rake_gpg 0.17.0.pre.2 → 0.17.0.pre.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +2 -0
- data/Gemfile.lock +29 -4
- data/LICENSE.txt +1 -1
- data/Rakefile +67 -45
- data/bin/console +4 -3
- data/lib/rake_gpg/home.rb +5 -5
- data/lib/rake_gpg/tasks/encryption/decrypt.rb +56 -21
- data/lib/rake_gpg/tasks/encryption/encrypt.rb +62 -27
- data/lib/rake_gpg/tasks/encryption.rb +2 -1
- data/lib/rake_gpg/tasks/keys/generate.rb +102 -45
- data/lib/rake_gpg/tasks/keys/import.rb +37 -10
- data/lib/rake_gpg/tasks/keys.rb +2 -1
- data/lib/rake_gpg/tasks.rb +2 -1
- data/lib/rake_gpg/version.rb +3 -1
- data/lib/rake_gpg.rb +2 -0
- data/rake_gpg.gemspec +59 -0
- metadata +42 -12
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 7e6b8c2a2b2d2780f22aadb8ef10441a6748e9250f6c8ba511d1dfbd193e14c6
|
4
|
+
data.tar.gz: 80d6cc4c0ecaa5725f49f67fc318c31efb15183bc687badb215ce235d14b270d
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 38385f52fcfe168dead379ee4f808484bd182b47ceac2a5f24b1044c4e86b851d50681cf600692d8097764a2d795e1f0c35899f7756bc3bf50271ff24504ff41
|
7
|
+
data.tar.gz: f713f5c3612073b2d90f23806579efee8389e2023d6267bcb32cef0d98e9b54536fb0e0d16121937be1a4100dcaf8b33726b9aec8805574ded974255bb4bd50a
|
data/Gemfile
CHANGED
data/Gemfile.lock
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
rake_gpg (0.17.0.pre.
|
4
|
+
rake_gpg (0.17.0.pre.5)
|
5
5
|
rake_factory (~> 0.23)
|
6
6
|
ruby_gpg2 (~> 0.6)
|
7
7
|
|
@@ -15,6 +15,7 @@ GEM
|
|
15
15
|
tzinfo (~> 2.0)
|
16
16
|
addressable (2.8.0)
|
17
17
|
public_suffix (>= 2.0.2, < 5.0)
|
18
|
+
ast (2.4.2)
|
18
19
|
colored2 (3.1.2)
|
19
20
|
concurrent-ruby (1.1.9)
|
20
21
|
diff-lcs (1.5.0)
|
@@ -58,7 +59,11 @@ GEM
|
|
58
59
|
faraday (>= 0.9)
|
59
60
|
sawyer (~> 0.8.0, >= 0.5.3)
|
60
61
|
open4 (1.3.4)
|
62
|
+
parallel (1.22.1)
|
63
|
+
parser (3.1.1.0)
|
64
|
+
ast (~> 2.4.1)
|
61
65
|
public_suffix (4.0.6)
|
66
|
+
rainbow (3.1.1)
|
62
67
|
rake (13.0.6)
|
63
68
|
rake_circle_ci (0.9.0)
|
64
69
|
colored2 (~> 3.1)
|
@@ -77,6 +82,8 @@ GEM
|
|
77
82
|
colored2 (~> 3.1)
|
78
83
|
rake_factory (~> 0.23)
|
79
84
|
sshkey (~> 2.0)
|
85
|
+
regexp_parser (2.2.1)
|
86
|
+
rexml (3.2.5)
|
80
87
|
rspec (3.11.0)
|
81
88
|
rspec-core (~> 3.11.0)
|
82
89
|
rspec-expectations (~> 3.11.0)
|
@@ -90,13 +97,28 @@ GEM
|
|
90
97
|
diff-lcs (>= 1.2.0, < 2.0)
|
91
98
|
rspec-support (~> 3.11.0)
|
92
99
|
rspec-support (3.11.0)
|
100
|
+
rubocop (1.26.1)
|
101
|
+
parallel (~> 1.10)
|
102
|
+
parser (>= 3.1.0.0)
|
103
|
+
rainbow (>= 2.2.2, < 4.0)
|
104
|
+
regexp_parser (>= 1.8, < 3.0)
|
105
|
+
rexml
|
106
|
+
rubocop-ast (>= 1.16.0, < 2.0)
|
107
|
+
ruby-progressbar (~> 1.7)
|
108
|
+
unicode-display_width (>= 1.4.0, < 3.0)
|
109
|
+
rubocop-ast (1.16.0)
|
110
|
+
parser (>= 3.1.1.0)
|
111
|
+
rubocop-rake (0.6.0)
|
112
|
+
rubocop (~> 1.0)
|
113
|
+
rubocop-rspec (2.9.0)
|
114
|
+
rubocop (~> 1.19)
|
115
|
+
ruby-progressbar (1.11.0)
|
93
116
|
ruby2_keywords (0.0.5)
|
94
117
|
ruby_gpg2 (0.8.0)
|
95
118
|
lino (>= 1.5)
|
96
119
|
sawyer (0.8.2)
|
97
120
|
addressable (>= 2.3.5)
|
98
121
|
faraday (> 0.8, < 2.0)
|
99
|
-
semantic (1.6.1)
|
100
122
|
simplecov (0.21.2)
|
101
123
|
docile (~> 1.1)
|
102
124
|
simplecov-html (~> 0.11)
|
@@ -106,6 +128,7 @@ GEM
|
|
106
128
|
sshkey (2.0.0)
|
107
129
|
tzinfo (2.0.4)
|
108
130
|
concurrent-ruby (~> 1.0)
|
131
|
+
unicode-display_width (2.1.0)
|
109
132
|
|
110
133
|
PLATFORMS
|
111
134
|
ruby
|
@@ -123,8 +146,10 @@ DEPENDENCIES
|
|
123
146
|
rake_gpg!
