backup-agoddard 3.0.27
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of backup-agoddard might be problematic. Click here for more details.
- data/.gitignore +8 -0
- data/.travis.yml +10 -0
- data/Gemfile +28 -0
- data/Guardfile +23 -0
- data/LICENSE.md +24 -0
- data/README.md +478 -0
- data/backup.gemspec +32 -0
- data/bin/backup +11 -0
- data/lib/backup.rb +133 -0
- data/lib/backup/archive.rb +117 -0
- data/lib/backup/binder.rb +22 -0
- data/lib/backup/cleaner.rb +121 -0
- data/lib/backup/cli/helpers.rb +93 -0
- data/lib/backup/cli/utility.rb +255 -0
- data/lib/backup/compressor/base.rb +35 -0
- data/lib/backup/compressor/bzip2.rb +50 -0
- data/lib/backup/compressor/custom.rb +53 -0
- data/lib/backup/compressor/gzip.rb +50 -0
- data/lib/backup/compressor/lzma.rb +52 -0
- data/lib/backup/compressor/pbzip2.rb +59 -0
- data/lib/backup/config.rb +174 -0
- data/lib/backup/configuration.rb +33 -0
- data/lib/backup/configuration/helpers.rb +130 -0
- data/lib/backup/configuration/store.rb +24 -0
- data/lib/backup/database/base.rb +53 -0
- data/lib/backup/database/mongodb.rb +230 -0
- data/lib/backup/database/mysql.rb +160 -0
- data/lib/backup/database/postgresql.rb +144 -0
- data/lib/backup/database/redis.rb +136 -0
- data/lib/backup/database/riak.rb +67 -0
- data/lib/backup/dependency.rb +108 -0
- data/lib/backup/encryptor/base.rb +29 -0
- data/lib/backup/encryptor/gpg.rb +760 -0
- data/lib/backup/encryptor/open_ssl.rb +72 -0
- data/lib/backup/errors.rb +124 -0
- data/lib/backup/hooks.rb +68 -0
- data/lib/backup/logger.rb +152 -0
- data/lib/backup/model.rb +409 -0
- data/lib/backup/notifier/base.rb +81 -0
- data/lib/backup/notifier/campfire.rb +155 -0
- data/lib/backup/notifier/hipchat.rb +93 -0
- data/lib/backup/notifier/mail.rb +206 -0
- data/lib/backup/notifier/prowl.rb +65 -0
- data/lib/backup/notifier/pushover.rb +88 -0
- data/lib/backup/notifier/twitter.rb +70 -0
- data/lib/backup/package.rb +47 -0
- data/lib/backup/packager.rb +100 -0
- data/lib/backup/pipeline.rb +110 -0
- data/lib/backup/splitter.rb +75 -0
- data/lib/backup/storage/base.rb +99 -0
- data/lib/backup/storage/cloudfiles.rb +87 -0
- data/lib/backup/storage/cycler.rb +117 -0
- data/lib/backup/storage/dropbox.rb +178 -0
- data/lib/backup/storage/ftp.rb +119 -0
- data/lib/backup/storage/local.rb +82 -0
- data/lib/backup/storage/ninefold.rb +116 -0
- data/lib/backup/storage/rsync.rb +149 -0
- data/lib/backup/storage/s3.rb +94 -0
- data/lib/backup/storage/scp.rb +99 -0
- data/lib/backup/storage/sftp.rb +108 -0
- data/lib/backup/syncer/base.rb +46 -0
- data/lib/backup/syncer/cloud/base.rb +247 -0
- data/lib/backup/syncer/cloud/cloud_files.rb +78 -0
- data/lib/backup/syncer/cloud/s3.rb +68 -0
- data/lib/backup/syncer/rsync/base.rb +49 -0
- data/lib/backup/syncer/rsync/local.rb +55 -0
- data/lib/backup/syncer/rsync/pull.rb +36 -0
- data/lib/backup/syncer/rsync/push.rb +116 -0
- data/lib/backup/template.rb +46 -0
- data/lib/backup/version.rb +43 -0
- data/spec-live/.gitignore +6 -0
- data/spec-live/README +7 -0
- data/spec-live/backups/config.rb +83 -0
- data/spec-live/backups/config.yml.template +46 -0
- data/spec-live/backups/models.rb +184 -0
- data/spec-live/compressor/custom_spec.rb +30 -0
- data/spec-live/compressor/gzip_spec.rb +30 -0
- data/spec-live/encryptor/gpg_keys.rb +239 -0
- data/spec-live/encryptor/gpg_spec.rb +287 -0
- data/spec-live/notifier/mail_spec.rb +121 -0
- data/spec-live/spec_helper.rb +151 -0
- data/spec-live/storage/dropbox_spec.rb +151 -0
- data/spec-live/storage/local_spec.rb +83 -0
- data/spec-live/storage/scp_spec.rb +193 -0
- data/spec-live/syncer/cloud/s3_spec.rb +124 -0
- data/spec/archive_spec.rb +335 -0
- data/spec/cleaner_spec.rb +312 -0
- data/spec/cli/helpers_spec.rb +301 -0
- data/spec/cli/utility_spec.rb +411 -0
- data/spec/compressor/base_spec.rb +52 -0
- data/spec/compressor/bzip2_spec.rb +217 -0
- data/spec/compressor/custom_spec.rb +106 -0
- data/spec/compressor/gzip_spec.rb +217 -0
- data/spec/compressor/lzma_spec.rb +123 -0
- data/spec/compressor/pbzip2_spec.rb +165 -0
- data/spec/config_spec.rb +321 -0
- data/spec/configuration/helpers_spec.rb +247 -0
- data/spec/configuration/store_spec.rb +39 -0
- data/spec/configuration_spec.rb +62 -0
- data/spec/database/base_spec.rb +63 -0
- data/spec/database/mongodb_spec.rb +510 -0
- data/spec/database/mysql_spec.rb +411 -0
- data/spec/database/postgresql_spec.rb +353 -0
- data/spec/database/redis_spec.rb +334 -0
- data/spec/database/riak_spec.rb +176 -0
- data/spec/dependency_spec.rb +51 -0
- data/spec/encryptor/base_spec.rb +40 -0
