freydis 0.0.2 → 0.1.0

data/lib/freydis/options.rb

@@ -1,60 +1,88 @@
+# frozen_string_literal: true
+
 require 'optparse'
 
 module Freydis
   class Options
-    attr_accessor :init, :backup, :restore, :encrypt,
-                  :open, :close,
-                  :disk
-
-    def initialize(args)
-      @init = false
-      @backup = false
-      @restore = false
-      @encrypt = false
-      @open = false
-      @close = false
-      @disk = nil
-      parse(args)
+    def initialize(argv)
+      parse(argv)
     end
 
     private
 
     def parse(argv)
       OptionParser.new do |opts|
-        opts.banner = "Usage: freydis.rb [options]"
+        opts.banner = 'Usage: freydis.rb [options]'
+        opts.version = VERSION
+
+        opts.on('--disk NAME', /^sd[a-z]$/, 'Use the disk NAME (e.g: sda, sdb).') do |disk|
+          Freydis::CONFIG.disk = Guard.disk(disk)
+        end
+
+        opts.on('--gpg-recipient NAME', String, 'Use gpg key NAME.') do |key|
+          Freydis::CONFIG.gpg_recipient = Guard.gpg(key)
+        end
+
+        opts.on('-p PATHS', '--paths-add PATHS', Array, 'Add absolute PATHS to the backup list.') do |paths|
+          paths.each do |p|
+            Freydis::Guard.path? p
+            Freydis::CONFIG.paths << p
+          end
+
+        end
+
+        opts.on('-d PATH', '--path-del PATH', String, 'Remove absolute PATH from the backup list.') do |p|
+          Freydis::Guard.path? p
+          Freydis::CONFIG.paths.delete p if CONFIG.paths.include? p
+        end
+
+        opts.on('-L', '--paths-list', 'List all paths from your list.') do
+          if Freydis::CONFIG.paths.nil?
+            puts 'Nothing in paths yet...'
+          else
+            puts Freydis::CONFIG.paths
+          end
+        end
+
+        # Engines options
+
+        opts.on('-e', '--encrypt', 'Encrypt and format (ext4) your device.') do
+          Freydis::DiskLuks.encrypt
+        end
 
-        opts.on("-i", "--init", "Create a config file.") do
-          @init = true
+        opts.on('-o', '--open', 'Open and mount encrypted disk at /mnt/freydis.') do
+          Freydis::DiskLuks.open
         end
 
-        opts.on("-b", "--backup", "Perform a backup.") do
-          @backup = true
+        opts.on('-c', '--close', 'Umount and close encrypted disk.') do
+          Freydis::DiskLuks.close
         end
 
-        opts.on("-r", "--restore", "Restore saved datas on your system.") do
-          @restore = true
+        opts.on('-b', '--backup', 'Perform a backup.') do
+          Freydis::Rsync.new.backup
         end
 
-        opts.on("-e", "--encrypt", "Encrypt your device.") do
-          @encrypt = true
+        opts.on('-r', '--restore', 'Restore saved datas on your system.') do
+          Freydis::Rsync.new.restore
         end
 
-        opts.on("-o", "--open", "Open and mount encrypted device at /mnt/freydis.") do
-          @open = true
+        opts.on('--secrets-backup', 'Backup only secrets, including GPG keys.') do |s|
+          Freydis::Secrets.backup
         end
 
-        opts.on("-c", "--close", "Umount & close encrypted device.") do
-          @close = true
+        opts.on('--secrets-restore', 'Restore secrets.') do |s|
+          Freydis::Secrets.restore
         end
 
-        opts.on("-dNAME", "--disk NAME", "To use the disk NAME (e.g: sda, sdb).") do |disk|
-          @disk = disk if Freydis::Guard.disk? disk
+        opts.on('-s', '--save', 'Save current arguments in the config file.') do
+          Freydis::CONFIG.save
         end
 
         begin
           opts.parse!(argv)
         rescue OptionParser::ParseError => e
-          STDERR.puts e.message, "\n", opts
+          warn e.message, "\n", opts
+          exit 1
         end
       end
     end

data/lib/freydis/rsync.rb

@@ -1,53 +1,47 @@
-# lib/rsync.rb
+# frozen_string_literal: true
+
+require 'mods/exec'
 