|
124
147
|
rake_ssh
|
125
148
|
rspec
|
126
|
-
|
149
|
+
rubocop
|
150
|
+
rubocop-rake
|
151
|
+
rubocop-rspec
|
127
152
|
simplecov
|
128
153
|
|
129
154
|
BUNDLED WITH
|
130
|
-
2.3.
|
155
|
+
2.3.11
|
data/LICENSE.txt
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
The MIT License (MIT)
|
2
2
|
|
3
|
-
Copyright (c)
|
3
|
+
Copyright (c) 2022 InfraBlocks Maintainers
|
4
4
|
|
5
5
|
Permission is hereby granted, free of charge, to any person obtaining a copy
|
6
6
|
of this software and associated documentation files (the "Software"), to deal
|
data/Rakefile
CHANGED
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'yaml'
|
2
4
|
require 'rake_circle_ci'
|
3
5
|
require 'rake_github'
|
@@ -5,17 +7,20 @@ require 'rake_ssh'
|
|
5
7
|
require 'rake_gpg'
|
6
8
|
require 'securerandom'
|
7
9
|
require 'rspec/core/rake_task'
|
10
|
+
require 'rubocop/rake_task'
|
8
11
|
|
9
|
-
task :
|
10
|
-
|
11
|
-
|
12
|
+
task default: %i[
|
13
|
+
library:fix
|
14
|
+
test:unit
|
15
|
+
]
|
12
16
|
|
13
17
|
namespace :encryption do
|
14
18
|
namespace :passphrase do
|
19
|
+
desc 'Generate encryption passphrase for CI GPG key'
|
15
20
|
task :generate do
|
16
|
-
|
17
|
-
|
18
|
-
|
21
|
+
FileUtils.mkdir_p('config/secrets/ci/')
|
22
|
+
File.write('config/secrets/ci/encryption.passphrase',
|
23
|
+
SecureRandom.base64(36))
|
19
24
|
end
|
20
25
|
end
|
21
26
|
end
|
@@ -23,85 +28,102 @@ end
|
|
23
28
|
namespace :keys do
|
24
29
|
namespace :deploy do
|
25
30
|
RakeSSH.define_key_tasks(
|
26
|
-
|
27
|
-
|
31
|
+
path: 'config/secrets/ci/',
|
32
|
+
comment: 'maintainers@infrablocks.io'
|
33
|
+
)
|
28
34
|
end
|
29
35
|
|
30
36
|
namespace :gpg do
|
31
37
|
RakeGPG.define_generate_key_task(
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
38
|
+
output_directory: 'config/secrets/ci',
|
39
|
+
name_prefix: 'gpg',
|
40
|
+
owner_name: 'InfraBlocks Maintainers',
|
41
|
+
owner_email: 'maintainers@infrablocks.io',
|
42
|
+
owner_comment: 'rake_gpg CI Key'
|
43
|
+
)
|
37
44
|
end
|
38
45
|
end
|
39
46
|
|
47
|
+
RuboCop::RakeTask.new
|
48
|
+
|
49
|
+
namespace :library do
|
50
|
+
desc 'Run all checks of the library'
|
51
|
+
task check: [:rubocop]
|
52
|
+
|
53
|
+
desc 'Attempt to automatically fix issues with the library'
|
54
|
+
task fix: [:'rubocop:auto_correct']
|
55
|
+
end
|
56
|
+
|
57
|
+
namespace :test do
|
58
|
+
RSpec::Core::RakeTask.new(:unit)
|
59
|
+
end
|
60
|
+
|
40
61
|
RakeCircleCI.define_project_tasks(
|
41
|
-
|
42
|
-
|
62
|
+
namespace: :circle_ci,
|
63
|
+
project_slug: 'github/infrablocks/rake_gpg'
|
43
64
|
) do |t|
|
44
65
|
circle_ci_config =
|
45
|
-
|
66
|
+
YAML.load_file('config/secrets/circle_ci/config.yaml')
|
46
67
|
|
47
|
-
t.api_token = circle_ci_config[
|
68
|
+
t.api_token = circle_ci_config['circle_ci_api_token']
|
48
69
|
t.environment_variables = {
|
49
|
-
|
50
|
-
|
51
|
-
|
70
|
+
ENCRYPTION_PASSPHRASE:
|
71
|
+
File.read('config/secrets/ci/encryption.passphrase')
|
72
|
+
.chomp
|
52
73
|
}
|
53
74
|
t.checkout_keys = []
|
54
75
|
t.ssh_keys = [
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
76
|
+
{
|
77
|
+
hostname: 'github.com',
|
78
|
+
private_key: File.read('config/secrets/ci/ssh.private')
|
79
|
+
}
|
59
80
|
]
|
60
81
|
end
|
61
82
|
|
62
83
|
RakeGithub.define_repository_tasks(
|
63
|
-
|
64
|
-
|
84
|
+
namespace: :github,
|
85
|
+