- data/spec/encryptor/gpg_spec.rb +909 -0
- data/spec/encryptor/open_ssl_spec.rb +148 -0
- data/spec/errors_spec.rb +306 -0
- data/spec/hooks_spec.rb +35 -0
- data/spec/logger_spec.rb +367 -0
- data/spec/model_spec.rb +694 -0
- data/spec/notifier/base_spec.rb +104 -0
- data/spec/notifier/campfire_spec.rb +217 -0
- data/spec/notifier/hipchat_spec.rb +211 -0
- data/spec/notifier/mail_spec.rb +316 -0
- data/spec/notifier/prowl_spec.rb +138 -0
- data/spec/notifier/pushover_spec.rb +123 -0
- data/spec/notifier/twitter_spec.rb +153 -0
- data/spec/package_spec.rb +61 -0
- data/spec/packager_spec.rb +213 -0
- data/spec/pipeline_spec.rb +259 -0
- data/spec/spec_helper.rb +60 -0
- data/spec/splitter_spec.rb +120 -0
- data/spec/storage/base_spec.rb +166 -0
- data/spec/storage/cloudfiles_spec.rb +254 -0
- data/spec/storage/cycler_spec.rb +247 -0
- data/spec/storage/dropbox_spec.rb +480 -0
- data/spec/storage/ftp_spec.rb +271 -0
- data/spec/storage/local_spec.rb +259 -0
- data/spec/storage/ninefold_spec.rb +343 -0
- data/spec/storage/rsync_spec.rb +362 -0
- data/spec/storage/s3_spec.rb +245 -0
- data/spec/storage/scp_spec.rb +233 -0
- data/spec/storage/sftp_spec.rb +244 -0
- data/spec/syncer/base_spec.rb +109 -0
- data/spec/syncer/cloud/base_spec.rb +515 -0
- data/spec/syncer/cloud/cloud_files_spec.rb +181 -0
- data/spec/syncer/cloud/s3_spec.rb +174 -0
- data/spec/syncer/rsync/base_spec.rb +98 -0
- data/spec/syncer/rsync/local_spec.rb +149 -0
- data/spec/syncer/rsync/pull_spec.rb +98 -0
- data/spec/syncer/rsync/push_spec.rb +333 -0
- data/spec/version_spec.rb +21 -0
- data/templates/cli/utility/archive +25 -0
- data/templates/cli/utility/compressor/bzip2 +4 -0
- data/templates/cli/utility/compressor/custom +11 -0
- data/templates/cli/utility/compressor/gzip +4 -0
- data/templates/cli/utility/compressor/lzma +10 -0
- data/templates/cli/utility/compressor/pbzip2 +10 -0
- data/templates/cli/utility/config +32 -0
- data/templates/cli/utility/database/mongodb +18 -0
- data/templates/cli/utility/database/mysql +21 -0
- data/templates/cli/utility/database/postgresql +17 -0
- data/templates/cli/utility/database/redis +16 -0
- data/templates/cli/utility/database/riak +11 -0
- data/templates/cli/utility/encryptor/gpg +27 -0
- data/templates/cli/utility/encryptor/openssl +9 -0
- data/templates/cli/utility/model.erb +23 -0
- data/templates/cli/utility/notifier/campfire +12 -0
- data/templates/cli/utility/notifier/hipchat +15 -0
- data/templates/cli/utility/notifier/mail +22 -0
- data/templates/cli/utility/notifier/prowl +11 -0
- data/templates/cli/utility/notifier/pushover +11 -0
- data/templates/cli/utility/notifier/twitter +13 -0
- data/templates/cli/utility/splitter +7 -0
- data/templates/cli/utility/storage/cloud_files +22 -0
- data/templates/cli/utility/storage/dropbox +20 -0
- data/templates/cli/utility/storage/ftp +12 -0
- data/templates/cli/utility/storage/local +7 -0
- data/templates/cli/utility/storage/ninefold +9 -0
- data/templates/cli/utility/storage/rsync +11 -0
- data/templates/cli/utility/storage/s3 +19 -0
- data/templates/cli/utility/storage/scp +11 -0
- data/templates/cli/utility/storage/sftp +11 -0
- data/templates/cli/utility/syncer/cloud_files +46 -0
- data/templates/cli/utility/syncer/rsync_local +12 -0
- data/templates/cli/utility/syncer/rsync_pull +17 -0
- data/templates/cli/utility/syncer/rsync_push +17 -0
- data/templates/cli/utility/syncer/s3 +43 -0
- data/templates/general/links +11 -0
- data/templates/general/version.erb +2 -0
- data/templates/notifier/mail/failure.erb +9 -0
- data/templates/notifier/mail/success.erb +7 -0
- data/templates/notifier/mail/warning.erb +9 -0
- data/templates/storage/dropbox/authorization_url.erb +6 -0
- data/templates/storage/dropbox/authorized.erb +4 -0
- data/templates/storage/dropbox/cache_file_written.erb +10 -0
- metadata +277 -0
@@ -0,0 +1,29 @@
|
|
1
|
+
# encoding: utf-8
|
2
|
+
|
3
|
+
module Backup
|
4
|
+
module Encryptor
|
5
|
+
class Base
|
6
|
+
include Backup::CLI::Helpers
|
7
|
+
include Backup::Configuration::Helpers
|
8
|
+
|
9
|
+
def initialize
|
10
|
+
load_defaults!
|
11
|
+
end
|
12
|
+
|
13
|
+
private
|
14
|
+
|
15
|
+
##
|
16
|
+
# Return the encryptor name, with Backup namespace removed
|
17
|
+
def encryptor_name
|
18
|
+
self.class.to_s.sub('Backup::', '')
|
19
|
+
end
|
20
|
+
|
21
|
+
##
|
22
|
+
# Logs a message to the console and log file to inform
|
23
|
+
# the client that Backup is encrypting the archive
|
24
|
+
def log!
|
25
|
+
Logger.message "Using #{ encryptor_name } to encrypt the archive."
