freydis 0.0.3 → 0.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1b765713da6ebbf003f0234452f930e884ff398ea0cfa7526a24e5949a2eca9c
-  data.tar.gz: 0e0f5d68bf55b73083386590e0be88267f5c30863b6494700c61ca7befd4c2d1
+  metadata.gz: 8963ba3af539bf5e5893778cf4e19164cca071b4aa33f42c7bfed8b184016604
+  data.tar.gz: 235dba3157fda782be2927b08094970065511aaa36f5b0898499cc1fd421f3fb
 SHA512:
-  metadata.gz: 5b31ed0d011a8ac7534f81692adcafd1114ac92ab2c56cfa84eb02d46987221d3fc20476e9d610e028fc40fa255d8b332c12a20ee62edb5b9ec02341a05ee278
-  data.tar.gz: 0764c108b98a162b4f605536bbf2104f2f3292e035ece96cbb678b56b2def060e9aeff78a6d31bbe12206ff8ae44439946f7474c81a94263533fd0db9ed8ca13
+  metadata.gz: 5ce910c91f09a88ca6e3fb9a47e5b64f5f76b0a5ac5d78c44baa79b81d29a60c2fe7566f631962792b7192a435ce537258469e5d3f84f1471816d10f0bad8902
+  data.tar.gz: 8098c0c471bb5f6dbb9a71f5553244a496bfe7d29cd37ad848b95b4fd312c48ffe4c7c5c5f305d551db1a45feec5dec935a615dd1fc0a946126de9ddbbe48248

data/CHANGELOG.md

@@ -0,0 +1,29 @@
+## 0.1.0, release 2022/09/20
+* New dependencies for `Freydis::Secrets`: `bsdtar`, `shred` and `gnupg`.
+* Option store a new field `gpg_recipient`.
+* Can store and resttore GPG keys and matching directory of the [pass](https://www.passwordstore.org/) utility.
+* Use only `/dev/disk/by-id` in the config file, the value does not change from one system to another.
+* Rewrite code.
+
+## 0.0.3, release 2021/07/04
+* Add an option to `rsync` -R | --relative.
+* Simplify config file, use only disk: [sdX].
+* New option `--path-add`, `--path-del`, `--path-list`, `--save`.
+* Adding basic test with minitest.
+* Customize errors message.
+* Control args `-d | --disk DISK`
+* Control device with `cryptsetup isLuks` before proceed
+* Enhance logic code for `bin/freydis`
+
+## 0.0.2, release 2021/05/18
+* New options `--open` and `--close`.
+* Encrypt/Decrypt with `cryptsetup`.
+* Add Rsync for backup and restore.
+* Can add/remove paths with the `--cli`.
+* Can (u)mount the encrypted device at the default `/mnt/freydis`.
+* Checking all ID (partuuid, uuid, id) from a given device.
+* YAML config file in ~/.config/freydis/freydis.yaml.
+
+## 0.0.1, release 2021/05/04
+* Initial push, code freeying !
+

data/LICENSE

@@ -0,0 +1,10 @@
+MIT License
+
+Copyright (c) 2021 szorfein
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+

data/README.md

@@ -1,59 +1,66 @@
 # Freydis
-Backup and restore data on encrypted device.
 
-## Requirements
-Freydis use `rsync` and `cryptsetup`.
+<div align="center">
 
-## Gem build
+[![Gem Version](https://badge.fury.io/rb/freydis.svg)](https://badge.fury.io/rb/freydis)
+![Gem](https://img.shields.io/gem/dtv/freydis?color=red)
+![GitHub last commit (branch)](https://img.shields.io/github/last-commit/szorfein/freydis/develop?color=blue)
+![GitHub](https://img.shields.io/github/license/szorfein/freydis?color=cyan)
 
-    gem build freydis.gemspec
+</div>
+
+Backup and restore data on encrypted device.
+
+## Requirements
+Freydis use `rsync` and `cryptsetup` and optionnal `bsdtar`, `shred`, `gnupg`.
 
