arver 0.1.7 → 0.1.8
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.textile +4 -1
- data/lib/arver.rb +2 -2
- data/lib/arver/bootstrap.rb +1 -1
- data/lib/arver/cli.rb +3 -0
- data/lib/arver/config.rb +19 -7
- data/lib/arver/dump_key_action.rb +29 -0
- data/lib/arver/info_action.rb +38 -6
- data/lib/arver/key_saver.rb +1 -1
- data/lib/arver/keystore.rb +5 -5
- data/lib/arver/partition_hierarchy_node.rb +1 -3
- data/lib/arver/version.rb +1 -1
- metadata +9 -23
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b11992d186276bbaa51cef0eb4b05f51cc74ee1e0668dffb7f81122d8674e764
|
4
|
+
data.tar.gz: 686b2e04289e64f90ac0064d2464ee3d5e7b6b29507cced0b51343b59033b9b7
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 8e8b53c4598c0ee397aa3fb47fabf697c906386fa1c0d6f6eacd01dec2fa118c4edff2c2fe68b97068aaf0f71e8975b42604730c1866e4e03a8668732c170478
|
7
|
+
data.tar.gz: b499b9154521c7d98f327487b964d77022ac98e278ba43139b14526d09bf3f48c757691b03c2a53d43fb2624ecd90aae25c9794be0e505402f1c7e598ef401f7
|
data/README.textile
CHANGED
@@ -46,7 +46,6 @@ contains an arver package we recommend installation by your package manager.
|
|
46
46
|
The following ruby gems are required for arver:
|
47
47
|
|
48
48
|
* gpgme 2
|
49
|
-
* activesupport 2
|
50
49
|
* escape
|
51
50
|
* highline
|
52
51
|
|
@@ -68,6 +67,10 @@ h1. Limitations
|
|
68
67
|
|
69
68
|
h2. Known Issues
|
70
69
|
|
70
|
+
It is strongly advised not to set any 'encrypt-to' option in your gnupgp.conf.
|
71
|
+
Otherwise, when you issue a key to another person, you can still decrypt it
|
72
|
+
yourself, since gpg always encrypts it to this additional recipient.
|
73
|
+
|
71
74
|
h3. GPGME and gpg-agent
|
72
75
|
|
73
76
|
If arver asks you multiple times for the password, you might consider to use
|
data/lib/arver.rb
CHANGED
@@ -1,6 +1,6 @@
|
|
1
|
-
%w{singleton yaml fileutils rubygems
|
1
|
+
%w{singleton yaml fileutils rubygems highline/import gpgme openssl zlib}.each {|f| require f }
|
2
2
|
$:.unshift(File.dirname(__FILE__)) unless
|
3
3
|
$:.include?(File.dirname(__FILE__)) || $:.include?(File.expand_path(File.dirname(__FILE__)))
|
4
4
|
|
5
|
-
%w{ gpg_key_manager luks_wrapper action initial_config_action refresh_action create_action list_action gc_action adduser_action deluser_action info_action close_action open_action target_list command_wrapper ssh_command_wrapper log_levels io_logger log string bootstrap local_config config test_config_loader node_with_script_hooks partition_hierarchy_node host hostgroup tree partition test_partition key_generator key_saver keystore runtime_config key_info_action}.each {|f| require "arver/#{f}" }
|
5
|
+
%w{ gpg_key_manager luks_wrapper action initial_config_action refresh_action create_action list_action gc_action adduser_action deluser_action info_action close_action open_action target_list command_wrapper ssh_command_wrapper log_levels io_logger log string bootstrap local_config config test_config_loader node_with_script_hooks partition_hierarchy_node host hostgroup tree partition test_partition key_generator key_saver keystore runtime_config key_info_action dump_key_action }.each {|f| require "arver/#{f}" }
