revenc 0.1.2

data/.document

@@ -0,0 +1,5 @@
+README.rdoc
+lib/**/*.rb
+bin/*
+features/**/*.feature
+LICENSE

data/.gitattributes

@@ -0,0 +1 @@
+*.rb diff=ruby

data/.gitignore

@@ -0,0 +1,30 @@
+## mac os
+.DS_Store
+
+## textmate
+*.tmproj
+tmtags
+
+## emacs
+*~
+\#*
+.\#*
+
+## vim
+*.swp
+
+## project::general
+coverage
+rdoc
+pkg
+*.gemspec
+
+## cucumber
+rerun.txt
+
+## ctags
+tags
+
+## project::specific
+tmp/fixtures
+tmp/aruba

data/CLONING.rdoc

@@ -0,0 +1,108 @@
+= Cloning from BasicApp
+
+BasicApp provides no stand-alone functionality.  It purpose is to 
+provide a repository for jump-starting a new RubyGem based CLI 
+application and provide a point to cloned applications to facilitate
+pulling in future enhancements and fixes.
+
+== Features/Dependencies 
+
+* Jeweler for RubyGem management http://github.com/technicalpickles/jeweler
+* Rspec for unit testing http://github.com/dchelimsky/rspec
+* Cucumber for functional testing http://github.com/tpope/vim-cucumber
+* Aruba for CLI testing http://github.com/aslakhellesoy/aruba
+
+== Jump-starting a new project with BasicApp
+
+The following steps illustrate creating a new application called "oct." Oct
+is a simple command line utility that prints file listing permissions in octal
+notation.
+
+    cd ~/workspace
+    git clone git://github.com/robertwahler/basic_app.git oct
+    cd oct
+
+=== Setup repository for cloned project
+
+We are going to change the origin URL to our own server and setup a remote
+for pulling in future BasicApp changes. If our own repo is setup at
+git@red:oct.git, change the URL with sed:
+
+    sed -i 's/url =.*\.git$/url = git@red:oct.git/' .git/config
+
+Push it up
+
+    git push origin master:refs/heads/master
+
+Add BasicApp as remote
+
+    git remote add basic_app git://github.com/robertwahler/basic_app.git
+
+=== Rename your application
+
+We need to change the name of the application from basic_app to oct
+
+    git mv bin/basic_app bin/oct
+    git mv lib/basic_app.rb lib/oct.rb
+    git mv lib/basic_app lib/oct
+
+    # BasicApp => Oct
+    find ./bin -type f -exec sed -i 's/BasicApp/Oct/' '{}' +
+    find . -name *.rb -exec sed -i 's/BasicApp/Oct/' '{}' +
+    find . -name Rakefile -exec sed -i 's/BasicApp/Oct/' '{}' +
+    # basic_app => oct
+    find ./bin -type f -exec sed -i 's/basic_app/oct/' '{}' +
+    find ./spec -type f -exec sed -i 's/basic_app/oct/' '{}' +
+    find . -name *.rb -exec sed -i 's/basic_app/oct/' '{}' +
+    find . -name *.feature -exec sed -i 's/basic_app/oct/' '{}' +
+    find . -name Rakefile -exec sed -i 's/basic_app/oct/' '{}' +
+
+Replace TODO's and update documentation
+
+* Replace README.rdoc
+* Replace LICENSE
+* (OPTIONAL) git rm CLONING.rdoc
+* Replace the TODO's in Rakefile and bin
+
+Application should now be functional, lets test it
+
+    cucumber
+
+Looks OK, commit it
+
+    git commit -a -m "renamed basic_app to oct"
+
+== Merging of future BasicApp changes
+
+Cherry picking method
+
+    git fetch basic_app
+    git cherry-pick a0f9745
+
+Merge 2-step method
+
+    git fetch basic_app
+    git merge basic_app/master
+
+Trusting pull of HEAD
+
+    git pull basic_app HEAD
+
+Conflicted?
+
+    git mergetool
+    git commit
+
+== Note on Patches/Pull Requests
+ 
+* Fork the project.
+* Make your feature addition or bug fix.
+* Add tests for it. This is important so I don't break it in a
+  future version unintentionally.
+* Commit, do not mess with rakefile, version, or history.
+  (if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull)
+* Send me a pull request. Bonus points for topic branches.
+
+== Copyright
+
+Copyright (c) 2010 GearheadForHire, LLC. See LICENSE for details.