 ## Install freydis locally
 
-    gem install freydis-0.0.1.gem -P HighSecurity
+    $ gem install --user-install freydis
 
 ## Usage
 
-#### 0x01 - Config file
-First, you need a config file. You can use `freydis --init` or make one with your favorite editor.  
-The config file should be placed at `~/.config/freydis/freydis.yaml`.
+    $ freydis -h
+
+## Examples
 
-An example of final config:
+#### 0x01 - Initialisation
+First, you need a config file and a disk encrypted.
+
+    $ freydis --disk sdc --encrypt --save
+
+The config file will be created at `~/.config/freydis/freydis.yaml`.
 
 ```yaml
 ---
-:disk: sdc
-:disk_id: usb-SABRENT_SABRENT_DB9876543214E-0:0
-:disk_uuid: 10f531df-51dc-x19e-9bd1-bbd6659f0c3f
-:disk_partuuid: ''
-:paths:
-- "/home/daggoth/labs"
-- "/home/daggoth/musics"
-- "/home/daggoth/.password-store"
-- "/home/daggoth/documents"
+:disk: /dev/disk/by-id/usb-SABRENT_SABRENT_DB9876543214E-0:0
+:paths: []
 ```
 
-As you see:
-+ disk: sdc -> Use only `sd[a-z]` without partition.
-+ disk_id -> (Optionnal), freydis will find it if void.
-+ disk_uuid -> (Optionnal)
-+ disk_partuuid -> (Optionnal)
-+ paths -> Contain a list of absolute paths on each line.
++ disk: save the full path `by-id` for `sdc` here.
++ paths -> An Array which contain a list of absolute paths for backup.
+
+#### 0x02 - First backup
+Freydis will use `rsync`, all paths must be separated by a comma:
 
-#### 0x02 - Encrypt the disk
-Freydis will use `cryptsetup` with `luks2` and format the disk with `ext4`:
+    $ freydis --backup --paths-add "/home,/etc" --save
 
-    $ freydis --encrypt
+#### 0x03 - Restore
+With `--disk` and `--paths-add` saved in the config file, you only need to write:
 
-#### 0x03 - Other options
-Make an incremental backup with `rsync`, will copy all `paths` include in the config file:
+    $ freydis --restore
 
-    $ freydis --backup
+Freydis will restore all files in `/`.
 
-Restore files in your system `/`:
+#### 0x04 - Secrets
+Freydis can store secrets ([GPG Key](https://www.gnupg.org/) and [pass](https://www.passwordstore.org/) directory for now) and restore them if need:
 
-    $ freydis --restore
+    $ freydis --gpg-recipient szorfein@protonmail.com --secrets-backup
+    $ freydis --gpg-recipient szorfein@protonmail.com --secrets-restore
+
+The option `--secrets-restore` use `gpg --import` if the key is no found on your system.
 
+### Tips
 If you lost the config file, `freydis` has made a copy on your device when you're done your first `--backup`:
 
     $ freydis --open --disk sdc

data/bin/freydis

@@ -1,12 +1,9 @@
 #!/usr/bin/env ruby
 
-require "freydis"
-
-config_file = "#{ENV['HOME']}/.config/freydis/freydis.yaml"
+require 'freydis'
 
 freydis = Freydis::Main.new(
-  :cli => Freydis::Options.new(ARGV, config_file),
-  :config => config_file
+  :argv => ARGV
 )
 