|
6
6
|
|
data/lib/arver/bootstrap.rb
CHANGED
data/lib/arver/cli.rb
CHANGED
@@ -77,6 +77,8 @@ module Arver
|
|
77
77
|
"LUKS info about a target.") { |arg| options[:argument][:target] = arg; options[:action] = :info; }
|
78
78
|
opts.on_tail( "-l", "--list-targets",
|
79
79
|
"List targets." ) { options[:action] = :list; }
|
80
|
+
opts.on_tail( "--dump-key TARGET", String,
|
81
|
+
"Dump raw luks passphrase." ) { |arg| options[:argument][:target] = arg; options[:action] = :dump; }
|
80
82
|
opts.on_tail( "--init",
|
81
83
|
"Setup a sample configuration." ) { options[:action] = :init; }
|
82
84
|
|
@@ -123,6 +125,7 @@ module Arver
|
|
123
125
|
:key_info => Arver::KeyInfoAction,
|
124
126
|
:init => Arver::InitialConfigAction,
|
125
127
|
:refresh => Arver::RefreshAction,
|
128
|
+
:dump => Arver::DumpKeyAction,
|
126
129
|
}
|
127
130
|
|
128
131
|
action = (actions[ action ]).new( target_list )
|
data/lib/arver/config.rb
CHANGED
@@ -15,17 +15,22 @@ module Arver
|
|
15
15
|
end
|
16
16
|
|
17
17
|
def load
|
18
|
-
if
|
19
|
-
Arver::Log.error(
|
20
|
-
exit
|
18
|
+
if !File.directory?(path)
|
19
|
+
Arver::Log.error("config "+path+" does not exist")
|
20
|
+
exit 1
|
21
21
|
end
|
22
|
-
@users=
|
22
|
+
@users = load_file(File.join(path,'users')) || {}
|
23
|
+
|
23
24
|
tree.clear
|
24
|
-
tree.from_hash(
|
25
|
+
tree.from_hash(load_file(File.join(path,'disks')))
|
25
26
|
end
|
26
27
|
|
27
28
|
def load_file( filename )
|
28
|
-
|
29
|
+
if !File.exists?(filename)
|
30
|
+
Arver::Log.error("missing config #{filename}")
|
31
|
+
exit 1
|
32
|
+
end
|
33
|
+
YAML.load(File.read(filename))
|
29
34
|
end
|
30
35
|
|
31
36
|
def save
|
@@ -35,7 +40,7 @@ module Arver
|
|
35
40
|
end
|
36
41
|
|
37
42
|
def exists?( user )
|
38
|
-
!
|
43
|
+
!users[user].nil?
|
39
44
|
end
|
40
45
|
|
41
46
|
def gpg_key user
|
@@ -45,6 +50,13 @@ module Arver
|
|
45
50
|
def slot user
|
46
51
|
users[user]['slot'] if exists?(user)
|
47
52
|
end
|
53
|
+
|
54
|
+
def user_at(slot)
|
55
|
+
users.each do |name, conf|
|
56
|
+
return name if slot == conf['slot']
|
57
|
+
end
|
58
|
+
'unknown'
|
59
|
+
end
|
48
60
|
|
49
61
|
def == other
|
50
62
|
return tree == other.tree && users == other.users if other.is_a?(Arver::Config)
|
@@ -0,0 +1,29 @@
|
|
1
|
+
module Arver
|
2
|
+
class DumpKeyAction < Action
|
3
|
+
def initialize(target_list)
|
4
|
+
super(target_list)
|
5
|
+
self.open_keystore
|
6
|
+
end
|
7
|
+
|
8
|
+
def verify?(partition)
|
9
|
+
load_key(partition)
|
10
|
+
end
|
11
|
+
|
12
|
+
def execute_partition( partition )
|
13
|
+
Arver::Log.info("key for #{partition.path}:")
|
14
|
+
Arver::Log.info(key)
|
15
|
+
end
|
16
|
+
|
17
|
+
def pre_host( host )
|
18
|
+
end
