arver 0.1.7 → 0.1.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (13) hide show
  1. checksums.yaml +4 -4
  2. data/README.textile +4 -1
  3. data/lib/arver.rb +2 -2
  4. data/lib/arver/bootstrap.rb +1 -1
  5. data/lib/arver/cli.rb +3 -0
  6. data/lib/arver/config.rb +19 -7
  7. data/lib/arver/dump_key_action.rb +29 -0
  8. data/lib/arver/info_action.rb +38 -6
  9. data/lib/arver/key_saver.rb +1 -1
  10. data/lib/arver/keystore.rb +5 -5
  11. data/lib/arver/partition_hierarchy_node.rb +1 -3
  12. data/lib/arver/version.rb +1 -1
  13. metadata +9 -23
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 8ec56c5c57da5c904ede2f834a7a31f11227f89bae92357a7849341dbf00a0b5
4
- data.tar.gz: 5a8049767274641a034549459e5faab6199210dfd6b66659856bf06207beb2f7
3
+ metadata.gz: b11992d186276bbaa51cef0eb4b05f51cc74ee1e0668dffb7f81122d8674e764
4
+ data.tar.gz: 686b2e04289e64f90ac0064d2464ee3d5e7b6b29507cced0b51343b59033b9b7
5
5
  SHA512:
6
- metadata.gz: 5ea82ee6e26a0eadb8c87c7ee590eeb7015560eaed5df7faaad07de0cd3d969e39bfd5b60cf67b368e2f52e8b0a8f6b0cff227b7e0226e17a1ad4a3873f4cedc
7
- data.tar.gz: a1fed0ca7e559246b886a7cfafe9019ffa1e287b5389d9b29a4a5475e458725747cc8122b8cb22da5b531eced4a4f10569c71b7294eee4b48da803587295504a
6
+ metadata.gz: 8e8b53c4598c0ee397aa3fb47fabf697c906386fa1c0d6f6eacd01dec2fa118c4edff2c2fe68b97068aaf0f71e8975b42604730c1866e4e03a8668732c170478
7
+ data.tar.gz: b499b9154521c7d98f327487b964d77022ac98e278ba43139b14526d09bf3f48c757691b03c2a53d43fb2624ecd90aae25c9794be0e505402f1c7e598ef401f7
data/README.textile CHANGED
@@ -46,7 +46,6 @@ contains an arver package we recommend installation by your package manager.
46
46
  The following ruby gems are required for arver:
47
47
 
48
48
  * gpgme 2
49
- * activesupport 2
50
49
  * escape
51
50
  * highline
52
51
 
@@ -68,6 +67,10 @@ h1. Limitations
68
67
 
69
68
  h2. Known Issues
70
69
 
70
+ It is strongly advised not to set any 'encrypt-to' option in your gnupgp.conf.
71
+ Otherwise, when you issue a key to another person, you can still decrypt it
72
+ yourself, since gpg always encrypts it to this additional recipient.
73
+
71
74
  h3. GPGME and gpg-agent
72
75
 
73
76
  If arver asks you multiple times for the password, you might consider to use
data/lib/arver.rb CHANGED
@@ -1,6 +1,6 @@
1
- %w{singleton yaml fileutils rubygems active_support highline/import gpgme openssl zlib}.each {|f| require f }
1
+ %w{singleton yaml fileutils rubygems highline/import gpgme openssl zlib}.each {|f| require f }
2
2
  $:.unshift(File.dirname(__FILE__)) unless
3
3
  $:.include?(File.dirname(__FILE__)) || $:.include?(File.expand_path(File.dirname(__FILE__)))
4
4
 