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2010 GearheadForHire, LLC
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc

@@ -0,0 +1,198 @@
+= Revenc
+
+Mount an unencrypted folder as encrypted using EncFS and copy/synchronize the 
+encrypted files to untrusted destinations using rsync/cp
+
+== Background
+
+EncFS in reverse mode facilitates mounting an encrypted file system 
+from an unencrypted source folder.  This allows keeping your files unencrypted 
+in a trusted environment while gaining the ability to encrypt on demand 
+i.e. when you want to rsync encrypted files off-site to an untrusted system.
+
+== Why Revenc?
+
+Revenc facilitates scripting EncFS reverse mounting and synchronizing by 
+providing a configuration framework and validating mounts before running tools 
+like rsync.
+
+=== Benefits 
+
+* Provides conventions for EncFS reverse mounting
+* Validates mountpoints before copying to prevent "rsync --delete" commands 
+  from trying to sync empty folders 
+* Mount, unmount, and copy actions are protected by a mutex to prevent 
+  recursion on long running copy/sync operations.  (mount, unmount and 
+  copy actions will fail if another instance of revenc is blocking)
+* Allow short, easy to remember command lines when used with configuration files.
+  i.e. revenc mount, revenc unmount, revenc copy
+
+== Installation
+
+sudo gem install revenc
+
+== Usage
+
+revenc action [options]
+
+=== Actions
+
+==== Mount
+
+Reverse mount using EncFS. Source and mountpoint are not required when
+using a configuration file.
+
+    Mount: revenc mount <unencrypted source> <empty mountpoint>
+
+This calls the executable "encfs" with the following by default:
+
+    cat <%= passphrasefile.name %> | ENCFS6_CONFIG=<%= keyfile.name %> \
+    <%= executable %> --stdinpass --reverse <%= source.name %> \
+    <%= mountpoint.name %> -- -o ro
+
+==== Unmount
+
+Unmount using EncFS. Mountpoint is required when specified by revenc.conf.
+
+    Unmount: revenc unmount <mountpoint> 
+
+This calls the executable "fusermount" with the following by default:
+
+    <%= executable %> -u <%= mountpoint.name %>
+
+==== Copy
+
+Recursive copy with "cp -r", for rsync copy, see examples.  Source and destination
+are not required when specified by revenc.conf.
+
+    Copy: revenc copy <source>  <destination>
+
+This calls the executable "cp" with the following by default:
+
+    <%= executable %> -r <%= source.name %> <%= destination.name %>
+
+=== Setup
+
+The following is a walk through of the steps used to create the example project
+"simple" in the examples folder.
+
+    mkdir -p revenc/examples/simple/encrypted_mountpoint
+    mkdir -p revenc/examples/simple/unencrypted_data
+    mkdir -p revenc/examples/simple/copy_destination
+
+    cd revenc/examples/simple
+
+    echo "some stuff" > unencrypted_data/test_file1.txt
+    echo "some more stuff" > unencrypted_data/test_file2.txt
+
+=== Create the EncFS passphrase file
+
+You must supply EncFS with a passphrase in plain text. The passphrase is piped in on the command line
+to EncFS.  This file can be stored anywhere on your trusted system.  Revenc expects it in the 
+current folder, use revenc.conf to supply a different location.
+
+    echo "my_super_secret_PassPHRase" > passphrase
+    chmod 600 passphrase
+
+=== Generate the EncFS key file
+
+Generation of your key file is done once.  The same key is used for each mount action on the same 
+unencrypted source folder.  You need to keep a copy of your key available in order to restore encrypted files.
+EncFS doesn't supply a method to fully automate the generation of the key file with so it needs 
+to be done manually. 
+
+NOTE: The ENCFS6_CONFIG var is needed to control where the key file is created.  The "${PWD}" is 
+used because EncFS expects full paths from the root folder.
+
+    ENCFS6_CONFIG=./encfs6.xml encfs --reverse ${PWD}/unencrypted_data  ${PWD}/encrypted_mountpoint -- -o ro
+
+You will see a message about encfs6.xml failing to load, this is OK.  You should now be at the EncFS
+command prompt.  You can complete the key generation any way you like.  The following are the responses
+used to generate the sample key.  Note the I opted to store filenames in plain text for clarity.
+
+EncFS command prompt responses:
+    
+    x                              # expert mode
+    1                              # AES
+    128                            # key size
+    1024                           # block size
+    2                              # Null => no encryption of filenames 
+    my_super_secret_PassPHRase     # passphrase we stored in the step above
+    my_super_secret_PassPHRase     # confirm passphrase
+
+
+EncFS should generate encfs6.xml, mount the folder and return you to the command prompt. You can 
+now work with your encrypted files.
+
+    ls encrypted_mountpoint
+
+        test_file1.txt  test_file2.txt
+
+    revenc unmount encrypted_mountpoint
+    ls encrypted_mountpoint
+       
+        <no files here>
+
+    revenc mount unencrypted_data encrypted_mountpoint
+    ls encrypted_mountpoint
+
+        test_file1.txt  test_file2.txt
+
+
+    revenc copy encrypted_mountpoint copy_to_destination
+    ls copy_to_destination
+
+        test_file1.txt  test_file2.txt
+
+
+=== Configuration files
+
+Revenc expects a passphrase file and the key file "encfs6.xml" to exist in the
+current folder.  You can override these locations using the revenc.conf file.  Revenc
+looks for its configuration file in the current folder. When you use configuration file,
+you can ommit action parameters. For example:
+
+    cd examples/rsync
+
+    revenc mount
+    revenc copy
+    revenc unmount
+
+The configuration file is YAML http://www.yaml.org/ format with ERB processing. You must
+escape ERB in the action commands.  These need to be lazy loaded by Revenc. Unescaped 
+ERB is evaluated as the configuration file is read but before Revenc parses the commands.
+See the example configuration file examples/rsync/revenc.conf.
+
+The file features/configuration.feature has more details.
+
+
+== System Requirements
+
+* POSIX system
+* EncFS http://www.arg0.net/encfs 
+
+== Runtime Dependencies
+
+* term-ansicolor
+* configatron
+
+== Development Dependencies
+
+* rspec for unit testing http://github.com/dchelimsky/rspec
+* cucumber for functional testing http://github.com/tpope/vim-cucumber
+* aruba for CLI testing http://github.com/aslakhellesoy/aruba
+
+== Note on Patches/Pull Requests
+ 
+* Fork the project.
+* Make your feature addition or bug fix.
+* Add tests for it. This is important so I don't break it in a
+  future version unintentionally.
+* Commit, do not mess with rakefile, version, or history.
+  (if you want to have your own version, that is fine but bump version 
+  in a commit by itself I can ignore when I pull)
+* Send me a pull request. Bonus points for topic branches.
+
+== Copyright
+
+Copyright (c) 2010 GearheadForHire, LLC. See LICENSE for details.

