arver 0.1.5 → 0.1.6

data/lib/arver/action.rb

@@ -54,7 +54,11 @@ module Arver
     end
 
     def load_key( partition )
-      self.key= keystore.luks_key( partition )
+      if Arver::RuntimeConfig.instance.global_key_path
+        self.key= keystore.luks_key_for_path( Arver::RuntimeConfig.instance.global_key_path )
+      else
+        self.key= keystore.luks_key( partition )
+      end
 
       if( key.nil? )
         Arver::Log.error( "No permission on #{partition.path}. Skipping." )

data/lib/arver/bootstrap.rb

@@ -32,6 +32,7 @@ class Arver::Bootstrap
       rtc.violence = options[:violence]
       rtc.test_mode = options[:test_mode]
       rtc.trust_all = options[:trust_all]
+      rtc.global_key_path = options[:global_key_path]
     end  
   end
 end

data/lib/arver/cli.rb

@@ -34,6 +34,8 @@ module Arver
                 "Show this help message.") { Arver::Log.write opts; return }
         opts.on("--ask-password",
                 "Ask for an existing LUKS password when adding a new user.") { options[:ask_password] = true }
+        opts.on("--set-key KEYNAME", String,
+                "Manuall choose a key to use. The KEYNAME is in the format /LOCATION/MACHINE/DISK.") { |arg| options[:global_key_path] = arg }
         opts.on("-t", "--trust-all",
                 "Use untrusted GPG Keys.") { options[:trust_all] = true }
         opts.on("--force",

data/lib/arver/host.rb

@@ -31,15 +31,21 @@ module Arver
     end
 
     def username
-      return @username unless @username.nil?
-      'root'
+      case @username 
+        when nil
+          'root'
+        when '#arveruser'
+          Arver::LocalConfig.instance.username
+        else 
+          @username
+      end
     end
     
     def to_yaml
       yaml = ""
-      yaml += "'address': '"+address+"'\n" unless @address.nil?
-      yaml += "'port': '"+port+"'\n" unless @port.nil?
-      yaml += "'username': '"+username+"'\n" unless @username.nil?
+      yaml += "'address': '"+@address+"'\n" unless @address.nil?
+      yaml += "'port': '"+@port+"'\n" unless @port.nil?
+      yaml += "'username': '"+@username+"'\n" unless @username.nil?
       yaml += script_hooks_to_yaml
       yaml += super
     end

data/lib/arver/keystore.rb

@@ -51,9 +51,13 @@ module Arver
     end
   
     def luks_key(partition)
-      @keys[partition.path][:key] unless ! @keys[partition.path]
+      luks_key_for_path(partition.path)
     end
     
+    def luks_key_for_path(path)
+      @keys[path][:key] unless ! @keys[path]
+    end
+
     def load_luks_key(partition, new_key)
       if( new_key.kind_of? Hash )
         if( ! @keys[partition] || @keys[partition][:time] <= new_key[:time] )

data/lib/arver/runtime_config.rb

@@ -5,7 +5,7 @@ module Arver
     
     include Singleton
 
-    attr_accessor :test_mode, :dry_run, :force, :violence, :ask_password, :trust_all
+    attr_accessor :test_mode, :dry_run, :force, :violence, :ask_password, :trust_all, :global_key_path
     