 module Freydis
   class Rsync
-    def initialize(data)
-      @data = data
-      @mountpoint = '/mnt/freydis'
-      @exclude_paths = [
-        "/dev/*",
-        "/proc/*",
-        "/sys/*",
-        "/tmp/*",
-        "/run/*",
-        "/mnt/*",
-        "/media/*",
-        "/home/*/.thumbnails/*",
-        "/home/*/.cache/mozilla/*",
-        "/home/*/.cache/chromium/*",
-        "/home/*/.local/share/Trash/*",
-        "/lost+found",
+    include Exec
+
+    def initialize
+      @workdir = '/mnt/freydis/backup/'
+      @exclude_paths = %w[
+        /dev/*
+        /proc/*
+        /sys/*
+        /tmp/*
+        /run/*
+        /mnt/*
+        /media/*
+        /var/lib/dhcpcd/*
+        /home/*/.gvfs
+        /home/*/.thumbnails/*
+        /home/*/.cache/*
+        /home/*/.local/share/*
+        /home/*/.Xauthority
+        /home/*/.xsession-errors
+        /lost+found
       ]
-      @opts = "-aAXHv"
+      @opts = '-aAXHvRx'
     end
 
     def backup
-      add_config
-      exil = @exclude_paths * ","
-      save = @data.options[:paths] * " "
-      @opts += " --delete"
-      exec("rsync #{@opts} --exclude={#{exil}} #{save} #{@mountpoint}")
+      Freydis::DiskLuks.open
+      mkdir @workdir
+      exil = @exclude_paths * ','
+      save = CONFIG.paths * ' '
+      @opts += ' --delete'
+      x "rsync #{@opts} --exclude={#{exil}} #{save} #{@workdir}"
+      Freydis::DiskLuks.close
     end
 
     def restore
-      exil = @exclude_paths * ","
-      exec("rsync #{@opts} --exclude={#{exil}} #{@mountpoint} /")
-    end
-
-    private
-
-    def add_config
-      if !@data.options[:paths].include?("#{ENV['HOME']}/.config/freydis")
-        @data.options[:paths] << "#{ENV['HOME']}/.config/freydis"
-      end
-    end
-
-    def exec(command)
-      sudo = Process.uid != 0 ? 'sudo' : ''
-      if !system("#{sudo} #{command}")
-        raise StandardError, "[-] #{command}"
-      end
+      Freydis::DiskLuks.open
+      x "rsync #{@opts} #{@workdir} /"
+      Freydis::DiskLuks.close
     end
   end
 end

data/lib/freydis/secrets/archive.rb

@@ -0,0 +1,63 @@
+# frozen_string_literal: true
+
+require 'date'
+require 'fileutils'
+
+module Freydis
+  module Secrets
+    # Create or Restore an archive of secrets with bsdtar
+    class Archive
+      include Exec
+      include Msg
+
+      def initialize(gpg)
+        @workdir = '/mnt/freydis/secrets'
+        @filename = "#{@workdir}/#{CONFIG.gpg_recipient}_#{Date.today}.tar.gz"
+        @restore_dir = '/tmp'
+        @include_paths = %w[]
+        @gpg = gpg
+      end
+
+      def create
+        populate_include
+        inc_paths = @include_paths * ' '
+
+        mkdir @workdir
+        info "Creating archive #{@filename}..."
+        bsdtar "--acls --xattrs -cpvf #{@filename} #{inc_paths}"
+        @gpg.clean_keys
+      end
+
+      # Restore the most recent archive in your $HOME
+      def restore
+        last_archive = Dir.glob("#{@workdir}/*").sort[0]
+
+        mkdir @restore_dir
+        info "Restoring #{last_archive}..."
+        bsdtar "-xvf #{last_archive} -C #{@restore_dir}"
+        @gpg.import_keys @restore_dir
+        @gpg.clean_keys @restore_dir
+      end
+
+      protected
+
+      def populate_include
+        @gpg.export_keys unless File.exist? @gpg.seckey_path
+        search_paths(%W[#{ENV['HOME']}/.password-store 
+                     #{@gpg.seckey_path}
+                     #{@gpg.pubkey_path}])
+      end
+
+      private
+
+      def search_paths(paths)
+        paths.each do |p|
+          if Dir.exist?(p) || File.exist?(p)
+            info "Found #{p}, add to archive..."
+            @include_paths << p
+          end
+        end
+      end
+    end
+  end
+end

