arver 0.1.3 → 0.1.4

data/CHANGELOG.textile

@@ -1,3 +1,9 @@
+=== 0.1.4 2012-07-24
+
+* Introducing the --refresh action to renew the luks key. You should always run this command, when receiving a new permission.
+* Fixed a security bug in the padding algorithm, which might reveal the magnitude of the ammount of keys in a keyfile. Please run --garbage-collect to fix your old keys. 
+* Some code cleanup and improved tests.
+
 === 0.1.2 2012-05-01
 
 * Fixed bug in password dialog

data/lib/arver.rb

@@ -1,6 +1,6 @@
-%w{singleton yaml fileutils active_support highline/import gpgme escape openssl}.each {|f| require f }
+%w{singleton yaml fileutils rubygems active_support/secure_random highline/import gpgme escape openssl zlib}.each {|f| require f }
 $:.unshift(File.dirname(__FILE__)) unless
   $:.include?(File.dirname(__FILE__)) || $:.include?(File.expand_path(File.dirname(__FILE__)))
  
-%w{ gpg_key_manager luks_wrapper action initial_config_action create_action list_action gc_action adduser_action deluser_action info_action close_action open_action target_list command_wrapper ssh_command_wrapper log_levels io_logger log string bootstrap local_config config test_config_loader node_with_script_hooks partition_hierarchy_node host hostgroup tree partition test_partition key_generator key_saver keystore runtime_config key_info_action}.each {|f| require "arver/#{f}" }
+%w{ gpg_key_manager luks_wrapper action initial_config_action refresh_action create_action list_action gc_action adduser_action deluser_action info_action close_action open_action target_list command_wrapper ssh_command_wrapper log_levels io_logger log string bootstrap local_config config test_config_loader node_with_script_hooks partition_hierarchy_node host hostgroup tree partition test_partition key_generator key_saver keystore runtime_config key_info_action}.each {|f| require "arver/#{f}" }
 

data/lib/arver/action.rb

@@ -32,7 +32,7 @@ module Arver
     end
     
     def open_keystore
-      self.keystore= Arver::Keystore.instance
+      self.keystore= Arver::Keystore.for( LocalConfig.instance.username )
       keystore.load
     end
     

data/lib/arver/adduser_action.rb

@@ -31,19 +31,19 @@ module Arver
       # generate a key for the new user
       Arver::Log.debug( "generate_key (#{target_user},#{partition.path})" )
       
-      newkey = generator.generate_key( target_user, partition )
+      newkey = generator.generate_key( partition )
 
       caller = Arver::LuksWrapper.addKey( slot_of_target_user.to_s, partition )
       caller.execute( key + "\n" + newkey )
 
       unless( caller.success? )
         Arver::Log.error( "Could not add user to #{partition.path} \n #{caller.output}" )
-        generator.remove_key( target_user, partition )
+        generator.remove_key( partition )
       end
     end
     
     def post_action
-      self.generator.dump
+      self.generator.dump( Keystore.for( target_user ) )
     end
   end
 end

data/lib/arver/cli.rb

@@ -65,6 +65,8 @@ module Arver
                 "Add a user to target.") { |user| options[:action] = :adduser; options[:argument][:user] = user;  }
         opts.on_tail( "-d USER TARGET", "--del-user USER TARGET", String,
                 "Remove a user from target.") { |user| options[:action] = :deluser; options[:argument][:user] = user;  }
+        opts.on_tail( "-r TARGET", "--refresh TARGET", String,
+                "Refresh the key on target." ) { |arg| options[:argument][:target] = arg; options[:action] = :refresh; }
         opts.on_tail( "-g", "--garbage-collect",
                 "Expunge old keys." ) { options[:action] = :gc; }
         opts.on_tail( "-k TARGET", "--keys TARGET", String,
@@ -118,6 +120,7 @@ module Arver
         :info => Arver::InfoAction,
         :key_info => Arver::KeyInfoAction,
         :init => Arver::InitialConfigAction,
+        :refresh => Arver::RefreshAction,
       }
 
       action = (actions[ action ]).new( target_list )

data/lib/arver/config.rb

@@ -19,9 +19,9 @@ module Arver
         Arver::Log.error( "config-dir "+path+" does not exist" )
         exit
       end
-      @users= ( load_file( path+"/users" ) )
+      @users= ( load_file( File.join(path,'users') ) )
       tree.clear
-      tree.from_hash( load_file( path+"/disks" ) )
+      tree.from_hash( load_file( File.join(path,'disks') ) )
     end
     
