linecook-gem 0.3.4 → 0.3.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/linecook/image/crypt.rb +21 -19
- data/lib/linecook/packager/ebs.rb +3 -0
- data/lib/linecook/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 436f7b18965a42d51257b1f278f5b3bae0154afa
|
|
4
|
+
data.tar.gz: 9a77064dbb23155c0108494498201a8540e67638
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 546c9bf9d9dbbea383122473f40d888fd4021943357e69ee3492dcbe6b21ff4fc5ed3c38eabea2edd2f632d7e3d9c2a436aaaf74a9f67bf269272c33746711d9
|
|
7
|
+
data.tar.gz: 45d28706131eba971a94b145f5f2a74c4bda5d0f2d0bf4b255acbecae3a57c5539f3d50d4a93c6ee6ad54299639987ae77bf2c731bec04e92de48d6ef4a456a9
|
data/lib/linecook/image/crypt.rb
CHANGED
|
@@ -4,13 +4,9 @@ require 'linecook/image/manager'
|
|
|
4
4
|
require 'linecook/util/executor'
|
|
5
5
|
require 'linecook/util/config'
|
|
6
6
|
|
|
7
|
-
require 'encryptor'
|
|
8
7
|
module Linecook
|
|
9
8
|
class Crypto
|
|
10
9
|
include Executor
|
|
11
|
-
CIPHER = 'aes-256-cbc'
|
|
12
|
-
KEY_BYTES = 32 # 256 bits
|
|
13
|
-
attr_reader :iv, :secret_key
|
|
14
10
|
|
|
15
11
|
def initialize(remote: nil)
|
|
16
12
|
@remote = remote
|
|
@@ -22,36 +18,42 @@ module Linecook
|
|
|
22
18
|
encrypt_file(image_path)
|
|
23
19
|
end
|
|
24
20
|
|
|
25
|
-
def encrypt_file(source, dest: nil
|
|
21
|
+
def encrypt_file(source, dest: nil)
|
|
26
22
|
dest ||= "/tmp/#{File.basename(source)}"
|
|
27
|
-
|
|
28
|
-
key.write(@secret_key)
|
|
29
|
-
key.flush
|
|
30
|
-
capture("openssl enc -#{CIPHER} -out #{dest} -in #{source} -kfile #{key.path}", sudo: false)
|
|
31
|
-
end
|
|
23
|
+
File.write(dest, box.encrypt(File.read(source)))
|
|
32
24
|
dest
|
|
33
25
|
end
|
|
34
26
|
|
|
35
|
-
def decrypt_file(source, dest: nil
|
|
27
|
+
def decrypt_file(source, dest: nil)
|
|
36
28
|
dest ||= "/tmp/#{File.basename(source)}-decrypted"
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
29
|
+
if @remote
|
|
30
|
+
Tempfile.open('key') do |key|
|
|
31
|
+
@remote.upload(decryptor_script(source, dest), key.path)
|
|
32
|
+
@remote.run("bash #{key.path}")
|
|
33
|
+
@remote.run("rm #{key.path}")
|
|
34
|
+
end
|
|
35
|
+
else
|
|
36
|
+
File.write(dest, box.decrypt(File.read(source)))
|
|
43
37
|
end
|
|
44
38
|
dest
|
|
45
39
|
end
|
|
46
40
|
|
|
47
41
|
def self.keygen
|
|
48
|
-
|
|
42
|
+
RbNaCl::Random.random_bytes(RbNaCl::SecretBox.key_bytes).unpack('H*').first
|
|
49
43
|
end
|
|
50
44
|
|
|
51
45
|
private
|
|
52
46
|
|
|
47
|
+
def decryptor_script(source, dest)
|
|
48
|
+
"ruby -e \"require 'rbnacl/libsodium'; box = RbNaCl::SimpleBox.from_secret_key(['#{@secret_key}'].pack('H*')); File.write('#{dest}', box.decrypt(File.read('#{source}')))\""
|
|
49
|
+
end
|
|
50
|
+
|
|
51
|
+
def box
|
|
52
|
+
@box ||= RbNaCl::SimpleBox.from_secret_key([@secret_key].pack('H*'))
|
|
53
|
+
end
|
|
54
|
+
|
|
53
55
|
def load_key
|
|
54
|
-
@secret_key = Linecook.config[:
|
|
56
|
+
@secret_key = Linecook.config[:imagekey]
|
|
55
57
|
end
|
|
56
58
|
end
|
|
57
59
|
end
|
|
@@ -289,6 +289,9 @@ module Linecook
|
|
|
289
289
|
@remote.upload("exec shutdown -h 60 'Delayed shutdown started'", '/tmp/delay-shutdown')
|
|
290
290
|
execute('mv /tmp/delay-shutdown /etc/init/delay-shutdown.conf') # ubuntism is ok, since the temporary host can always be ubuntu
|
|
291
291
|
execute('start delay-shutdown')
|
|
292
|
+
# Install crypto deps
|
|
293
|
+
execute('apt-get install -y --force-yes build-essential ruby ruby-dev')
|
|
294
|
+
execute('gem install rbnacl rbnacl-libsodium')
|
|
292
295
|
end
|
|
293
296
|
|
|
294
297
|
def find_ami
|
data/lib/linecook/version.rb
CHANGED