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
@@ -0,0 +1,760 @@
|
|
1
|
+
# encoding: utf-8
|
2
|
+
|
3
|
+
module Backup
|
4
|
+
module Encryptor
|
5
|
+
##
|
6
|
+
# The GPG Encryptor allows you to encrypt your final archive using GnuPG,
|
7
|
+
# using one of three {#mode modes} of operation.
|
8
|
+
#
|
9
|
+
# == First, setup defaults in your +config.rb+ file
|
10
|
+
#
|
11
|
+
# Configure the {#keys} Hash using {.defaults} in your +config.rb+
|
12
|
+
# to specify all valid {#recipients} and their Public Key.
|
13
|
+
#
|
14
|
+
# Backup::Encryptor::GPG.defaults do |encryptor|
|
15
|
+
# # setup all GnuPG public keys
|
16
|
+
# encryptor.keys = {}
|
17
|
+
# encryptor.keys['joe@example.com'] = <<-EOS
|
18
|
+
# # ...public key here...
|
19
|
+
# EOS
|
20
|
+
# encryptor.keys['mary@example.com'] = <<-EOS
|
21
|
+
# # ...public key here...
|
22
|
+
# EOS
|
23
|
+
# end
|
24
|
+
#
|
25
|
+
# The optional {#gpg_config} and {#gpg_homedir} options would also
|
26
|
+
# typically be set using {.defaults} in +config.rb+ as well.
|
27
|
+
#
|
28
|
+
# == Then, setup each of your Models
|
29
|
+
#
|
30
|
+
# Set the desired {#recipients} and/or {#passphrase} (or {#passphrase_file})
|
31
|
+
# for each {Model}, depending on the {#mode} used.
|
32
|
+
#
|
33
|
+
# === my_backup_01
|
34
|
+
#
|
35
|
+
# This archive can only be decrypted using the private key for joe@example.com
|
36
|
+
#
|
37
|
+
# Model.new(:my_backup_01, 'Backup Job #1') do
|
38
|
+
# # ... archives, databases, compressor and storage options, etc...
|
39
|
+
# encrypt_with GPG do |encryptor|
|
40
|
+
# encryptor.mode = :asymmetric
|
41
|
+
# encryptor.recipients = 'joe@example.com'
|
42
|
+
# end
|
43
|
+
# end
|
44
|
+
#
|
45
|
+
# === my_backup_02
|
46
|
+
#
|
47
|
+
# This archive can only be decrypted using the passphrase "a secret".
|
48
|
+
#
|
49
|
+
# Model.new(:my_backup_02, 'Backup Job #2') do
|
50
|
+
# # ... archives, databases, compressor and storage options, etc...
|
51
|
+
# encrypt_with GPG do |encryptor|
|
52
|
+
# encryptor.mode = :symmetric
|
53
|
+
# encryptor.passphrase = 'a secret'
|
54
|
+
# end
|
55
|
+
# end
|
56
|
+
#
|
57
|
+
# === my_backup_03
|
58
|
+
#
|
59
|
+
# This archive may be decrypted using either the private key for joe@example.com
|
60
|
+
# *or* mary@example.com, *and* may also be decrypted using the passphrase.
|
61
|
+
#
|
62
|
+
# Model.new(:my_backup_03, 'Backup Job #3') do
|
63
|
+
# # ... archives, databases, compressor and storage options, etc...
|
64
|
+
# encrypt_with GPG do |encryptor|
|
65
|
+
# encryptor.mode = :both
|
66
|
+
# encryptor.passphrase = 'a secret'
|
67
|
+
# encryptor.recipients = ['joe@example.com', 'mary@example.com']
|
68
|
+
# end
|
69
|
+
# end
|
70
|
+
#
|
71
|
+
class GPG < Base
|
72
|
+
MODES = [:asymmetric, :symmetric, :both]
|
73
|
+
|
74
|
+
##
|
75
|
+
# Sets the mode of operation.
|
76
|
+
#
|
77
|
+
# [:asymmetric]
|
78
|
+
# In this mode, the final backup archive will be encrypted using the
|
79
|
+
# public key(s) specified by the key identifiers in {#recipients}.
|
80
|
+
# The archive may then be decrypted by anyone with a private key that
|
81
|
+
# corresponds to one of the public keys used. See {#recipients} and
|
82
|
+
# {#keys} for more information.
|
83
|
+
#
|
84
|
+
# [:symmetric]
|
85
|
+
# In this mode, the final backup archive will be encrypted using the
|
86
|
+
# passphrase specified by {#passphrase} or {#passphrase_file}.
|
87
|
+
# The archive will be encrypted using the encryption algorithm
|
88
|
+
# specified in your GnuPG configuration. See {#gpg_config} for more
|
89
|
+
# information. Anyone with the passphrase may decrypt the archive.
|
90
|
+
#
|
91
|
+
# [:both]
|
92
|
+
# In this mode, both +:asymmetric+ and +:symmetric+ options are used.
|
93
|
+
# Meaning that the archive may be decrypted by anyone with a valid
|
94
|
+
# private key or by using the proper passphrase.
|
95
|
+
#
|
96
|
+
# @param mode [String, Symbol] Sets the mode of operation.
|
97
|
+
# (Defaults to +:asymmetric+)
|
98
|
+
# @return [Symbol] mode that was set.
|
99
|
+
# @raise [Backup::Errors::Encryptor::GPG::InvalidModeError]
|
100
|
+
# if mode given is invalid.
|
101
|
+
#
|
102
|
+
attr_reader :mode
|
103
|
+
def mode=(mode)
|
104
|
+
@mode = mode.to_sym
|
105
|
+
raise Errors::Encryptor::GPG::InvalidModeError,
|
106
|
+
"'#{ @mode }' is not a valid mode." unless MODES.include?(@mode)