repository: 'infrablocks/rake_gpg'
|
65
86
|
) do |t, args|
|
66
87
|
github_config =
|
67
|
-
|
88
|
+
YAML.load_file('config/secrets/github/config.yaml')
|
68
89
|
|
69
|
-
t.access_token = github_config[
|
90
|
+
t.access_token = github_config['github_personal_access_token']
|
70
91
|
t.deploy_keys = [
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
92
|
+
{
|
93
|
+
title: 'CircleCI',
|
94
|
+
public_key: File.read('config/secrets/ci/ssh.public')
|
95
|
+
}
|
75
96
|
]
|
76
97
|
t.branch_name = args.branch_name
|
77
98
|
t.commit_message = args.commit_message
|
78
99
|
end
|
79
100
|
|
80
101
|
namespace :pipeline do
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
102
|
+
desc 'Prepare CircleCI Pipeline'
|
103
|
+
task prepare: %i[
|
104
|
+
circle_ci:project:follow
|
105
|
+
circle_ci:env_vars:ensure
|
106
|
+
circle_ci:checkout_keys:ensure
|
107
|
+
circle_ci:ssh_keys:ensure
|
108
|
+
github:deploy_keys:ensure
|
87
109
|
]
|
88
110
|
end
|
89
111
|
|
90
112
|
namespace :version do
|
91
|
-
desc
|
113
|
+
desc 'Bump version for specified type (pre, major, minor, patch)'
|
92
114
|
task :bump, [:type] do |_, args|
|
93
115
|
bump_version_for(args.type)
|
94
116
|
end
|
95
117
|
end
|
96
118
|
|
97
|
-
desc
|
119
|
+
desc 'Release gem'
|
98
120
|
task :release do
|
99
|
-
sh
|
121
|
+
sh 'gem release --tag --push'
|
100
122
|
end
|
101
123
|
|
102
124
|
def bump_version_for(version_type)
|
103
|
-
sh "gem bump --version #{version_type} "
|
104
|
-
|
105
|
-
|
106
|
-
|
125
|
+
sh "gem bump --version #{version_type} " \
|
126
|
+
'&& bundle install ' \
|
127
|
+
'&& export LAST_MESSAGE="$(git log -1 --pretty=%B)" ' \
|
128
|
+
'&& git commit -a --amend -m "${LAST_MESSAGE} [ci skip]"'
|
107
129
|
end
|
data/bin/console
CHANGED
@@ -1,7 +1,8 @@
|
|
1
1
|
#!/usr/bin/env ruby
|
2
|
+
# frozen_string_literal: true
|
2
3
|
|
3
|
-
require
|
4
|
-
require
|
4
|
+
require 'bundler/setup'
|
5
|
+
require 'rake_leiningen'
|
5
6
|
|
6
7
|
# You can add fixtures and/or initialization code here to make experimenting
|
7
8
|
# with your gem easier. You can also use a different console, if you like.
|
@@ -10,5 +11,5 @@ require "rake_leiningen"
|
|
10
11
|
# require "pry"
|
11
12
|
# Pry.start
|
12
13
|
|
13
|
-
require
|
14
|
+
require 'irb'
|
14
15
|
IRB.start(__FILE__)
|
data/lib/rake_gpg/home.rb
CHANGED
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module RakeGPG
|
2
4
|
class Home
|
3
5
|
def initialize(work_directory, home_directory)
|
@@ -5,15 +7,13 @@ module RakeGPG
|
|
5
7
|
@home_directory = home_directory
|
6
8
|
end
|
7
9
|
|
8
|
-
def with_resolved_directory
|
10
|
+
def with_resolved_directory(&block)
|
9
11
|
if @home_directory == :temporary
|
10
|
-
Dir.mktmpdir('home', @work_directory)
|
11
|
-
yield home_directory
|
12
|
-
end
|
12
|
+
Dir.mktmpdir('home', @work_directory, &block)
|
13
13
|
else
|
14
14
|
FileUtils.mkdir_p(@home_directory)
|
15
15
|
yield @home_directory
|
16
16
|
end
|
17
17
|
end
|
18
18
|
end
|
19
|
-
end
|
19
|
+
end
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'rake_factory'
|
2
4
|
require 'ruby_gpg2'
|
3
5
|
|
@@ -8,7 +10,7 @@ module RakeGPG
|
|
8
10
|
module Encryption
|
9
11
|
class Decrypt < RakeFactory::Task
|
10
12
|
default_name :decrypt
|
11
|
-
default_description
|
13
|
+
default_description 'Decrypt a file using GPG'
|
12
14
|
|
13
15
|
