and time consuming.
+* If the password is leaked, all disks are compromised.
+* As the amount of passwords grows with the number of disks, password patterns
+  are common. This has the drawback that you can't grant per-disk access to others.
+
+Further arver can ease many associated tasks:
+
+* Arver is scriptable - all actions support script hooks, which means that you can
+  recover much faster from outages.
+* Revoking all access for an admin can be done with only one command.
+* Since arver keys are encrypted using publickey cryptography it is very easy to
+  safely distribute arver keys.
 
 h1. Usage
 
 arver ships with a detailed man page, describing the usage in detail. 
 
+h1. Installation
+
+The easiest way to install arver is by gem
+
+  sudo gem install arver
+
+This will install all required dependecies automatically. If your distributions
+contains an arver package we recommend installation by your package manager.
+
+The following ruby gems are required for arver:
+
+* gpgme 2
+* activesupport 2
+* escape
+
+For development you will need the following additional gems:
+
+* rake
+* cucumber
+* rspec
+
+h1. Requirements
+
+arver only works with cryptsetup-luks >= 1.0.5 as previous versions do not
+support key slots properly for our usage.
+
 h1. Limitations
 
+* arver only supports LUKS as backend.
 * arver supports only up to 8 users as LUKS has only 8 key slots (LUKS NUMKEYS).
 
-h1. Known Issues
+h2. Known Issues
 
-h2. GPGME and gpg-agent
+h3. GPGME and gpg-agent
 
 If arver asks you multiple times for the password, you might consider to use
 gpg-agent, so you can decrypt your keypair once and the use it for all your
@@ -68,31 +88,6 @@ script. An option is to add the following entry to your .bashrc
       export GPG_AGENT_INFO
     fi
 
-h1. Requirements
-
-arver only works with cryptsetup-luks >= 1.0.5 as previous versions do not
-support key slots properly for our usage.
-
-h1. Installation
-
-The easiest way to install arver is by gem
-
-  sudo gem install arver
-
-This will install all required dependecies automatically. If your distributions
-contains an arver package we recommend installation by your package manager.
-
-The following ruby gems are required for arver:
-
-* gpgme 2
-* activesupport 2
-* escape
-
-For development you will need the following additional gems:
-
-* rake
-* cucumber
-* rspec
 
 h1. License
 

data/lib/arver/cli.rb

@@ -27,16 +27,13 @@ module Arver
           Options:
         BANNER
         opts.on("-c", "--config-dir PATH", String,
-                "Path to config dir.",
-                "Default: .arver") { |arg| options[:config_dir] = arg }
+                "Path to arverdata dir.") { |arg| options[:config_dir] = arg }
         opts.on("-u", "--user NAME", String,
-                "Username." ) { |arg| options[:user] = arg }
+                "Your username." ) { |arg| options[:user] = arg }
         opts.on("-h", "--help",
                 "Show this help message.") { Arver::Log.write opts; return }
-        opts.on("--dry-run",
-                "Test your command.") { options[:dry_run] = true }
         opts.on("--ask-password",
-                "Ask for Password when --add-user.") { options[:ask_password] = true }
+                "Ask for an existing LUKS password when adding a new user.") { options[:ask_password] = true }
         opts.on("-t", "--trust-all",
                 "Use untrusted GPG Keys.") { options[:trust_all] = true }
         opts.on("--force",
@@ -47,33 +44,35 @@ module Arver
                 "Verbose") { Arver::Log.level( Arver::LogLevels::Debug ) }
         opts.on("--vv",
                 "Max Verbose") { Arver::Log.level( Arver::LogLevels::Trace ) }
-        opts.on( "-l", "--list-targets",
-                "List targets." ) { options[:action] = :list; }
-        opts.on( "-g", "--garbage-collect",
-                "Expunge old keys." ) { options[:action] = :gc; }
-        opts.on( "-k TARGET", "--keys TARGET", String,
-                "List local keys for this target.") { |arg| options[:argument][:target] = arg; options[:action] = :key_info; }
+        opts.on("--dry-run",
+                "Test your command.") { options[:dry_run] = true }
         opts.on("--test-mode",
                 "Test mode (internal use)") { options[:test_mode] = true }
         opts.separator "Targets:"
         opts.on(
-                "        Possible Paths are: 'Group', 'Host', 'Device', 'Host/Device',\n"+
-                "        'Group/Host/Device' or 'ALL'.\n"+
-                "        Multiple Parameters can be given as comma separated list.\n"+
-                "        Ambigues Target parameters will not be executed." )
+                "        Possible targets are: '<Group>', '<Host>', '<Disk>', '<Host>/<Device>',\n"+
+                "        '<Group>/<Host>/<Disk>' or 'ALL'.\n"+
+                "        Multiple parameters can be given as comma separated list.\n"+
+                "        Ambigues targets yield an error." )
         opts.separator "Actions:"
-        opts.on_tail( "--create TARGET", String,
-                "Create new arver partition on Target." ) { |arg| options[:argument][:target] = arg; options[:action] = :create; }
         opts.on_tail( "-o TARGET", "--open TARGET", String,
                 "Open target." ) { |arg| options[:argument][:target] = arg; options[:action] = :open; }
         opts.on_tail( "-c TARGET", "--close TARGET", String,
                 "Close target." ) { |arg| options[:argument][:target] = arg; options[:action] = :close; }
+        opts.on_tail( "--create TARGET", String,
+                "Create new arver partition on the target." ) { |arg| options[:argument][:target] = arg; options[:action] = :create; }
         opts.on_tail( "-a USER TARGET", "--add-user USER TARGET", String,
                 "Add a user to target.") { |user| options[:action] = :adduser; options[:argument][:user] = user;  }
         opts.on_tail( "-d USER TARGET", "--del-user USER TARGET", String,
                 "Remove a user from target.") { |user| options[:action] = :deluser; options[:argument][:user] = user;  }
+        opts.on_tail( "-g", "--garbage-collect",
+                "Expunge old keys." ) { options[:action] = :gc; }
+        opts.on_tail( "-k TARGET", "--keys TARGET", String,
+                "List local keys for this target.") { |arg| options[:argument][:target] = arg; options[:action] = :key_info; }
         opts.on_tail( "-i TARGET", "--info TARGET", String,
                 "LUKS info about a target.") { |arg| options[:argument][:target] = arg; options[:action] = :info; }
+        opts.on_tail( "-l", "--list-targets",
+                "List targets." ) { options[:action] = :list; }
         