|
107
|
+
end
|
108
|
+
|
109
|
+
##
|
110
|
+
# Specifies the GnuPG configuration to be used.
|
111
|
+
#
|
112
|
+
# This should be given as the text of a +gpg.conf+ file. It will be
|
113
|
+
# written to a temporary file, which will be passed to the +gpg+ command
|
114
|
+
# to use instead of the +gpg.conf+ found in the GnuPG home directory.
|
115
|
+
# This allows you to be certain your preferences are used.
|
116
|
+
#
|
117
|
+
# This is especially useful if you've also set {#gpg_homedir} and plan
|
118
|
+
# on allowing Backup to automatically create that directory and import
|
119
|
+
# all your public keys specified in {#keys}. In this situation, that
|
120
|
+
# folder would not contain any +gpg.conf+ file, so GnuPG would simply
|
121
|
+
# use it's defaults.
|
122
|
+
#
|
123
|
+
# While this may be specified on a per-Model basis, you would generally
|
124
|
+
# just specify this in the defaults. Leading tabs/spaces are stripped
|
125
|
+
# before writing the given string to the temporary configuration file.
|
126
|
+
#
|
127
|
+
# Backup::Encryptor::GPG.defaults do |enc|
|
128
|
+
# enc.gpg_config = <<-EOF
|
129
|
+
# # safely override preferences set in the receiver's public key(s)
|
130
|
+
# personal-cipher-preferences TWOFISH AES256 BLOWFISH AES192 CAST5 AES
|
131
|
+
# personal-digest-preferences SHA512 SHA256 SHA1 MD5
|
132
|
+
# personal-compress-preferences BZIP2 ZLIB ZIP Uncompressed
|
133
|
+
# # cipher algorithm for symmetric encryption
|
134
|
+
# # (if personal-cipher-preferences are not specified)
|
135
|
+
# s2k-cipher-algo TWOFISH
|
136
|
+
# # digest algorithm for mangling the symmetric encryption passphrase
|
137
|
+
# s2k-digest-algo SHA512
|
138
|
+
# EOF
|
139
|
+
# end
|
140
|
+
#
|
141
|
+
# @see #gpg_homedir
|
142
|
+
# @return [String]
|
143
|
+
attr_accessor :gpg_config
|
144
|
+
|
145
|
+
##
|
146
|
+
# Set the GnuPG home directory to be used.
|
147
|
+
#
|
148
|
+
# This allows you to specify the GnuPG home directory on the system
|
149
|
+
# where Backup will be run, keeping the keyrings used by Backup separate
|
150
|
+
# from the default keyrings of the user running Backup.
|
151
|
+
# By default, this would be +`~/.gnupg`+.
|
152
|
+
#
|
153
|
+
# If a directory is specified here, Backup will create it if needed
|
154
|
+
# and ensure the correct permissions are set. All public keys Backup
|
155
|
+
# imports would be added to the +pubring.gpg+ file within this directory,
|
156
|
+
# and +gpg+ would be given this directory using it's +--homedir+ option.
|
157
|
+
#
|
158
|
+
# Any +gpg.conf+ file located in this directory would also be used by
|
159
|
+
# +gpg+, unless {#gpg_config} is specified.
|
160
|
+
#
|
161
|
+
# The given path will be expanded before use.
|
162
|
+
#
|
163
|
+
# @return [String]
|
164
|
+
attr_accessor :gpg_homedir
|
165
|
+
|
166
|
+
##
|
167
|
+
# Specifies a Hash of public key identifiers and their public keys.
|
168
|
+
#
|
169
|
+
# While not _required_, it is recommended that all public keys you intend
|
170
|
+
# to use be setup in {#keys}. The best place to do this is in your defaults
|
171
|
+
# in +config.rb+.
|
172
|
+
#
|
173
|
+
# Backup::Encryptor::GPG.defaults do |enc|
|
174
|
+
# enc.keys = {}
|
175
|
+
#
|
176
|
+
# enc.keys['joe@example.com'] = <<-EOS
|
177
|
+
# -----BEGIN PGP PUBLIC KEY BLOCK-----
|
178
|
+
# Version: GnuPG v1.4.12 (GNU/Linux)
|
179
|
+
#
|
180
|
+
# mQMqBEd5F8MRCACfArHCJFR6nkmxNiW+UE4PAW3bQla9JWFqCwu4VqLkPI/lHb5p
|
181
|
+
# xHff8Fzy2O89BxD/6hXSDx2SlVmAGHOCJhShx1vfNGVYNsJn2oNK50in9kGvD0+m
|
182
|
+
# [...]
|
183
|
+
# SkQEHOxhMiFjAN9q4LuirSOu65uR1bnTmF+Z92++qMIuEkH4/LnN
|
184
|
+
# =8gNa
|
185
|
+
# -----END PGP PUBLIC KEY BLOCK-----
|
186
|
+
# EOS
|
187
|
+
#
|
188
|
+
# enc.keys['mary@example.com'] = <<-EOS
|
189
|
+
# -----BEGIN PGP PUBLIC KEY BLOCK-----
|
190
|
+
# Version: GnuPG v1.4.12 (GNU/Linux)
|
191
|
+
#
|
192
|
+
# 2SlVmAGHOCJhShx1vfNGVYNxHff8Fzy2O89BxD/6in9kGvD0+mhXSDxsJn2oNK50
|
193
|
+
# kmxNiW+UmQMqBEd5F8MRCACfArHCJFR6qCwu4VqLkPI/lHb5pnE4PAW3bQla9JWF
|
194
|
+
# [...]
|
195
|
+
# AN9q4LSkQEHOxhMiFjuirSOu65u++qMIuEkH4/LnNR1bnTmF+Z92
|
196
|
+
# =8gNa
|
197
|
+
# -----END PGP PUBLIC KEY BLOCK-----
|
198
|
+
#
|
199
|
+
# EOS
|
200
|
+
# end
|
201
|
+
#
|
202
|
+
# All leading spaces/tabs will be stripped from the key, so the above
|
203
|
+
# form may be used to set each identifier's key.
|
204
|
+
#
|
205
|
+
# When a public key can not be found for an identifier specified in
|
206
|
+
# {#recipients}, the corresponding public key from this Hash will be
|
207
|
+
# imported into +pubring.gpg+ in the GnuPG home directory ({#gpg_homedir}).
|
208
|
+
# Therefore, each key *must* be the same identifier used in {#recipients}.
|
209
|
+
#
|
210
|
+
# To obtain the public key in ASCII format, use:
|
211
|
+
#
|
212
|
+
# $ gpg -a --export joe@example.com
|
213
|
+
#
|
214
|
+
# See {#recipients} for information on what may be used as valid identifiers.
|
215
|
+
#
|
216
|
+
# @return [Hash]
|
217
|
+
attr_accessor :keys
|
218
|
+
|
219
|
+
##
|
220
|
+
# @deprecated Use {#keys} and {#recipients}.
|
221
|
+
# @!attribute key
|
222
|
+
attr_deprecate :key,
|
223
|
+
:version => '3.0.26',
|
224
|
+
:message => "This has been replaced with #keys and #recipients",
|
225
|
+
:action => lambda {|klass, val|
|
226
|
+
identifier = klass.send(:import_key, 'deprecated :key', val)