     def load_file( filename )
@@ -30,8 +30,8 @@ module Arver
     
     def save
       FileUtils.mkdir_p( path ) unless File.exists?( path )
-      File.open( path+"/users", 'w' ) { |f| f.write( users.to_yaml ) }
-      File.open( path+"/disks", 'w' ) { |f| f.write( tree.to_yaml ) }
+      File.open( File.join(path,'users'), 'w' ) { |f| f.write( users.to_yaml ) }
+      File.open( File.join(path,'disks'), 'w' ) { |f| f.write( tree.to_yaml ) }
     end
     
     def exists?( user )

data/lib/arver/create_action.rb

@@ -17,18 +17,11 @@ module Arver
     end
     
     def execute_partition( partition )
-      Arver::Log.info( "creating: "+partition.path )
-      
       slot_of_user = Arver::Config.instance.slot( Arver::LocalConfig.instance.username )
-      Arver::Log.debug( "generating a new key for partition #{partition.device} on #{partition.path}" )
-
-      # checking if disk is not already LUKS formatted
-      Arver::Log.debug( "checking if disk is already LUKS formatted." )
-      Arver::Log.info( "!! if the next line reads 'Command failed' please ignore it! (sorry this will become more sane soon) !!" )
 
       caller = Arver::LuksWrapper.dump( partition )
       caller.execute
-      
+ 
       if caller.output.include?('LUKS header information') then
         Arver::Log.warn( "VERY DANGEROUS: the partition #{partition.device} is already formatted with LUKS - returning (continue with --violence)" ) 
         Arver::Log.warn( "If you wish to integrate an existing disk into arver use --add-user #{Arver::LocalConfig.instance.username} instead." ) 
@@ -41,18 +34,20 @@ module Arver
         end
       end
       
-      Arver::Log.trace( "starting key generation..." )
-      key = self.generator.generate_key( Arver::LocalConfig.instance.username, partition )
+      Arver::Log.info( "creating: "+partition.path )
+      
+      Arver::Log.debug( "generating a new key for partition #{partition.device} on #{partition.path}" )
+      key = self.generator.generate_key( partition )
       caller = Arver::LuksWrapper.create( slot_of_user.to_s, partition )
       caller.execute( key )
       unless( caller.success? )
         Arver::Log.error( "Could not create Partition!" )
-        self.generator.remove_key( Arver::LocalConfig.instance.username, partition )
+        self.generator.remove_key( partition )
       end
     end
     
     def post_action
-      self.generator.dump
+      self.generator.dump( self.keystore )
     end
   end
 end

data/lib/arver/key_generator.rb

@@ -4,26 +4,22 @@ module Arver
       @keys = {}
     end
     
-    def generate_key( user, partition )
+    def generate_key( partition )
       key = ActiveSupport::SecureRandom.base64(192)
-      add( user, partition, key )
-      key
+      @keys[partition] = key
     end
     
-    def add( user, partition, luks_key )
-      @keys[user] ||= {}
-      @keys[user][partition.path] = { :key => luks_key, :time => Time.now.to_f }
-    end
-
-    def remove_key( user, partition )
-      @keys[user].delete( partition.path )
+    def remove_key( partition )
+      @keys.delete( partition )
     end
     
-    def dump
-      @keys.each do | user, user_keys |
-        KeySaver.add( user, user_keys.to_yaml ) unless user_keys.empty?
+    def dump( keystore )
+      return if @keys.empty?
+      @keys.each do | partition, key |
+        keystore.add_luks_key( partition, key )
       end
       @keys = {}
+      keystore.save
     end
   end
 end

data/lib/arver/key_saver.rb

@@ -2,20 +2,40 @@ module Arver
   class KeySaver
     
     def self.save( user, key )
-      filename = save_tmp( user, key )
-      purge_keys(user)
-      FileUtils.mv("#{tmp_key_path(user)}", "#{key_path(user)}")
-      "#{key_path(user)}/#{filename}"
+      tmp_path  = tmp_key_path( user )
+      back_path = backup_key_path( user )
+      path      = key_path( user )
+      filename  = save_to( user, key, tmp_path )
+      FileUtils.mv(path,back_path) if File.exists?(path) 
+      FileUtils.mv(tmp_path,path)
+      FileUtils.rm_rf(back_path)
+      File.join(path,filename)
     end
 
     def self.add( user, key )
-      filename = save_tmp( user, key )
-      FileUtils.mkdir_p key_path(user) unless File.exists?( key_path(user) )
-      FileUtils.mv( Dir.glob("#{tmp_key_path(user)}/*"), "#{key_path(user)}")
-      "#{key_path(user)}/#{filename}"
+      path     = key_path( user )
+      filename = save_to( user, key, path )
+      File.join(path,filename)
     end
 
