linecook-gem 0.3.4 → 0.3.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/linecook/image/crypt.rb +21 -19
- data/lib/linecook/packager/ebs.rb +3 -0
- data/lib/linecook/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 436f7b18965a42d51257b1f278f5b3bae0154afa
|
|
4
|
+
data.tar.gz: 9a77064dbb23155c0108494498201a8540e67638
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 546c9bf9d9dbbea383122473f40d888fd4021943357e69ee3492dcbe6b21ff4fc5ed3c38eabea2edd2f632d7e3d9c2a436aaaf74a9f67bf269272c33746711d9
|
|
7
|
+
data.tar.gz: 45d28706131eba971a94b145f5f2a74c4bda5d0f2d0bf4b255acbecae3a57c5539f3d50d4a93c6ee6ad54299639987ae77bf2c731bec04e92de48d6ef4a456a9
|
data/lib/linecook/image/crypt.rb
CHANGED
|
@@ -4,13 +4,9 @@ require 'linecook/image/manager'
|
|
|
4
4
|
require 'linecook/util/executor'
|
|
5
5
|
require 'linecook/util/config'
|
|
6
6
|
|
|
7
|
-
require 'encryptor'
|
|
8
7
|
module Linecook
|
|
9
8
|
class Crypto
|
|
10
9
|
include Executor
|
|
11
|
-
CIPHER = 'aes-256-cbc'
|
|
12
|
-
KEY_BYTES = 32 # 256 bits
|
|
13
|
-
attr_reader :iv, :secret_key
|
|
14
10
|
|
|
15
11
|
def initialize(remote: nil)
|
|
16
12
|
@remote = remote
|
|
@@ -22,36 +18,42 @@ module Linecook
|
|
|
22
18
|
encrypt_file(image_path)
|
|
23
19
|
end
|
|
24
20
|
|
|
25
|
-
def encrypt_file(source, dest: nil
|
|
21
|
+
def encrypt_file(source, dest: nil)
|
|
26
22
|
dest ||= "/tmp/#{File.basename(source)}"
|
|
27
|
-
|
|
28
|
-
key.write(@secret_key)
|
|
29
|
-
key.flush
|
|
30
|
-
capture("openssl enc -#{CIPHER} -out #{dest} -in #{source} -kfile #{key.path}", sudo: false)
|
|
31
|
-
end
|
|
23
|
+
File.write(dest, box.encrypt(File.read(source)))
|
|
32
24
|
dest
|
|
33
25
|
end
|
|
34
26
|
|
|
35
|
-
def decrypt_file(source, dest: nil
|
|
27
|
+
def decrypt_file(source, dest: nil)
|
|
36
28
|
dest ||= "/tmp/#{File.basename(source)}-decrypted"
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
29
|
+
if @remote
|
|
30
|
+
Tempfile.open('key') do |key|
|
|
31
|
+
@remote.upload(decryptor_script(source, dest), key.path)
|
|
32
|
+
@remote.run("bash #{key.path}")
|
|
33
|
+
@remote.run("rm #{key.path}")
|
|
34
|
+
end
|
|
35
|
+
else
|
|
36
|
+
File.write(dest, box.decrypt(File.read(source)))
|
|
43
37
|
end
|
|
44
38
|
dest
|
|
45
39
|
end
|
|
46
40
|
|
|
47
41
|
def self.keygen
|
|
48
|
-
|
|
42
|
+
RbNaCl::Random.random_bytes(RbNaCl::SecretBox.key_bytes).unpack('H*').first
|
|
49
43
|
end
|
|
50
44
|
|
|
51
45
|
private
|
|
52
46
|
|
|
47
|
+
def decryptor_script(source, dest)
|
|
48
|
+
"ruby -e \"require 'rbnacl/libsodium'; box = RbNaCl::SimpleBox.from_secret_key(['#{@secret_key}'].pack('H*')); File.write('#{dest}', box.decrypt(File.read('#{source}')))\""
|
|
49
|
+
end
|
|
50
|
+
|
|
51
|
+
def box
|
|
52
|
+
@box ||= RbNaCl::SimpleBox.from_secret_key([@secret_key].pack('H*'))
|
|
53
|
+
end
|
|
54
|
+
|
|
53
55
|
def load_key
|
|
54
|
-
@secret_key = Linecook.config[:
|
|
56
|
+
@secret_key = Linecook.config[:imagekey]
|
|
55
57
|
end
|
|
56
58
|
end
|
|
57
59
|
end
|
|
@@ -289,6 +289,9 @@ module Linecook
|
|
|
289
289
|
@remote.upload("exec shutdown -h 60 'Delayed shutdown started'", '/tmp/delay-shutdown')
|
|
290
290
|
execute('mv /tmp/delay-shutdown /etc/init/delay-shutdown.conf') # ubuntism is ok, since the temporary host can always be ubuntu
|
|
291
291
|
execute('start delay-shutdown')
|
|
292
|
+
# Install crypto deps
|
|
293
|
+
execute('apt-get install -y --force-yes build-essential ruby ruby-dev')
|
|
294
|
+
execute('gem install rbnacl rbnacl-libsodium')
|
|
292
295
|
end
|
|
293
296
|
|
|
294
297
|
def find_ami
|
data/lib/linecook/version.rb
CHANGED