|
227
|
+
klass.recipients = identifier
|
228
|
+
}
|
229
|
+
|
230
|
+
##
|
231
|
+
# Specifies the recipients to use when encrypting the backup archive.
|
232
|
+
#
|
233
|
+
# When {#mode} is set to +:asymmetric+ or +:both+, the public key for
|
234
|
+
# each recipient given here will be used to encrypt the archive. Each
|
235
|
+
# recipient will be able to decrypt the archive using their private key.
|
236
|
+
#
|
237
|
+
# If there is only one recipient, this may be specified as a String.
|
238
|
+
# Otherwise, this should be an Array of Strings. Each String must be a
|
239
|
+
# valid public key identifier, and *must* be the same identifier used to
|
240
|
+
# specify the recipient's public key in {#keys}. This is so that if a
|
241
|
+
# public key is not found for the given identifier, it may be imported
|
242
|
+
# from {#keys}.
|
243
|
+
#
|
244
|
+
# Valid identifiers which may be used are as follows:
|
245
|
+
#
|
246
|
+
# [Key Fingerprint]
|
247
|
+
# The key fingerprint is a 40-character hex string, which uniquely
|
248
|
+
# identifies a public key. This may be obtained using the following:
|
249
|
+
#
|
250
|
+
# $ gpg --fingerprint john.smith@example.com
|
251
|
+
# pub 1024R/4E5E8D8A 2012-07-20
|
252
|
+
# Key fingerprint = FFEA D1DB 201F B214 873E 7399 4A83 569F 4E5E 8D8A
|
253
|
+
# uid John Smith <john.smith@example.com>
|
254
|
+
# sub 1024R/92C8DFD8 2012-07-20
|
255
|
+
#
|
256
|
+
# [Long Key ID]
|
257
|
+
# The long Key ID is the last 16-characters of the key's fingerprint.
|
258
|
+
#
|
259
|
+
# The Long Key ID in this example is: 4A83569F4E5E8D8A
|
260
|
+
#
|
261
|
+
# $ gpg --keyid-format long -k john.smith@example.com
|
262
|
+
# pub 1024R/4A83569F4E5E8D8A 2012-07-20
|
263
|
+
# uid John Smith <john.smith@example.com>
|
264
|
+
# sub 1024R/662F18DB92C8DFD8 2012-07-20
|
265
|
+
#
|
266
|
+
# [Short Key ID]
|
267
|
+
# The short Key ID is the last 8-characters of the key's fingerprint.
|
268
|
+
# This is the default key format seen when listing keys.
|
269
|
+
#
|
270
|
+
# The Short Key ID in this example is: 4E5E8D8A
|
271
|
+
#
|
272
|
+
# $ gpg -k john.smith@example.com
|
273
|
+
# pub 1024R/4E5E8D8A 2012-07-20
|
274
|
+
# uid John Smith <john.smith@example.com>
|
275
|
+
# sub 1024R/92C8DFD8 2012-07-20
|
276
|
+
#
|
277
|
+
# [Email Address]
|
278
|
+
# This must exactly match an email address for one of the UID records
|
279
|
+
# associated with the recipient's public key.
|
280
|
+
#
|
281
|
+
# Recipient identifier forms may be mixed, as long as the identifier used
|
282
|
+
# here is the same as that used in {#keys}. Also, all spaces will be stripped
|
283
|
+
# from the identifier when used, so the following would be valid.
|
284
|
+
#
|
285
|
+
# Backup::Model.new(:my_backup, 'My Backup') do
|
286
|
+
# encrypt_with GPG do |enc|
|
287
|
+
# enc.recipients = [
|
288
|
+
# # John Smith
|
289
|
+
# '4A83 569F 4E5E 8D8A',
|
290
|
+
# # Mary Smith
|
291
|
+
# 'mary.smith@example.com'
|
292
|
+
# ]
|
293
|
+
# end
|
294
|
+
# end
|
295
|
+
#
|
296
|
+
# @return [String, Array]
|
297
|
+
attr_accessor :recipients
|
298
|
+
|
299
|
+
##
|
300
|
+
# Specifies the passphrase to use symmetric encryption.
|
301
|
+
#
|
302
|
+
# When {#mode} is +:symmetric+ or +:both+, this passphrase will be used
|
303
|
+
# to symmetrically encrypt the archive.
|
304
|
+
#
|
305
|
+
# Use of this option will override the use of {#passphrase_file}.
|
306
|
+
#
|
307
|
+
# @return [String]
|
308
|
+
attr_accessor :passphrase
|
309
|
+
|
310
|
+
##
|
311
|
+
# Specifies the passphrase file to use symmetric encryption.
|
312
|
+
#
|
313
|
+
# When {#mode} is +:symmetric+ or +:both+, this file will be passed
|
314
|
+
# to the +gpg+ command line, where +gpg+ will read the first line from
|
315
|
+
# this file and use it for the passphrase.
|
316
|
+
#
|
317
|
+
# The file path given here will be expanded to a full path.
|
318
|
+
#
|
319
|
+
# If {#passphrase} is specified, {#passphrase_file} will be ignored.
|
320
|
+
# Therefore, if you have set {#passphrase} in your global defaults,
|
321
|
+
# but wish to use {#passphrase_file} with a specific {Model}, be sure
|
322
|
+
# to clear {#passphrase} within that model's configuration.
|
323
|
+
#
|
324
|
+
# Backup::Encryptor::GPG.defaults do |enc|
|
325
|
+
# enc.passphrase = 'secret phrase'
|
326
|
+
# end
|
327
|
+
#
|
328
|
+
# Backup::Model.new(:my_backup, 'My Backup') do
|
329
|
+
# # other directives...
|
330
|
+
# encrypt_with GPG do |enc|
|
331
|
+
# enc.mode = :symmetric
|
332
|
+
# enc.passphrase = nil
|
333
|
+
# enc.passphrase_file = '/path/to/passphrase.file'
|
334
|
+
# end
|
335
|
+
# end
|
336
|
+
#
|
337
|
+
# @return [String]
|
338
|
+
attr_accessor :passphrase_file
|
339
|
+
|
340
|
+
##
|
341
|
+
# Configures default accessor values for new class instances.
|
342
|
+
#
|
343
|
+
# If all required options are set, then no further configuration
|
344
|
+
# would be needed within a Model's definition when an Encryptor is added.
|
345
|
+
# Therefore, the following example is sufficient to encrypt +:my_backup+:
|
346
|
