arver 0.0.5

data/lib/arver/close_action.rb

@@ -0,0 +1,61 @@
+module Arver
+  class CloseAction < Action
+
+    def verify?( partition )
+      unless( Arver::LuksWrapper.open?(partition).execute )
+        Arver::Log.error( partition.name+" not open. skipping." )
+        return false
+      end
+      true
+    end
+
+    def execute_partition( partition )
+      Arver::Log.info( "closing: "+partition.path )
+      caller = Arver::LuksWrapper.close( partition )
+      unless( caller.execute )
+        Arver::Log.error( "Aborting: Something went wrong when closing "+partition.name+":\n"+caller.output )
+        throw( :abort_action )
+      end
+    end
+
+    def pre_host( host )
+      return if host.pre_close.nil?
+      Arver::Log.info( "Running script: " + host.pre_close + " on " + host.name )
+      c = Arver::SSHCommandWrapper.create( host.pre_close, [] , host, true )
+      unless c.execute
+        Arver::Log.error( "Aborting: pre_close on #{host.name} failed:\n"+c.output )
+        throw( :abort_action )
+      end
+    end
+
+    def pre_partition( partition )
+      return if partition.pre_close.nil?
+      Arver::Log.info( "Running script: " + partition.pre_close + " on " + partition.parent.name )
+      c = Arver::SSHCommandWrapper.create( partition.pre_close, [] , partition.parent, true )
+      unless c.execute
+        Arver::Log.error( "Aborting: pre_close on #{partition.name} failed:\n"+c.output )
+        throw( :abort_action )
+      end
+    end
+
+    def post_partition( partition )
+      return if partition.post_close.nil?
+      Arver::Log.info( "Running script: " + partition.post_close + " on " + partition.parent.name )
+      c = Arver::SSHCommandWrapper.create( partition.post_close, [] , partition.parent, true )
+      unless c.execute
+        Arver::Log.error( "Aborting: post_close on #{partition.name} failed:\n"+c.output )
+        throw( :abort_action )
+      end
+    end
+
+    def post_host( host )
+      return if host.post_close.nil?
+      Arver::Log.info( "Running script: " + host.post_close + " on " + host.name )
+      c = Arver::SSHCommandWrapper.create( host.post_close, [] , host, true )
+      unless c.execute
+        Arver::Log.error( "Aborting: post_close on #{host.name} failed:\n"+c.output )
+        throw( :abort_action )
+      end
+    end
+  end
+end

data/lib/arver/command_wrapper.rb

@@ -0,0 +1,42 @@
+module Arver
+  class CommandWrapper
+
+    attr_accessor :command, :arguments_array, :return_value, :output
+  
+    def self.create( cmd, args = [] )
+      c = CommandWrapper.new
+      c.command= cmd
+      c.arguments_array= args
+      c
+    end
+
+    def escaped_command
+      Escape.shell_command([ command ] + arguments_array )
+    end
+  
+    def execute( input = "" )
+      Arver::Log.trace( "** Execute: "+self.escaped_command )
+      self.run( escaped_command, input )
+    end
+    
+    
+    def success?
+      return_value == 0
+    end
+    
+    def run( command, input )
+      if( Arver::RuntimeConfig.instance.test_mode || Arver::RuntimeConfig.instance.dry_run )
+        self.output= ""
+        self.return_value= 0
+      else
+        IO.popen( command, "w+") do |pipe|
+          pipe.puts( input ) unless input.empty?
+          pipe.close_write
+          self.output= pipe.read
+        end
+        self.return_value= $?.exitstatus
+      end
+      self.success?
+    end
+  end
+end

data/lib/arver/config.rb

@@ -0,0 +1,54 @@
+module Arver
+  class Config
+    
+    attr_accessor :tree, :users
+    
+    include Singleton
+    
+    def initialize
+      @tree = Arver::Tree.new
+      @users = {}
+    end
+    
+    def path
+      File.expand_path( Arver::LocalConfig.instance.config_dir )
+    end
+    
+    def load
+      if( ! File.exists?( path ) )
+        Arver::Log.error( "config-dir "+path+" does not exist" )
+        exit
+      end
+      @users= ( load_file( path+"/users" ) )
+      tree.clear
+      tree.from_hash( load_file( path+"/disks" ) )
+    end
+    
+    def load_file( filename )
+      YAML.load( File.read(filename) ) if File.exists?( filename )
+    end
+    
+    def save
+      FileUtils.mkdir_p( path ) unless File.exists?( path )
+      File.open( path+"/users", 'w' ) { |f| f.write( users.to_yaml ) }
+      File.open( path+"/disks", 'w' ) { |f| f.write( tree.to_yaml ) }
+    end
+    
+    def exists?( user )
+      ! users[user].nil?
+    end
+
+    def gpg_key user
+      users[user]['gpg'] if exists?(user)
+    end
+
+    def slot user
+      users[user]['slot'] if exists?(user)
+    end
+    
+    def == other
+      return tree == other.tree && users == other.users if other.is_a?(Arver::Config)
+      false
+    end
+  end
+end