|
19
|
+
|
20
|
+
def pre_partition( partition )
|
21
|
+
end
|
22
|
+
|
23
|
+
def post_partition( partition )
|
24
|
+
end
|
25
|
+
|
26
|
+
def post_host( host )
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
data/lib/arver/info_action.rb
CHANGED
@@ -3,6 +3,7 @@ module Arver
|
|
3
3
|
def initialize( target_list )
|
4
4
|
super( target_list )
|
5
5
|
self.open_keystore
|
6
|
+
Arver::Log.info("Warning: existence of a keyslot is not a guarantee that the user can access it")
|
6
7
|
end
|
7
8
|
|
8
9
|
def pre_host( host )
|
@@ -10,13 +11,44 @@ module Arver
|
|
10
11
|
end
|
11
12
|
|
12
13
|
def execute_partition(partition)
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
14
|
+
cmd = Arver::LuksWrapper.dump(partition)
|
15
|
+
cmd.execute
|
16
|
+
info = cmd.output
|
17
|
+
info =~ /Version:[\s]+(\d)/
|
18
|
+
version = $1
|
19
|
+
slots = []
|
20
|
+
|
21
|
+
head = " #{sprintf("%0-10s",partition.name[0...10])} :"+
|
22
|
+
" #{sprintf("%0-30s",partition.device_path[0...30])}"
|
23
|
+
|
24
|
+
if version != '1' && version != '2'
|
25
|
+
Arver::Log.info("#{head} : Unsupported luks version")
|
26
|
+
return
|
27
|
+
end
|
28
|
+
|
29
|
+
if version == '1'
|
30
|
+
info.each_line do |line|
|
31
|
+
if line =~ /Key Slot (\d): ENABLED/
|
32
|
+
slots << Integer($1)
|
33
|
+
end
|
34
|
+
end
|
35
|
+
else
|
36
|
+
keyslots = []
|
37
|
+
start = false
|
38
|
+
info.each_line do |line|
|
39
|
+
if line =~ /Keyslots:/
|
40
|
+
start = true
|
41
|
+
next
|
42
|
+
end
|
43
|
+
next unless start
|
44
|
+
break unless line =~ /^\s/
|
45
|
+
if line =~ /[\s]+(\d): luks2/
|
46
|
+
slots << Integer($1)
|
47
|
+
end
|
48
|
+
end
|
18
49
|
end
|
19
|
-
|
50
|
+
slots = slots.map{|s| "#{Config.instance.user_at(s)}(#{s})"}.join(",")
|
51
|
+
Arver::Log.info("#{head} : #{slots}")
|
20
52
|
end
|
21
53
|
end
|
22
54
|
end
|
data/lib/arver/key_saver.rb
CHANGED
@@ -130,7 +130,7 @@ module Arver
|
|
130
130
|
end
|
131
131
|
|
132
132
|
def self.substract_padding( key )
|
133
|
-
if
|
133
|
+
if key[0...4] == "--- "
|
134
134
|
Arver::Log.warn( "Warning: you are using deprecated unpadded keyfiles. Please run garbage collect!" )
|
135
135
|
return key
|
136
136
|
end
|
data/lib/arver/keystore.rb
CHANGED
@@ -15,23 +15,23 @@ module Arver
|
|
15
15
|
end
|
16
16
|
end
|
17
17
|
|
18
|
-
|
18
|
+
attr_reader :username, :loaded
|
19
19
|
|
20
20
|
def initialize( name )
|
21
21
|
@keys = {}
|
22
22
|
@key_versions = {}
|
23
|
-
|
24
|
-
|
23
|
+
@username = name
|
24
|
+
@loaded = false
|
25
25
|
end
|
26
26
|
|
27
27
|
def load
|
28
28
|
flush_keys
|
29
|
-
KeySaver.read(
|
29
|
+
KeySaver.read(username).each do | loaded |
|
30
30
|
YAML.load( loaded ).each do | target, key |
|
31
31
|
load_luks_key(target,key)
|
32
32
|
end
|
33
33
|
end
|
34
|
-
|
34
|
+
@loaded = true
|
35
35
|
end
|
36
36
|
|
37
37
|
def save
|
@@ -1,5 +1,3 @@
|
|
1
|
-
require 'active_support/all'
|
2
|
-
|
3
1
|
module Arver
