safedb 0.5.1005 → 0.7.1001

data/lib/controller/db/remote.rb

@@ -0,0 +1,108 @@
+#!/usr/bin/ruby
+	
+module SafeDb
+
+  # We want to provision (create) the safe's remote (github) backend.
+  #
+  # A number of setup tasks are executed when you ask that the backend repository be created.
+  #
+  # - a repository is created in github
+  # - the git fetch (https) and git push (ssh) urls are fabricated
+  # - the fetch url is written into the master keys file
+  # - the push url is written to the configured chapter/verse location
+  # - a ssh public/private keypair (using EC25519) is created
+  # - the private and public keys are placed within the chapter/verse
+  # - the public (deploy) key is registered with the github repository
+  #
+  class Remote < EditVerse
+
+    attr_writer :provision
+
+    # We want to provision (create) the safe's remote (github) backend.
+    # A number of setup tasks are executed when you ask that the backend repository be created.
+    def edit_verse()
+
+      return unless @provision
+
+      github_access_token = @verse[ Indices::GITHUB_ACCESS_TOKEN ]
+      return unless is_github_access_token_valid( github_access_token )
+
+      repository_name = "safedb-crypts-#{TimeStamp.yyjjj_hhmm_sst()}"
+      @verse.store( Indices::GIT_REPOSITORY_NAME_KEYNAME, repository_name )
+      private_key_simple_filename = "safe.#{@book.get_open_chapter_name()}.#{@book.get_open_verse_name()}.#{TimeStamp.yyjjj_hhmm_sst()}"
+      @verse.store( Indices::REMOTE_PRIVATE_KEY_KEYNAME, "#{private_key_simple_filename}.pem" )
+      @verse.store( Indices::REMOTE_MIRROR_SSH_HOST_KEYNAME, "safe-#{TimeStamp.yyjjjhhmmsst()}" )
+
+      remote_mirror_page = "#{@book.book_id()}/#{@book.get_open_chapter_name()}/#{@book.get_open_verse_name()}"
+      Master.new().set_backend_coordinates( remote_mirror_page )
+
+      key_creator = Keys.new()
+      key_creator.set_verse( @verse )
+      key_creator.keyfile_name = private_key_simple_filename
+      key_creator.edit_verse()
+      repo_public_key = @verse[ Indices::PUBLIC_KEY_DEFAULT_KEY_NAME ]
+
+# @todo - refactor into GitHub integration class
+# @todo - refactor into GitHub integration class
+# @todo - refactor into GitHub integration class
+# @todo - refactor into GitHub integration class
+# @todo - refactor into GitHub integration class
+# @todo - refactor into GitHub integration class
+# @todo - refactor into GitHub integration class
+
+      require "etc"
+      require "socket"
+      require "octokit"
+
+      github_client = Octokit::Client.new( :access_token => github_access_token )
+      github_user = github_client.user
+      repo_creator = "#{Etc.getlogin()}@#{Socket.gethostname()}"
+      repo_description = "This github repository was auto-created by safedb.net to be a remote database backend on behalf of #{repo_creator} on #{TimeStamp.readable()}."
+      repo_homepage = "https://github.com/devops4me/safedb.net/"
+      repository_id = "#{github_user[:login]}/#{repository_name}"
+      @verse.store( Indices::GIT_REPOSITORY_USER_KEYNAME, github_user[:login] )
+
+      puts ""
+      puts "Repository Name  =>  #{repository_id}"
+      puts "Github Company   =>  #{github_user[:company]}"
+      puts "Account Owner    =>  #{github_user[:name]}"
+      puts "Github User ID   =>  #{github_user[:id]}"
+      puts "Github Username  =>  #{github_user[:login]}"
+      puts "SSH Public Key   =>  #{repo_public_key[0..40]}..."
+
+      puts "Creation Entity  =>  #{repo_creator}"
+      puts "Repo Descriptor  =>  #{repo_description}"
+      puts "Repo Homepage    =>  #{repo_homepage}"
+      puts ""
+
+      options_hash = {
+        :description => repo_description,
+        :repo_homepage => repo_homepage,
+        :private => false,
+        :has_issues => false,
+        :has_wiki => false,
+        :has_downloads => false,
+        :auto_init => true
+      }
+
+      github_client.create_repository( repository_name, options_hash  )
+      github_client.add_deploy_key( repository_id, "your safe crypts deployment key with ID #{TimeStamp.yyjjj_hhmm_sst()}", repo_public_key )
+
+    end
+
+
+    def is_github_access_token_valid( github_access_token )
+
+      is_invalid = github_access_token.nil?() || github_access_token.strip().length() < GITHUB_TOKEN_MIN_LENGTH
+      puts "No valid github access token found." if is_invalid
+      return !is_invalid
+
+    end
+
+    GITHUB_TOKEN_MIN_LENGTH = 7
+
+
+  end
+
+
+end

