boxen 0.8.1 → 1.0.0

data/.gitignore

@@ -8,3 +8,4 @@
 /boxen-*.gem
 /log
 /puppet
+/script/Boxen.dSYM

data/boxen.gemspec

@@ -2,7 +2,7 @@
 
 Gem::Specification.new do |gem|
   gem.name          = "boxen"
-  gem.version       = "0.8.1"
+  gem.version       = "1.0.0"
   gem.authors       = ["John Barnette", "Will Farrington"]
   gem.email         = ["jbarnette@github.com", "wfarr@github.com"]
   gem.description   = "Manage Mac development boxes with love (and Puppet)."

data/lib/boxen/config.rb

@@ -1,7 +1,9 @@
+require "boxen/keychain"
+require "boxen/project"
 require "fileutils"
 require "json"
 require "octokit"
-require "boxen/project"
+require "shellwords"
 
 module Boxen
 
@@ -9,13 +11,6 @@ module Boxen
   # args, environment variables, config files, or the keychain.
 
   class Config
-
-    # The service name to use when loading/saving config in the Keychain.
-
-    KEYCHAIN_SERVICE = "Boxen"
-
-    # Load config. Yields config if `block` is given.
-
     def self.load(&block)
       new do |config|
         file = "#{config.homedir}/config/boxen/defaults.json"
@@ -30,13 +25,9 @@ module Boxen
           end
         end
 
-        cmd = "/usr/bin/security find-generic-password " +
-          "-a #{config.user} -s '#{KEYCHAIN_SERVICE}' -w 2>/dev/null"
-
-        password = `#{cmd}`.strip
-        password = nil unless $?.success?
-
-        config.password = password
+        keychain        = Boxen::Keychain.new config.user
+        config.password = keychain.password
+        config.token    = keychain.token
 
         yield config if block_given?
       end
@@ -56,7 +47,6 @@ module Boxen
         :repodir   => config.repodir,
         :reponame  => config.reponame,
         :srcdir    => config.srcdir,
-        :token     => config.token,
         :user      => config.user
       }
 
@@ -67,12 +57,9 @@ module Boxen
         f.write JSON.generate Hash[attrs.reject { |k, v| v.nil? }]
       end
 
-      cmd = ["security", "add-generic-password",
-             "-a", config.user, "-s", KEYCHAIN_SERVICE, "-U", "-w", config.password]
-
-      unless system *cmd
-        raise Boxen::Error, "Can't save config in the Keychain."
-      end
+      keychain          = Boxen::Keychain.new config.user
+      keychain.password = config.password
+      keychain.token    = config.token
 
       config
     end

data/lib/boxen/keychain.rb

@@ -0,0 +1,64 @@
+require "shellwords"
+
+module Boxen
+  class Keychain
+
+    # The keychain proxy we use to provide isolation and a friendly
+    # message in security prompts.
+
+    HELPER = File.expand_path "../../../script/Boxen", __FILE__
+
+    # The service name to use when loading/saving passwords.
+
+    PASSWORD_SERVICE = "GitHub Password"
+
+    # The service name to use when loading/saving API keys.
+
+    TOKEN_SERVICE = "GitHub API Token"
+
+    def initialize(login)
+      @login = login
+    end
+
+    def password
+      get PASSWORD_SERVICE
+    end
+
+    def password=(password)
+      set PASSWORD_SERVICE, password
+    end
+
+    def token
+      get TOKEN_SERVICE
+    end
+
+    def token=(token)
+      set TOKEN_SERVICE, token
+    end
+
+    protected
+
+    attr_reader :login
+
+    def get(service)
+      cmd = shellescape(HELPER, service, login)
+
+      result = `#{cmd}`.strip
+      $?.success? ? result : nil
+    end
+
+    def set(service, password)
+      cmd = shellescape(HELPER, service, login, password)
+
+      unless system *cmd
+        raise Boxen::Error, "Can't save #{service} in the keychain."
+      end
+
+      password
+    end
+
+    def shellescape(*args)
+      args.map { |s| Shellwords.shellescape s }.join " "
+    end
+  end
+end

data/script/build-keychain-helper

@@ -0,0 +1,6 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname "$0")/..
+cc -g -O2 -Wall -framework Security -o script/Boxen src/keychain-helper.c

