freydis 0.0.2 → 0.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '0381ec85064f282916907626e1a1783ee8a86ce5df1769deb91f4e1b0e5eb4dc'
-  data.tar.gz: 8c100e7428ec1fc7261a271a677d77fafe84b337541b507c8a9c71d964524e10
+  metadata.gz: 8963ba3af539bf5e5893778cf4e19164cca071b4aa33f42c7bfed8b184016604
+  data.tar.gz: 235dba3157fda782be2927b08094970065511aaa36f5b0898499cc1fd421f3fb
 SHA512:
-  metadata.gz: 135daf7438ab4439396d45a99dc2300c916edcb2d2fcdef97dbaf907c19add34503d027b3b4d51836b92aaca979b5953d674609e411c1b1249bb0d589938b4e3
-  data.tar.gz: 8a0e398ca35e07f161bb0c02a0c33bbe68c09f16f492633a36707304720bb8690c41e087dbe34bfc61be410fe23e73af663c349d464cab5c95a27bdc6a0b563e
+  metadata.gz: 5ce910c91f09a88ca6e3fb9a47e5b64f5f76b0a5ac5d78c44baa79b81d29a60c2fe7566f631962792b7192a435ce537258469e5d3f84f1471816d10f0bad8902
+  data.tar.gz: 8098c0c471bb5f6dbb9a71f5553244a496bfe7d29cd37ad848b95b4fd312c48ffe4c7c5c5f305d551db1a45feec5dec935a615dd1fc0a946126de9ddbbe48248

data/CHANGELOG.md

@@ -1,3 +1,20 @@
+## 0.1.0, release 2022/09/20
+* New dependencies for `Freydis::Secrets`: `bsdtar`, `shred` and `gnupg`.
+* Option store a new field `gpg_recipient`.
+* Can store and resttore GPG keys and matching directory of the [pass](https://www.passwordstore.org/) utility.
+* Use only `/dev/disk/by-id` in the config file, the value does not change from one system to another.
+* Rewrite code.
+
+## 0.0.3, release 2021/07/04
+* Add an option to `rsync` -R | --relative.
+* Simplify config file, use only disk: [sdX].
+* New option `--path-add`, `--path-del`, `--path-list`, `--save`.
+* Adding basic test with minitest.
+* Customize errors message.
+* Control args `-d | --disk DISK`
+* Control device with `cryptsetup isLuks` before proceed
+* Enhance logic code for `bin/freydis`
+
 ## 0.0.2, release 2021/05/18
 * New options `--open` and `--close`.
 * Encrypt/Decrypt with `cryptsetup`.

data/README.md

@@ -1,59 +1,66 @@
 # Freydis
-Backup and restore data on encrypted device.
 
-## Requirements
-Freydis use `rsync` and `cryptsetup`.
+<div align="center">
 
-## Gem build
+[![Gem Version](https://badge.fury.io/rb/freydis.svg)](https://badge.fury.io/rb/freydis)
+![Gem](https://img.shields.io/gem/dtv/freydis?color=red)
+![GitHub last commit (branch)](https://img.shields.io/github/last-commit/szorfein/freydis/develop?color=blue)
+![GitHub](https://img.shields.io/github/license/szorfein/freydis?color=cyan)
 
-    gem build freydis.gemspec
+</div>
+
+Backup and restore data on encrypted device.
+
+## Requirements
+Freydis use `rsync` and `cryptsetup` and optionnal `bsdtar`, `shred`, `gnupg`.
 
