pass-confuse 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: 3af923b5ac4f833e1f5bdd43e5f97f88bc0c6cb75e2d536885474acce80ccb03
4
+ data.tar.gz: a11578df878d90a07f65eaa2b6d5c12297cb7d213ed1f2723d267c7f9d521209
5
+ SHA512:
6
+ metadata.gz: afdefd0506e86c1b99598148947b41030e877282af2cafca13fa80d8ce37e1806518d5a28ffdeac4cd3ddd2978b132d25c58b343e68c2e1e9edae3f7aee335aa
7
+ data.tar.gz: 446ac7e81d8bd470e5594f25df555fdcf3f0ce40c68ae6134bbc7dfd12c5b3352e024aed8a30aa875c4d141f19e0db32a86d59249edbd0c75f5f60c7e2227d78
data/.gitignore ADDED
@@ -0,0 +1,9 @@
1
+ /.bundle/
2
+ /.yardoc
3
+ /Gemfile.lock
4
+ /_yardoc/
5
+ /coverage/
6
+ /doc/
7
+ /pkg/
8
+ /spec/reports/
9
+ /tmp/
data/.rubocop.yml ADDED
@@ -0,0 +1,27 @@
1
+ require:
2
+ - rubocop-rake
3
+
4
+ AllCops:
5
+ TargetRubyVersion: 2.7
6
+ AllowSymlinksInCacheRootDirectory: true
7
+ NewCops: enable
8
+ Exclude:
9
+ - vendor/**/*
10
+
11
+ Layout/LineLength:
12
+ Enabled: false
13
+
14
+ Style/Documentation:
15
+ Enabled: false
16
+
17
+ Style/FrozenStringLiteralComment:
18
+ Enabled: false
19
+
20
+ Style/TrailingCommaInArrayLiteral:
21
+ EnforcedStyleForMultiline: comma
22
+
23
+ Style/TrailingCommaInHashLiteral:
24
+ EnforcedStyleForMultiline: comma
25
+
26
+ Style/TrailingCommaInArguments:
27
+ EnforcedStyleForMultiline: consistent_comma
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source 'https://rubygems.org'
2
+
3
+ # Specify your gem's dependencies in pass-confuse.gemspec
4
+ gemspec
data/README.md ADDED
@@ -0,0 +1,49 @@
1
+ # pass-confuse
2
+
3
+ ## Installation
4
+
5
+ Add this line to your application's Gemfile:
6
+
7
+ ```shell-session
8
+ $ gem install pass-confuse
9
+ ```
10
+
11
+ `pass-confuse` relies on `pass-confused` to be started to work.
12
+
13
+ `pass-confused` is a background process to mount the virtual filesystem to put configuration files in.
14
+
15
+ To run `pass-confused`, you can run it manually or use `systemd --user` to handle the service in userland.
16
+
17
+ In `~/.config/systemd/user/pass-confused.service`:
18
+
19
+ ```
20
+ [Unit]
21
+ Description=Pass Confused service
22
+
23
+ [Service]
24
+ ExecStart=/usr/bin/pass-confused
25
+
26
+ [Install]
27
+ WantedBy=default.target
28
+ ```
29
+
30
+ ## Usage
31
+
32
+ To _confuse_ a file:
33
+
34
+ ```
35
+ pass-confuse ~/.my-config-with-secrets.conf
36
+ ```
37
+
38
+ Now, any accesses to `~/.my-config-with-secrets.conf` will trigger a `pass` call.
39
+
40
+ ## Development
41
+
42
+ After checking out the repo, run `bin/setup` to install dependencies. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
43
+
44
+ To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
45
+
46
+ ## Contributing
47
+
48
+ Bug reports and pull requests are welcome on GitHub at https://github.com/opus-codium/pass-confuse.
49
+
data/Rakefile ADDED
@@ -0,0 +1,2 @@
1
+ require 'bundler/gem_tasks'
2
+ task default: :spec
data/bin/console ADDED
@@ -0,0 +1,14 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ require 'bundler/setup'
4
+ require 'pass/confuse'
5
+
6
+ # You can add fixtures and/or initialization code here to make experimenting
7
+ # with your gem easier. You can also use a different console, if you like.
8
+
9
+ # (If you use this, don't forget to add pry to your Gemfile!)
10
+ # require "pry"
11
+ # Pry.start
12
+
13
+ require 'irb'
14
+ IRB.start(__FILE__)
data/bin/setup ADDED
@@ -0,0 +1,8 @@
1
+ #!/usr/bin/env bash
2
+ set -euo pipefail
3
+ IFS=$'\n\t'
4
+ set -vx
5
+
6
+ bundle install
7
+
8
+ # Do any other automated setup that you need to do here
data/exe/pass-confuse ADDED
@@ -0,0 +1,41 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ def exit_with_usage
4
+ puts <<~USAGE
5
+ Usage: #{$0} FILE
6
+
7
+ Convert a regular file into a `confused` one.