     instance.test_mode= false
     instance.dry_run= false

data/lib/arver/version.rb

@@ -1,3 +1,3 @@
 module Arver
-  VERSION = '0.1.5'
+  VERSION = '0.1.6'
 end

data/man/arver.5

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "ARVER" "5" "July 2012" "" ""
+.TH "ARVER" "5" "August 2012" "" ""
 .
 .SH "NAME"
 \fBarver\fR \- LUKS on the loose
@@ -193,15 +193,16 @@ The \fBdisks\fR file contains the following hash tree in yaml notation:
      \'disk2\'   :
        \'device\'   :  \'sdb1\'
    \'host2\':
-     \'address\': \'host2\.example\.com\'
-     \'port\'   : \'2222\'
-     \'mails\'  :
+     \'address\' : \'host2\.example\.com\'
+     \'port\'    : \'2222\'
+     \'username\': \'hans\'
+     \'mails\'   :
        \'device\'  : \'nonraid/mails\'
        \'pre_open\': \'pre_open_disk_script\.sh\'
  \'hostgroup2\':
    \'host3\':
      \'address\' : \'host3\.example\.com\'
-     \'username\': \'foo\'
+     \'username\': \'#arveruser\'
      \'secure\'  :
        \'device\'  : \'storage/secure\'
 .
@@ -235,6 +236,19 @@ will present you the tree of the various targets in your \fBdisks\fR configurati
 \fBhost1\fR, \fBhost2\fR and \fBhost3\fR are identifiers for different hosts\. These host\- objects can contain multiple disks and can have further information such as the \fBaddress\fR of the host or the ssh\-\fBport\fR number if the ssh daemon is not running on the standart port\.
 .
 .P
+\fBusername\fR defines the ssh login\-user\. By default it is \fBroot\fR\. To always use the same username as arver (as defined by \fB\-u\fR or in \fB\.arver\fR) set the username to \fB#arveruser\fR\. If the user is not \fBroot\fR, the actual LUKS commands will be executed via \fBsudo\fR and you need the following entry in your sudoers file on this machine (assuming the user is in the admin group):
+.
+.IP "" 4
+.
+.nf
+
+%admin ALL=NOPASSWD: /usr/bin/test, /sbin/cryptsetup
+.
+.fi
+.
+.IP "" 0
+.
+.P
 You can also add script hooks to any host or disk\. Those will be run during the \fBopen\fR and \fBclose\fR actions at the appropriate time\. The possible options are: \fBpre_open\fR, \fBpre_close\fR, \fBpost_open\fR and \fBpost_close\fR\.
 .
 .P
@@ -436,6 +450,32 @@ $ arver \-g
 .P
 If you use a version controll system to store your \fBarverdata\fR you should do this always before commiting the \fBarverdata\fR\.
 .
+.SH "Migrating keys"
+If you want to move a disk to a different server or a server to a different location, there is currently no nice way of doing this\. You can however apply the following workaround, after you moved/renamed a disk in the config file:
+.
+.IP "" 4
+.
+.nf
+
+$ arver \-\-set\-key /OLD_LOCATION/OLD_MACHINE/OLD_NAME \-\-refresh NEW_NAME
+.
+.fi
+.
+.IP "" 0
+.
+.P
+For example after moving \fBa_disk\fR from \fBa_server\fR at \fBa_location\fR to \fBsome_server\fR at \fBsome_location\fR in the config, you can restore your access with:
+.
+.IP "" 4
+.
+.nf
+
+$ arver \-\-set\-key /a_location/a_server/a_disk \-\-refresh /some_location/some_server/a_disk
+.
+.fi
+.
+.IP "" 0
+.
 .SH "SEE ALSO"
 \fBcryptsetup\fR(8)\. \fBgnupg\fR(7)\.
 .

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: arver
 version: !ruby/object:Gem::Version
-  version: 0.1.5
+  version: 0.1.6
   prerelease: 
 platform: ruby
 authors:
@@ -11,11 +11,11 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-07-25 00:00:00.000000000 Z
+date: 2012-08-03 00:00:00.000000000Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: gpgme
-  requirement: !ruby/object:Gem::Requirement
+  requirement: &27298220 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -23,15 +23,10 @@ dependencies:
         version: 2.0.0
   type: :runtime
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: 2.0.0
+  version_requirements: *27298220
 - !ruby/object:Gem::Dependency
   name: activesupport
-  requirement: !ruby/object:Gem::Requirement
+  requirement: &27297040 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - <
@@ -39,15 +34,10 @@ dependencies:
         version: 3.0.0
   type: :runtime
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - <
-      - !ruby/object:Gem::Version
-        version: 3.0.0
+  version_requirements: *27297040
 - !ruby/object:Gem::Dependency
   name: highline
-  requirement: !ruby/object:Gem::Requirement
+  requirement: &27295900 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -55,15 +45,10 @@ dependencies:
         version: 1.6.2
   type: :runtime
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: 1.6.2
+  version_requirements: *27295900
 - !ruby/object:Gem::Dependency
   name: cucumber
-  requirement: !ruby/object:Gem::Requirement
+  requirement: &27295000 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -71,15 +56,10 @@ dependencies:
         version: 0.10.2
   type: :development
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: 0.10.2
+  version_requirements: *27295000
 - !ruby/object:Gem::Dependency
   name: rspec
-  requirement: !ruby/object:Gem::Requirement
+  requirement: &27290220 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -87,15 +67,10 @@ dependencies:
         version: 2.5.0
   type: :development
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: 2.5.0
+  version_requirements: *27290220
 - !ruby/object:Gem::Dependency
   name: rake
-  requirement: !ruby/object:Gem::Requirement
+  requirement: &27288840 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -103,12 +78,7 @@ dependencies:
         version: 0.9.2
   type: :development
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: 0.9.2
+  version_requirements: *27288840
 description: Arver helps you to manage a large amount of crypted devices easily and
   safe amongst a certain amount of members
 email: arver@lists.immerda.ch
@@ -174,7 +144,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: 947642704890013429
+      hash: 1467718207299558599
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
@@ -183,7 +153,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: 1.3.6
 requirements: []
 rubyforge_project: ! '[none]'
-rubygems_version: 1.8.24
+rubygems_version: 1.8.6
 signing_key: 
 specification_version: 3
 summary: Open crypted devices automatically