 ## Install freydis locally
 
-    gem install freydis-0.0.1.gem -P HighSecurity
+    $ gem install --user-install freydis
 
 ## Usage
 
-#### 0x01 - Config file
-First, you need a config file. You can use `freydis --init` or make one with your favorite editor.  
-The config file should be placed at `~/.config/freydis/freydis.yaml`.
+    $ freydis -h
+
+## Examples
 
-An example of final config:
+#### 0x01 - Initialisation
+First, you need a config file and a disk encrypted.
+
+    $ freydis --disk sdc --encrypt --save
+
+The config file will be created at `~/.config/freydis/freydis.yaml`.
 
 ```yaml
 ---
-:disk: sdc
-:disk_id: usb-SABRENT_SABRENT_DB9876543214E-0:0
-:disk_uuid: 10f531df-51dc-x19e-9bd1-bbd6659f0c3f
-:disk_partuuid: ''
-:paths:
-- "/home/daggoth/labs"
-- "/home/daggoth/musics"
-- "/home/daggoth/.password-store"
-- "/home/daggoth/documents"
+:disk: /dev/disk/by-id/usb-SABRENT_SABRENT_DB9876543214E-0:0
+:paths: []
 ```
 
-As you see:
-+ disk: sdc -> Use only `sd[a-z]` without partition.
-+ disk_id -> (Optionnal), freydis will find it if void.
-+ disk_uuid -> (Optionnal)
-+ disk_partuuid -> (Optionnal)
-+ paths -> Contain a list of absolute paths on each line.
++ disk: save the full path `by-id` for `sdc` here.
++ paths -> An Array which contain a list of absolute paths for backup.
+
+#### 0x02 - First backup
+Freydis will use `rsync`, all paths must be separated by a comma:
 
-#### 0x02 - Encrypt the disk
-Freydis will use `cryptsetup` with `luks2` and format the disk with `ext4`:
+    $ freydis --backup --paths-add "/home,/etc" --save
 
-    $ freydis --encrypt
+#### 0x03 - Restore
+With `--disk` and `--paths-add` saved in the config file, you only need to write:
 
-#### 0x03 - Other options
-Make an incremental backup, will copy all `paths` include in the config file:
+    $ freydis --restore
 
-    $ freydis --backup
+Freydis will restore all files in `/`.
 
-Restore files in your system `/`:
+#### 0x04 - Secrets
+Freydis can store secrets ([GPG Key](https://www.gnupg.org/) and [pass](https://www.passwordstore.org/) directory for now) and restore them if need:
 
-    $ freydis --restore
+    $ freydis --gpg-recipient szorfein@protonmail.com --secrets-backup
+    $ freydis --gpg-recipient szorfein@protonmail.com --secrets-restore
+
+The option `--secrets-restore` use `gpg --import` if the key is no found on your system.
 
+### Tips
 If you lost the config file, `freydis` has made a copy on your device when you're done your first `--backup`:
 
     $ freydis --open --disk sdc

data/bin/freydis

@@ -1,53 +1,10 @@
 #!/usr/bin/env ruby
-require "freydis"
 
-puts "Freydis v." + Freydis::VERSION
+require 'freydis'
 
-cli = Freydis::Options.new(ARGV)
-data = Freydis::Data.new
-data.load
+freydis = Freydis::Main.new(
+  :argv => ARGV
+)
 
-if cli.disk
-  data.options[:disk] = cli.disk
-end
-
-if cli.init
-  Freydis::Init.run(data.options)
-  data.save
-  exit 0
-end
-
-if !cli.backup && !cli.restore && !cli.encrypt &&
-   !cli.open && !cli.close
-  puts "Ok... glad to see you too."
-  exit 1
-end
-
-if cli.encrypt
-  puts "Encrypting disk #{data.options[:disk]}..."
-  disk = Freydis::Disk.new(data.options[:disk])
-  disk.encrypt(data)
-  data.save
-elsif cli.backup
-  puts "Saving..."
-  disk = Freydis::Disk.new(data.options[:disk])
-  disk.open(data)
-  rsync = Freydis::Rsync.new(data)
-  rsync.backup
-  disk.close(data)
-elsif cli.restore
-  puts "Restoring..."
-  disk = Freydis::Disk.new(data.options[:disk])
-  disk.open(data)
-  rsync = Freydis::Rsync.new(data)
-  rsync.restore
-  disk.close(data)
-elsif cli.open
-  puts "Opening disk #{data.options[:disk]}."
-  disk = Freydis::Disk.new(data.options[:disk])
-  disk.open(data)
-elsif cli.close
-  puts "Closing disk #{data.options[:disk]}."
-  disk = Freydis::Disk.new(data.options[:disk])
-  disk.close(data)
-end
+freydis.start
+freydis.bye

data/freydis.gemspec

@@ -1,33 +1,45 @@
+# frozen_string_literal: true
+
 require File.dirname(__FILE__) + "/lib/freydis/version"
 