8
+
9
+ The `confusing` process means:
10
+ - Moving the file content into `pass`
11
+ - Symlink the file path to the `confused` area (ie. `~/.confuse`)
12
+ Any subsequent file path access will trig an access to `pass` using your regular way (e.g. gpg-agent's pin entry)
13
+ USAGE
14
+ exit 1
15
+ end
16
+
17
+ exit_with_usage if ARGV.empty?
18
+
19
+ filename = ARGV.shift
20
+
21
+ raise "'#{filename}' does not exist!" unless File.exist? filename
22
+
23
+ raise "'#{filename}' must be a file!" unless File.file? filename
24
+
25
+ raise "'#{filename}' must be a regular file! (Already confused file?)" if File.symlink? filename
26
+
27
+ def relative_path_from_home(filename)
28
+ filename = File.expand_path(filename)
29
+ home = File.expand_path '~'
30
+ require 'pathname'
31
+ Pathname.new(filename).relative_path_from(home).to_s
32
+ end
33
+
34
+ @confuse_mountpoint = File.expand_path('~/.confuse')
35
+ confused_path = relative_path_from_home(filename).gsub '..', '__' # Allow confused files from outside of user's home
36
+ confused_path = File.join @confuse_mountpoint, confused_path
37
+
38
+ require 'fileutils'
39
+ FileUtils.mkdir_p File.dirname(confused_path)
40
+ FileUtils.cp filename, confused_path
41
+ FileUtils.ln_sf confused_path, filename
data/exe/pass-confused ADDED
@@ -0,0 +1,103 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ require 'open3'
4
+ require 'rfusefs'
5
+
6
+ class ConfuseDir
7
+ def initialize
8
+ @password_store_root = File.expand_path '~/.password-store/'
9
+ raise "Password store directory does not exist: '#{@password_store_root}'" unless File.directory? @password_store_root
10
+
11
+ @secure_config_root = "#{@password_store_root}/confuse"
12
+ end
13
+
14
+ def contents(path)
15
+ return [] unless File.directory? @secure_config_root
16
+
17
+ pass_contents(path)
18
+ end
19
+
20
+ def pass_contents(path)
21
+ files = []
22
+ secure_config_path = File.join @secure_config_root, path
23
+ Dir.chdir secure_config_path do
24
+ files = Dir.glob('*', File::FNM_DOTMATCH).select { |file| File.directory?(file) || (File.file?(file) && file.end_with?('.gpg')) }
25
+ end
26
+ files.map { |file| file.delete_suffix '.gpg' }
27
+ end
28
+
29
+ def size(path)
30
+ # HACK: Always return a static size to avoid `pass` access on files list (e.g. `ls ~/.confuse/`)
31
+ 42
32
+ end
33
+
34
+ def file?(path)
35
+ File.file? File.join(@secure_config_root, "#{path}.gpg")
36
+ end
37
+
38
+ def directory?(path)
39
+ File.directory? File.join(@secure_config_root, path)
40
+ end
41
+
42
+ def can_delete?(path)
43
+ true
44
+ end
45
+
46
+ def delete(path)
47
+ command = %W{pass rm confuse/#{path}}
48
+ stdout, status = Open3.capture2(*command)
49
+ status.success?
50
+ end
51
+
52
+ def read_file(path)
53
+ `notify-send 'Read access to "#{path}"!'`
54
+ command = %W{pass show confuse/#{path}}
55
+ stdout, status = Open3.capture2(*command)
56
+ stdout
57
+ end
58
+
59
+ def mkdir(path)
60
+ FileUtils.mkdir File.join(@secure_config_root, path)
61
+ end
62
+
63
+ def rmdir(path)
64
+ FileUtils.rmdir File.join(@secure_config_root, path)
65
+ end
66
+
67
+ def can_mkdir?(path)
68
+ true
69
+ end
70
+
71
+ def can_rmdir?(path)
72
+ true
73
+ end
74
+
75
+ def can_write?(path)
76
+ true
77
+ end
78
+
79
+ def write_to(path, content)
80
+ `notify-send 'Write access to "#{path}"!'`
81
+ command = %W{pass insert -m confuse/#{path}}
82
+ stdout_and_stderr_str, status = Open3.capture2e(*command, stdin_data: content)
83
+ end
84
+ end
85
+
86
+ def exit_with_usage
87
+ puts <<~USAGE
88
+ Usage: #{$0}
89
+
90
+ Expose a FUSE virtual filesystem to store the config file.
91
+ This process is supposed to be ran in background.
92
+ USAGE
93
+ exit 1
94
+ end
95
+
96
+ exit_with_usage unless ARGV.empty?
97
+
98
+ mountpoint = '~/.confuse'
99
+ FuseFS.set_root ConfuseDir.new
100
+ FileUtils.mkdir_p File.expand_path(mountpoint)
101
+ FuseFS.mount_under File.expand_path(mountpoint)
102
+ puts "Running pass-confuse FUSE virtual filesystem with mountpoint: '#{mountpoint}'..."