data/lib/freydis/secrets/gpg.rb

@@ -0,0 +1,63 @@
+# frozen_string_literal: true
+
+module Freydis
+  module Secrets
+    class GPG
+      include Exec
+      include Msg
+
+      attr_reader :seckey_path, :pubkey_path
+
+      def initialize
+        @recipient = Guard.gpg(CONFIG.gpg_recipient)
+        @seckey_path = "/tmp/#{@recipient}-secret.key"
+        @pubkey_path = "/tmp/#{@recipient}-public.key"
+      end
+
+      def export_keys
+        info "Exporting keys for #{@recipient}..."
+        gpg "-a --export-secret-keys --armor #{@recipient} >#{@seckey_path}"
+        gpg "-a --export --armor #{@recipient} >#{@pubkey_path}"
+      end
+
+      def import_keys(prefix = nil)
+        is_key = `gpg -K | grep #{@recipient}`.chomp
+        if is_key.empty?
+          info "Importing key #{@recipient}..."
+          gpg_import(prefix)
+        else
+          info "Key #{@recipient} is alrealy present, skip import."
+        end
+      end
+
+      def clean_keys(prefix = nil)
+        if prefix
+          shred "#{prefix}#{@seckey_path}", "#{prefix}#{@pubkey_path}"
+        else
+          shred @seckey_path, @pubkey_path
+        end
+        success "Clean keys."
+      end
+
+      protected
+
+      def gpg_import(prefix)
+        if prefix
+          gpg "--armor --import #{prefix}#{@seckey_path}"
+          gpg "--armor --import #{prefix}#{@pubkey_path}"
+        else
+          gpg "--armor --import #{@seckey_path}"
+          gpg "--armor --import #{@pubkey_path}"
+        end
+      end
+
+      private
+
+      def gpg(command)
+        unless system("gpg #{command}")
+          error "Exe: gpg #{command}"
+        end
+      end
+    end
+  end
+end

data/lib/freydis/secrets.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+require 'mods/msg'
+require_relative 'secrets/gpg'
+require_relative 'secrets/archive'
+
+module Freydis
+  module Secrets
+    extend Msg
+
+    def self.backup
+      DiskLuks.open
+      info 'Backup secrets...'
+      gpg = GPG.new
+      archive = Archive.new(gpg)
+      archive.create
+      DiskLuks.close
+    end
+
+    def self.restore
+      DiskLuks.open
+      info 'Restoring secrets...'
+      gpg = GPG.new
+      archive = Archive.new(gpg)
+      archive.restore
+      DiskLuks.close
+    end
+  end
+end

data/lib/freydis/version.rb

@@ -1,4 +1,6 @@
+# frozen_string_literal: true
+
 module Freydis
-  VERSION = '0.0.2'.freeze
+  VERSION = '0.1.0'
 end
 

data/lib/freydis.rb

@@ -1,12 +1,33 @@
+# frozen_string_literal: true
+
 require_relative 'freydis/version'
 require_relative 'freydis/options'
-require_relative 'freydis/init'
-require_relative 'freydis/data'
+require_relative 'freydis/config'
 require_relative 'freydis/disk'
+require_relative 'freydis/disk_luks'
 require_relative 'freydis/cryptsetup'
 require_relative 'freydis/rsync'
+require_relative 'freydis/error'
 require_relative 'freydis/guard'
+require_relative 'freydis/secrets'
 
 module Freydis
-end
+  CONFIG = Config.new
+  CONFIG.load
+  
+  class Main
+    def initialize(args)
+      @argv = args[:argv]
+    end
 
+    def start
+      Options.new(@argv)
+    end
+
+    def bye
+      puts
+      puts "Bye !"
+      exit
+    end
+  end
+end

data/lib/mods/exec.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+module Exec
+  def x(command)
+    sudo = Process.uid != 0 ? 'sudo' : ''
+    unless system("#{sudo} #{command}")
+      Msg.error "Execute: #{command}"
+    end
+  end
+
+  def mkdir(dir)
+    if Process.uid == 0
+      FileUtils.mkdir_p dir
+    else
+      x "mkdir -p #{dir}"
+    end
+  end
+
+  def bsdtar(args)
+    x "bsdtar #{args}"
+  end
+
+  def shred(*keys)
+    keys_join = keys * ' '
+    x "shred -u #{keys_join}"
+  end
+end