+
#
|
347
|
+
# # Defaults set in config.rb
|
348
|
+
# Backup::Encryptor::GPG.defaults do |encryptor|
|
349
|
+
# encryptor.keys = {}
|
350
|
+
# encryptor.keys['joe@example.com'] = <<-EOS
|
351
|
+
# -----BEGIN PGP PUBLIC KEY BLOCK-----
|
352
|
+
# Version: GnuPG v1.4.12 (GNU/Linux)
|
353
|
+
#
|
354
|
+
# mI0EUBR6CwEEAMVSlFtAXO4jXYnVFAWy6chyaMw+gXOFKlWojNXOOKmE3SujdLKh
|
355
|
+
# kWqnafx7VNrb8cjqxz6VZbumN9UgerFpusM3uLCYHnwyv/rGMf4cdiuX7gGltwGb
|
356
|
+
# (...etc...)
|
357
|
+
# mLekS3xntUhhgHKc4lhf4IVBqG4cFmwSZ0tZEJJUSESb3TqkkdnNLjE=
|
358
|
+
# =KEW+
|
359
|
+
# -----END PGP PUBLIC KEY BLOCK-----
|
360
|
+
# EOS
|
361
|
+
#
|
362
|
+
# encryptor.recipients = 'joe@example.com'
|
363
|
+
# end
|
364
|
+
#
|
365
|
+
# # Encryptor set in the model
|
366
|
+
# Backup::Model.new(:my_backup, 'My Backup') do
|
367
|
+
# # archives, storage options, etc...
|
368
|
+
# encrypt_with GPG
|
369
|
+
# end
|
370
|
+
#
|
371
|
+
# @!scope class
|
372
|
+
# @see Configuration::Helpers::ClassMethods#defaults
|
373
|
+
# @yield [config] OpenStruct object
|
374
|
+
# @!method defaults
|
375
|
+
|
376
|
+
##
|
377
|
+
# Creates a new instance of Backup::Encryptor::GPG.
|
378
|
+
#
|
379
|
+
# This constructor is not used directly when configuring Backup.
|
380
|
+
# Use {Model#encrypt_with}.
|
381
|
+
#
|
382
|
+
# Model.new(:backup_trigger, 'Backup Label') do
|
383
|
+
# archive :my_archive do |archive|
|
384
|
+
# archive.add '/some/directory'
|
385
|
+
# end
|
386
|
+
#
|
387
|
+
# compress_with Gzip
|
388
|
+
#
|
389
|
+
# encrypt_with GPG do |encryptor|
|
390
|
+
# encryptor.mode = :both
|
391
|
+
# encryptor.passphrase = 'a secret'
|
392
|
+
# encryptor.recipients = ['joe@example.com', 'mary@example.com']
|
393
|
+
# end
|
394
|
+
#
|
395
|
+
# store_with SFTP
|
396
|
+
#
|
397
|
+
# notify_by Mail
|
398
|
+
# end
|
399
|
+
#
|
400
|
+
# @api private
|
401
|
+
def initialize(&block)
|
402
|
+
super
|
403
|
+
|
404
|
+
instance_eval(&block) if block_given?
|
405
|
+
|
406
|
+
@mode ||= :asymmetric
|
407
|
+
end
|
408
|
+
|
409
|
+
##
|
410
|
+
# This is called as part of the procedure run by the Packager.
|
411
|
+
# It sets up the needed options to pass to the gpg command,
|
412
|
+
# then yields the command to use as part of the packaging procedure.
|
413
|
+
# Once the packaging procedure is complete, it will return
|
414
|
+
# so that any clean-up may be performed after the yield.
|
415
|
+
# Cleanup is also ensured, as temporary files may hold sensitive data.
|
416
|
+
# If no options can be built, the packaging process will be aborted.
|
417
|
+
#
|
418
|
+
# @api private
|
419
|
+
def encrypt_with
|
420
|
+
log!
|
421
|
+
prepare
|
422
|
+
|
423
|
+
if mode_options.empty?
|
424
|
+
raise Errors::Encryptor::GPG::EncryptionError,
|
425
|
+
"Encryption could not be performed for mode '#{ mode }'"
|
426
|
+
end
|
427
|
+
|
428
|
+
yield "#{ utility(:gpg) } #{ base_options } #{ mode_options }", '.gpg'
|
429
|
+
|
430
|
+
ensure
|
431
|
+
cleanup
|
432
|
+
end
|
433
|
+
|
434
|
+
private
|
435
|
+
|
436
|
+
##
|
437
|
+
# Remove any temporary directories and reset all instance variables.
|
438
|
+
#
|
439
|
+
def prepare
|
440
|
+
FileUtils.rm_rf(@tempdirs, :secure => true) if @tempdirs
|
441
|
+
@tempdirs = []
|
442
|
+
@base_options = nil
|
443
|
+
@mode_options = nil
|
444
|
+
@user_recipients = nil
|
445
|
+
@user_keys = nil
|
446
|
+
@system_identifiers = nil
|
447
|
+
end
|
448
|
+
alias :cleanup :prepare
|
449
|
+
|
450
|
+
##
|
451
|
+
# Returns the options needed for the gpg command line which are
|
452
|
+
# not dependant on the #mode. --no-tty supresses output of certain
|
453
|
+
# messages, like the "Reading passphrase from file descriptor..."
|
454
|
+
# messages during symmetric encryption
|
455
|
+
#
|
456
|
+
def base_options
|
457
|
+
@base_options ||= begin
|
458
|
+
opts = ['--no-tty']
|
459
|
+
path = setup_gpg_homedir
|
460
|
+
opts << "--homedir '#{ path }'" if path
|
461
|
+
path = setup_gpg_config
|
462
|
+
opts << "--options '#{ path }'" if path
|
463
|
+
opts.join(' ')
|
464
|
+
end
|
465
|
+
end
|
466
|
+
|
467
|
+
##
|
468
|
+
# Setup the given :gpg_homedir if needed, ensure the proper permissions
|
469
|
+
# are set, and return the directory's path. Otherwise, return false.
|
470
|
+
#
|
471
|
+
# If the GnuPG files do not exist, trigger their creation by requesting
|
472
|
+
# --list-secret-keys. Some commands, like for symmetric encryption, will
|
473
|
+
# issue messages about their creation on STDERR, which generates unwanted
|
474
|
+
# warnings in the log. This way, if any of these files are created here,
|
475
|
+
# we will get those messages on STDOUT for the log, without the actual
|
476
|
+
# secret key listing which we don't care about.
|
477
|
+
#
|
478
|
+
def setup_gpg_homedir
|
479
|
+
return false unless gpg_homedir
|
480
|
+
|
481
|
+
path = File.expand_path(gpg_homedir)
|
482
|
+
FileUtils.mkdir_p(path)
|
483
|
+
FileUtils.chown(Config.user, nil, path)
|
484
|
+
FileUtils.chmod(0700, path)
|
485
|
+
|
486
|
+
unless %w{ pubring.gpg secring.gpg trustdb.gpg }.