parameter :key_file_path, required: true
|
14
16
|
parameter :input_file_path, required: true
|
@@ -20,29 +22,62 @@ module RakeGPG
|
|
20
22
|
parameter :trust_mode, default: :always
|
21
23
|
parameter :passphrase
|
22
24
|
|
23
|
-
action do
|
24
|
-
|
25
|
+
action do
|
26
|
+
make_work_directory
|
27
|
+
log_decrypting
|
28
|
+
in_home_directory do |home_directory|
|
29
|
+
import_key(home_directory)
|
30
|
+
make_output_directory
|
31
|
+
decrypt(home_directory)
|
32
|
+
end
|
33
|
+
log_done
|
34
|
+
end
|
35
|
+
|
36
|
+
private
|
25
37
|
|
26
|
-
|
27
|
-
Home.new(
|
38
|
+
def in_home_directory(&block)
|
39
|
+
Home.new(work_directory, home_directory)
|
28
40
|
.with_resolved_directory do |home_directory|
|
29
|
-
|
30
|
-
key_file_paths: [t.key_file_path],
|
31
|
-
work_directory: t.work_directory,
|
32
|
-
home_directory: home_directory)
|
33
|
-
|
34
|
-
mkdir_p(File.dirname(t.output_file_path))
|
35
|
-
|
36
|
-
RubyGPG2.decrypt(
|
37
|
-
input_file_path: t.input_file_path,
|
38
|
-
output_file_path: t.output_file_path,
|
39
|
-
home_directory: home_directory,
|
40
|
-
trust_mode: t.trust_mode,
|
41
|
-
passphrase: t.passphrase,
|
42
|
-
pinentry_mode: t.passphrase ? :loopback : nil,
|
43
|
-
without_passphrase: !t.passphrase)
|
41
|
+
block.call(home_directory)
|
44
42
|
end
|
45
|
-
|
43
|
+
end
|
44
|
+
|
45
|
+
def import_key(home_directory)
|
46
|
+
RubyGPG2.import(
|
47
|
+
key_file_paths: [key_file_path],
|
48
|
+
work_directory: work_directory,
|
49
|
+
home_directory: home_directory
|
50
|
+
)
|
51
|
+
end
|
52
|
+
|
53
|
+
def make_work_directory
|
54
|
+
mkdir_p(work_directory)
|
55
|
+
end
|
56
|
+
|
57
|
+
def make_output_directory
|
58
|
+
mkdir_p(File.dirname(output_file_path))
|
59
|
+
end
|
60
|
+
|
61
|
+
def decrypt(home_directory)
|
62
|
+
RubyGPG2.decrypt(
|
63
|
+
input_file_path: input_file_path,
|
64
|
+
output_file_path: output_file_path,
|
65
|
+
home_directory: home_directory,
|
66
|
+
trust_mode: trust_mode,
|
67
|
+
passphrase: passphrase,
|
68
|
+
pinentry_mode: passphrase ? :loopback : nil,
|
69
|
+
without_passphrase: !passphrase
|
70
|
+
)
|
71
|
+
end
|
72
|
+
|
73
|
+
def log_decrypting
|
74
|
+
$stdout.puts(
|
75
|
+
"Decrypting #{input_file_path} with key #{key_file_path}..."
|
76
|
+
)
|
77
|
+
end
|
78
|
+
|
79
|
+
def log_done
|
80
|
+
$stdout.puts('Done.')
|
46
81
|
end
|
47
82
|
end
|
48
83
|
end
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'rake_factory'
|
2
4
|
require 'ruby_gpg2'
|
3
5
|
|
@@ -8,7 +10,7 @@ module RakeGPG
|
|
8
10
|
module Encryption
|
9
11
|
class Encrypt < RakeFactory::Task
|
10
12
|
default_name :encrypt
|
11
|
-
default_description
|
13
|
+
default_description 'Encrypt a file using GPG'
|
12
14
|
|
13
15
|
parameter :key_file_path, required: true
|
14
16
|
parameter :input_file_path, required: true
|
@@ -20,35 +22,68 @@ module RakeGPG
|
|
20
22
|
parameter :armor, default: true
|
21
23
|
parameter :trust_mode, default: :always
|
22
24
|
|
23
|
-
action do
|
24
|
-
|
25
|
+
action do
|
26
|
+
make_work_directory
|
27
|
+
log_encrypting
|
28
|
+
in_home_directory do |home_directory|
|
29
|
+
result = import_key(home_directory)
|
30
|
+
key_fingerprint = lookup_key_fingerprint(result)
|
31
|
+
make_output_directory
|
32
|
+
encrypt(home_directory, key_fingerprint)
|
33
|
+
end
|
34
|
+
log_done
|
35
|
+
end
|
25
36
|
|
26
|
-
|
27
|
-
|
37
|
+