 freydis.start

data/freydis.gemspec

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+require File.dirname(__FILE__) + "/lib/freydis/version"
+
+# https://guides.rubygems.org/specification-reference/
+Gem::Specification.new do |s|
+  s.name = 'freydis'
+  s.summary = 'Backup and Restore data from encrypted device.'
+  s.version = Freydis::VERSION
+  s.platform = Gem::Platform::RUBY
+
+  s.description = <<~DESC
+    Freydis is a CLI tool to encrypt a disk device, backup and restore easyly. Freydis use `cryptsetup` and `rsync` mainly.
+  DESC
+
+  s.email = 'szorfein@protonmail.com'
+  s.homepage = 'https://github.com/szorfein/freydis'
+  s.license = 'MIT'
+  s.author = 'szorfein'
+
+  s.metadata = {
+    'bug_tracker_uri' => 'https://github.com/szorfein/freydis/issues',
+    'changelog_uri' => 'https://github.com/szorfein/freydis/blob/main/CHANGELOG.md',
+    'source_code_uri' => 'https://github.com/szorfein/freydis',
+    'funding_uri' => 'https://patreon.com/szorfein',
+  }
+
+  s.files = Dir.glob('{lib,bin}/**/*', File::FNM_DOTMATCH).reject { |f| File.directory?(f) }
+
+  # Include the CHANGELOG.md, LICENSE.md, README.md manually
+  s.files += %w[CHANGELOG.md LICENSE README.md]
+  s.files += %w[freydis.gemspec]
+
+  s.bindir = 'bin'
+  s.executables << 'freydis'
+  s.require_paths = ['lib']
+
+  s.cert_chain = ['certs/szorfein.pem']
+  s.signing_key = File.expand_path('~/.ssh/gem-private_key.pem')
+
+  s.required_ruby_version = '>= 2.6'
+  s.requirements << 'cryptsetup'
+  s.requirements << 'rsync'
+end
+

data/lib/freydis/config.rb

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+require 'yaml'
+require 'fileutils'
+require 'pathname'
+require 'mods/msg'
+
+module Freydis
+  class Config
+    include Msg
+
+    attr_accessor :gpg_recipient, :disk, :paths
+
+    def initialize
+      @cpath = "#{ENV['HOME']}/.config/freydis/freydis.yaml"
+      @disk = nil
+      @gpg_recipient = nil
+      @paths = []
+    end
+
+    def load
+      if File.exist? @cpath
+        info 'Loading config...'
+        data_load = YAML.load_file @cpath
+        @disk = data_load[:disk]
+        @gpg_recipient = data_load[:gpg_recipient]
+        @paths = data_load[:paths]
+      else
+        info "Creating config file #{@cpath}..."
+        save
+      end
+    end
+
+    def save
+      FileUtils.mkdir_p Pathname.new(@cpath).parent.to_s
+      File.write @cpath, YAML::dump({
+        disk: @disk,
+        gpg_recipient: @gpg_recipient,
+        paths: @paths.uniq
+      })
+      success "Saving options to #{@cpath}..."
+    end
+  end
+end

data/lib/freydis/cryptsetup.rb

@@ -1,76 +1,71 @@
-# lib/cryptsetup.rb
+# frozen_string_literal: true
+
+require 'mods/exec'
+require 'mods/msg'
 
 module Freydis
   class Cryptsetup
-    def initialize(data)
-      @data = data
-      @dev_ids = [
-        "/dev/disk/by-id/" + @data[:disk_id] ||= " ",
-        "/dev/disk/by-uuid/" + @data[:disk_uuid] ||= " ",
-        "/dev/disk/by-partuuid/" + @data[:disk_partuuid] ||= " ",
-        "/dev/" + @data[:disk]
-      ]
-      @mapper_name = "freydis-enc"
-      @mountpoint ="/mnt/freydis"
+    include Exec
+    include Msg
+
+    def initialize
+      Guard.disk_id(CONFIG.disk)
+
+      @disk = Disk.new(CONFIG.disk).search_sdx
+      @mapper_name = 'freydis-encrypt'
+      @mountpoint = '/mnt/freydis'
     end
 
     def encrypt
-      puts "Encrypting disk..."
-      @dev_ids.each { |f|
-        if File.exists? f
-          exec "cryptsetup -v --type luks2 --verify-passphrase luksFormat #{f}"
-          break if $?.success?
-        end
-      }
+      info "Encrypting disk #{@disk}..."
+      x "cryptsetup -v --type luks2 --verify-passphrase luksFormat #{@disk}"
     end
 