103
+ FuseFS.run
@@ -0,0 +1,5 @@
1
+ module Pass
2
+ module Confuse
3
+ VERSION = '0.1.0'.freeze
4
+ end
5
+ end
@@ -0,0 +1,7 @@
1
+ require 'pass/confuse/version'
2
+
3
+ module Pass
4
+ module Confuse
5
+ class Error < StandardError; end
6
+ end
7
+ end
@@ -0,0 +1,33 @@
1
+ require_relative 'lib/pass/confuse/version'
2
+
3
+ Gem::Specification.new do |spec|
4
+ spec.name = 'pass-confuse'
5
+ spec.version = Pass::Confuse::VERSION
6
+ spec.authors = ['Romuald Conty']
7
+ spec.email = ['romuald@opus-codium.fr']
8
+
9
+ spec.summary = 'Protect config files access'
10
+ spec.description = 'Allow any files to be stored and its access protected with `pass`'
11
+ spec.homepage = 'https://github.com/opus-codium/pass-confuse'
12
+ spec.required_ruby_version = Gem::Requirement.new('>= 2.7.0')
13
+
14
+ spec.metadata['homepage_uri'] = spec.homepage
15
+ spec.metadata['source_code_uri'] = 'https://github.com/opus-codium/pass-confuse'
16
+ spec.metadata['changelog_uri'] = 'https://github.com/opus-codium/pass-confuse/CHANGELOG.md'
17
+
18
+ # Specify which files should be added to the gem when it is released.
19
+ # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
20
+ spec.files = Dir.chdir(File.expand_path(__dir__)) do
21
+ `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
22
+ end
23
+ spec.bindir = 'exe'
24
+ spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
25
+ spec.require_paths = ['lib']
26
+
27
+ spec.add_dependency 'rfusefs'
28
+ spec.add_development_dependency 'byebug'
29
+ spec.add_development_dependency 'rake'
30
+ spec.add_development_dependency 'rubocop'
31
+ spec.add_development_dependency 'rubocop-rake'
32
+ spec.metadata['rubygems_mfa_required'] = 'true'
33
+ end
metadata ADDED
@@ -0,0 +1,130 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: pass-confuse
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - Romuald Conty
8
+ autorequire:
9
+ bindir: exe
10
+ cert_chain: []
11
+ date: 2022-01-24 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: rfusefs
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ">="
18
+ - !ruby/object:Gem::Version
19
+ version: '0'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - ">="
25
+ - !ruby/object:Gem::Version
26
+ version: '0'
27
+ - !ruby/object:Gem::Dependency
28
+ name: byebug
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - ">="
32
+ - !ruby/object:Gem::Version
33
+ version: '0'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - ">="
39
+ - !ruby/object:Gem::Version
40
+ version: '0'
41
+ - !ruby/object:Gem::Dependency
42
+ name: rake
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - ">="
46
+ - !ruby/object:Gem::Version
47
+ version: '0'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - ">="
53
+ - !ruby/object:Gem::Version
54
+ version: '0'
55
+ - !ruby/object:Gem::Dependency
56
+ name: rubocop
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - ">="
60
+ - !ruby/object:Gem::Version
61
+ version: '0'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - ">="
67
+ - !ruby/object:Gem::Version
68
+ version: '0'
69
+ - !ruby/object:Gem::Dependency
70
+ name: rubocop-rake
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - ">="
74
+ - !ruby/object:Gem::Version
75
+ version: '0'
76
+ type: :development
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - ">="
81
+ - !ruby/object:Gem::Version
82
+ version: '0'
83
+ description: Allow any files to be stored and its access protected with `pass`
84
+ email:
85
+ - romuald@opus-codium.fr
86
+ executables:
87
+ - pass-confuse
88
+ - pass-confused
89
+ extensions: []
90
+ extra_rdoc_files: []
91
+ files:
92
+ - ".gitignore"
93
+ - ".rubocop.yml"
94
+ - Gemfile
95
+ - README.md
96
+ - Rakefile
97
+ - bin/console
98
+ - bin/setup
99
+ - exe/pass-confuse
100
+ - exe/pass-confused
101
+ - lib/pass/confuse.rb
102
+ - lib/pass/confuse/version.rb
103
+ - pass-confuse.gemspec
104
+ homepage: https://github.com/opus-codium/pass-confuse
105
+ licenses: []
106
+ metadata:
107
+ homepage_uri: https://github.com/opus-codium/pass-confuse
108
+ source_code_uri: https://github.com/opus-codium/pass-confuse
109
+ changelog_uri: https://github.com/opus-codium/pass-confuse/CHANGELOG.md
110
+ rubygems_mfa_required: 'true'
111
+ post_install_message:
112
+ rdoc_options: []
113
+ require_paths:
114
+ - lib
115
+ required_ruby_version: !ruby/object:Gem::Requirement
116
+ requirements:
117
+ - - ">="
118
+ - !ruby/object:Gem::Version
119
+ version: 2.7.0
120
+ required_rubygems_version: !ruby/object:Gem::Requirement
121
+ requirements:
122
+ - - ">="
123
+ - !ruby/object:Gem::Version
124
+ version: '0'
125
+ requirements: []
126
+ rubygems_version: 3.1.2
127
+ signing_key:
128
+ specification_version: 4
129
+ summary: Protect config files access
130
+ test_files: []