|
487
|
+
all? {|name| File.exist? File.join(path, name) }
|
488
|
+
run("#{ utility(:gpg) } --homedir '#{ path }' -K 2>&1 >/dev/null")
|
489
|
+
end
|
490
|
+
|
491
|
+
path
|
492
|
+
|
493
|
+
rescue => err
|
494
|
+
raise Errors::Encryptor::GPG::HomedirError.wrap(
|
495
|
+
err, "Failed to create or set permissions for #gpg_homedir")
|
496
|
+
end
|
497
|
+
|
498
|
+
##
|
499
|
+
# Write the given #gpg_config to a tempfile, within a tempdir, and
|
500
|
+
# return the file's path to be given to the gpg --options argument.
|
501
|
+
# If no #gpg_config is set, return false.
|
502
|
+
#
|
503
|
+
# This is required in order to set the proper permissions on the
|
504
|
+
# directory containing the tempfile. The tempdir will be removed
|
505
|
+
# after the packaging procedure is completed.
|
506
|
+
#
|
507
|
+
# Once written, we'll call check_gpg_config to make sure there are
|
508
|
+
# no problems that would prevent gpg from running with this config.
|
509
|
+
# If any errors occur during this process, we can not proceed.
|
510
|
+
# We'll cleanup to remove the tempdir (if created) and raise an error.
|
511
|
+
#
|
512
|
+
def setup_gpg_config
|
513
|
+
return false unless gpg_config
|
514
|
+
|
515
|
+
dir = Dir.mktmpdir('backup-gpg_config', Config.tmp_path)
|
516
|
+
@tempdirs << dir
|
517
|
+
file = Tempfile.open('backup-gpg_config', dir)
|
518
|
+
file.write gpg_config.gsub(/^[[:blank:]]+/, '')
|
519
|
+
file.close
|
520
|
+
|
521
|
+
check_gpg_config(file.path)
|
522
|
+
|
523
|
+
file.path
|
524
|
+
|
525
|
+
rescue => err
|
526
|
+
cleanup
|
527
|
+
raise Errors::Encryptor::GPG::GPGConfigError.wrap(
|
528
|
+
err, "Error creating temporary file for #gpg_config.")
|
529
|
+
end
|
530
|
+
|
531
|
+
##
|
532
|
+
# Make sure the temporary GnuPG config file created from #gpg_config
|
533
|
+
# does not have any syntax errors that would prevent gpg from running.
|
534
|
+
# If so, raise the returned error message.
|
535
|
+
# Note that Cli::Helpers#run may also raise an error here.
|
536
|
+
#
|
537
|
+
def check_gpg_config(path)
|
538
|
+
ret = run(
|
539
|
+
"#{ utility(:gpg) } --options '#{ path }' --gpgconf-test 2>&1"
|
540
|
+
).chomp
|
541
|
+
raise ret unless ret.empty?
|
542
|
+
end
|
543
|
+
|
544
|
+
##
|
545
|
+
# Returns the options needed for the gpg command line to perform
|
546
|
+
# the encryption based on the #mode.
|
547
|
+
#
|
548
|
+
def mode_options
|
549
|
+
@mode_options ||= begin
|
550
|
+
s_opts = symmetric_options if mode != :asymmetric
|
551
|
+
a_opts = asymmetric_options if mode != :symmetric
|
552
|
+
[s_opts, a_opts].compact.join(' ')
|
553
|
+
end
|
554
|
+
end
|
555
|
+
|
556
|
+
##
|
557
|
+
# Process :passphrase or :passphrase_file and return the command line
|
558
|
+
# options to perform symmetric encryption. If no :passphrase is
|
559
|
+
# specified, or an error occurs creating a temporary file for it, then
|
560
|
+
# try to use :passphrase_file if it's set.
|
561
|
+
# If the option can not be set, log a warning and return nil.
|
562
|
+
#
|
563
|
+
def symmetric_options
|
564
|
+
path = setup_passphrase_file
|
565
|
+
unless path || passphrase_file.to_s.empty?
|
566
|
+
path = File.expand_path(passphrase_file.to_s)
|
567
|
+
end
|
568
|
+
|
569
|
+
if path && File.exist?(path)
|
570
|
+
"-c --passphrase-file '#{ path }'"
|
571
|
+
else
|
572
|
+
Logger.warn("Symmetric encryption options could not be set.")
|
573
|
+
nil
|
574
|
+
end
|
575
|
+
end
|
576
|
+
|
577
|
+
##
|
578
|
+
# Create a temporary file, within a tempdir, to hold the :passphrase and
|
579
|
+
# return the file's path. If an error occurs, log a warning.
|
580
|
+
# Return false if no :passphrase is set or an error occurs.
|
581
|
+
#
|
582
|
+
def setup_passphrase_file
|
583
|
+
return false if passphrase.to_s.empty?
|
584
|
+
|
585
|
+
dir = Dir.mktmpdir('backup-gpg_passphrase', Config.tmp_path)
|
586
|
+
@tempdirs << dir
|
587
|
+
file = Tempfile.open('backup-gpg_passphrase', dir)
|
588
|
+
file.write passphrase.to_s
|
589
|
+
file.close
|
590
|
+
|
591
|
+
file.path
|
592
|
+
|
593
|
+
rescue => err
|
594
|
+
Logger.warn Errors::Encryptor::GPG::PassphraseError.wrap(
|
595
|
+
err, "Error creating temporary passphrase file.")
|
596
|
+
false
|
597
|
+
end
|
598
|
+
|
599
|
+
##
|
600
|
+
# Process :recipients, importing their public key from :keys if needed,
|
601
|
+
# and return the command line options to perform asymmetric encryption.
|
602
|
+
# Log a warning and return nil if no valid recipients are found.
|
603
|
+
#
|
604
|
+
def asymmetric_options
|
605
|
+
if user_recipients.empty?
|
606
|
+
Logger.warn "No recipients available for asymmetric encryption."