     def open
-      puts "Openning disk #{@mapper_name}..."
-      @dev_ids.each { |f|
-        if File.exist? f
-          exec "cryptsetup -v open #{f} #{@mapper_name}"
-          break if $?.success?
-        end
-      }
+      info "Opening disk #{@mapper_name}..."
+      x "cryptsetup -v open #{@disk} #{@mapper_name}"
     end
 
     def close
       umount
-      exec "cryptsetup -v close #{@mapper_name}" if File.exists? "/dev/mapper/#{@mapper_name}"
+      if File.exist? "/dev/mapper/#{@mapper_name}"
+        x "cryptsetup -v close #{@mapper_name}"
+      else
+        info "#{@mapper_name} is not open."
+      end
     end
 
     def format
-      exec "mkfs.ext4 /dev/mapper/#{@mapper_name}"
+      info "Formatting #{@mapper_name}..."
+      x "mkfs.ext4 /dev/mapper/#{@mapper_name}"
     end
 
     def mount
-      create_mountpoint
-      puts "Mounting disk at #{@mountpoint}"
-      exec "mount -t ext4 /dev/mapper/#{@mapper_name} #{@mountpoint}"
+      mkdir @mountpoint
+      info "Mounting disk at #{@mountpoint}"
+      x "mount -t ext4 /dev/mapper/#{@mapper_name} #{@mountpoint}"
     end
 
-    private
+    protected
 
-    def create_mountpoint
-      if Process.uid === 0
-        Dir.mkdir @mountpoint unless Dir.exist? @mountpoint
+    def umount
+      if mounted?
+        x "umount #{@mountpoint}"
+        success "Umounting disk #{@disk}..."
       else
-        exec "mkdir -p #{@mountpoint}" unless Dir.exist? @mountpoint
+        info "Disk #{@disk} is no mounted."
       end
     end
 
-    def umount
-      dir_length = Dir.glob("#{@mountpoint}/*").length
-      if dir_length >= 1 # should contain lost+found if mount
-        exec "umount #{@mountpoint}"
-      end
-    end
+    private
 
-    def exec(command)
-      sudo = Process.uid != 0 ? 'sudo' : ''
-      if !system("#{sudo} #{command}")
-        raise StandardError, "[-] #{command}"
+    def mounted?
+      File.open('/proc/mounts') do |f|
+        f.each do |line|
+          return true if line.match?(/#{@mountpoint}/)
+        end
       end
+      false
     end
   end
 end

data/lib/freydis/disk.rb

@@ -1,69 +1,38 @@
-# lib/disk.rb
+# frozen_string_literal: true
 
 module Freydis
   class Disk
-    def initialize(dev)
-      @disk = Freydis::Guard.disk(dev)
-      @dev = "/dev/#{@disk}"
+    def initialize(disk_path)
+      raise ArgumentError, "#{disk_path} no valid" unless disk_path.match?(/^\/dev\//)
+
+      @disk = disk_path
     end
 
     def size
-      `lsblk -dno SIZE #{@dev}`.chomp
+      `lsblk -dno SIZE #{@disk}`.chomp
     end
 