private
|
38
|
+
|
39
|
+
def in_home_directory(&block)
|
40
|
+
Home.new(work_directory, home_directory)
|
28
41
|
.with_resolved_directory do |home_directory|
|
29
|
-
|
30
|
-
key_file_paths: [t.key_file_path],
|
31
|
-
work_directory: t.work_directory,
|
32
|
-
home_directory: home_directory,
|
33
|
-
with_status: true)
|
34
|
-
|
35
|
-
key_fingerprint = result
|
36
|
-
.status
|
37
|
-
.filter_by_type(:import_ok)
|
38
|
-
.first_line
|
39
|
-
.key_fingerprint
|
40
|
-
|
41
|
-
mkdir_p(File.dirname(t.output_file_path))
|
42
|
-
|
43
|
-
RubyGPG2.encrypt(
|
44
|
-
recipient: key_fingerprint,
|
45
|
-
input_file_path: t.input_file_path,
|
46
|
-
output_file_path: t.output_file_path,
|
47
|
-
home_directory: home_directory,
|
48
|
-
armor: t.armor,
|
49
|
-
trust_mode: t.trust_mode)
|
42
|
+
block.call(home_directory)
|
50
43
|
end
|
51
|
-
|
44
|
+
end
|
45
|
+
|
46
|
+
def make_work_directory
|
47
|
+
mkdir_p(work_directory)
|
48
|
+
end
|
49
|
+
|
50
|
+
def make_output_directory
|
51
|
+
mkdir_p(File.dirname(output_file_path))
|
52
|
+
end
|
53
|
+
|
54
|
+
def import_key(home_directory)
|
55
|
+
RubyGPG2.import(
|
56
|
+
key_file_paths: [key_file_path],
|
57
|
+
work_directory: work_directory,
|
58
|
+
home_directory: home_directory,
|
59
|
+
with_status: true
|
60
|
+
)
|
61
|
+
end
|
62
|
+
|
63
|
+
def lookup_key_fingerprint(result)
|
64
|
+
result.status.filter_by_type(:import_ok)
|
65
|
+
.first_line.key_fingerprint
|
66
|
+
end
|
67
|
+
|
68
|
+
def encrypt(home_directory, key_fingerprint)
|
69
|
+
RubyGPG2.encrypt(
|
70
|
+
recipient: key_fingerprint,
|
71
|
+
input_file_path: input_file_path,
|
72
|
+
output_file_path: output_file_path,
|
73
|
+
home_directory: home_directory,
|
74
|
+
armor: armor,
|
75
|
+
trust_mode: trust_mode
|
76
|
+
)
|
77
|
+
end
|
78
|
+
|
79
|
+
def log_encrypting
|
80
|
+
$stdout.puts(
|
81
|
+
"Encrypting #{input_file_path} for key #{key_file_path}..."
|
82
|
+
)
|
83
|
+
end
|
84
|
+
|
85
|
+
def log_done
|
86
|
+
$stdout.puts('Done.')
|
52
87
|
end
|
53
88
|
end
|
54
89
|
end
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'rake_factory'
|
2
4
|
require 'ruby_gpg2'
|
3
5
|
|
@@ -6,9 +8,10 @@ require_relative '../../home'
|
|
6
8
|
module RakeGPG
|
7
9
|
module Tasks
|
8
10
|
module Keys
|
11
|
+
# rubocop:disable Metrics/ClassLength
|
9
12
|
class Generate < RakeFactory::Task
|
10
13
|
default_name :generate
|
11
|
-
default_description
|
14
|
+
default_description 'Generate a GPG key'
|
12
15
|
|
13
16
|
parameter :name_prefix, default: 'gpg'
|
14
17
|
parameter :armor, default: true
|
@@ -29,55 +32,109 @@ module RakeGPG
|
|
29
32
|
parameter :expiry, default: :never
|
30
33
|
parameter :passphrase
|
31
34
|
|
32
|
-
action do
|
33
|
-
|
35
|
+
action do
|
36
|
+
make_work_directory
|
37
|
+
log_generating_key
|
38
|
+
in_home_directory do |home_directory|
|
39
|
+
result = generate_key(home_directory)
|
40
|
+
key_fingerprint = lookup_key_fingerprint(result)
|
41
|
+
log_generated_key(key_fingerprint)
|
42
|
+
maybe_export_key(home_directory, key_fingerprint)
|
43
|
+
end
|
44
|
+
log_done
|
45
|
+
end
|
46
|
+
|
47
|
+
private
|
34
48
|
|
35
|
-
|
36
|
-
Home.new(
|
49
|
+
def in_home_directory(&block)
|
50
|
+
Home.new(work_directory, home_directory)
|
37
51
|
.with_resolved_directory do |home_directory|
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
.