-    def self.save_tmp( user, key )
+    def self.deflate(string, level=6)
+      z = Zlib::Deflate.new(level)
+      dst = z.deflate(string, Zlib::FINISH)
+      z.close
+      dst
+    end
+
+    def self.inflate(string)
+      zstream = Zlib::Inflate.new
+      buf = zstream.inflate(string)
+      zstream.finish
+      zstream.close
+      buf
+    end
+
+    def self.save_to( user, key, path )
+      #compress the key before applying padding, so the size after encryption+compression by gpg is more stable...
+      key = deflate(key)
       unless GPGKeyManager.check_key_of( user )
         return
       end
@@ -34,9 +54,9 @@ module Arver
       end
       key_encrypted = encrypted.read
       unless( Arver::RuntimeConfig.instance.dry_run )
-        FileUtils.mkdir_p tmp_key_path(user) unless File.exists?( tmp_key_path(user) )
-        filename = "#{OpenSSL::Digest::SHA1.new(key_encrypted)}"
-        File.open( "#{tmp_key_path(user)}/#{filename}", 'w' ) do |f|
+        FileUtils.mkdir_p path unless File.exists?( path )
+        filename = "#{OpenSSL::Digest::SHA256.new << key_encrypted}"
+        File.open( File.join("#{path}","#{filename}"), 'w' ) do |f|
           f.write key_encrypted
         end
       end
@@ -44,11 +64,15 @@ module Arver
     end
     
     def self.key_path( user )
-      "#{config_path}/keys/#{user}"
+      File.join("#{config_path}","keys","#{user}")
+    end
+    
+    def self.backup_key_path( user )
+      "#{key_path(user)}.bak"
     end
     
     def self.tmp_key_path( user )
-      "#{config_path}/tmp/#{user}"
+      File.join("#{config_path}","tmp","#{user}")
     end
     
     def self.config_path
@@ -71,7 +95,7 @@ module Arver
       Dir.entries( key_path( user ) ).sort.each do | file |
         unless( file == "." || file == ".." )
           Arver::Log.trace( "Loading keyfile "+file )
-          key_encrypted = File.open( key_path( user )+"/"+file )
+          key_encrypted = File.open( File.join( key_path( user ),file) )
           begin
             decrypted_txt = crypto.decrypt( key_encrypted, { :passphrase_callback => method( :passfunc ) } )
           rescue GPGME::Error => gpgerr
@@ -79,6 +103,11 @@ module Arver
             next
           end
           decrypted_key = substract_padding( decrypted_txt.read )
+          begin
+            decrypted_key = inflate( decrypted_key )
+          rescue Zlib::DataError
+            Log.write("You have an outdated key. Run garbage collect to update it.")
+          end
           decrypted += [ decrypted_key ];
         end
       end
@@ -87,13 +116,13 @@ module Arver
 
     def self.add_padding( key )
       marker = "--"+ActiveSupport::SecureRandom.base64( 82 )
-      size = 450000
+      size = 200000
       padding_size = size - key.size
       if padding_size <= 0
         padding_size = 0
         Arver::Log.warn( "Warning: Your arver keys exceed the maximal padding size, therefore i can no longer disguise how many keys you possess.")
       end
-      padding = ActiveSupport::SecureRandom.base64( padding_size )
+      padding = ActiveSupport::SecureRandom.base64( padding_size )[0..padding_size]
       marker +"\n"+ key + "\n" + marker + "\n" + padding
     end
     

data/lib/arver/keystore.rb

@@ -1,14 +1,27 @@
 module Arver
   class Keystore
+    class << self
+      def for( username )
+        if username.empty?
+          Log.error("no user given, cannot create keystore")
+          return
+        end
+        @@keystores           ||= {}
+        @@keystores[username] ||= Keystore.new( username )
+      end
       
-    include Singleton
-    
-    attr_accessor :username
+      def reset
+        @@keystores = {}
+      end
+    end
+          
+    attr_accessor :username, :loaded
         