data/lib/controller/edit/generate.rb

@@ -31,7 +31,7 @@ module SafeDb
     # that can be produced by this class. The lower bound is the median
     # length less give or take, the upper bound is the median length
     # plus the give or take size.
-    LENGTH_RANGE = (MEDIAN_LENGTH - GIVE_OR_TAKE_SIZE) .. ( MEDIAN_LENGTH + GIVE_OR_TAKE_SIZE)
+    LENGTH_RANGE = (MEDIAN_LENGTH - GIVE_OR_TAKE_SIZE) .. ( MEDIAN_LENGTH + GIVE_OR_TAKE_SIZE )
 
     # The super strong non alpha-numeric character set has a large
     # set of characters configured for the most secure credentials

data/lib/controller/edit/keys.rb

@@ -0,0 +1,72 @@
+#!/usr/bin/ruby
+	
+module SafeDb
+
+  # The default action of the <b>keys use case</b> is to create a private and
+  # public keypair and store them within the open chapter and verse.
+  #
+  # The optional keypair name parameter (if given) is used as a prefix to compose
+  # the private and public key keynames. The prefix and descriptors will be period
+  # separated.
+  #
+  # Currently the only algorithm used is the super secure EC (eliptic curve)
+  # with 384 bits.
+  #
+  # == Generating Public Key for Unit Test
+  #
+  # To validate public key generation for SSH we can use the below command that
+  # points to an on-disk private key file. The -y flag produces the magic.
+  #
+  #     ssh-keygen -f /path/to/private/key.pem -y
+  #
+  class Keys < EditVerse
+
+
+    # To insert MORE THAN ONE KEY in the same verse you send the keypair_name.
+    # The keypair name fashions the key name of the embodied private key file.
+    # Omit it and it will be simply set to "private.key".
+    attr_writer :keypair_name
+
+    # Set the keyfile_name to fashion the name of the private key file that will
+    # be ejected (in the future) into the `~/.ssh` folder. Omit it and the filename
+    # will be formatted with the book, chapter and verse name followed by a .pem
+    attr_writer :keyfile_name
+
+
+    # The <b>keypair use case</b> creates a private and public keypair and stores
+    # them within the open chapter and verse.
+    def edit_verse()
+
+      keypair = Keypair.new()
+
+      keyname_postfix = "" unless @keypair_name
+      keyname_postfix = ".#{@keypair_name}" if @keypair_name
+      bcv_name = "#{@book.book_name()}.#{@book.get_open_chapter_name()}.#{@book.get_open_verse_name()}#{keyname_postfix}"
+      filename_prefix = bcv_name unless @keyfile_name
+      filename_prefix = @keyfile_name if @keyfile_name
+
+      private_key_filename = "#{filename_prefix}.pem"
+      private_key_keyname = "#{Indices::PRIVATE_KEY_DEFAULT_KEY_NAME}#{keyname_postfix}"
+      public_key_keyname = "#{Indices::PUBLIC_KEY_DEFAULT_KEY_NAME}#{keyname_postfix}"
+
+      file_content64 = Base64.urlsafe_encode64( keypair.private_key_pem() )
+
+      log.info(x) { "Keypair prefix => #{@keypair_name}" } if @keypair_name
+      log.info(x) { "The keypair fully qualified name => [ #{private_key_filename} ]" }
+      log.info(x) { "Keynames are [ #{private_key_keyname} ] and [ #{public_key_keyname} ]" }
+
+      filedata_map = {}
+      filedata_map.store( Indices::INGESTED_FILE_BASE_NAME_KEY, private_key_filename )
+      filedata_map.store( Indices::INGESTED_FILE_CONTENT64_KEY, file_content64 )
+      filedata_map.store( Indices::FILE_CHMOD_PERMISSIONS_KEY, "0600" )
+
+      @verse.store( Indices::INGESTED_FILE_LINE_NAME_KEY + private_key_keyname, filedata_map )
+      @verse.store( public_key_keyname, keypair.public_key_ssh() )
+
+    end
+
+
+  end
+
+
+end