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
home_directory: home_directory)
|
68
|
-
RubyGPG2.export_secret_keys(
|
69
|
-
names: [key_fingerprint],
|
70
|
-
output_file_path:
|
71
|
-
"#{t.output_directory}/#{t.name_prefix}.private",
|
72
|
-
armor: t.armor,
|
73
|
-
passphrase: t.passphrase,
|
74
|
-
pinentry_mode: t.passphrase.nil? ? nil : :loopback,
|
75
|
-
home_directory: home_directory)
|
76
|
-
end
|
52
|
+
block.call(home_directory)
|
53
|
+
end
|
54
|
+
end
|
55
|
+
|
56
|
+
def make_work_directory
|
57
|
+
mkdir_p(work_directory)
|
58
|
+
end
|
59
|
+
|
60
|
+
def make_output_directory
|
61
|
+
mkdir_p(output_directory)
|
62
|
+
end
|
63
|
+
|
64
|
+
def lookup_key_fingerprint(result)
|
65
|
+
result.status.filter_by_type(:key_created)
|
66
|
+
.first_line.key_fingerprint
|
67
|
+
end
|
68
|
+
|
69
|
+
# rubocop:disable Metrics/MethodLength
|
70
|
+
def generate_key(home_directory)
|
71
|
+
RubyGPG2::ParameterFileContents
|
72
|
+
.new(parameter_values)
|
73
|
+
.in_temp_file(work_directory) do |f|
|
74
|
+
RubyGPG2.generate_key(
|
75
|
+
parameter_file_path: f.path,
|
76
|
+
home_directory: home_directory,
|
77
|
+
work_directory: work_directory,
|
78
|
+
without_passphrase: passphrase.nil?,
|
79
|
+
with_status: true
|
80
|
+
)
|
77
81
|
end
|
78
|
-
|
82
|
+
end
|
83
|
+
# rubocop:enable Metrics/MethodLength
|
84
|
+
|
85
|
+
def maybe_export_key(home_directory, key_fingerprint)
|
86
|
+
return unless output_directory
|
87
|
+
|
88
|
+
log_exporting_key
|
89
|
+
make_output_directory
|
90
|
+
export_public_key(home_directory, key_fingerprint)
|
91
|
+
export_private_key(home_directory, key_fingerprint)
|
92
|
+
end
|
93
|
+
|
94
|
+
def export_public_key(home_directory, key_fingerprint)
|
95
|
+
RubyGPG2.export(
|
96
|
+
names: [key_fingerprint],
|
97
|
+
output_file_path: "#{output_directory}/#{name_prefix}.public",
|
98
|
+
armor: armor,
|
99
|
+
home_directory: home_directory
|
100
|
+
)
|
101
|
+
end
|
102
|
+
|
103
|
+
def export_private_key(home_directory, key_fingerprint)
|
104
|
+
RubyGPG2.export_secret_keys(
|
105
|
+
names: [key_fingerprint],
|
106
|
+
output_file_path: "#{output_directory}/#{name_prefix}.private",
|
107
|
+
armor: armor,
|
108
|
+
passphrase: passphrase,
|
109
|
+
pinentry_mode: passphrase.nil? ? nil : :loopback,
|
110
|
+
home_directory: home_directory
|
111
|
+
)
|
112
|
+
end
|
113
|
+
|
114
|
+
def log_generating_key
|
115
|
+
$stdout.puts(
|
116
|
+
"Generating GPG key for #{owner_name} <#{owner_email}>..."
|
117
|
+
)
|
118
|
+
end
|
119
|
+
|
120
|
+
def log_generated_key(key_fingerprint)
|
121
|
+
$stdout.puts(
|
122
|
+
"Generated GPG key with fingerprint #{key_fingerprint}."
|
123
|
+
)
|
124
|
+
end
|
125
|
+
|
126
|
+
def log_exporting_key
|
127
|
+
$stdout.puts(
|
128
|
+
'Export requested. Exporting GPG key to '\
|
129
|
+
"#{output_directory}..."
|
130
|
+
)
|
131
|
+
end
|
132
|
+
|
133
|
+
def log_done
|
134
|
+
$stdout.puts('Done.')
|
79
135
|
end
|
80
136
|
end
|
137
|
+
# rubocop:enable Metrics/ClassLength
|
81
138
|
end
|
82
139
|
end
|
83
140
|
end
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'rake_factory'
|
2
4
|
require 'ruby_gpg2'
|
3
5
|
|
@@ -8,24 +10,49 @@ module RakeGPG
|
|
8
10
|
module Keys
|
9
11
|
class Import < RakeFactory::Task
|
10
12
|
default_name :import
|
11
|
-
default_description
|
13
|
+
default_description 'Import a GPG key'
|
12
14
|
|
13
15
|
parameter :key_file_path, required: true
|
14
16
|
parameter :work_directory, default: '/tmp'
|
15
17
|
parameter :home_directory, default: :temporary
|
16
18
|
|
17
|
-
action do
|
18
|
-
|
19
|
+
action do
|
20
|
+
make_work_directory
|
21
|
+
log_importing_key
|
22
|
+
in_home_directory do |home_directory|
|
23
|
+
import(home_directory)
|
24
|
+
end
|
25
|
+
log_done
|
26
|
+
end
|
27
|
+
|
28
|
+
private
|
19
29
|
|
20
|
-
|
21
|
-
|
22
|
-
Home.new(t.work_directory, t.home_directory)
|
30
|
+
def in_home_directory(&block)
|
31
|
+
Home.new(work_directory, home_directory)
|
23
32
|
.with_resolved_directory do |home_directory|
|
24
|
-
|
25
|
-
key_file_paths: [t.key_file_path],
|
26
|
-
home_directory: home_directory)
|
33
|
+
block.call(home_directory)
|
27
34
|
end
|
28
|
-
|
35
|
+
end
|
36
|
+
|
37
|
+
def make_work_directory
|
38
|
+
mkdir_p(work_directory)
|
39
|
+
end
|
40
|
+
|
41
|
+
def import(home_directory)
|
42
|
+
RubyGPG2.import(
|
43
|
+
key_file_paths: [key_file_path],
|
44
|
+
home_directory: home_directory
|
45
|
+
)
|
46
|
+
end
|
47
|
+
|
48
|
+
def log_importing_key
|
49
|
+
$stdout.puts(
|
50
|
+
"Importing GPG key from #{key_file_path} into #{home_directory}..."
