arver 0.1.9 → 0.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.textile +4 -0
- data/lib/arver/config.rb +2 -2
- data/lib/arver/gpg_key_manager.rb +2 -2
- data/lib/arver/key_saver.rb +3 -4
- data/lib/arver/local_config.rb +1 -1
- data/lib/arver/systemd_open_action.rb +67 -24
- data/lib/arver/version.rb +1 -1
- metadata +5 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 42ca84af2d596b0eed3141d4a198b6b232786a398363a47579aa0d1af4bea645
|
4
|
+
data.tar.gz: 8161dce60e9c7968b808962c6426edc44503bfd09d9180367c0a5b78310160da
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 12102d7730ac2a893f7a0fe8593c6e20d1c4141d2a9ba227ee3db5aaf55d9fe5fccd9baaf9d8a8dbf80b2a4968d7c60ebc04b1f1326a3a08457421435f55431f
|
7
|
+
data.tar.gz: 704abd36bc00fde5746cb91edb9602426d7bed46a1dfde2ed4e62e93bc9cc4d8c945cab8f6bf63ff5f2857eda7f474e5b2abff2d009a75e7e315b3e3ccf3d5dc
|
data/CHANGELOG.textile
CHANGED
data/lib/arver/config.rb
CHANGED
@@ -26,7 +26,7 @@ module Arver
|
|
26
26
|
end
|
27
27
|
|
28
28
|
def load_file( filename )
|
29
|
-
if !File.
|
29
|
+
if !File.exist?(filename)
|
30
30
|
Arver::Log.error("missing config #{filename}")
|
31
31
|
exit 1
|
32
32
|
end
|
@@ -34,7 +34,7 @@ module Arver
|
|
34
34
|
end
|
35
35
|
|
36
36
|
def save
|
37
|
-
FileUtils.mkdir_p( path ) unless File.
|
37
|
+
FileUtils.mkdir_p( path ) unless File.exist?( path )
|
38
38
|
File.open( File.join(path,'users'), 'w' ) { |f| f.write( users.to_yaml ) }
|
39
39
|
File.open( File.join(path,'disks'), 'w' ) { |f| f.write( tree.to_yaml ) }
|
40
40
|
end
|
@@ -43,10 +43,10 @@ module Arver
|
|
43
43
|
end
|
44
44
|
|
45
45
|
config_path = Arver::LocalConfig.instance.config_dir
|
46
|
-
FileUtils.mkdir_p "#{config_path}/keys/public" unless File.
|
46
|
+
FileUtils.mkdir_p "#{config_path}/keys/public" unless File.exist?( "#{config_path}/keys/public" )
|
47
47
|
key = _key_of( user )
|
48
48
|
user_pubkey_file = config_path+"/keys/public/"+user
|
49
|
-
on_disk = File.
|
49
|
+
on_disk = File.exist?( user_pubkey_file )
|
50
50
|
|
51
51
|
if ! key && ! on_disk
|
52
52
|
Arver::Log.error( "No publickey for #{user} found. Aborting all actions." )
|
data/lib/arver/key_saver.rb
CHANGED
@@ -2,13 +2,12 @@ require 'securerandom'
|
|
2
2
|
|
3
3
|
module Arver
|
4
4
|
class KeySaver
|
5
|
-
|
6
5
|
def self.save( user, key )
|
7
6
|
tmp_path = tmp_key_path( user )
|
8
7
|
back_path = backup_key_path( user )
|
9
8
|
path = key_path( user )
|
10
9
|
filename = save_to( user, key, tmp_path )
|
11
|
-
FileUtils.mv(path,back_path) if File.
|
10
|
+
FileUtils.mv(path,back_path) if File.exist?(path)
|
12
11
|
FileUtils.mv(tmp_path,path)
|
13
12
|
FileUtils.rm_rf(back_path)
|
14
13
|
File.join(path,filename)
|
@@ -57,7 +56,7 @@ module Arver
|
|
57
56
|
end
|
58
57
|
key_encrypted = encrypted.read
|
59
58
|
unless( Arver::RuntimeConfig.instance.dry_run )
|
60
|
-
FileUtils.mkdir_p path unless File.