         begin
           opts.parse!(arguments)

data/lib/arver/version.rb

@@ -1,3 +1,3 @@
 module Arver
-  VERSION = '0.0.5'
+  VERSION = '0.1.0'
 end

data/man/arver.5

@@ -10,8 +10,7 @@
 .
 .nf
 
-arver [\-u user] [\-c arverdata] [OPTIONS] \-t TARGET ACTION
-arver [\-u user] [\-c arverdata] [OPTIONS] ACTION
+arver [\-u user] [\-c arverdata] [OPTIONS] ACTION [USER] [TARGET]
 .
 .fi
 .
@@ -26,12 +25,15 @@ There are some generic command line options:
 .
 .TP
 \fB\-u USER\fR, \fB\-\-user USER\fR
-By default \fBarver\fR will read \fB~/\.arver\fR to get your username\. Using \fB\-u USER\fR you can override or specify it aswell\.
+By default \fBarver\fR will read \fB~/\.arver\fR to get your username\. Using \fB\-u USER\fR you can override it\.
 .
 .TP
 \fB\-c PATH\fR, \fB\-\-config\-dir PATH\fR
 By default \fBarver\fR will assume your data storage in \fB~/\.arverdata\fR\. However, if you have multiple data storage or you want to put it to a different location you can use the \fB\-c PATH\fR option\.
 .
+.P
+For more options see \fBarver \-h\fR
+.
 .SH "ACTIONS"
 The following actions are supported:
 .
@@ -91,7 +93,7 @@ But the TARGET option accepts also partial names and lists\. E\.g
 .
 .nf
 
-\-t location1,location2/host2,host4,disk3
+location1,location2/host2,host4,disk3
 .
 .fi
 .
@@ -423,6 +425,9 @@ If you use a version controll system to store your \fBarverdata\fR you should do
 \fBcryptsetup\fR(8)\. \fBgnupg\fR(7)\.
 .
 .P
+Arver description: \fIhttps://tech\.immerda\.ch/2011/08/arver\-distributed\-luks\-key\-management/\fR
+.
+.P
 Arver project site: \fIhttps://git\.codecoop\.org/projects/arver/\fR
 .
 .P

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: arver
 version: !ruby/object:Gem::Version
-  version: 0.0.5
+  version: 0.1.0
   prerelease: 
 platform: ruby
 authors:
@@ -15,7 +15,7 @@ date: 2012-04-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: gpgme
-  requirement: &17808380 !ruby/object:Gem::Requirement
+  requirement: &12106580 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -23,10 +23,10 @@ dependencies:
         version: 2.0.0
   type: :runtime
   prerelease: false
-  version_requirements: *17808380
+  version_requirements: *12106580
 - !ruby/object:Gem::Dependency
   name: escape
-  requirement: &17807680 !ruby/object:Gem::Requirement
+  requirement: &12105920 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -34,10 +34,10 @@ dependencies:
         version: 0.0.2
   type: :runtime
   prerelease: false
-  version_requirements: *17807680
+  version_requirements: *12105920
 - !ruby/object:Gem::Dependency
   name: activesupport
-  requirement: &17807020 !ruby/object:Gem::Requirement
+  requirement: &12105360 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - <
@@ -45,10 +45,10 @@ dependencies:
         version: 3.0.0
   type: :runtime
   prerelease: false
-  version_requirements: *17807020
+  version_requirements: *12105360
 - !ruby/object:Gem::Dependency
   name: cucumber
-  requirement: &17806360 !ruby/object:Gem::Requirement
+  requirement: &12104740 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -56,10 +56,10 @@ dependencies:
         version: 0.10.2
   type: :development
   prerelease: false
-  version_requirements: *17806360
+  version_requirements: *12104740
 - !ruby/object:Gem::Dependency
   name: rspec
-  requirement: &17805500 !ruby/object:Gem::Requirement
+  requirement: &12104120 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -67,10 +67,10 @@ dependencies:
         version: 2.5.0
   type: :development
   prerelease: false
-  version_requirements: *17805500
+  version_requirements: *12104120
 - !ruby/object:Gem::Dependency
   name: rake
-  requirement: &17803600 !ruby/object:Gem::Requirement
+  requirement: &12103560 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -78,7 +78,7 @@ dependencies:
         version: 0.9.2
   type: :development
   prerelease: false
-  version_requirements: *17803600
+  version_requirements: *12103560
 description: Arver helps you to manage a large amount of crypted devices easily and
   safe amongst a certain amount of members
 email: arver@lists.immerda.ch