5
- %w{ gpg_key_manager luks_wrapper action initial_config_action refresh_action create_action list_action gc_action adduser_action deluser_action info_action close_action open_action target_list command_wrapper ssh_command_wrapper log_levels io_logger log string bootstrap local_config config test_config_loader node_with_script_hooks partition_hierarchy_node host hostgroup tree partition test_partition key_generator key_saver keystore runtime_config key_info_action}.each {|f| require "arver/#{f}" }
5
+ %w{ gpg_key_manager luks_wrapper action initial_config_action refresh_action create_action list_action gc_action adduser_action deluser_action info_action close_action open_action target_list command_wrapper ssh_command_wrapper log_levels io_logger log string bootstrap local_config config test_config_loader node_with_script_hooks partition_hierarchy_node host hostgroup tree partition test_partition key_generator key_saver keystore runtime_config key_info_action dump_key_action }.each {|f| require "arver/#{f}" }
6
6
 
data/lib/arver/bootstrap.rb CHANGED
@@ -7,7 +7,7 @@ class Arver::Bootstrap
7
7
 
8
8
  return true if options[:action] == :init
9
9
 
10
- unless local.username.present?
10
+ if "#{local.username}".empty?
11
11
  Arver::Log.error( "No user defined" )
12
12
  return false
13
13
  end
data/lib/arver/cli.rb CHANGED
@@ -77,6 +77,8 @@ module Arver
77
77
  "LUKS info about a target.") { |arg| options[:argument][:target] = arg; options[:action] = :info; }
78
78
  opts.on_tail( "-l", "--list-targets",
79
79
  "List targets." ) { options[:action] = :list; }
80
+ opts.on_tail( "--dump-key TARGET", String,
81
+ "Dump raw luks passphrase." ) { |arg| options[:argument][:target] = arg; options[:action] = :dump; }
80
82
  opts.on_tail( "--init",
81
83
  "Setup a sample configuration." ) { options[:action] = :init; }
82
84
 
@@ -123,6 +125,7 @@ module Arver
123
125
  :key_info => Arver::KeyInfoAction,
124
126
  :init => Arver::InitialConfigAction,
125
127
  :refresh => Arver::RefreshAction,
128
+ :dump => Arver::DumpKeyAction,
126
129
  }
127
130
 
128
131
  action = (actions[ action ]).new( target_list )
data/lib/arver/config.rb CHANGED
@@ -15,17 +15,22 @@ module Arver
15
15
  end
16
16
 
17
17
  def load
18
- if( ! File.exists?( path ) )
19
- Arver::Log.error( "config-dir "+path+" does not exist" )
20
- exit
18
+ if !File.directory?(path)
19
+ Arver::Log.error("config "+path+" does not exist")
20
+ exit 1
21
21
  end
22
- @users= ( load_file( File.join(path,'users') ) )
22
+ @users = load_file(File.join(path,'users')) || {}
23
+
23
24
  tree.clear
24
- tree.from_hash( load_file( File.join(path,'disks') ) )
25
+ tree.from_hash(load_file(File.join(path,'disks')))
25
26
  end
26
27
 
27
28
  def load_file( filename )
28
- YAML.load( File.read(filename) ) if File.exists?( filename )
29
+ if !File.exists?(filename)
30
+ Arver::Log.error("missing config #{filename}")
31
+ exit 1
32
+ end
33
+ YAML.load(File.read(filename))
29
34
  end
30
35
 
31
36
  def save
@@ -35,7 +40,7 @@ module Arver
35
40
  end
36
41
 
37
42
  def exists?( user )
38
- ! users[user].nil?
43
+ !users[user].nil?
39
44
  end
40
45
 
41
46
  def gpg_key user
@@ -45,6 +50,13 @@ module Arver
45
50
  def slot user
46
51
  users[user]['slot'] if exists?(user)
47
52
  end
53
+
54
+ def user_at(slot)
55
+ users.each do |name, conf|
56
+ return name if slot == conf['slot']
57
+ end
58
+ 'unknown'
59
+ end
48
60
 