|
607
|
+
nil
|
608
|
+
else
|
609
|
+
# skip trust database checks
|
610
|
+
"-e --trust-model always " +
|
611
|
+
user_recipients.map {|r| "-r '#{ r }'" }.join(' ')
|
612
|
+
end
|
613
|
+
end
|
614
|
+
|
615
|
+
##
|
616
|
+
# Returns an Array of the public key identifiers the user specified
|
617
|
+
# in :recipients. Each identifier is 'cleaned' so that exact matches
|
618
|
+
# can be performed. Then each is checked to ensure it will find a
|
619
|
+
# public key that exists in the system's public keyring.
|
620
|
+
# If the identifier does not match an existing key, the public key
|
621
|
+
# associated with the identifier in :keys will be imported for use.
|
622
|
+
# If no key can be found in the system or in :keys for the identifier,
|
623
|
+
# a warning will be issued; as we will attempt to encrypt the backup
|
624
|
+
# and proceed if at all possible.
|
625
|
+
#
|
626
|
+
def user_recipients
|
627
|
+
@user_recipients ||= begin
|
628
|
+
[recipients].flatten.compact.map do |identifier|
|
629
|
+
identifier = clean_identifier(identifier)
|
630
|
+
if system_identifiers.include?(identifier)
|
631
|
+
identifier
|
632
|
+
else
|
633
|
+
key = user_keys[identifier]
|
634
|
+
if key
|
635
|
+
# will log a warning and return nil if the import fails
|
636
|
+
import_key(identifier, key)
|
637
|
+
else
|
638
|
+
Logger.warn(
|
639
|
+
"No public key was found in #keys for '#{ identifier }'"
|
640
|
+
)
|
641
|
+
nil
|
642
|
+
end
|
643
|
+
end
|
644
|
+
end.compact
|
645
|
+
end
|
646
|
+
end
|
647
|
+
|
648
|
+
##
|
649
|
+
# Returns the #keys hash set by the user with all identifiers
|
650
|
+
# (Hash keys) 'cleaned' for exact matching. If the cleaning process
|
651
|
+
# creates duplicate keys, the user will be warned.
|
652
|
+
#
|
653
|
+
def user_keys
|
654
|
+
@user_keys ||= begin
|
655
|
+
_keys = keys || {}
|
656
|
+
ret = Hash[_keys.map {|k,v| [clean_identifier(k), v] }]
|
657
|
+
Logger.warn(
|
658
|
+
"Duplicate public key identifiers were detected in #keys."
|
659
|
+
) if ret.keys.count != _keys.keys.count
|
660
|
+
ret
|
661
|
+
end
|
662
|
+
end
|
663
|
+
|
664
|
+
##
|
665
|
+
# Cleans a public key identifier.
|
666
|
+
# Strip out all spaces, upcase non-email identifiers,
|
667
|
+
# and wrap email addresses in <> to perform exact matching.
|
668
|
+
#
|
669
|
+
def clean_identifier(str)
|
670
|
+
str = str.to_s.gsub(/[[:blank:]]+/, '')
|
671
|
+
str =~ /@/ ? "<#{ str.gsub(/(<|>)/,'') }>" : str.upcase
|
672
|
+
end
|
673
|
+
|
674
|
+
##
|
675
|
+
# Import the given public key and return the 16 character Key ID.
|
676
|
+
# If the import fails, return nil.
|
677
|
+
# Note that errors raised by Cli::Helpers#run may also be rescued here.
|
678
|
+
#
|
679
|
+
def import_key(identifier, key)
|
680
|
+
file = Tempfile.open('backup-gpg_import', Config.tmp_path)
|
681
|
+
file.write(key.gsub(/^[[:blank:]]+/, ''))
|
682
|
+
file.close
|
683
|
+
ret = run(
|
684
|
+
"#{ utility(:gpg) } #{ base_options } " +
|
685
|
+
"--keyid-format 0xlong --import '#{ file.path }' 2>&1"
|
686
|
+
)
|
687
|
+
file.delete
|
688
|
+
|
689
|
+
keyid = ret.match(/ 0x(\w{16})/).to_a[1]
|
690
|
+
raise "GPG Returned:\n#{ ret.gsub(/^\s*/, ' ') }" unless keyid
|
691
|
+
keyid
|
692
|
+
|
693
|
+
rescue => err
|
694
|
+
Logger.warn Errors::Encryptor::GPG::KeyImportError.wrap(
|
695
|
+
err, "Public key import failed for '#{ identifier }'")
|
696
|
+
nil
|
697
|
+
end
|
698
|
+
|
699
|
+
##
|
700
|
+
# Parse the information for all the public keys found in the public
|
701
|
+
# keyring (based on #gpg_homedir setting) and return an Array of all
|
702
|
+
# identifiers which could be used to specify a valid key.
|
703
|
+
#
|
704
|
+
def system_identifiers
|
705
|
+
@system_identifiers ||= begin
|
706
|
+
skip_key = false
|
707
|
+
data = run(
|
708
|
+
"#{ utility(:gpg) } #{ base_options } " +
|
709
|
+
"--with-colons --fixed-list-mode --fingerprint"
|
710
|
+
)
|
711
|
+
data.lines.map do |line|
|
712
|
+
line.strip!
|
713
|
+
|
714
|
+
# process public key record
|
715
|
+
if line =~ /^pub:/
|
716
|
+
validity, keyid, capabilities =
|
717
|
+
line.split(':').values_at(1, 4, 11)
|
718
|
+
# skip keys marked as revoked ('r'), expired ('e'),
|
719
|
+
# invalid ('i') or disabled ('D')
|
720
|
+
if validity[0,1] =~ /(r|e|i)/ || capabilities =~ /D/
|
721
|
+
skip_key = true
|
722
|
+
next nil
|
723
|
+
else
|
724
|
+
skip_key = false
|
725
|
+
# return both the long and short id
|
726
|
+
next [keyid[-8..-1], keyid]
|
727
|
+
end
|
728
|
+
else
|
729
|
+
# wait for the next valid public key record
|
730
|
+
next nil if skip_key
|
731
|
+
|
732
|
+
# process UID records for the current public key
|
733
|
+
if line =~ /^uid:/
|
734
|
+
validity, userid = line.split(':').values_at(1, 9)
|
735
|
+
# skip records marked as revoked ('r'), expired ('e')
|
736
|
+
# or invalid ('i')
|
737
|
+
if validity !~ /(r|e|i)/
|
738
|
+
# return the last email found in user id string,
|
739
|
+
# since this includes user supplied comments.
|
740
|
+
# return nil if no email found.
|
741
|
+
email, str = nil, userid
|
742
|
+
while match = str.match(/<.+?@.+?>/)
|
743
|
+
email, str = match[0], match.post_match
|
744
|
+
end
|
745
|
+
next email
|
746
|
+
end
|
747
|
+
# return public key's fingerprint
|
748
|
+
elsif line =~ /^fpr:/
|
749
|
+
next line.split(':')[9]
|
750
|
+
end
|
751
|
+
|
752
|
+
nil # ignore any other lines
|
753
|
+
end
|
754
|
+
end.flatten.compact
|
755
|
+
end
|
756
|
+
end
|
757
|
+
|
758
|
+
end
|
759
|
+
end
|
760
|
+
end
|