data/lib/arver/create_action.rb

@@ -0,0 +1,58 @@
+module Arver
+  class CreateAction < Action
+    
+    def initialize( target_list )
+      super( target_list )
+      self.open_keystore
+      self.new_key_generator
+    end
+
+    def verify?( partition )
+        key = self.keystore.luks_key( partition )
+        if( ! key.nil? and ! Arver::RuntimeConfig.instance.force )
+          Arver::Log.warn( "DANGEROUS: you do have already a key for partition #{partition.path} (apply --force to continue)" )
+          return false
+        end
+        true
+    end
+    
+    def execute_partition( partition )
+      Arver::Log.info( "creating: "+partition.path )
+      
+      slot_of_user = Arver::Config.instance.slot( Arver::LocalConfig.instance.username )
+      Arver::Log.debug( "generating a new key for partition #{partition.device} on #{partition.path}" )
+
+      # checking if disk is not already LUKS formatted
+      Arver::Log.debug( "checking if disk is already LUKS formatted." )
+      Arver::Log.info( "!! if the next line reads 'Command failed' please ignore it! (sorry this will become more sane soon) !!" )
+
+      caller = Arver::LuksWrapper.dump( partition )
+      caller.execute
+      
+      if caller.output.include?('LUKS header information') then
+        Arver::Log.warn( "VERY DANGEROUS: the partition #{partition.device} is already formatted with LUKS - returning (continue with --violence)" ) 
+        Arver::Log.warn( "If you wish to integrate an existing disk into arver use --add-user #{Arver::LocalConfig.instance.username} instead." ) 
+        if Arver::RuntimeConfig.instance.violence then
+          Arver::Log.info( "you applied --violence, so we will continue ..." )
+        else
+          Arver::Log.info( "for more information see /tmp/luks_create_error.txt" )
+          system("echo \"#{caller.output}\" > /tmp/luks_create_error.txt")
+          throw( :abort_action ) if not Arver::RuntimeConfig.instance.violence
+        end
+      end
+      
+      Arver::Log.trace( "starting key generation..." )
+      key = self.generator.generate_key( Arver::LocalConfig.instance.username, partition )
+      caller = Arver::LuksWrapper.create( slot_of_user.to_s, partition )
+      caller.execute( key )
+      unless( caller.success? )
+        Arver::Log.error( "Could not create Partition!" )
+        self.generator.remove_key( Arver::LocalConfig.instance.username, partition )
+      end
+    end
+    
+    def post_action
+      self.generator.dump
+    end
+  end
+end

data/lib/arver/deluser_action.rb

@@ -0,0 +1,34 @@
+module Arver
+  class DeluserAction < Action
+    def initialize( target_list )
+      super( target_list )
+      self.open_keystore
+    end
+    
+    def needs_target_user?
+      true
+    end
+    def verify_key_on_target( username )
+      #del user needs no key, slot number is enough
+      true
+    end
+    
+    def verify?( partition )
+      unless( load_key( partition ) )
+        Arver::Log.error( "No permission on " + partition.path )
+        return false
+      end
+      true
+    end
+    
+    def execute_partition( partition )
+      Arver::Log.info( "remove user user #{target_user} (slot-no #{slot_of_target_user.to_s}) from #{partition.path}" )
+      
+      caller = Arver::LuksWrapper.killSlot( slot_of_target_user.to_s, partition )
+      caller.execute( key )
+      unless( caller.success? )
+        Arver::Log.error( "Could not remove user:\n" + caller.output )
+      end
+    end
+  end
+end

data/lib/arver/gc_action.rb

@@ -0,0 +1,12 @@
+module Arver
+  class GCAction < Action
+    def initialize( target_list )
+      super( target_list )
+      self.open_keystore
+    end
+    
+    def post_action
+      keystore.save
+    end
+  end
+end