data/Rakefile

@@ -0,0 +1,64 @@
+require 'rubygems'
+require 'rake'
+
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |gem|
+    gem.name = "revenc"
+    gem.summary = %Q{Helper for reverse mounting encrypted file systems}
+    gem.description = %Q{Mount, unmount, and copy/synchronize encrypted files to 
+                         untrusted destinations using EncFS and rsync}
+    gem.email = "robert@gearheadforhire.com"
+    gem.homepage = "http://github.com/robertwahler/revenc"
+    gem.authors = ["Robert Wahler"]
+
+    gem.add_dependency 'term-ansicolor', '>= 1.0.4'
+    gem.add_dependency 'configatron', '>= 2.5.1'
+
+    gem.add_development_dependency "rspec", ">= 1.2.9"
+    gem.add_development_dependency "cucumber", ">= 0.6"
+    gem.add_development_dependency "aruba", ">= 0.1.7"
+
+    # gem is a Gem::Specification... see http://www.rubygems.org/read/chapter/20 for additional settings
+  end
+  Jeweler::GemcutterTasks.new
+rescue LoadError
+  puts "Jeweler (or a dependency) not available. Install it with: gem install jeweler"
+end
+
+require 'spec/rake/spectask'
+Spec::Rake::SpecTask.new(:spec) do |spec|
+  spec.libs << 'lib' << 'spec'
+  spec.spec_files = FileList['spec/**/*_spec.rb']
+end
+
+Spec::Rake::SpecTask.new(:rcov) do |spec|
+  spec.libs << 'lib' << 'spec'
+  spec.pattern = 'spec/**/*_spec.rb'
+  spec.rcov = true
+end
+
+task :spec => :check_dependencies
+
+begin
+  require 'cucumber/rake/task'
+  Cucumber::Rake::Task.new(:features)
+
+  task :features => :check_dependencies
+rescue LoadError
+  task :features do
+    abort "Cucumber is not available. In order to run features, you must: sudo gem install cucumber"
+  end
+end
+
+task :default => :spec
+
+require 'rake/rdoctask'
+Rake::RDocTask.new do |rdoc|
+  version = File.exist?('VERSION') ? File.read('VERSION') : ""
+
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title = "Revenc #{version}"
+  rdoc.rdoc_files.include('README*')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end