data/lib/controller/edit/paste.rb

@@ -0,0 +1,36 @@
+#!/usr/bin/ruby
+	
+module SafeDb
+
+  # Paste the current clipboard or selection text into the specified line
+  # at the current book's open chapter and verse.
+  #
+  # Sensitive values now neither need to be put on the commnad line (safe put)
+  # or inputted perhaps with a typo when using (safe input).
+  # 
+  # Use <b>safe wipe</b> to wipe (overwrite) any sensitive values that has
+  # been placed on the clipboard.
+  class Paste < EditVerse
+
+    # this entity can point to a book, chapter, verse or line. If no
+    # parameter entity is provided, the --all switch must be present
+    # to avoid an error message.
+    attr_writer :line
+
+    # The paste use case places a string from the clipboard into the
+    # specified line (@password is the default if no line name is specified).
+    def edit_verse()
+
+      @line = "@password" if @line.nil?
+      @verse.store( "#{@line}-#{TimeStamp.yyjjj_hhmm_sst()}", @verse[ @line ] ) if @verse.has_key?( @line )
+
+      clipboard_text = Clipboard.read_line()
+      @verse.store( @line, clipboard_text )
+
+    end
+
+
+  end
+
+
+end

data/lib/controller/files/write.rb

@@ -19,8 +19,6 @@ module SafeDb
 
       bcv_name = "#{@book.book_name()}/#{@book.get_open_chapter_name()}/#{@book.get_open_verse_name()}"
 
-      puts ""
-      puts "book/chapter/verse\n"
       puts "#{bcv_name} (#{@verse.length()})\n"
 
       base64_content = @verse[ Indices::INGESTED_FILE_LINE_NAME_KEY + @file_key ][ Indices::INGESTED_FILE_CONTENT64_KEY ]
@@ -45,7 +43,17 @@ module SafeDb
       puts "Written File Key = #{@file_key}"
       puts ""
       puts "File successfully written from safe to filesystem."
-      puts ""
+
+# @todo - if the permissions key is found then change them please
+# @todo - if the permissions key is found then change them please
+# @todo - if the permissions key is found then change them please
+# @todo - if the permissions key is found then change them please
+
+=begin
+FileUtils.chmod 0755, 'somecommand'
+FileUtils.chmod 0644, %w(my.rb your.rb his.rb her.rb)
+FileUtils.chmod 0755, '/usr/bin/ruby', :verbose => true
+=end
 
       File.write( backup_file_path, File.read( file_full_path ) ) if will_clobber
       ::File.write( file_full_path, Base64.urlsafe_decode64( base64_content ) )

data/lib/controller/misc/wipe.rb

@@ -0,0 +1,23 @@
+#!/usr/bin/ruby
+	
+module SafeDb
+
+  # The wipe use case clears out any sensitive information from the clipboard.
+  # Typically it will be called after the copy use case has placed line values
+  # into both the primary and secondary clipboards (Ctrl-v and middle-click).
+  class Wipe < Controller
+
+    def execute()
+
+      system "printf \"safe wiped the clipboard on #{TimeStamp.readable()}.\" | xclip"
+      system "printf \"safe wiped the clipboard on #{TimeStamp.readable()}.\" | xclip -selection clipbaord"
+
+      puts ""
+      puts "safe has wiped the clipboards."
+      puts ""
+
+    end
+
+  end
+
+end

