boxen-halyard 2.8.0.akerl9

data/lib/boxen/hook/web.rb

@@ -0,0 +1,56 @@
+require "boxen/hook"
+require "json"
+require "net/http"
+
+module Boxen
+  class Hook
+    class Web < Hook
+      def perform?
+        enabled?
+      end
+
+      private
+      def call
+        payload = {
+          :login  => config.user,
+          :sha    => checkout.sha,
+          :status => result.success? ? 'success' : 'failure',
+          :time   => "#{Time.now.utc.to_i}"
+        }
+
+        post_web_hook payload
+      end
+
+      def post_web_hook(payload)
+        headers = { 'Content-Type' => 'application/json' }
+
+        uri = URI.parse(URI.escape(ENV['BOXEN_WEB_HOOK_URL']))
+
+        user, pass, host, port, path = \
+          uri.user, uri.pass, uri.host, uri.port, uri.path
+
+        request = Net::HTTP::Post.new(path, initheader = headers)
+
+        if uri.scheme =~ /https/
+          http.use_ssl = true
+        end
+
+        if user && pass
+          request.basic_auth user, pass
+        end
+
+        request.body = payload.to_json
+
+        response = Net::HTTP.new(host, port).start do |http|
+          http.request(request)
+        end
+      end
+
+      def required_environment_variables
+        ['BOXEN_WEB_HOOK_URL']
+      end
+    end
+  end
+end
+
+Boxen::Hook.register Boxen::Hook::Web

data/lib/boxen/keychain.rb

@@ -0,0 +1,63 @@
+require "shellwords"
+
+module Boxen
+  class Keychain
+
+    # The keychain proxy we use to provide isolation and a friendly
+    # message in security prompts.
+
+    HELPER = File.expand_path "../../../script/Boxen", __FILE__
+
+    # The service name to use when loading/saving passwords.
+
+    PASSWORD_SERVICE = "GitHub Password"
+
+    # The service name to use when loading/saving API keys.
+
+    TOKEN_SERVICE = "GitHub API Token"
+
+    def initialize(login, local_user)
+      @login = login
+      @local_user = local_user
+      # Clear the password. We're storing tokens now.
+      set PASSWORD_SERVICE, ""
+    end
+
+    def token
+      get TOKEN_SERVICE
+    end
+
+    def token=(token)
+      set TOKEN_SERVICE, token
+    end
+
+    protected
+
+    attr_reader :login
+
+    def get(service)
+      cmd = shellescape(
+        '/usr/bin/sudo', '-u', @local_user, HELPER, service, login
+      )
+
+      result = `#{cmd}`.strip
+      $?.success? ? result : nil
+    end
+
+    def set(service, token)
+      cmd = shellescape(
+        '/usr/bin/sudo', '-u', @local_user, HELPER, service, login, token
+      )
+
+      unless system *cmd
+        raise Boxen::Error, "Can't save #{service} in the keychain."
+      end
+
+      token
+    end
+
+    def shellescape(*args)
+      args.map { |s| Shellwords.shellescape s }.join " "
+    end
+  end
+end

data/lib/boxen/postflight.rb

@@ -0,0 +1,13 @@
+require "boxen/check"
+
+module Boxen
+
+  # The superclass for postflight checks.
+
+  class Postflight < Boxen::Check
+
+    # Load all available postflight checks.
+
+    register File.expand_path("../postflight", __FILE__)
+  end
+end

data/lib/boxen/postflight/active.rb

@@ -0,0 +1,16 @@
+require "boxen/postflight"
+require "boxen/util"
+
+# Checks to see if the basic environment is loaded.
+
+class Boxen::Postflight::Active < Boxen::Postflight
+  def ok?
+    Boxen::Util.active?
+  end
+
+  def run
+    warn "You haven't loaded Boxen's environment yet!",
+      "To permanently fix this, source #{config.envfile} at the end",
+      "of your shell's startup file."
+  end
+end