 # https://guides.rubygems.org/specification-reference/
 Gem::Specification.new do |s|
-  s.files = `git ls-files`.split(" ")
-  s.files.reject! { |fn| fn.include? "certs" }
-  s.name = "freydis"
-  s.summary = "Backup and Restore data from encrypted device."
+  s.name = 'freydis'
+  s.summary = 'Backup and Restore data from encrypted device.'
   s.version = Freydis::VERSION
-  s.description = <<-EOF
+  s.platform = Gem::Platform::RUBY
+
+  s.description = <<~DESC
     Freydis is a CLI tool to encrypt a disk device, backup and restore easyly. Freydis use `cryptsetup` and `rsync` mainly.
-  EOF
-  s.email = "szorfein@protonmail.com"
-  s.homepage = "https://github.com/szorfein/freydis"
-  s.license = "MIT"
+  DESC
+
+  s.email = 'szorfein@protonmail.com'
+  s.homepage = 'https://github.com/szorfein/freydis'
+  s.license = 'MIT'
+  s.author = 'szorfein'
+
   s.metadata = {
-    "bug_tracker_uri" => "https://github.com/szorfein/freydis/issues",
-    "changelog_uri" => "https://github.com/szorfein/freydis/blob/master/CHANGELOG.md",
-    "source_code_uri" => "https://github.com/szorfein/freydis",
-    "wiki_uri" => "https://github.com/szorfein/freydis/wiki",
-    "funding_uri" => "https://patreon.com/szorfein",
+    'bug_tracker_uri' => 'https://github.com/szorfein/freydis/issues',
+    'changelog_uri' => 'https://github.com/szorfein/freydis/blob/main/CHANGELOG.md',
+    'source_code_uri' => 'https://github.com/szorfein/freydis',
+    'funding_uri' => 'https://patreon.com/szorfein',
   }
-  s.author = "szorfein"
-  s.bindir = "bin"
-  s.cert_chain = ["certs/szorfein.pem"]
-  s.executables << "freydis"
-  s.extra_rdoc_files = ['README.md']
-  s.required_ruby_version = ">=2.6"
-  s.requirements << 'cryptsetup, v2.3'
-  s.requirements << 'rsync, v3.2'
-  s.signing_key = File.expand_path("~/.ssh/gem-private_key.pem") if $@ =~ /gem\z/
+
+  s.files = Dir.glob('{lib,bin}/**/*', File::FNM_DOTMATCH).reject { |f| File.directory?(f) }
+
+  # Include the CHANGELOG.md, LICENSE.md, README.md manually
+  s.files += %w[CHANGELOG.md LICENSE README.md]
+  s.files += %w[freydis.gemspec]
+
+  s.bindir = 'bin'
+  s.executables << 'freydis'
+  s.require_paths = ['lib']
+
+  s.cert_chain = ['certs/szorfein.pem']
+  s.signing_key = File.expand_path('~/.ssh/gem-private_key.pem')
+
+  s.required_ruby_version = '>= 2.6'
+  s.requirements << 'cryptsetup'
+  s.requirements << 'rsync'
 end
 