data/src/keychain-helper.c

@@ -0,0 +1,67 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <Security/Security.h>
+
+int key_exists_p(
+  const char *service,
+  const char *login,
+  SecKeychainItemRef *item
+) {
+  void *buf;
+  UInt32 len;
+
+  OSStatus ret = SecKeychainFindGenericPassword(
+    NULL, strlen(service), service, strlen(login), login, &len, &buf, item
+  );
+
+  if (ret == 0) {
+    return 0;
+  } else {
+    fprintf(stderr, "Boxen Keychain Helper: Encountered error code: %d\n", ret);
+    return ret;
+  }
+}
+
+int main(int argc, char **argv) {
+  if ((argc < 3) || (argc > 4)) {
+    printf("Usage: %s <service> <account> [<password>]\n", argv[0]);
+    return 1;
+  }
+
+  const char *service  = argv[1];
+  const char *login    = argv[2];
+  const char *password = argc == 4 ? argv[3] : NULL;
+
+  void *buf;
+  UInt32 len;
+  SecKeychainItemRef item;
+
+  if (password != NULL) {
+    if (key_exists_p(service, login, &item) == 0) {
+      SecKeychainItemDelete(item);
+    }
+
+    OSStatus create_key = SecKeychainAddGenericPassword(
+      NULL, strlen(service), service, strlen(login), login, strlen(password),
+      password, &item
+    );
+
+    if (create_key != 0) {
+      fprintf(stderr, "Boxen Keychain Helper: Encountered error code: %d\n", create_key);
+      return 1;
+    }
+
+  } else {
+    OSStatus find_key = SecKeychainFindGenericPassword(
+      NULL, strlen(service), service, strlen(login), login, &len, &buf, &item);
+
+    if (find_key != 0) {
+      fprintf(stderr, "Boxen Keychain Helper: Encountered error code: %d\n", find_key);
+      return 1;
+    }
+
+    fwrite(buf, 1, len, stdout);
+  }
+
+  return 0;
+}

data/test/boxen_keychain_test.rb

@@ -0,0 +1,28 @@
+require "boxen/test"
+require "boxen/keychain"
+
+class BoxenKeychainTest < Boxen::Test
+  def setup
+    @keychain = Boxen::Keychain.new('test')
+  end
+
+  def test_get_password
+    @keychain.expects(:get).with('GitHub Password').returns('foobar')
+    assert_equal 'foobar', @keychain.password
+  end
+
+  def test_set_password
+    @keychain.expects(:set).with('GitHub Password', 'foobar').returns('foobar')
+    assert_equal 'foobar', @keychain.password=('foobar')
+  end
+
+  def test_get_token
+    @keychain.expects(:get).with('GitHub API Token').returns('foobar')
+    assert_equal 'foobar', @keychain.token
+  end
+
+  def test_set_token
+    @keychain.expects(:set).with('GitHub API Token', 'foobar').returns('foobar')
+    assert_equal 'foobar', @keychain.token=('foobar')
+  end
+end

metadata

@@ -3,10 +3,10 @@ name: boxen
 version: !ruby/object:Gem::Version 
   prerelease: false
   segments: 
-  - 0
-  - 8
   - 1
-  version: 0.8.1
+  - 0
+  - 0
+  version: 1.0.0
 platform: ruby
 authors: 
 - John Barnette
@@ -170,6 +170,7 @@ files:
 - lib/boxen/hook.rb
 - lib/boxen/hook/github_issue.rb
 - lib/boxen/hook/web.rb
+- lib/boxen/keychain.rb
 - lib/boxen/postflight.rb
 - lib/boxen/postflight/active.rb
 - lib/boxen/postflight/env.rb
@@ -189,9 +190,12 @@ files:
 - lib/boxen/util.rb
 - lib/facter/boxen.rb
 - lib/system_timer.rb
+- script/Boxen
 - script/bootstrap
+- script/build-keychain-helper
 - script/release
 - script/tests
+- src/keychain-helper.c
 - test/boxen/test.rb
 - test/boxen_check_test.rb
 - test/boxen_checkout_test.rb
@@ -201,6 +205,7 @@ files:
 - test/boxen_flags_test.rb
 - test/boxen_hook_github_issue_test.rb
 - test/boxen_hook_web_test.rb
+- test/boxen_keychain_test.rb
 - test/boxen_postflight_active_test.rb
 - test/boxen_postflight_env_test.rb
 - test/boxen_preflight_etc_my_cnf_test.rb
@@ -254,6 +259,7 @@ test_files:
 - test/boxen_flags_test.rb
 - test/boxen_hook_github_issue_test.rb
 - test/boxen_hook_web_test.rb
+- test/boxen_keychain_test.rb
 - test/boxen_postflight_active_test.rb
 - test/boxen_postflight_env_test.rb
 - test/boxen_preflight_etc_my_cnf_test.rb