-    def initialize
+    def initialize( name )
       @keys = {}
       @key_versions = {}
-      self.username= Arver::LocalConfig.instance.username
+      self.username= name
+      self.loaded = false
     end
     
     def load
@@ -18,10 +31,15 @@ module Arver
           load_luks_key(target,key)
         end
       end
+      self.loaded = true
     end
     
     def save
-      KeySaver.save(username, @keys.to_yaml)
+      if loaded
+        KeySaver.save(username, @keys.to_yaml)
+      else
+        KeySaver.add(username, @keys.to_yaml)
+      end 
     end
     
     def purge_keys
@@ -43,6 +61,7 @@ module Arver
         end
       else
         unless( @keys[partition] )
+          Log.debug("loding key in old format")          
           @keys[partition] = { :key => new_key, :time => 0.0 }
         end
       end

data/lib/arver/log.rb

@@ -31,8 +31,9 @@ module Arver
     def self.level( num )
       logger.level=( num )
     end
-
-    
+    def flush
+      logger.flush
+    end
   end
 end
       

data/lib/arver/luks_wrapper.rb

@@ -3,6 +3,9 @@ module Arver
     def self.addKey( key_slot, partition )
       Arver::SSHCommandWrapper.create( "cryptsetup", [ "--batch-mode", "--key-slot=#{key_slot}", "luksAddKey", partition.device_path ], partition.parent, true )
     end
+    def self.changeKey( key_slot, partition )
+      Arver::SSHCommandWrapper.create( "cryptsetup", [ "--batch-mode", "--key-slot=#{key_slot}", "luksChangeKey", partition.device_path ], partition.parent, true )
+    end
     def self.close( partition )
       Arver::SSHCommandWrapper.create( "cryptsetup", [ "luksClose", "#{partition.name}"], partition.parent, true )
     end

data/lib/arver/refresh_action.rb

@@ -0,0 +1,46 @@
+module Arver
+  class RefreshAction < Action
+        
+    def initialize( target_list )
+      super( target_list )
+      self.open_keystore
+      self.new_key_generator
+    end
+   
+    def pre_action
+      tl = ""
+      target_list.each { |t| tl += ( tl.empty? ? "": ", " )+t.name }
+      Arver::Log.info( "refresh was called with target(s) #{tl}" )
+    end
+    
+    def verify?( partition )
+      unless Arver::RuntimeConfig.instance.ask_password
+        return load_key( partition )
+      end
+      self.key= ask("Enter the password for the volume: #{partition.device}") {|q| q.echo = false}
+      true
+    end
+
+    def execute_partition( partition )
+      Arver::Log.info( "Generating a new key for partition #{partition.device}" )
+
+      slot_of_user = Arver::Config.instance.slot( Arver::LocalConfig.instance.username )
+      newkey = generator.generate_key( partition )
+
+      caller = Arver::LuksWrapper.changeKey( slot_of_user.to_s, partition )
+      caller.execute( key + "\n" + newkey )
+
+      unless( caller.success? )
+        Arver::Log.error( "Warning: i believe that i could not change the key on #{partition.path}, therefore i kept the old one!" )
+        Arver::Log.error( "Maybe the version of cryptsetup on that host does not yet support the luksChangeKey command. " )
+        Arver::Log.error( "Please verify that the old one still works. If the changeKey did in fact succeed, the plaintext key would now be: #{key}" )
+        Arver::Log.debug( "The output was: #{caller.output}" )
+        generator.remove_key( partition )
+      end
+    end
+    
+    def post_action
+      self.generator.dump( self.keystore )
+    end
+  end
+end

data/lib/arver/test_config_loader.rb

@@ -15,7 +15,8 @@ module TestConfigLoader
   
   def load_test_config
     Arver::LocalConfig.instance.config_dir= "spec/data"
+    Arver::LocalConfig.instance.username= "test"
     config = Arver::Config.instance
     config.load
   end
-end
+end

