edb 0.4 → 0.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +6 -1
- data/README.md +9 -2
- data/bin/edb +13 -0
- data/edb.gemspec +2 -1
- data/example/edb.yml +1 -1
- data/lib/edb/cryptography/aes_256_cbc.rb +16 -5
- data/lib/edb/dbms/mysql.rb +10 -1
- data/lib/edb/version.rb +1 -1
- data/lib/edb.rb +1 -0
- metadata +21 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 114baabf1be97194abcb44cd5378b818242be763
|
|
4
|
+
data.tar.gz: c4dd125d24d41450cb99f1ab771d5bcec94be42c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 02bc9d1c1d8d974109f43b33295918bdbafafd0843954b264a2aaa949d95a3149c108437dbad3a7c0e80bb68e8c5a6a2ac1aa280c7936ee37e2366fe533e6139
|
|
7
|
+
data.tar.gz: 4391116b96b895acc789149fd42391618f96ef409cae31c38455a5d9ce3ad670d68f0fc35154092cc9093dc40ded9f90e40a5cfe38db574e576c1b8db4947799
|
data/Gemfile.lock
CHANGED
|
@@ -1,9 +1,10 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
edb (0.
|
|
4
|
+
edb (0.5)
|
|
5
5
|
aws-sdk (= 1.59.1)
|
|
6
6
|
ftp_sync (~> 0.4)
|
|
7
|
+
hkdf (~> 0.2)
|
|
7
8
|
|
|
8
9
|
GEM
|
|
9
10
|
remote: https://rubygems.org/
|
|
@@ -16,6 +17,7 @@ GEM
|
|
|
16
17
|
diff-lcs (1.2.5)
|
|
17
18
|
ftp_sync (0.4.3)
|
|
18
19
|
net-ftp-list (>= 2.1.1)
|
|
20
|
+
hkdf (0.2.0)
|
|
19
21
|
json (1.8.3)
|
|
20
22
|
mini_portile (0.6.2)
|
|
21
23
|
net-ftp-list (3.2.8)
|
|
@@ -43,3 +45,6 @@ DEPENDENCIES
|
|
|
43
45
|
edb!
|
|
44
46
|
rake (~> 10.4)
|
|
45
47
|
rspec (~> 3.3)
|
|
48
|
+
|
|
49
|
+
BUNDLED WITH
|
|
50
|
+
1.10.5
|
data/README.md
CHANGED
|
@@ -4,11 +4,14 @@
|
|
|
4
4
|
It is composed by three macro areas that reflect themself inside `edb.yml` and are *DBMS*, *CRYPTOGRAPHY* and *STORAGE*.
|
|
5
5
|
The first one deals with the actual backup process of your database. The second one will eventually encrypt the backup copies you made and the last one will copy them somewhere (S3 bucket, your local filesystem, etc.).
|
|
6
6
|
|
|
7
|
+
|
|
8
|
+
**tl;dr** Make (optionally) ciphered backups of your database(s) and then upload them via FTP and Amazon S3 (or just keep them in your server).
|
|
9
|
+
|
|
7
10
|
## Install
|
|
8
11
|
`$ gem install edb`
|
|
9
12
|
|
|
10
13
|
## Run
|
|
11
|
-
Setup and customize `example/edb.yml` (remember also to change the `secret`) and then:
|
|
14
|
+
Setup and customize `example/edb.yml` (remember also to change the `secret` by running `edb -k`) and then:
|
|
12
15
|
|
|
13
16
|
`$ edb example/edb.yml`
|
|
14
17
|
|
|
@@ -17,7 +20,7 @@ Consider also to add *EDB* to your cronjobs.
|
|
|
17
20
|
## Available modules
|
|
18
21
|
- *Cryptography*: `AES_256_CBC`
|
|
19
22
|
- *DBMS*: `PostgreSQL`, `MySQL`
|
|
20
|
-
- *Storage*: `S3`, `Filesystem`
|
|
23
|
+
- *Storage*: `S3`, `Filesystem`, `FTP`
|
|
21
24
|
|
|
22
25
|
## FAQ
|
|
23
26
|
**Q:** What if I want to dump two or three MySQL databases?
|
|
@@ -26,3 +29,7 @@ Consider also to add *EDB* to your cronjobs.