data/lib/freydis/config.rb

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+require 'yaml'
+require 'fileutils'
+require 'pathname'
+require 'mods/msg'
+
+module Freydis
+  class Config
+    include Msg
+
+    attr_accessor :gpg_recipient, :disk, :paths
+
+    def initialize
+      @cpath = "#{ENV['HOME']}/.config/freydis/freydis.yaml"
+      @disk = nil
+      @gpg_recipient = nil
+      @paths = []
+    end
+
+    def load
+      if File.exist? @cpath
+        info 'Loading config...'
+        data_load = YAML.load_file @cpath
+        @disk = data_load[:disk]
+        @gpg_recipient = data_load[:gpg_recipient]
+        @paths = data_load[:paths]
+      else
+        info "Creating config file #{@cpath}..."
+        save
+      end
+    end
+
+    def save
+      FileUtils.mkdir_p Pathname.new(@cpath).parent.to_s
+      File.write @cpath, YAML::dump({
+        disk: @disk,
+        gpg_recipient: @gpg_recipient,
+        paths: @paths.uniq
+      })
+      success "Saving options to #{@cpath}..."
+    end
+  end
+end

data/lib/freydis/cryptsetup.rb

@@ -1,74 +1,71 @@
-# lib/cryptsetup.rb
+# frozen_string_literal: true
+
+require 'mods/exec'
+require 'mods/msg'
 
 module Freydis
   class Cryptsetup
-    def initialize(data)
-      @data = data
-      @dev_ids = [
-        "/dev/disk/by-id/" + @data.options[:disk_id] ||= " ",
-        "/dev/disk/by-uuid/" + @data.options[:disk_uuid] ||= " ",
-        "/dev/disk/by-partuuid/" + @data.options[:disk_partuuid] ||= " ",
-        "/dev/" + @data.options[:disk]
-      ]
-      @mapper_name = "freydis-enc"
-      @mountpoint ="/mnt/freydis"
+    include Exec
+    include Msg
+
+    def initialize
+      Guard.disk_id(CONFIG.disk)
+
+      @disk = Disk.new(CONFIG.disk).search_sdx
+      @mapper_name = 'freydis-encrypt'
+      @mountpoint = '/mnt/freydis'
     end
 
     def encrypt
-      @dev_ids.each { |f|
-        if File.exists? f
-          exec "cryptsetup -v --type luks2 --verify-passphrase luksFormat #{f}"
-          break if $?.success?
-        end
-      }
+      info "Encrypting disk #{@disk}..."
+      x "cryptsetup -v --type luks2 --verify-passphrase luksFormat #{@disk}"
     end
 
     def open
-      @dev_ids.each { |f|
-        if File.exists? f
-          exec "cryptsetup -v open #{f} #{@mapper_name}"
-          break if $?.success?
-        end
-      }
+      info "Opening disk #{@mapper_name}..."
+      x "cryptsetup -v open #{@disk} #{@mapper_name}"
     end
 
     def close
       umount
-      exec "cryptsetup -v close #{@mapper_name}" if File.exists? "/dev/mapper/#{@mapper_name}"
+      if File.exist? "/dev/mapper/#{@mapper_name}"
+        x "cryptsetup -v close #{@mapper_name}"
+      else
+        info "#{@mapper_name} is not open."
+      end
     end
 
     def format
-      exec "mkfs.ext4 /dev/mapper/#{@mapper_name}"
+      info "Formatting #{@mapper_name}..."
+      x "mkfs.ext4 /dev/mapper/#{@mapper_name}"
     end
 
     def mount
-      create_mountpoint
-      puts "Mounting disk at #{@mountpoint}"
-      exec "mount -t ext4 /dev/mapper/#{@mapper_name} #{@mountpoint}"
+      mkdir @mountpoint
+      info "Mounting disk at #{@mountpoint}"
+      x "mount -t ext4 /dev/mapper/#{@mapper_name} #{@mountpoint}"
     end
 
-    private
+    protected
 
-    def create_mountpoint
-      if Process.uid === 0
-        Dir.mkdir @mountpoint unless Dir.exist? @mountpoint
+    def umount
+      if mounted?
+        x "umount #{@mountpoint}"
+        success "Umounting disk #{@disk}..."
       else
-        exec "mkdir -p #{@mountpoint}" unless Dir.exist? @mountpoint
+        info "Disk #{@disk} is no mounted."
       end
     end
 