data/lib/arver/version.rb

@@ -1,3 +1,3 @@
 module Arver
-  VERSION = '0.1.3'
+  VERSION = '0.1.4'
 end

data/man/arver.5

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "ARVER" "5" "April 2012" "" ""
+.TH "ARVER" "5" "July 2012" "" ""
 .
 .SH "NAME"
 \fBarver\fR \- LUKS on the loose
@@ -58,6 +58,10 @@ Adds permissions for USER on all targeted disks\.
 Removes permissions for USER on all targeted disks\.
 .
 .TP
+\fB\-r\fR, \fB\-\-refresh TARGET\fR
+Refresh the key on the target\.
+.
+.TP
 \fB\-i\fR, \fB\-\-info TARGET\fR
 Display the LUKS configuration of all targeted disks\.
 .
@@ -325,6 +329,22 @@ $ arver \-\-close TARGET
 .P
 For this action you can define hooks as well\. See \fBDisks\fR and \fBAction Open\fR for details\.
 .
+.SH "Information about targets"
+To gather various information about the different targets you can invoke
+.
+.IP "" 4
+.
+.nf
+
+$ arver \-i TARGET
+.
+.fi
+.
+.IP "" 0
+.
+.P
+Which will display you the current configuration of all devices, as well as different parameters of the LUKS device and slot usage\.
+.
 .SH "Managing users"
 To add another user to one of the disks you need to have the public key of that user\. Just import his key into your gpg keyring\.
 .
@@ -351,7 +371,7 @@ For this command to work, you have to trust the gpg key of USERNAME\. See \fBman
 \fBarver\fR will create a random password for the specific user and add it to the user\-slot on the targeted disks\. Furthermore, the password is encrypted with the public key of the specific user and stored in the data storage under \fBarverdata/keys/USERNAME/\fR\.
 .
 .P
-For the other user to receive those new privileges he has to copy the new keys to his own \fBarverdata\fR\. So if you use a version controll system you should now commit the new keys\.
+You now need to pass the new keyfile to the other user\. So if you use a version controll system you should now commit the new keys\. The other user should follow the paragraph \fBreceiving new keys\fR\.
 .
 .P
 If you are migrating from an existing LUKS infrastructure and want to add an initial user to the LUKS device, you will need to use the \fB\-\-ask\-password\fR option, to provide an existing password\.
@@ -378,30 +398,30 @@ By design it is not possible to know who has access to which disks by just looki
 .P
 You can however display the targets \fBinformation\fR to see which slots are used\. But to do this you need access to the server and the \fBusers\fR config\.
 .
-.SH "Information about targets"
-To gather various information about the different targets you can invoke
+.SH "Receiving new Keys"
+If you have been granted permission to a certain disk, the first thing you need to do, is to integrate the new keyfile in your arverdata\. If your group uses a version controll system, you can just pull the arverdata\. Otherwise you copy the received file into \fBarverdata/keys/USERNAME/\fR\.
+.
+.P
+Important: The next thing you really should do, is to call
 .
 .IP "" 4
 .
 .nf
 
-$ arver \-i TARGET
+$ arver \-\-refresh TARGET
 .
 .fi
 .
 .IP "" 0
 .
 .P
-Which will display you the current configuration of all devices, as well as different parameters of the LUKS device and slot usage\.
-.
-.SH "Garbage collection"
-As you might add and remove users to disks or reset access to disks the amount of generated key files with random passwords might grow and not all might be needed anymore\. Furthermore it is likely that due to various actions it might be obvious or at least reconstructable to which devices a certain user might have access\.
+This will replace the actual luks key on the target once more with a fresh random key and also collect all your keys into one file\. Replacing the key is important to ensure, that the user who sent you the key, cannot record the actual luks key he sent you and use it as a backdoor in the future\.
 .
 .P
-To address this problem \fBarver\fR provides a garbage collection process, which will rearrange all your own keyfiles\. (Only your own as you are not able to read the others key files\.)
+If you use a version controll system to store your \fBarverdata\fR you should commit the new key\.
 .
 .P
-You can do that by invoking the following command:
+If you use an old cryptsetup version refresh might not work\. In that case you cannot replace the luks key\. Another problem in that case is, that it might become obvious or at least reconstructable to which devices you have access\. To counter this problem, do a garbage collection, which will collect all keys into one keyfile, with:
 .
 .IP "" 4
 .