     def complete_info
-      `lsblk -dno "NAME,LABEL,FSTYPE,SIZE" #{@dev}`.chomp
-    end
-
-    def populate_data(data)
-      puts "Checking IDs on #{@disk}..."
-      data.options[:disk_uuid] = search_uuid
-      data.options[:disk_id] = search_id
-      data.options[:disk_partuuid] = search_partuuid
-    end
-
-    def encrypt(data)
-      search_id(data)
-      puts "id -> #{data.options[:disk_id]}"
-      data.save
-
-      cryptsetup = Freydis::Cryptsetup.new(data)
-      cryptsetup.close
-
-      cryptsetup.encrypt
-      cryptsetup.open
-      cryptsetup.format
-
-      populate_data(data)
-      puts "uuid -> #{data.options[:disk_uuid]}"
-      puts "partuuid -> #{data.options[:disk_partuuid]}"
-      data.save
-
-      cryptsetup.close
-    end
-
-    def search_partuuid
-      Dir.glob("/dev/disk/by-partuuid/*").each { |f|
-        if File.readlink(f).match(/#{@disk}/)
-          return f.delete_prefix("/dev/disk/by-partuuid/")
-        end
-      }
-    end
-
-    def search_uuid
-      Dir.glob("/dev/disk/by-uuid/*").each { |f|
-        if File.readlink(f).match(/#{@disk}/)
-          return f.delete_prefix("/dev/disk/by-uuid/")
-        end
-      }
+      `lsblk -dno "NAME,LABEL,FSTYPE,SIZE" #{@disk}`.chomp
     end
 
     def search_id
-      Dir.glob("/dev/disk/by-id/*").each { |f|
-        if File.readlink(f).match(/#{@disk}/)
-          return f.delete_prefix("/dev/disk/by-id/")
+      dev_split = @disk.delete_prefix('/dev/')
+      Dir.glob("/dev/disk/by-id/*").each do |f|
+        return f if File.readlink(f).match?(/#{dev_split}/)
+          #return f.delete_prefix("/dev/disk/by-id/")
+      end
+      raise ArgumentError, "Unable to find the disk id of #{@disk}."
+    end
+
+    # return /dev/sdX from a disk_id if value match with @disk
+    def search_sdx
+      Dir.glob('/dev/disk/by-id/*').each do |f|
+        if f.match?(/#{@disk}$/) # need a space
+          return '/dev/' + File.readlink(f).delete_prefix('../../')
         end
-      }
+      end
+      raise ArgumentError, "Unable to find the disk sdX of #{@disk}."
     end
   end
 end

data/lib/freydis/disk_luks.rb

@@ -1,37 +1,33 @@
-# lib/disk_luks.rb
+# frozen_string_literal: true
+
+require 'mods/msg'
 
 module Freydis
-  class DiskLuks < Disk
-    def initialize(data)
-      @data = data
-      @disk = data[:disk]
-      if @disk
-        if File.exist? "/dev/disk/by-id/#{@disk}"
-          Freydis::Guard.disk("/dev/disk/by-id/#{@disk}")
-          Freydis::Guard.isLuks("/dev/disk/by-id/#{@disk}")
-        elsif File.exist? "/dev/#{@disk}"
-          Freydis::Guard.disk(@disk)
-          Freydis::Guard.isLuks("/dev/#{@disk}")
-        else
-          puts "#{@disk} value is not supported yet"
-          exit
-        end
-      else
-        puts "No disk."
-        exit 1
-      end
+  module DiskLuks
+    extend Msg
+    module_function
+
+    def encrypt
+      cryptsetup = Freydis::Cryptsetup.new
+      cryptsetup.encrypt
+      cryptsetup.open
+      cryptsetup.format
+      cryptsetup.close
+      success "Disk #{CONFIG.disk} fully encrypted."
     end
 
     def open
-      cryptsetup = Freydis::Cryptsetup.new(@data)
+      cryptsetup = Freydis::Cryptsetup.new
       cryptsetup.close
       cryptsetup.open
       cryptsetup.mount
+      success "Disk #{CONFIG.disk} opened."
     end
 
     def close
-      cryptsetup = Freydis::Cryptsetup.new(@data)
+      cryptsetup = Freydis::Cryptsetup.new
       cryptsetup.close
+      success "Disk #{CONFIG.disk} closed."
     end
   end
 end