|
|
|
26
29
|
|
|
27
30
|
**Q:** What if I want to save a database to S3 and another one into my local filesystem?
|
|
28
31
|
*A:* Well, you can't. By design, every macro-block (like, `:DBMS:`) is unaware of the other ones. So, for instance, I couldn't ask `:Filesystem:` to work only for the first `:MySQL:` block since it actually does not know what a `:MySQL:` block is. You need just to create two configuration files.
|
|
32
|
+
|
|
33
|
+
|
|
34
|
+
**Q:** Is there something to run it automatically at every night? Let's say 2:30am
|
|
35
|
+
*A:* Cronjobs to the rescue. Append the following line to your `crontab -e`: ```30 2 * * * bash -l -c '`which edb` /home/deployer/edb.yml'```.
|
data/bin/edb
CHANGED
|
@@ -24,6 +24,19 @@
|
|
|
24
24
|
#++
|
|
25
25
|
require 'edb'
|
|
26
26
|
require 'yaml'
|
|
27
|
+
require 'optparse'
|
|
28
|
+
|
|
29
|
+
OptionParser.new do |opts|
|
|
30
|
+
opts.version = EDB::VERSION
|
|
31
|
+
opts.banner = "Usage: edb [-k] [file]"
|
|
32
|
+
|
|
33
|
+
opts.on('-k', '--generate-key', 'Generate a random key of 32 characters') do
|
|
34
|
+
require 'securerandom'
|
|
35
|
+
|
|
36
|
+
puts SecureRandom.hex(32)
|
|
37
|
+
exit
|
|
38
|
+
end
|
|
39
|
+
end.parse!
|
|
27
40
|
|
|
28
41
|
config_file = ARGV[0]
|
|
29
42
|
if !config_file || !config_file.end_with?('.yml') || !File.exists?(config_file)
|
data/edb.gemspec
CHANGED
|
@@ -15,6 +15,7 @@ Gem::Specification.new { |s|
|
|
|
15
15
|
s.executables = `git ls-files -- bin/*`.split("\n").map { |f| File.basename(f) }
|
|
16
16
|
s.require_paths = ['lib']
|
|
17
17
|
|
|
18
|
-
s.add_dependency 'aws-sdk',
|
|
18
|
+
s.add_dependency 'aws-sdk', '1.59.1'
|
|
19
19
|
s.add_dependency 'ftp_sync', '~> 0.4'
|
|
20
|
+
s.add_dependency 'hkdf', '~> 0.2'
|
|
20
21
|
}
|
data/example/edb.yml
CHANGED
|
@@ -22,6 +22,7 @@
|
|
|
22
22
|
# or implied, of Giovanni Capuano.
|
|
23
23
|
#++
|
|
24
24
|
require 'openssl'
|
|
25
|
+
require 'hkdf'
|
|
25
26
|
|
|
26
27
|
module EDB
|
|
27
28
|
module Cryptography
|
|
@@ -32,13 +33,15 @@ module EDB
|
|
|
32
33
|
|
|
33
34
|
cipher = OpenSSL::Cipher.new('AES-256-CBC')
|
|
34
35
|
cipher.encrypt
|
|
35
|
-
cipher.key = ::EDB.opts[:CRYPTOGRAPHY][:AES_256_CBC][:secret]
|
|
36
|
+
cipher.key = hash_key(::EDB.opts[:CRYPTOGRAPHY][:AES_256_CBC][:secret])
|
|
37
|
+
cipher.iv = iv = cipher.random_iv
|
|
36
38
|
|
|
37
39
|
contents = File.read(source)
|
|
38
40
|
raise "Cannot encrypt #{source}: It's empty" if contents.empty?
|
|
39
41
|
|
|
40
42
|
File.open(source, 'wb') do |file|
|
|
41
43
|
ciphered_content = cipher.update(contents) + cipher.final
|
|
44
|
+
ciphered_content << iv
|
|
42
45
|
file.write(ciphered_content)
|
|
43
46
|
end
|
|
44
47
|
end
|
|
@@ -46,19 +49,27 @@ module EDB
|
|
|
46
49
|
def decrypt(source, new_file = true)
|
|
47
50
|
::EDB::Logger.log(:info, "Decrypting #{source}...")
|
|
48
51
|
|
|
52
|
+
ciphered_content = File.read(source)
|
|
53
|
+
raise "Cannot decrypt #{source}: It's empty" if ciphered_content.empty?