data/lib/mods/msg.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+module Msg
+  def info(msg)
+    puts "> #{msg}"
+  end
+
+  def success(msg)
+    puts " ===> #{msg}"
+  end
+
+  def error(msg)
+    warn "[-] #{msg}"
+    exit 1
+  end
+end

metadata

@@ -1,48 +1,80 @@
 --- !ruby/object:Gem::Specification
 name: freydis
 version: !ruby/object:Gem::Version
-  version: 0.0.2
+  version: 0.1.0
 platform: ruby
 authors:
 - szorfein
 autorequire:
 bindir: bin
 cert_chain:
-- certs/szorfein.pem
-date: 2021-05-18 00:00:00.000000000 Z
+- |
+  -----BEGIN CERTIFICATE-----
+  MIIEhTCCAu2gAwIBAgIBATANBgkqhkiG9w0BAQsFADBEMREwDwYDVQQDDAhzem9y
+  ZmVpbjEaMBgGCgmSJomT8ixkARkWCnByb3Rvbm1haWwxEzARBgoJkiaJk/IsZAEZ
+  FgNjb20wHhcNMjIwOTA4MDYyNjE5WhcNMjMwOTA4MDYyNjE5WjBEMREwDwYDVQQD
+  DAhzem9yZmVpbjEaMBgGCgmSJomT8ixkARkWCnByb3Rvbm1haWwxEzARBgoJkiaJ
+  k/IsZAEZFgNjb20wggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDEJNhl
+  Gd0JNHLXysR7GvbCKD+y1prQbmS333GpoFgPR2chEGv8Y7l0We2UFXCZ59CVOs1v
+  KBVQhhNvxWAHWhfe/8stb1JFBxZpnCi7S0BGpqeblaGBXVlhBOzbZ6d1NrOwMfDS
+  6EzdX4WAOH55HnAz29T5KREUdbONVLU7HJNIIFVZvf6ethOv84pnkWbdWjV0RB3A
+  ERYste5QHGx1YQOYGTuJMlu8113kqTbB8wpEw6X00aJwmXcJvnKXkhN5mxd06yss
+  EE96lOk16raTWCh7DeYR3/ilVet3DpLlCvpFNtMIuko1HFa3HTW+57003VxD8Ozk
+  VGQKn823D+ReujKh+jgxbl8Q+r652C9Wl1N+C5CSma4mDtNGKr0XmEOEQycpSx0z
+  Z9J6/27wS8s6SJ0rLxueFQ6gb2oPEQb8jKJuNEuXWLmO3Idrwlv9Z7ymhnksjyqM
+  fAw+NMGEOCITNphXmssazlLX+bnxcbpr7rbTHa1xBmmHoUVudAnxAG43PrMCAwEA
+  AaOBgTB/MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdDgQWBBRzxda94CPF
+  Ll9UQ5l55l65RCZuEzAiBgNVHREEGzAZgRdzem9yZmVpbkBwcm90b25tYWlsLmNv
+  bTAiBgNVHRIEGzAZgRdzem9yZmVpbkBwcm90b25tYWlsLmNvbTANBgkqhkiG9w0B
+  AQsFAAOCAYEAPhavFyzIP60Zw7y40zJhzQpMK2IWtdw9HrRJq313Ea4UT1Kgv7F9
+  lCFtQzI5XMzooYiLMoPz7xBMXaUz+DDFOOcgGSinVrFbfPA4rOGEkBjnlwC39lBc
+  AiyXFzCV7Wqn4VhtqQQyvmoNYL4Q666K+nL8/nsXZWsXtRQ119LeAvrI2A+xmYAb
+  FPE5bD3Jx1JCoJdVN1DmE4YYdM8mVmb0XjCK9Tp1M01EDKDvAX7f3B+X6A5D7uBq
+  63X6Kx09VkntVOrifd3W4TwjDlyAMpB+50OIi3ErPnH2R4i09qnCiZmcVWATBVKw
+  e2QSloIAUZJwEFkrRqWPNVi8sr+BcMeuKpXaOwpbkP+xq/W2EKlUQKhPXMXS4jvC
+  MuTi+RjpSNKZxzBrOlK2eMIpiFrugF7nzKcM9EGnWRWUb899drCcD4VJhjPtgpn+
+  aEJeKq4/BlIwMlXPe+W5C8zp2i8hgG1/OYbwbGE1p2iRi1NIK7G/HyRqQjOqJxzE
+  LLknX69FN7/G
+  -----END CERTIFICATE-----
+date: 2022-09-20 00:00:00.000000000 Z
 dependencies: []
-description: "    Freydis is a CLI tool to encrypt a disk device, backup and restore
-  easyly. Freydis use `cryptsetup` and `rsync` mainly.\n"
+description: 'Freydis is a CLI tool to encrypt a disk device, backup and restore easyly.
+  Freydis use `cryptsetup` and `rsync` mainly.
+
+  '
 email: szorfein@protonmail.com
 executables:
 - freydis
 extensions: []
-extra_rdoc_files:
-- README.md
+extra_rdoc_files: []
 files:
 - CHANGELOG.md
 - LICENSE
 - README.md
-- Rakefile
 - bin/freydis
 - freydis.gemspec
 - lib/freydis.rb
+- lib/freydis/config.rb
 - lib/freydis/cryptsetup.rb
-- lib/freydis/data.rb
 - lib/freydis/disk.rb
+- lib/freydis/disk_luks.rb
+- lib/freydis/error.rb
 - lib/freydis/guard.rb
-- lib/freydis/init.rb
 - lib/freydis/options.rb
 - lib/freydis/rsync.rb
+- lib/freydis/secrets.rb
+- lib/freydis/secrets/archive.rb
+- lib/freydis/secrets/gpg.rb
 - lib/freydis/version.rb
+- lib/mods/exec.rb
+- lib/mods/msg.rb
 homepage: https://github.com/szorfein/freydis
 licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/szorfein/freydis/issues
-  changelog_uri: https://github.com/szorfein/freydis/blob/master/CHANGELOG.md
+  changelog_uri: https://github.com/szorfein/freydis/blob/main/CHANGELOG.md
   source_code_uri: https://github.com/szorfein/freydis
-  wiki_uri: https://github.com/szorfein/freydis/wiki
   funding_uri: https://patreon.com/szorfein
 post_install_message:
 rdoc_options: []
@@ -59,9 +91,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements:
-- cryptsetup, v2.3
-- rsync, v3.2
-rubygems_version: 3.0.9
+- cryptsetup
+- rsync
+rubygems_version: 3.3.19
 signing_key:
 specification_version: 4
 summary: Backup and Restore data from encrypted device.