|
4
2
|
module PartitionHierarchyNode
|
5
3
|
|
@@ -72,7 +70,7 @@ module Arver
|
|
72
70
|
def find( name )
|
73
71
|
found = []
|
74
72
|
self.each_node do | node |
|
75
|
-
found += [ node ] if (
|
73
|
+
found += [ node ] if (node.name == name || node.path =~ /#{name}$/)
|
76
74
|
end
|
77
75
|
found
|
78
76
|
end
|
data/lib/arver/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: arver
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.8
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- o
|
@@ -10,7 +10,7 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date:
|
13
|
+
date: 2020-03-02 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: gpgme
|
@@ -26,20 +26,6 @@ dependencies:
|
|
26
26
|
- - ">="
|
27
27
|
- !ruby/object:Gem::Version
|
28
28
|
version: 2.0.0
|
29
|
-
- !ruby/object:Gem::Dependency
|
30
|
-
name: activesupport
|
31
|
-
requirement: !ruby/object:Gem::Requirement
|
32
|
-
requirements:
|
33
|
-
- - ">="
|
34
|
-
- !ruby/object:Gem::Version
|
35
|
-
version: '0'
|
36
|
-
type: :runtime
|
37
|
-
prerelease: false
|
38
|
-
version_requirements: !ruby/object:Gem::Requirement
|
39
|
-
requirements:
|
40
|
-
- - ">="
|
41
|
-
- !ruby/object:Gem::Version
|
42
|
-
version: '0'
|
43
29
|
- !ruby/object:Gem::Dependency
|
44
30
|
name: highline
|
45
31
|
requirement: !ruby/object:Gem::Requirement
|
@@ -96,8 +82,8 @@ dependencies:
|
|
96
82
|
- - ">="
|
97
83
|
- !ruby/object:Gem::Version
|
98
84
|
version: 0.9.2
|
99
|
-
description: Arver helps you to
|
100
|
-
|
85
|
+
description: Arver helps you to share access to LUKS devices easily and safely in
|
86
|
+
a team
|
101
87
|
email: arver@lists.immerda.ch
|
102
88
|
executables:
|
103
89
|
- arver
|
@@ -117,6 +103,7 @@ files:
|
|
117
103
|
- lib/arver/config.rb
|
118
104
|
- lib/arver/create_action.rb
|
119
105
|
- lib/arver/deluser_action.rb
|
106
|
+
- lib/arver/dump_key_action.rb
|
120
107
|
- lib/arver/gc_action.rb
|
121
108
|
- lib/arver/gpg_key_manager.rb
|
122
109
|
- lib/arver/host.rb
|
@@ -147,7 +134,7 @@ files:
|
|
147
134
|
- lib/arver/tree.rb
|
148
135
|
- lib/arver/version.rb
|
149
136
|
- man/arver.5
|
150
|
-
homepage: https://
|
137
|
+
homepage: https://code.immerda.ch/immerda/apps/arver
|
151
138
|
licenses: []
|
152
139
|
metadata: {}
|
153
140
|
post_install_message:
|
@@ -158,16 +145,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
158
145
|
requirements:
|
159
146
|
- - ">="
|
160
147
|
- !ruby/object:Gem::Version
|
161
|
-
version: '
|
148
|
+
version: '2.2'
|
162
149
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
163
150
|
requirements:
|
164
151
|
- - ">="
|
165
152
|
- !ruby/object:Gem::Version
|
166
153
|
version: 1.3.6
|
167
154
|
requirements: []
|
168
|
-
|
169
|
-
rubygems_version: 2.7.6
|
155
|
+
rubygems_version: 3.0.6
|
170
156
|
signing_key:
|
171
157
|
specification_version: 4
|
172
|
-
summary:
|
158
|
+
summary: LUKS for groups
|
173
159
|
test_files: []
|