49
61
  def == other
50
62
  return tree == other.tree && users == other.users if other.is_a?(Arver::Config)
data/lib/arver/dump_key_action.rb ADDED
@@ -0,0 +1,29 @@
1
+ module Arver
2
+ class DumpKeyAction < Action
3
+ def initialize(target_list)
4
+ super(target_list)
5
+ self.open_keystore
6
+ end
7
+
8
+ def verify?(partition)
9
+ load_key(partition)
10
+ end
11
+
12
+ def execute_partition( partition )
13
+ Arver::Log.info("key for #{partition.path}:")
14
+ Arver::Log.info(key)
15
+ end
16
+
17
+ def pre_host( host )
18
+ end
19
+
20
+ def pre_partition( partition )
21
+ end
22
+
23
+ def post_partition( partition )
24
+ end
25
+
26
+ def post_host( host )
27
+ end
28
+ end
29
+ end
data/lib/arver/info_action.rb CHANGED
@@ -3,6 +3,7 @@ module Arver
3
3
  def initialize( target_list )
4
4
  super( target_list )
5
5
  self.open_keystore
6
+ Arver::Log.info("Warning: existence of a keyslot is not a guarantee that the user can access it")
6
7
  end
7
8
 
8
9
  def pre_host( host )
@@ -10,13 +11,44 @@ module Arver
10
11
  end
11
12
 
12
13
  def execute_partition(partition)
13
- info = {}
14
- (caller = Arver::LuksWrapper.dump(partition)).execute
15
- caller.output.each_line do |line|
16
- next unless line =~ /^[A-Z].*: .*$/
17
- info.store(*line.split(':',2).collect{|f| f.strip })
14
+ cmd = Arver::LuksWrapper.dump(partition)
15
+ cmd.execute
16
+ info = cmd.output
17
+ info =~ /Version:[\s]+(\d)/
18
+ version = $1
19
+ slots = []
20
+
21
+ head = " #{sprintf("%0-10s",partition.name[0...10])} :"+
22
+ " #{sprintf("%0-30s",partition.device_path[0...30])}"
23
+
24
+ if version != '1' && version != '2'
25
+ Arver::Log.info("#{head} : Unsupported luks version")
26
+ return
27
+ end
28
+
29
+ if version == '1'
30
+ info.each_line do |line|
31
+ if line =~ /Key Slot (\d): ENABLED/
32
+ slots << Integer($1)
33
+ end
34
+ end
35
+ else
36
+ keyslots = []
37
+ start = false
38
+ info.each_line do |line|
39
+ if line =~ /Keyslots:/
40
+ start = true
41
+ next
42
+ end
43
+ next unless start
44
+ break unless line =~ /^\s/
45
+ if line =~ /[\s]+(\d): luks2/
46
+ slots << Integer($1)
47
+ end
48
+ end
18
49
  end
19
- Arver::Log.info(" #{sprintf("%0-20s",partition.name.first(20))}: #{sprintf("%0-40s",partition.device_path.first(40))}: Slots: #{(0..7).map{|i| info["Key Slot #{i}"] == 'ENABLED' ? 'X' : '_'}.join}; LUKSv#{info['Version']}; Cypher: #{info['Cipher name']}:#{info['Cipher mode']}:#{info['Hash spec']}; UUID=#{info['UUID']}")
50
+ slots = slots.map{|s| "#{Config.instance.user_at(s)}(#{s})"}.join(",")
51
+ Arver::Log.info("#{head} : #{slots}")
20
52
  end
21
53
  end
22
54
  end
data/lib/arver/key_saver.rb CHANGED
@@ -130,7 +130,7 @@ module Arver
130
130
  end
131
131
 
132
132
  def self.substract_padding( key )
133
- if( key.starts_with? '--- ' )
133
+ if key[0...4] == "--- "
134
134
  Arver::Log.warn( "Warning: you are using deprecated unpadded keyfiles. Please run garbage collect!" )
135
135
  return key
136
136
  end
data/lib/arver/keystore.rb CHANGED
@@ -15,23 +15,23 @@ module Arver
15
15
  end
16
16
  end
17
17
 
18
- attr_accessor :username, :loaded
18
+ attr_reader :username, :loaded
19
19
 
20
20
  def initialize( name )
21
21
  @keys = {}
22
22
  @key_versions = {}
23
- self.username= name
24
- self.loaded = false
23
+ @username = name
24
+ @loaded = false
25
25
  end
26
26
 