data/Rakefile

@@ -1,21 +0,0 @@
-# https://github.com/seattlerb/minitest#running-your-tests-
-require "rake/testtask"
-require File.dirname(__FILE__) + "/lib/freydis/version"
-
-Rake::TestTask.new(:test) do |t|
-  t.libs << "test"
-  t.libs << "lib"
-  t.test_files = FileList["test/test_*.rb"]
-end
-
-# Usage: rake gem:build
-namespace :gem do
-  desc "build the gem"
-  task :build do
-    Dir["freydis*.gem"].each {|f| File.unlink(f) }
-    system("gem build freydis.gemspec")
-    system("gem install freydis-#{Freydis::VERSION}.gem")
-  end
-end
-
-task :default => :test

data/lib/freydis/data.rb

@@ -1,39 +0,0 @@
-# lib/data.rb
-
-require 'yaml'
-
-module Freydis
-  class Data
-    attr_accessor :options
-
-    def initialize
-      @config_file = "#{ENV['HOME']}/.config/freydis/freydis.yaml"
-      @options = {
-        :disk => "",
-        :disk_id => "",
-        :disk_uuid => "",
-        :disk_partuuid => "",
-        :paths => []
-      }
-    end
-
-    def load
-      if File.exist? @config_file
-        options_config = YAML.load_file @config_file
-        @options.merge!(options_config)
-      else
-        save
-        STDERR.puts "Initialized config at #{@config_file}"
-      end
-    end
-
-    def save
-      conf_dir = "#{ENV['HOME']}/.config/freydis"
-      Dir.mkdir conf_dir if !Dir.exists? conf_dir
-
-      File.open(@config_file, 'w') { |f|
-        YAML::dump(@options, f)
-      }
-    end
-  end
-end