|
51
|
+
)
|
52
|
+
end
|
53
|
+
|
54
|
+
def log_done
|
55
|
+
$stdout.puts 'Done.'
|
29
56
|
end
|
30
57
|
end
|
31
58
|
end
|
data/lib/rake_gpg/tasks/keys.rb
CHANGED
data/lib/rake_gpg/tasks.rb
CHANGED
data/lib/rake_gpg/version.rb
CHANGED
data/lib/rake_gpg.rb
CHANGED
data/rake_gpg.gemspec
ADDED
@@ -0,0 +1,59 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
lib = File.expand_path('lib', __dir__)
|
4
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
5
|
+
require 'rake_gpg/version'
|
6
|
+
|
7
|
+
files = %w[
|
8
|
+
bin
|
9
|
+
lib
|
10
|
+
CODE_OF_CONDUCT.md
|
11
|
+
rake_gpg.gemspec
|
12
|
+
Gemfile
|
13
|
+
LICENSE.txt
|
14
|
+
Rakefile
|
15
|
+
README.md
|
16
|
+
]
|
17
|
+
|
18
|
+
Gem::Specification.new do |spec|
|
19
|
+
spec.name = 'rake_gpg'
|
20
|
+
spec.version = RakeGPG::VERSION
|
21
|
+
spec.authors = ['InfraBlocks Maintainers']
|
22
|
+
spec.email = ['maintainers@infrablocks.io']
|
23
|
+
|
24
|
+
spec.summary = 'Rake tasks for managing GPG activities.'
|
25
|
+
spec.description = 'Rake tasks for common GPG related activities allowing ' \
|
26
|
+
'keys to be managed and content to be encrypted and '\
|
27
|
+
'decrypted.'
|
28
|
+
spec.homepage = 'https://github.com/infrablocks/rake_gpg'
|
29
|
+
spec.license = 'MIT'
|
30
|
+
|
31
|
+
spec.files = `git ls-files -z`.split("\x0").select do |f|
|
32
|
+
f.match(/^(#{files.map { |g| Regexp.escape(g) }.join('|')})/)
|
33
|
+
end
|
34
|
+
spec.bindir = 'exe'
|
35
|
+
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
36
|
+
spec.require_paths = ['lib']
|
37
|
+
|
38
|
+
spec.required_ruby_version = '>= 2.7'
|
39
|
+
|
40
|
+
spec.add_dependency 'rake_factory', '~> 0.23'
|
41
|
+
spec.add_dependency 'ruby_gpg2', '~> 0.6'
|
42
|
+
|
43
|
+
spec.add_development_dependency 'activesupport'
|
44
|
+
spec.add_development_dependency 'bundler'
|
45
|
+
spec.add_development_dependency 'fakefs'
|
46
|
+
spec.add_development_dependency 'gem-release'
|
47
|
+
spec.add_development_dependency 'rake'
|
48
|
+
spec.add_development_dependency 'rake_circle_ci'
|
49
|
+
spec.add_development_dependency 'rake_github'
|
50
|
+
spec.add_development_dependency 'rake_gpg'
|
51
|
+
spec.add_development_dependency 'rake_ssh'
|
52
|
+
spec.add_development_dependency 'rspec'
|
53
|
+
spec.add_development_dependency 'rubocop'
|
54
|
+
spec.add_development_dependency 'rubocop-rake'
|
55
|
+
spec.add_development_dependency 'rubocop-rspec'
|
56
|
+
spec.add_development_dependency 'simplecov'
|
57
|
+
|
58
|
+
spec.metadata['rubygems_mfa_required'] = 'false'
|
59
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rake_gpg
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.17.0.pre.