|
|
54
|
+
ciphered_content_length = ciphered_content.length
|
|
55
|
+
|
|
49
56
|
decipher = OpenSSL::Cipher.new('AES-256-CBC')
|
|
50
57
|
decipher.decrypt
|
|
51
|
-
decipher.key = ::EDB.opts[:CRYPTOGRAPHY][:AES_256_CBC][:secret]
|
|
52
58
|
|
|
53
|
-
|
|
54
|
-
|
|
59
|
+
decipher.key = hash_key(::EDB.opts[:CRYPTOGRAPHY][:AES_256_CBC][:secret])
|
|
60
|
+
decipher.iv = iv = ciphered_content.slice!(ciphered_content_length - 16, ciphered_content_length)
|
|
55
61
|
|
|
56
62
|
new_source = new_file ? "#{source}.dec" : source
|
|
57
63
|
File.open(new_source, 'wb') do |file|
|
|
58
|
-
deciphered_content = decipher.update(
|
|
64
|
+
deciphered_content = decipher.update(ciphered_content) + decipher.final
|
|
59
65
|
file.write(deciphered_content)
|
|
60
66
|
end
|
|
61
67
|
end
|
|
68
|
+
|
|
69
|
+
private
|
|
70
|
+
def hash_key(s)
|
|
71
|
+
HKDF.new(s).next_bytes(32)
|
|
72
|
+
end
|
|
62
73
|
end
|
|
63
74
|
end
|
|
64
75
|
end
|
data/lib/edb/dbms/mysql.rb
CHANGED
|
@@ -33,8 +33,17 @@ module EDB
|
|
|
33
33
|
}
|
|
34
34
|
|
|
35
35
|
::EDB::Logger.log(:info, "Dumping #{db[:database]}...")
|
|
36
|
+
|
|
36
37
|
mysqldump = db[:binpath] && !db[:binpath].empty? ? File.join(db[:binpath], 'mysqldump') : 'mysqldump'
|
|
37
|
-
|
|
38
|
+
|
|
39
|
+
args = %W{
|
|
40
|
+
--user=#{db[:username]}
|
|
41
|
+
--password=#{db[:password]}
|
|
42
|
+
--single-transaction
|
|
43
|
+
#{db[:database]} > #{files[:dump]}
|
|
44
|
+
}.join(' ')
|
|
45
|
+
|
|
46
|
+
system "#{mysqldump} #{args}"
|
|
38
47
|
|
|
39
48
|
files.values
|
|
40
49
|
end
|
data/lib/edb/version.rb
CHANGED
data/lib/edb.rb
CHANGED
metadata
CHANGED
|
@@ -1,43 +1,57 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: edb
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: '0.
|
|
4
|
+
version: '0.5'
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Giovanni Capuano
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-
|
|
11
|
+
date: 2015-10-16 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk
|
|
15
|
-
|
|
15
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
19
|
version: 1.59.1
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
|
-
|
|
22
|
+
requirement: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
26
|
version: 1.59.1
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: ftp_sync
|
|
29
|
-
|
|
29
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
30
30
|
requirements:
|
|
31
31
|
- - "~>"
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
33
|
version: '0.4'
|
|
34
34
|
type: :runtime
|
|
35
35
|
prerelease: false
|
|
36
|
-
|
|
36
|
+
requirement: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
38
|
- - "~>"
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
40
|
version: '0.4'
|
|
41
|
+
- !ruby/object:Gem::Dependency
|
|
42
|
+
name: hkdf
|
|
43
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
44
|
+
requirements:
|
|
45
|
+
- - "~>"
|
|
46
|
+
- !ruby/object:Gem::Version
|
|
47
|
+
version: '0.2'
|
|
48
|
+
type: :runtime
|
|
49
|
+
prerelease: false
|
|
50
|
+
requirement: !ruby/object:Gem::Requirement
|
|
51
|
+
requirements:
|
|
52
|
+
- - "~>"
|
|
53
|
+
- !ruby/object:Gem::Version
|
|
54
|
+
version: '0.2'
|
|
41
55
|
description: EDB aims to be a framework to make and manage backups of your database.
|
|
42
56
|
email: webmaster@giovannicapuano.net
|
|
43
57
|
executables:
|
|
@@ -93,7 +107,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
93
107
|
version: '0'
|
|
94
108
|
requirements: []
|
|
95
109
|
rubyforge_project:
|
|
96
|
-
rubygems_version: 2.4.
|
|
110
|
+
rubygems_version: 2.4.8
|
|
97
111
|
signing_key:
|
|
98
112
|
specification_version: 4
|
|
99
113
|
summary: A framework to make and manage backups of your database.
|