27
27
  def load
28
28
  flush_keys
29
- KeySaver.read( self.username ).each do | loaded |
29
+ KeySaver.read(username).each do | loaded |
30
30
  YAML.load( loaded ).each do | target, key |
31
31
  load_luks_key(target,key)
32
32
  end
33
33
  end
34
- self.loaded = true
34
+ @loaded = true
35
35
  end
36
36
 
37
37
  def save
data/lib/arver/partition_hierarchy_node.rb CHANGED
@@ -1,5 +1,3 @@
1
- require 'active_support/all'
2
-
3
1
  module Arver
4
2
  module PartitionHierarchyNode
5
3
 
@@ -72,7 +70,7 @@ module Arver
72
70
  def find( name )
73
71
  found = []
74
72
  self.each_node do | node |
75
- found += [ node ] if ( node.name == name || node.path.ends_with?( name ) )
73
+ found += [ node ] if (node.name == name || node.path =~ /#{name}$/)
76
74
  end
77
75
  found
78
76
  end
data/lib/arver/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Arver
2
- VERSION = '0.1.7'
2
+ VERSION = '0.1.8'
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: arver
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.7
4
+ version: 0.1.8
5
5
  platform: ruby
6
6
  authors:
7
7
  - o
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2018-09-01 00:00:00.000000000 Z
13
+ date: 2020-03-02 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: gpgme
@@ -26,20 +26,6 @@ dependencies:
26
26
  - - ">="
27
27
  - !ruby/object:Gem::Version
28
28
  version: 2.0.0
29
- - !ruby/object:Gem::Dependency
30
- name: activesupport
31
- requirement: !ruby/object:Gem::Requirement
32
- requirements:
33
- - - ">="
34
- - !ruby/object:Gem::Version
35
- version: '0'
36
- type: :runtime
37
- prerelease: false
38
- version_requirements: !ruby/object:Gem::Requirement
39
- requirements:
40
- - - ">="
41
- - !ruby/object:Gem::Version
42
- version: '0'
43
29
  - !ruby/object:Gem::Dependency
44
30
  name: highline
45
31
  requirement: !ruby/object:Gem::Requirement
@@ -96,8 +82,8 @@ dependencies:
96
82
  - - ">="
97
83
  - !ruby/object:Gem::Version
98
84
  version: 0.9.2
99
- description: Arver helps you to manage a large amount of crypted devices easily and
100
- safe amongst a certain amount of members
85
+ description: Arver helps you to share access to LUKS devices easily and safely in
86
+ a team
101
87
  email: arver@lists.immerda.ch
102
88
  executables:
103
89
  - arver
@@ -117,6 +103,7 @@ files:
117
103
  - lib/arver/config.rb
118
104
  - lib/arver/create_action.rb
119
105
  - lib/arver/deluser_action.rb
106
+ - lib/arver/dump_key_action.rb
120
107
  - lib/arver/gc_action.rb
121
108
  - lib/arver/gpg_key_manager.rb
122
109
  - lib/arver/host.rb
@@ -147,7 +134,7 @@ files:
147
134
  - lib/arver/tree.rb
148
135
  - lib/arver/version.rb
149
136
  - man/arver.5
150
- homepage: https://github.com/arver/arver
137
+ homepage: https://code.immerda.ch/immerda/apps/arver
151
138
  licenses: []
152
139
  metadata: {}
153
140
  post_install_message:
@@ -158,16 +145,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
158
145
  requirements:
159
146
  - - ">="
160
147
  - !ruby/object:Gem::Version
161
- version: '0'
148
+ version: '2.2'
162
149
  required_rubygems_version: !ruby/object:Gem::Requirement
163
150
  requirements:
164
151
  - - ">="
165
152
  - !ruby/object:Gem::Version
166
153
  version: 1.3.6
167
154
  requirements: []
168
- rubyforge_project: "[none]"
169
- rubygems_version: 2.7.6
155
+ rubygems_version: 3.0.6
170
156
  signing_key:
171
157
  specification_version: 4
172
- summary: Open crypted devices automatically
158
+ summary: LUKS for groups
173
159
  test_files: []