data/lib/freydis/error.rb

@@ -1,10 +1,9 @@
-# lib/error.rb
+# frozen_string_literal: true
 
 module Freydis
-  class InvalidDisk < StandardError
-  end
-  class InvalidLuksDev < StandardError
-  end
-  class InvalidPath < StandardError
-  end
+  class InvalidDisk < StandardError; end
+  class DiskId < StandardError; end
+  class InvalidLuksDev < StandardError; end
+  class InvalidPath < StandardError; end
+  class GPG < StandardError; end
 end

data/lib/freydis/guard.rb

@@ -1,31 +1,53 @@
-module Freydis::Guard
-  def self.disk(name)
-    raise Freydis::InvalidDisk, "No disk, use with -d DISK." unless name
-    raise Freydis::InvalidDisk, "No disk, use with -d DISK." if name =~ /nil/
-    raise Freydis::InvalidDisk, "Bad name #{name}, should match with sd[a-z]" unless name.match(/^sd[a-z]{1}$/)
-    raise Freydis::InvalidDisk, "No disk /dev/#{name} available." unless File.exist? "/dev/#{name}"
-    name
-  rescue Freydis::InvalidDisk => e
-    puts "#{e.class} => #{e}"
-    exit 1
-  end
+# frozen_string_literal: true
+
+module Freydis
+  module Guard
+    module_function
 
-  def self.isLuks(disk)
-    raise Freydis::InvalidLuksDev, "No disk." unless disk
-    raise Freydis::InvalidLuksDev, "#{disk} does not exist." unless File.exist? disk
-    sudo = Process.uid != 0 ? 'sudo' : ''
-    if !system(sudo, 'cryptsetup', 'isLuks', disk)
-      raise Freydis::InvalidLuksDev, "#{disk} is not valid Luks device."
+    def disk(name)
+      full_path = "/dev/#{name}"
+      raise Freydis::InvalidDisk, 'No disk, use with -d DISK.' unless name
+      raise Freydis::InvalidDisk, 'No disk, use with -d DISK.' if name == ''
+      raise Freydis::InvalidDisk, 'Bad name #{name}, should match with sd[a-z]' unless name.match(/^sd[a-z]{1}$/)
+      raise Freydis::InvalidDisk, "No disk #{full_path} available." unless File.exist? full_path
+      Freydis::Disk.new(full_path).search_id # return disk(name) by-id
+    rescue Freydis::InvalidDisk => e
+      puts "#{e.class} => #{e}"
+      exit 1
+    end
+
+    def disk_id(name)
+      raise DiskId, "No disk #{name} found." unless File.exist? name
+    rescue Freydis::DiskId => e
+      puts "#{e.class} => #{e}"
+      exit 1
     end
-  rescue Freydis::InvalidLuksDev => e
-    puts "#{e.class} => #{e}"
-    exit 1
-  end
 
-  def self.path?(p)
-    raise Freydis::InvalidPath, "#{p} does not exist." unless File.exist? p
-  rescue Freydis::InvalidPath => e
-    puts "#{e.class} => #{e}"
-    exit 1
+    def isLuks(disk)
+      raise Freydis::InvalidLuksDev, "No disk." unless disk
+      raise Freydis::InvalidLuksDev, "#{disk} does not exist." unless File.exist? disk
+      sudo = Process.uid != 0 ? 'sudo' : ''
+      if !system(sudo, 'cryptsetup', 'isLuks', disk)
+        raise Freydis::InvalidLuksDev, "#{disk} is not valid Luks device."
+      end
+    rescue Freydis::InvalidLuksDev => e
+      puts "#{e.class} => #{e}"
+      exit 1
+    end
+
+    def path?(p)
+      raise Freydis::InvalidPath, "#{p} does not exist." unless File.exist? p
+    rescue Freydis::InvalidPath => e
+      puts "#{e.class} => #{e}"
+      exit 1
+    end
+
+    def gpg(recipient)
+      raise Freydis::GPG, "No recipient, use --gpg-recipient NAME" unless recipient
+      recipient
+    rescue Freydis::GPG => e
+      puts "#{e.class} => #{e}"
+      exit 1
+    end
   end
 end