data/lib/arver/gpg_key_manager.rb

@@ -0,0 +1,80 @@
+module Arver
+  class GPGKeyManager
+    class << self
+      def _key_of( user )
+        conf = Arver::Config.instance
+        fp = conf.gpg_key( user )
+        return false if fp.nil?
+        fp = fp.gsub(" ","")
+        key = GPGME::Key.find(:public, fp)
+        if key.size != 1
+          return false
+        end
+        key = key.first
+        if fp.size == 40 && fp != key.fingerprint
+          return false
+        end
+        key
+      end
+
+      def key_of( user )
+        key = _key_of( user )
+        unless key
+          Arver::Log.error( "There is no unique gpg key for #{user} with the fiven fingerprint available." )
+          return false
+        end
+        key
+      end
+      
+      def check_key_of( user )
+        conf = Arver::Config.instance
+        fp = conf.gpg_key( user )
+        if fp.nil?
+          Arver::Log.error( "#{user} has no gpg fingerprint defined." )
+          return false
+        end
+        fp = fp.gsub(" ","")
+        if fp.size != 40
+          Arver::Log.error( "Please use the full fingerprint to define the gpg key for #{user}. The current config might be ambiguous." )
+        end
+        
+        if( Arver::RuntimeConfig.instance.test_mode )
+          `gpg --import ../spec/data/fixtures/test_key 2> /dev/null`
+        end
+
+        config_path = Arver::LocalConfig.instance.config_dir
+        FileUtils.mkdir_p "#{config_path}/keys/public" unless File.exists?( "#{config_path}/keys/public" )
+        key = _key_of( user )
+        user_pubkey_file = config_path+"/keys/public/"+user
+        on_disk = File.exists?( user_pubkey_file )
+        
+        if ! key && ! on_disk
+          Arver::Log.error( "No publickey for #{user} found. Aborting all actions." )
+          return false
+        end
+        if ! key && on_disk
+          Arver::Log.warn( "Importing Publickey for #{user} from #{user_pubkey_file} into gpg keyring." )
+          key_import = File.read( user_pubkey_file )
+          GPGME::Key.import(key_import)
+          key = _key_of( user )
+        end
+        if key 
+          if( ! Arver::RuntimeConfig.instance.trust_all && key.owner_trust != 5 )
+            Arver::Log.error( "You do not trust the key of #{user}!\nYou have to set the trust-level using 'gpg --edit-key #{key.primary_subkey.keyid}'.\nYou should verify the fingerprint over a secure channel." );
+            return false
+          end
+          key_export = key.export( :armor => true ).read
+          if on_disk
+            key_on_disk = File.read( user_pubkey_file )
+            return true if key_on_disk == key_export
+          end
+          File.open( user_pubkey_file, 'w' ) do |f|
+            f.write( key_export )
+          end
+        end
+        true
+      end
+    end
+  end
+end
+

data/lib/arver/host.rb

@@ -0,0 +1,74 @@
+module Arver
+  class Host
+    
+    attr_accessor :port, :username
+    attr_writer :address
+    
+    include Arver::PartitionHierarchyNode
+    include Arver::NodeWithScriptHooks
+      
+    def initialize( name, hostgroup )
+      self.name = name
+      self.parent = hostgroup
+    end
+    
+    def add_partition(partition)
+      add_child(partition)
+    end
+    
+    def partition(name)
+      child(name)
+    end
+    
+    def address
+      return @address unless @address.nil?
+      self.name
+    end
+
+    def port
+      return @port unless @port.nil?
+      '22'
+    end
+
+    def username
+      return @username unless @username.nil?
+      'root'
+    end
+    
+    def to_yaml
+      yaml = ""
+      yaml += "'address': '"+address+"'\n" unless @address.nil?
+      yaml += "'port': '"+port+"'\n" unless @port.nil?
+      yaml += "'username': '"+username+"'\n" unless @username.nil?
+      yaml += script_hooks_to_yaml
+      yaml += super
+    end
+    
+    def from_hash( hash )
+      script_hooks_from_hash( hash )
+      hash.each do | name, data |
+        if( name == "port" )
+          self.port = data
+          next
+        end
+        if( name == "address" )
+          self.address = data
+          next
+        end
+        if( name == "username" )
+          self.username= data
+          next
+        end
+        #no matching keyword -> its a partition:
+        p = Arver::Partition.new( name, self )
+        p.from_hash( data )
+      end
+    end
+    
+    def run_action( action )
+      action.pre_host( self )
+      super
+      action.post_host( self )
+    end
+  end
+end

data/lib/arver/hostgroup.rb

@@ -0,0 +1,17 @@
+module Arver
+  class Hostgroup
+    
+    include PartitionHierarchyNode
+      
+    def initialize(name)
+      super(name, Arver::Config.instance.tree)
+    end
+    
+    def from_hash hash
+      hash.each do | name, data |
+        h = Arver::Host.new( name, self )
+        h.from_hash( data )
+      end
+    end
+  end
+end

data/lib/arver/info_action.rb

@@ -0,0 +1,22 @@
+module Arver
+  class InfoAction < Action
+    def initialize( target_list )
+      super( target_list )
+      self.open_keystore
+    end
+
+    def pre_host( host )
+      Arver::Log.info( "\n-- "+host.path+":" )
+    end
+
+    def execute_partition(partition)
+      info = {}
+      (caller = Arver::LuksWrapper.dump(partition)).execute
+      caller.output.each_line do |line|
+        next unless line =~ /^[A-Z].*: .*$/
+        info.store(*line.split(':',2).collect{|f| f.strip })
+      end
+      Arver::Log.info("  #{sprintf("%0-20s",partition.name.first(20))}:  #{sprintf("%0-40s",partition.device_path.first(40))}: Slots: #{(0..7).map{|i| info["Key Slot #{i}"] == 'ENABLED' ? 'X' : '_'}.join}; LUKSv#{info['Version']}; Cypher: #{info['Cipher name']}:#{info['Cipher mode']}:#{info['Hash spec']}; UUID=#{info['UUID']}")
+    end
+  end
+end