data/lib/boxen/postflight/env.rb

@@ -0,0 +1,29 @@
+require "boxen/postflight"
+
+class Boxen::Postflight::Env < Boxen::Postflight
+
+  # Calculate an MD5 checksum for the current environment.
+
+  def self.checksum
+
+    # We can't get this from config 'cause it's static (gotta happen
+    # on load), and BOXEN_HOME might not be set.
+
+    home = ENV["BOXEN_HOME"] || "/opt/boxen"
+    return unless File.file? "#{home}/env.sh"
+
+    `find #{home}/env* -type f 2>&1 | sort | xargs /sbin/md5 | /sbin/md5 -q`.strip
+  end
+
+  # The checksum when this file was loaded.
+
+  CHECKSUM = self.checksum
+
+  def ok?
+    self.class.checksum == CHECKSUM
+  end
+
+  def run
+    warn "Run source #{config.envfile} or restart your shell for new stuff!"
+  end
+end

data/lib/boxen/preflight.rb

@@ -0,0 +1,13 @@
+require "boxen/check"
+
+module Boxen
+
+  # The superclass for preflight checks.
+
+  class Preflight < Boxen::Check
+
+    # Load all available preflight checks.
+
+    register File.expand_path("../preflight", __FILE__)
+  end
+end

data/lib/boxen/preflight/creds.rb

@@ -0,0 +1,149 @@
+require "boxen/preflight"
+require "highline"
+require "octokit"
+require "digest"
+require "socket"
+
+# HACK: Unless this is `false`, HighLine has some really bizarre
+# problems with empty/expended streams at bizarre intervals.
+
+HighLine.track_eof = false
+
+class Boxen::Preflight::Creds < Boxen::Preflight
+  attr :otp
+  attr :password
+
+  def ok?
+    if config.token && config.api.user
+      # There was a period of time when login wasn't geting set on first run.
+      # This should correct that.
+      config.login = config.api.user.login
+      true
+    end
+  rescue
+    nil
+  end
+
+  def tmp_api
+    @tmp_api ||= Octokit::Client.new :login => config.login, :password => password, :auto_paginate => true
+  end
+
+  def headers
+    otp.nil? ? {} : {"X-GitHub-OTP" => otp}
+  end
+
+  def get_otp
+    console = HighLine.new
+
+    # junk API call to send OTP until we implement PUT
+    tmp_api.create_authorization rescue nil
+
+    @otp = console.ask "One time password (via SMS or device):" do |q|
+      q.echo = '*'
+    end
+  end
+
+  # Attempt to use the username+password to get a list of the user's OAuth
+  # authorizations from the API. If it fails because of 2FA, ask the user for
+  # her OTP and try again.
+  #
+  # Returns a list of authorizations
+  def get_tokens
+    begin
+      tmp_api.authorizations(:headers => headers)
+    rescue Octokit::Unauthorized
+      abort "Sorry, I can't auth you on GitHub.",
+        "Please check your credentials and teams and give it another try."
+    rescue Octokit::OneTimePasswordRequired
+      puts
+      if otp.nil?
+        warn "It looks like you have two-factor auth enabled."
+      else
+        warn "That one time password didn't work. Let's try again."
+      end
+      get_otp
+      get_tokens
+    end
+  end
+
+  def run
+    fetch_login_and_password
+    tokens = get_tokens
+
+    # Boxen now supports the updated GitHub Authorizations API by using a unique
+    # `fingerprint` for each Boxen installation for a user. We delete any older
+    # authorization that does not make use of `fingerprint` so that the "legacy"
+    # authorization doesn't persist in the user's list of personal access
+    # tokens.
+    legacy_auth = tokens.detect { |a| a.note == "Boxen" && a.fingerprint == nil }
+    tmp_api.delete_authorization(legacy_auth.id, :headers => headers) if legacy_auth
+
+    # The updated GitHub authorizations API, in order to improve security, no
+    # longer returns a plaintext `token` for existing authorizations. So, if an
+    # authorization already exists for this machine we need to first delete it
+    # so that we can create a new one.
+    auth = tokens.detect { |a| a.note == note && a.fingerprint == fingerprint }
+    tmp_api.delete_authorization(auth.id, :headers => headers) if auth
+
+    auth = tmp_api.create_authorization(
+      :note => note,
+      :scopes => %w(repo user admin:public_key),
+      :fingerprint => fingerprint,
+      :headers => headers
+    )
+
+    config.token = auth.token
+
+    unless ok?
+      puts
+      abort "Something went terribly wrong.",
+        "I was able to get your OAuth token, but was unable to use it."
+    end
+  end
+
+  private
+
+  def fetch_login_and_password
+    console = HighLine.new
+
+    config.login = fetch_from_env("login") || console.ask("GitHub login: ") do |q|
+      q.default = config.login || config.user
+      q.validate = /\A[^@]+\Z/
+    end
+
+    @password = fetch_from_env("password") || console.ask("GitHub password: ") do |q|
+      q.echo = "*"
+    end
+  end
+
+  def fetch_from_env(thing)
+    key = "BOXEN_GITHUB_#{thing.upcase}"
+    return unless found = ENV[key]
+    warn "Oh, looks like you've provided your #{thing} as environmental variable..."
+    found
+  end
+
+  def fingerprint
+    @fingerprint ||= begin
+      # See Apple technical note TN1103, "Uniquely Identifying a Macintosh
+      # Computer."
+      serial_number_match_data = IO.popen(
+        ["ioreg", "-c", "IOPlatformExpertDevice", "-d", "2"]
+      ).read.match(/"IOPlatformSerialNumber" = "([[:alnum:]]+)"/)
+      if serial_number_match_data
+        # The fingerprint must be unique across all personal access tokens for a
+        # given user. We prefix the serial number with the application name to
+        # differentiate between any other personal access token that uses the
+        # Mac serial number for the fingerprint.
+        Digest::SHA256.hexdigest("Boxen: #{serial_number_match_data[1]}")
+      else
+        abort "Sorry, I was unable to obtain your Mac's serial number.",
+          "Boxen requires access to your Mac's serial number in order to generate a unique GitHub personal access token."
+      end
+    end
+  end
+
+  def note
+    @note ||= "Boxen: #{Socket.gethostname}"
+  end
+end