data/VERSION

@@ -0,0 +1 @@
+0.1.2

data/bin/revenc

@@ -0,0 +1,81 @@
+#!/usr/bin/env ruby
+
+$:.unshift(File.dirname(__FILE__) + '/../lib')
+
+require 'revenc'
+require 'optparse'
+require 'term/ansicolor'
+
+available_actions = Revenc::AVAILABLE_ACTIONS
+
+banner = <<BANNER
+Revenc is an encfs helper
+
+  Usage: revenc action [options]
+BANNER
+banner << "\nActions: #{available_actions.join(' ')}\n" unless available_actions.empty?
+
+help = banner
+help += <<HELP
+  Mount: revenc mount <unencrypted source> <empty mountpoint>
+Unmount: revenc unmount <mounted encypted folder> 
+   Copy: revenc copy <encrypted source>  <destination>
+         Note: Copying is normally done via rsync
+
+Options:
+ 
+HELP
+
+options = {}
+OptionParser.new do |opts|
+  opts.banner = help
+
+  # set defaults
+  options[:verbose] = false
+  options[:coloring] = true
+
+  opts.on("-v", "--[no-]verbose", "Run verbosely") do |v|
+    options[:verbose] = v
+  end
+
+  opts.on("-c", "--[no-]coloring", "Ansi color in output") do |c|
+    options[:coloring] = c
+  end
+
+  opts.on("--version", "Display current version") do
+    puts "revenc, version " + Revenc.version
+    exit 0
+  end
+
+  opts.on("-d", "--dry-run", "Run action but omit the final execute step.  Useful combined with --verbose") do |d|
+    options[:dry_run] = d
+  end
+
+  opts.on("--config FILE", "Load configuration options from FILE") do |file|
+    options[:config] = file 
+  end
+
+  # no argument, shows at tail.  This will print an options summary.
+  opts.on_tail("-h", "--help", "Show this message") do
+    puts opts
+    exit 0
+  end
+  
+  begin
+    opts.parse!
+  rescue OptionParser::InvalidOption => e
+    puts "revenc #{e}"
+    puts "revenc --help for more information"
+    exit 1
+  end
+
+end
+
+if STDOUT.isatty
+  Term::ANSIColor::coloring = options[:coloring]
+else
+  Term::ANSIColor::coloring = false
+end
+
+app = Revenc::App.new(FileUtils.pwd, options)
+app.run

data/config/cucumber.yml

@@ -0,0 +1,7 @@
+<%
+rerun = File.file?('rerun.txt') ? IO.read('rerun.txt') : ""
+rerun_opts = rerun.to_s.strip.empty? ? "--format pretty features" : "--format #{ENV['CUCUMBER_FORMAT'] || 'pretty'} #{rerun}"
+std_opts = "#{rerun_opts} --format rerun --out rerun.txt --strict --tags ~@wip"
+%>
+default: <%= std_opts %>  --no-diff
+wip: --tags @wip:3 --wip features