|
59
|
+
FileUtils.mkdir_p path unless File.exist?( path )
|
61
60
|
filename = "#{OpenSSL::Digest::SHA256.new << key_encrypted}"
|
62
61
|
File.open( File.join("#{path}","#{filename}"), 'w' ) do |f|
|
63
62
|
f.write key_encrypted
|
@@ -92,7 +91,7 @@ module Arver
|
|
92
91
|
|
93
92
|
def self.read( user )
|
94
93
|
GPGKeyManager.check_key_of( user )
|
95
|
-
return [] unless File.
|
94
|
+
return [] unless File.exist?( key_path( user ) )
|
96
95
|
decrypted = []
|
97
96
|
crypto = GPGME::Crypto.new
|
98
97
|
Dir.entries( key_path( user ) ).sort.each do | file |
|
data/lib/arver/local_config.rb
CHANGED
@@ -13,26 +13,45 @@ module Arver
|
|
13
13
|
return false
|
14
14
|
end
|
15
15
|
return false unless load_key( partition )
|
16
|
+
|
17
|
+
if verify_partition(partition)
|
18
|
+
Arver::Log.info( "#{partition.path} is already open! Skipping..." )
|
19
|
+
return false
|
20
|
+
end
|
16
21
|
true
|
17
22
|
end
|
18
23
|
|
19
24
|
def get_socket(host, partid)
|
20
25
|
# Check which partitions are waiting for a password
|
21
|
-
# see https://
|
22
|
-
|
23
|
-
|
24
|
-
|
26
|
+
# see https://systemd.io/PASSWORD_AGENTS/
|
27
|
+
# systemd might have a while until they pop up does we try a few times
|
28
|
+
3.times do
|
29
|
+
found = false
|
30
|
+
files_exec = ''
|
31
|
+
3.times do
|
32
|
+
files_exec = Arver::SSHCommandWrapper.create("ls", ["/run/systemd/ask-password/ask.*","2>","/dev/null"], host, true, true)
|
33
|
+
files_exec.execute
|
34
|
+
found = files_exec.success?
|
35
|
+
break if found
|
36
|
+
Arver::Log.error( "No ask-password definition found, retrying in 3 secs..." )
|
37
|
+
sleep 3
|
38
|
+
end
|
39
|
+
if found
|
40
|
+
files = files_exec.output.split("\n")
|
25
41
|
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
42
|
+
# Find the socket for the partition we want to open
|
43
|
+
files.each do |f|
|
44
|
+
f_exec = Arver::SSHCommandWrapper.create("cat", [f], host, true, true)
|
45
|
+
f_exec.execute
|
46
|
+
ask_file = f_exec.output
|
47
|
+
if ask_file =~ /#{partid}/
|
48
|
+
ask_file =~ /Socket=(.*)/
|
49
|
+
return $1
|
50
|
+
end
|
51
|
+
end
|
34
52
|
end
|
35
53
|
end
|
54
|
+
Arver::Log.error( "No ask-password definitions found to scan. Aborting..." )
|
36
55
|
nil
|
37
56
|
end
|
38
57
|
|
@@ -42,24 +61,16 @@ module Arver
|
|
42
61
|
partid = nil
|
43
62
|
host = partition.parent
|
44
63
|
|
45
|
-
|
46
|
-
partid_exec = Arver::SSHCommandWrapper.create("blkid", ["/dev/#{partition.device}"], host, true, true)
|
47
|
-
partid_exec.execute
|
48
|
-
partid = partid_exec.output.chomp.gsub(/.* UUID=\"([^"]+)\" .*/,'\1')
|
49
|
-
unless partid =~ /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/
|
50
|
-
puts "Could not get uuid of disk"
|
51
|
-
throw( :abort_action )
|
52
|
-
end
|
53
|
-
|
64
|
+
partid = get_uuid(partition)
|
54
65
|
socket = get_socket(host, partid)
|
55
66
|
if socket.nil?