|
4
|
+
version: 0.17.0.pre.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- InfraBlocks Maintainers
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-04-09 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rake_factory
|
@@ -38,6 +38,20 @@ dependencies:
|
|
38
38
|
- - "~>"
|
39
39
|
- !ruby/object:Gem::Version
|
40
40
|
version: '0.6'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: activesupport
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - ">="
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '0'
|
48
|
+
type: :development
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - ">="
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '0'
|
41
55
|
- !ruby/object:Gem::Dependency
|
42
56
|
name: bundler
|
43
57
|
requirement: !ruby/object:Gem::Requirement
|
@@ -53,7 +67,7 @@ dependencies:
|
|
53
67
|
- !ruby/object:Gem::Version
|
54
68
|
version: '0'
|
55
69
|
- !ruby/object:Gem::Dependency
|
56
|
-
name:
|
70
|
+
name: fakefs
|
57
71
|
requirement: !ruby/object:Gem::Requirement
|
58
72
|
requirements:
|
59
73
|
- - ">="
|
@@ -67,7 +81,7 @@ dependencies:
|
|
67
81
|
- !ruby/object:Gem::Version
|
68
82
|
version: '0'
|
69
83
|
- !ruby/object:Gem::Dependency
|
70
|
-
name:
|
84
|
+
name: gem-release
|
71
85
|
requirement: !ruby/object:Gem::Requirement
|
72
86
|
requirements:
|
73
87
|
- - ">="
|
@@ -81,7 +95,7 @@ dependencies:
|
|
81
95
|
- !ruby/object:Gem::Version
|
82
96
|
version: '0'
|
83
97
|
- !ruby/object:Gem::Dependency
|
84
|
-
name:
|
98
|
+
name: rake
|
85
99
|
requirement: !ruby/object:Gem::Requirement
|
86
100
|
requirements:
|
87
101
|
- - ">="
|
@@ -95,7 +109,21 @@ dependencies:
|
|
95
109
|
- !ruby/object:Gem::Version
|
96
110
|
version: '0'
|
97
111
|
- !ruby/object:Gem::Dependency
|
98
|
-
name:
|
112
|
+
name: rake_circle_ci
|
113
|
+
requirement: !ruby/object:Gem::Requirement
|
114
|
+
requirements:
|
115
|
+
- - ">="
|
116
|
+
- !ruby/object:Gem::Version
|
117
|
+
version: '0'
|
118
|
+
type: :development
|
119
|
+
prerelease: false
|
120
|
+
version_requirements: !ruby/object:Gem::Requirement
|
121
|
+
requirements:
|
122
|
+
- - ">="
|
123
|
+
- !ruby/object:Gem::Version
|
124
|
+
version: '0'
|
125
|
+
- !ruby/object:Gem::Dependency
|
126
|
+
name: rake_github
|
99
127
|
requirement: !ruby/object:Gem::Requirement
|
100
128
|
requirements:
|
101
129
|
- - ">="
|
@@ -123,7 +151,7 @@ dependencies:
|
|
123
151
|
- !ruby/object:Gem::Version
|
124
152
|
version: '0'
|
125
153
|
- !ruby/object:Gem::Dependency
|
126
|
-
name:
|
154
|
+
name: rake_ssh
|
127
155
|
requirement: !ruby/object:Gem::Requirement
|
128
156
|
requirements:
|
129
157
|
- - ">="
|
@@ -137,7 +165,7 @@ dependencies:
|
|
137
165
|
- !ruby/object:Gem::Version
|
138
166
|
version: '0'
|
139
167
|
- !ruby/object:Gem::Dependency
|
140
|
-
name:
|
168
|
+
name: rspec
|
141
169
|
requirement: !ruby/object:Gem::Requirement
|
142
170
|
requirements:
|
143
171
|
- - ">="
|
@@ -151,7 +179,7 @@ dependencies:
|
|
151
179
|
- !ruby/object:Gem::Version
|
152
180
|
version: '0'
|
153
181
|
- !ruby/object:Gem::Dependency
|
154
|
-
name:
|
182
|
+
name: rubocop
|
155
183
|
requirement: !ruby/object:Gem::Requirement
|
156
184
|
requirements:
|
157
185
|
- - ">="
|
@@ -165,7 +193,7 @@ dependencies:
|
|
165
193
|
- !ruby/object:Gem::Version
|
166
194
|
version: '0'
|
167
195
|
- !ruby/object:Gem::Dependency
|
168
|
-
name:
|
196
|
+
name: rubocop-rake
|
169
197
|
requirement: !ruby/object:Gem::Requirement
|
170
198
|
requirements:
|
171
199
|
- - ">="
|
@@ -179,7 +207,7 @@ dependencies:
|
|
179
207
|
- !ruby/object:Gem::Version
|
180
208
|
version: '0'
|
181
209
|
- !ruby/object:Gem::Dependency
|
182
|
-
name:
|
210
|
+
name: rubocop-rspec
|
183
211
|
requirement: !ruby/object:Gem::Requirement
|
184
212
|
requirements:
|
185
213
|
- - ">="
|
@@ -232,10 +260,12 @@ files:
|
|
232
260
|
- lib/rake_gpg/tasks/keys/generate.rb
|
233
261
|
- lib/rake_gpg/tasks/keys/import.rb
|
234
262
|
- lib/rake_gpg/version.rb
|
263
|
+
- rake_gpg.gemspec
|
235
264
|
homepage: https://github.com/infrablocks/rake_gpg
|
236
265
|
licenses:
|
237
266
|
- MIT
|
238
|
-
metadata:
|
267
|
+
metadata:
|
268
|
+
rubygems_mfa_required: 'false'
|
239
269
|
post_install_message:
|
240
270
|
rdoc_options: []
|
241
271
|
require_paths:
|