metadata

@@ -1,145 +1,138 @@
---- !ruby/object:Gem::Specification 
+--- !ruby/object:Gem::Specification
 name: arver
-version: !ruby/object:Gem::Version 
-  hash: 29
+version: !ruby/object:Gem::Version
+  version: 0.1.4
   prerelease: 
-  segments: 
-  - 0
-  - 1
-  - 3
-  version: 0.1.3
 platform: ruby
-authors: 
+authors:
 - o
 - andreas
 - mh
 autorequire: 
 bindir: bin
 cert_chain: []
-
-date: 2012-06-13 00:00:00 Z
-dependencies: 
-- !ruby/object:Gem::Dependency 
+date: 2012-07-24 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
   name: gpgme
-  requirement: &id001 !ruby/object:Gem::Requirement 
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 15
-        segments: 
-        - 2
-        - 0
-        - 0
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
         version: 2.0.0
   type: :runtime
   prerelease: false
-  version_requirements: *id001
-- !ruby/object:Gem::Dependency 
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 2.0.0
+- !ruby/object:Gem::Dependency
   name: escape
-  requirement: &id002 !ruby/object:Gem::Requirement 
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 23
-        segments: 
-        - 0
-        - 0
-        - 4
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
         version: 0.0.4
   type: :runtime
   prerelease: false
-  version_requirements: *id002
-- !ruby/object:Gem::Dependency 
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 0.0.4
+- !ruby/object:Gem::Dependency
   name: activesupport
-  requirement: &id003 !ruby/object:Gem::Requirement 
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
+    requirements:
     - - <
-      - !ruby/object:Gem::Version 
-        hash: 7
-        segments: 
-        - 3
-        - 0
-        - 0
+      - !ruby/object:Gem::Version
         version: 3.0.0
   type: :runtime
   prerelease: false
-  version_requirements: *id003
-- !ruby/object:Gem::Dependency 
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - <
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+- !ruby/object:Gem::Dependency
   name: highline
-  requirement: &id004 !ruby/object:Gem::Requirement 
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 11
-        segments: 
-        - 1
-        - 6
-        - 2
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
         version: 1.6.2
   type: :runtime
   prerelease: false
-  version_requirements: *id004
-- !ruby/object:Gem::Dependency 
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 1.6.2
+- !ruby/object:Gem::Dependency
   name: cucumber
-  requirement: &id005 !ruby/object:Gem::Requirement 
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 51
-        segments: 
-        - 0
-        - 10
-        - 2
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
         version: 0.10.2
   type: :development
   prerelease: false
-  version_requirements: *id005
-- !ruby/object:Gem::Dependency 
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 0.10.2
+- !ruby/object:Gem::Dependency
   name: rspec
-  requirement: &id006 !ruby/object:Gem::Requirement 
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 27
-        segments: 
-        - 2
-        - 5
-        - 0
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
         version: 2.5.0
   type: :development
   prerelease: false
-  version_requirements: *id006
-- !ruby/object:Gem::Dependency 
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 2.5.0
+- !ruby/object:Gem::Dependency
   name: rake
-  requirement: &id007 !ruby/object:Gem::Requirement 
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 63
-        segments: 
-        - 0
-        - 9
-        - 2
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
         version: 0.9.2
   type: :development
   prerelease: false
-  version_requirements: *id007
-description: Arver helps you to manage a large amount of crypted devices easily and safe amongst a certain amount of members
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 0.9.2
+description: Arver helps you to manage a large amount of crypted devices easily and
+  safe amongst a certain amount of members
 email: arver@lists.immerda.ch
-executables: 
+executables:
 - arver
 extensions: []
-
 extra_rdoc_files: []
-
-files: 
+files:
 - lib/arver.rb
 - lib/arver/action.rb
 - lib/arver/adduser_action.rb
@@ -170,6 +163,7 @@ files:
 - lib/arver/open_action.rb
 - lib/arver/partition.rb
 - lib/arver/partition_hierarchy_node.rb
+- lib/arver/refresh_action.rb
 - lib/arver/runtime_config.rb
 - lib/arver/ssh_command_wrapper.rb
 - lib/arver/string.rb
@@ -184,38 +178,29 @@ files:
 - bin/arver
 homepage: https://github.com/arver/arver
 licenses: []
-
 post_install_message: 
 rdoc_options: []
-
-require_paths: 
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement 
+required_ruby_version: !ruby/object:Gem::Requirement
   none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 3
-      segments: 
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
       - 0
-      version: "0"
-required_rubygems_version: !ruby/object:Gem::Requirement 
+      hash: 4241994790696947
+required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 23
-      segments: 
-      - 1
-      - 3
-      - 6
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
       version: 1.3.6
 requirements: []
-
-rubyforge_project: "[none]"
+rubyforge_project: ! '[none]'
 rubygems_version: 1.8.24
 signing_key: 
 specification_version: 3
 summary: Open crypted devices automatically
 test_files: []
-