|
56
|
-
|
67
|
+
Arver::Log.error( "Disk is not waiting to be opened" )
|
57
68
|
throw( :abort_action )
|
58
69
|
end
|
59
70
|
|
60
71
|
# Upload password-agent binary and supply password to the correct socket
|
61
72
|
binary = File.join(ROOT_DIR, "vendor", "password-agent")
|
62
|
-
unless File.
|
73
|
+
unless File.exist?(binary)
|
63
74
|
puts "This gem is missing the native password-agent binary"
|
64
75
|
throw( :abort_action )
|
65
76
|
end
|
@@ -77,7 +88,39 @@ module Arver
|
|
77
88
|
a = Arver::SSHCommandWrapper.create("/run/password-agent", [socket], host, true, true)
|
78
89
|
a.execute(key)
|
79
90
|
|
80
|
-
|
91
|
+
Arver::Log.info("Trying to validate opening of #{partition.path} ..." )
|
92
|
+
verified = false
|
93
|
+
3.times do
|
94
|
+
verified = verify_partition(partition)
|
95
|
+
break if verified
|
96
|
+
sleep 3
|
97
|
+
end
|
98
|
+
if verified
|
99
|
+
Arver::Log.info("Success in validating opening of #{partition.path} ..." )
|
100
|
+
else
|
101
|
+
Arver::Log.error("Failed to validate opening of #{partition.path} ..." )
|
102
|
+
end
|
103
|
+
end
|
104
|
+
|
105
|
+
private
|
106
|
+
|
107
|
+
def get_uuid(partition)
|
108
|
+
# Find the uuid of this partition
|
109
|
+
partid_exec = Arver::SSHCommandWrapper.create("blkid", ["/dev/#{partition.device}"], partition.parent, true, true)
|
110
|
+
partid_exec.execute
|
111
|
+
partid = partid_exec.output.chomp.gsub(/.* UUID=\"([^"]+)\" .*/,'\1')
|
112
|
+
unless partid =~ /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/
|
113
|
+
puts "Could not get uuid of disk"
|
114
|
+
throw( :abort_action )
|
115
|
+
end
|
116
|
+
partid
|
117
|
+
end
|
118
|
+
|
119
|
+
def verify_partition(partition)
|
120
|
+
partid = get_uuid(partition)
|
121
|
+
r = Arver::SSHCommandWrapper.create("test", ['-b',"/dev/mapper/luks-#{partid}"], partition.parent, true, true)
|
122
|
+
r.execute
|
123
|
+
r.success?
|
81
124
|
end
|
82
125
|
end
|
83
126
|
end
|
data/lib/arver/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: arver
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: '0.2'
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- o
|
@@ -10,7 +10,7 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date:
|
13
|
+
date: 2024-01-27 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: gpgme
|
@@ -137,7 +137,8 @@ files:
|
|
137
137
|
- man/arver.5
|
138
138
|
- vendor/password-agent
|
139
139
|
homepage: https://code.immerda.ch/immerda/apps/arver
|
140
|
-
licenses:
|
140
|
+
licenses:
|
141
|
+
- MIT
|
141
142
|
metadata: {}
|
142
143
|
post_install_message:
|
143
144
|
rdoc_options: []
|
@@ -154,7 +155,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
154
155
|
- !ruby/object:Gem::Version
|
155
156
|
version: 1.3.6
|
156
157
|
requirements: []
|
157
|
-
rubygems_version: 3.
|
158
|
+
rubygems_version: 3.4.10
|
158
159
|
signing_key:
|
159
160
|
specification_version: 4
|
160
161
|
summary: LUKS for groups
|