data/examples/rsync/encrypted_data/key/encfs6.xml

@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
+<!DOCTYPE boost_serialization>
+<boost_serialization signature="serialization::archive" version="4">
+<config class_id="0" tracking_level="1" version="20080816" object_id="_0">
+	<creator>EncFS 1.5</creator>
+	<cipherAlg class_id="1" tracking_level="0" version="0">
+		<name>ssl/aes</name>
+		<major>2</major>
+		<minor>2</minor>
+	</cipherAlg>
+	<nameAlg>
+		<name>nameio/null</name>
+		<major>1</major>
+		<minor>0</minor>
+	</nameAlg>
+	<keySize>128</keySize>
+	<blockSize>1024</blockSize>
+	<uniqueIV>0</uniqueIV>
+	<chainedNameIV>0</chainedNameIV>
+	<externalIVChaining>0</externalIVChaining>
+	<blockMACBytes>0</blockMACBytes>
+	<blockMACRandBytes>0</blockMACRandBytes>
+	<allowHoles>1</allowHoles>
+	<encodedKeySize>36</encodedKeySize>
+	<encodedKeyData>
+unVmAfPQFd5t4cakBxbE7uosu4tzZbo8B513iGGNynzArOKM=
+	</encodedKeyData>
+	<saltLen>20</saltLen>
+	<saltData>
+IcFy11sZw/w7juCI+Cro8AZVp6Q
+	</saltData>
+	<kdfIterations>97493</kdfIterations>
+	<desiredKDFDuration>500</desiredKDFDuration>
+</config>
+</boost_serialization>

data/examples/rsync/revenc.conf

@@ -0,0 +1,18 @@
+mount:
+  source:
+    name: unencrypted_data
+  mountpoint:
+    name: encrypted_data/mountpoint
+  passphrasefile:
+    name: scripts/passphrase
+  keyfile:
+    name: encrypted_data/key/encfs6.xml
+  cmd: cat <%%= passphrasefile.name %> | ENCFS6_CONFIG=<%%= keyfile.name %> <%%= executable %> --stdinpass --reverse <%%= source.name %> <%%= mountpoint.name %> -- -o ro
+copy:
+  source:
+    name: encrypted_data    # sync the encrypted data as well as the key
+  destination:
+    name: copy_destination  # could be a remote host instead of a folder, i.e. user1@example.com:backups/here
+  executable: rsync
+  cmd: <%%= executable %> --perms --links --times --recursive --verbose --compress --stats --human-readable --inplace <%%= source.name %> <%%= destination.name %>
+

data/examples/rsync/scripts/passphrase

@@ -0,0 +1 @@
+test

data/examples/rsync/unencrypted_data/test_file1.txt

@@ -0,0 +1 @@
+some stuff

data/examples/rsync/unencrypted_data/test_file2.txt

@@ -0,0 +1 @@
+some more stuff

data/examples/simple/encfs6.xml

@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
+<!DOCTYPE boost_serialization>
+<boost_serialization signature="serialization::archive" version="4">
+<config class_id="0" tracking_level="1" version="20080816" object_id="_0">
+	<creator>EncFS 1.5</creator>
+	<cipherAlg class_id="1" tracking_level="0" version="0">
+		<name>ssl/aes</name>
+		<major>2</major>
+		<minor>2</minor>
+	</cipherAlg>
+	<nameAlg>
+		<name>nameio/null</name>
+		<major>1</major>
+		<minor>0</minor>
+	</nameAlg>
+	<keySize>128</keySize>
+	<blockSize>1024</blockSize>
+	<uniqueIV>0</uniqueIV>
+	<chainedNameIV>0</chainedNameIV>
+	<externalIVChaining>0</externalIVChaining>
+	<blockMACBytes>0</blockMACBytes>
+	<blockMACRandBytes>0</blockMACRandBytes>
+	<allowHoles>1</allowHoles>
+	<encodedKeySize>36</encodedKeySize>
+	<encodedKeyData>
+BjZ2dl0VE8ezDBvAwgxLo1ODmnrLlawYrlfhG8Fe3wcQBzZu=
+	</encodedKeyData>
+	<saltLen>20</saltLen>
+	<saltData>
+tPmiXlNgrbvvSlnGcqe4aCjGWGY
+	</saltData>
+	<kdfIterations>83342</kdfIterations>
+	<desiredKDFDuration>500</desiredKDFDuration>
+</config>
+</boost_serialization>

data/examples/simple/passphrase

@@ -0,0 +1 @@
+my_super_secret_PassPHRase

data/examples/simple/unencrypted_data/test_file1.txt

@@ -0,0 +1 @@
+some stuff

data/examples/simple/unencrypted_data/test_file2.txt

@@ -0,0 +1 @@
+some more stuff