-    def umount
-      dir_length = Dir.glob("#{@mountpoint}/*").length
-      if dir_length >= 1 # should contain lost+found if mount
-        exec "umount #{@mountpoint}"
-      end
-    end
+    private
 
-    def exec(command)
-      sudo = Process.uid != 0 ? 'sudo' : ''
-      if !system("#{sudo} #{command}")
-        raise StandardError, "[-] #{command}"
+    def mounted?
+      File.open('/proc/mounts') do |f|
+        f.each do |line|
+          return true if line.match?(/#{@mountpoint}/)
+        end
       end
+      false
     end
   end
 end

data/lib/freydis/disk.rb

@@ -1,81 +1,38 @@
-# lib/disk.rb
+# frozen_string_literal: true
 
 module Freydis
   class Disk
-    def initialize(dev)
-      @disk = dev.match(/sd[a-z]{1}/)
-      @dev = "/dev/#{@disk}"
-      @mountpoint = "/mnt/freydis"
+    def initialize(disk_path)
+      raise ArgumentError, "#{disk_path} no valid" unless disk_path.match?(/^\/dev\//)
+
+      @disk = disk_path
     end
 
     def size
-      `lsblk -dno SIZE #{@dev}`.chomp
+      `lsblk -dno SIZE #{@disk}`.chomp
     end
 
     def complete_info
-      `lsblk -dno "NAME,LABEL,FSTYPE,SIZE" #{@dev}`.chomp
-    end
-
-    def populate_data(data)
-      puts "Checking IDs on #{@disk}..."
-      search_uuid(data)
-      search_id(data)
-      search_partuuid(data)
+      `lsblk -dno "NAME,LABEL,FSTYPE,SIZE" #{@disk}`.chomp
     end
 
-    def encrypt(data)
-      populate_data(data)
-      puts "id -> #{data.options[:disk_id]}"
-      puts "uuid -> #{data.options[:disk_uuid]}"
-      puts "partuuid -> #{data.options[:disk_partuuid]}"
-      data.save
-
-      cryptsetup = Freydis::Cryptsetup.new(data)
-      cryptsetup.close
-
-      cryptsetup.encrypt
-      cryptsetup.open
-      cryptsetup.format
-
-      cryptsetup.close
-    end
-
-    def open(data)
-      cryptsetup = Freydis::Cryptsetup.new(data)
-      cryptsetup.close
-      cryptsetup.open
-      cryptsetup.mount
-    end
-
-    def close(data)
-      cryptsetup = Freydis::Cryptsetup.new(data)
-      cryptsetup.close
-    end
-
-    private
-
-    def search_uuid(data)
-      Dir.glob("/dev/disk/by-uuid/*").each { |f|
-        if File.readlink(f).match(/#{@disk}/)
-          data.options[:disk_uuid] = f.delete_prefix("/dev/disk/by-uuid/")
-        end
-      }
-    end
-
-    def search_id(data)
-      Dir.glob("/dev/disk/by-id/*").each { |f|
-        if File.readlink(f).match(/#{@disk}/)
-          data.options[:disk_id] = f.delete_prefix("/dev/disk/by-id/")
-        end
-      }
+    def search_id
+      dev_split = @disk.delete_prefix('/dev/')
+      Dir.glob("/dev/disk/by-id/*").each do |f|
+        return f if File.readlink(f).match?(/#{dev_split}/)
+          #return f.delete_prefix("/dev/disk/by-id/")
+      end
+      raise ArgumentError, "Unable to find the disk id of #{@disk}."
     end
 