data/lib/boxen/preflight/directories.rb

@@ -0,0 +1,32 @@
+require "boxen/preflight"
+require "boxen/util"
+
+class Boxen::Preflight::Directories < Boxen::Preflight
+  def ok?
+    homedir_directory_exists? &&
+      homedir_owner == config.user &&
+      homedir_group == 'staff'
+  end
+
+  def run
+    Boxen::Util.sudo("/bin/mkdir", "-p", config.homedir) &&
+      Boxen::Util.sudo("/usr/sbin/chown", "#{config.user}:staff", config.homedir)
+  end
+
+  private
+  def homedir_directory_exists?
+    File.directory?(config.homedir)
+  end
+
+  def homedir_owner
+    Etc.getpwuid(homedir_stat.uid).name
+  end
+
+  def homedir_group
+    Etc.getgrgid(homedir_stat.gid).name
+  end
+
+  def homedir_stat
+    @homedir_stat ||= File.stat(config.homedir)
+  end
+end

data/lib/boxen/preflight/etc_my_cnf.rb

@@ -0,0 +1,12 @@
+require "boxen/preflight"
+
+class Boxen::Preflight::EtcMyCnf < Boxen::Preflight
+  def run
+    abort "You have an /etc/my.cnf file.",
+      "This will confuse Boxen's MySQL a lot. Please remove it."
+  end
+
+  def ok?
+    !File.file? "/etc/my.cnf"
+  end
+end

data/lib/boxen/preflight/identity.rb

@@ -0,0 +1,16 @@
+require "boxen/preflight"
+
+class Boxen::Preflight::Identity < Boxen::Preflight
+  def ok?
+    !user || (config.email && config.name)
+  end
+
+  def run
+    config.email = user.email
+    config.name  = user.name
+  end
+
+  def user
+    @user ||= config.api.user rescue nil
+  end
+end

data/lib/boxen/preflight/os.rb

@@ -0,0 +1,29 @@
+require "boxen/preflight"
+
+class Boxen::Preflight::OS < Boxen::Preflight
+  SUPPORTED_RELEASES = %w(10.8 10.9 10.10 10.11)
+
+  def ok?
+    osx? && supported_release?
+  end
+
+  def run
+    abort "You must be running one of the following OS X versions: #{SUPPORTED_RELEASES.join(' ')}."
+  end
+
+  private
+
+  def osx?
+    `uname -s`.chomp == "Darwin"
+  end
+
+  def supported_release?
+    SUPPORTED_RELEASES.any? do |r|
+      current_release.start_with? r
+    end
+  end
+
+  def current_release
+    @current_release ||= `sw_vers -productVersion`
+  end
+end