-    def search_partuuid(data)
-      Dir.glob("/dev/disk/by-partuuid/*").each { |f|
-        if File.readlink(f).match(/#{@disk}/)
-          data.options[:disk_partuuid] = f.delete_prefix("/dev/disk/by-partuuid/")
+    # return /dev/sdX from a disk_id if value match with @disk
+    def search_sdx
+      Dir.glob('/dev/disk/by-id/*').each do |f|
+        if f.match?(/#{@disk}$/) # need a space
+          return '/dev/' + File.readlink(f).delete_prefix('../../')
         end
-      }
+      end
+      raise ArgumentError, "Unable to find the disk sdX of #{@disk}."
     end
   end
 end

data/lib/freydis/disk_luks.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+require 'mods/msg'
+
+module Freydis
+  module DiskLuks
+    extend Msg
+    module_function
+
+    def encrypt
+      cryptsetup = Freydis::Cryptsetup.new
+      cryptsetup.encrypt
+      cryptsetup.open
+      cryptsetup.format
+      cryptsetup.close
+      success "Disk #{CONFIG.disk} fully encrypted."
+    end
+
+    def open
+      cryptsetup = Freydis::Cryptsetup.new
+      cryptsetup.close
+      cryptsetup.open
+      cryptsetup.mount
+      success "Disk #{CONFIG.disk} opened."
+    end
+
+    def close
+      cryptsetup = Freydis::Cryptsetup.new
+      cryptsetup.close
+      success "Disk #{CONFIG.disk} closed."
+    end
+  end
+end

data/lib/freydis/error.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+module Freydis
+  class InvalidDisk < StandardError; end
+  class DiskId < StandardError; end
+  class InvalidLuksDev < StandardError; end
+  class InvalidPath < StandardError; end
+  class GPG < StandardError; end
+end

data/lib/freydis/guard.rb

@@ -1,9 +1,53 @@
+# frozen_string_literal: true
+
 module Freydis
   module Guard
-    def self.disk?(name)
-      raise ArgumentError, "Bad name #{name}, should match with sdX" if !name.match(/^sd[a-z]{1}$/)
-      raise ArgumentError, "No disk /dev/#{name}" if !File.exist? "/dev/#{name}"
-      true
+    module_function
+
+    def disk(name)
+      full_path = "/dev/#{name}"
+      raise Freydis::InvalidDisk, 'No disk, use with -d DISK.' unless name
+      raise Freydis::InvalidDisk, 'No disk, use with -d DISK.' if name == ''
+      raise Freydis::InvalidDisk, 'Bad name #{name}, should match with sd[a-z]' unless name.match(/^sd[a-z]{1}$/)
+      raise Freydis::InvalidDisk, "No disk #{full_path} available." unless File.exist? full_path
+      Freydis::Disk.new(full_path).search_id # return disk(name) by-id
+    rescue Freydis::InvalidDisk => e
+      puts "#{e.class} => #{e}"
+      exit 1
+    end
+
+    def disk_id(name)
+      raise DiskId, "No disk #{name} found." unless File.exist? name
+    rescue Freydis::DiskId => e
+      puts "#{e.class} => #{e}"
+      exit 1
+    end
+
+    def isLuks(disk)
+      raise Freydis::InvalidLuksDev, "No disk." unless disk
+      raise Freydis::InvalidLuksDev, "#{disk} does not exist." unless File.exist? disk
+      sudo = Process.uid != 0 ? 'sudo' : ''
+      if !system(sudo, 'cryptsetup', 'isLuks', disk)
+        raise Freydis::InvalidLuksDev, "#{disk} is not valid Luks device."
+      end
+    rescue Freydis::InvalidLuksDev => e
+      puts "#{e.class} => #{e}"
+      exit 1
+    end
+
+    def path?(p)
+      raise Freydis::InvalidPath, "#{p} does not exist." unless File.exist? p
+    rescue Freydis::InvalidPath => e
+      puts "#{e.class} => #{e}"
+      exit 1
+    end
+
+    def gpg(recipient)
+      raise Freydis::GPG, "No recipient, use --gpg-recipient NAME" unless recipient
+      recipient
+    rescue Freydis::GPG => e
+      puts "#{e.class} => #{e}"
+      exit 1
     end
   end
 end