data/lib/controller/navigate/at.rb

@@ -0,0 +1,42 @@
+#!/usr/bin/ruby
+	
+module SafeDb
+
+  # The <tt>at use case</tt> is all about opening books at the right page.
+  # Its operation is similar to <tt>safe open</tt> and <tt>safe goto</tt>.
+  #
+  # It takes one and only one parameter which can consist of 1, 2 or 3 forward
+  # slash separated parts.
+  #
+  #     $ safe at /contacts      # login or switch to the contacts book
+  #     $ safe at /contacts/friends      # go to the friends chapter in contacts
+  #     $ safe at /contacts/friends/paul # go to the paul verse in contacts
+  #     $ safe at contacts/friends/paul  # the same as above
+  #     $ safe at mary                   # if already in friends chapter
+  #     $ safe at ../family/mum             # 
+  #
+  #
+  class At < Controller
+
+    # The chapter and verse of this book that are to be opened.
+    attr_writer :chapter, :verse
+
+    def execute
+
+      @book.set_open_chapter_name( @chapter )
+      @book.set_open_verse_name( @verse )
+      @book.write()
+
+      # Show the mini dictionary at the opened chapter and verse location
+      # More work is needed when for when only the chapter is opened in
+      # which case we should show the list of verses and perhaps the count
+      # of key value pairs each verse contains.
+      Show.new.flow()
+
+    end
+
+
+  end
+
+
+end

data/lib/controller/query/copy.rb

@@ -15,108 +15,45 @@ module SafeDb
     # this entity can point to a book, chapter, verse or line. If no
     # parameter entity is provided, the --all switch must be present
     # to avoid an error message.
-    attr_writer :entity
+    attr_writer :line
 
     # The copy use case copies one or more chapters, one or more verses and
     # one or more lines to the clipboard so Ctrl-v can be used outside the
     # safe to paste data in (like complex passwords).
     def query_verse()
 
-      print @verse[ @key_name ]
-
-=begin
-
-From xclip man page
-
-EXAMPLES
-       I hate man pages without examples!
-
-       uptime | xclip
-
-       Put your uptime in the X selection. Then middle click in an X application to paste.
-
-       xclip -loops 10 -verbose /etc/motd
-
-       Exit after /etc/motd (message of the day) has been pasted 10 times. Show how many  selection  requests  (pastes)
-       have been processed.
-
-       xclip -o > helloworld.c
-
-       Put the contents of the selection into a file.
-
-       xclip -t text/html index.html
-
-       Middle click in an X application supporting HTML to paste the contents of the given file as HTML.
-
-
-
-78apollo@unity:~$ xclip -o
-Constant Summaryapollo@unity:~$ 
-apollo@unity:~$ xclip -o; echo
-Constant Summary
-apollo@unity:~$ xclip -o; echo
-Module: Clipboard::File
-apollo@unity:~$ xclip -o; echo
-character of the selection specified
-apollo@unity:~$ xclip -o; echo
-long as they remain unambiguous
-apollo@unity:~$ xclip -o; echo
-long as they remain unambiguous
-apollo@unity:~$ xclip -o; echo
-long as they remain unambiguous
-apollo@unity:~$ xclip -i ''
-xclip: : No such file or directory
-apollo@unity:~$ xclip -o; echo
-long as they remain unambiguous
-apollo@unity:~$ xclip ''
-xclip: : No such file or directory
-apollo@unity:~$ xclip -o; echo
-long as they remain unambiguous
-apollo@unity:~$ xclip -t ''
-q
-adsf
-
-
-apollo@unity:~$ 
-apollo@unity:~$ 
-apollo@unity:~$ uptime | xclip
-apollo@unity:~$ xclip -o; echo
- 00:34:46 up  5:10,  1 user,  load average: 0.47, 0.52, 0.35
-
-apollo@unity:~$ uptime
- 00:35:05 up  5:11,  1 user,  load average: 0.34, 0.48, 0.34
-apollo@unity:~$ uptime | xclip
-apollo@unity:~$ xclip -o
- 00:35:29 up  5:11,  1 user,  load average: 0.22, 0.44, 0.33
-apollo@unity:~$ xclip -o
- 00:35:29 up  5:11,  1 user,  load average: 0.22, 0.44, 0.33
-apollo@unity:~$ xclip -o
- 00:35:29 up  5:11,  1 user,  load average: 0.22, 0.44, 0.33
-apollo@unity:~$ xclip -o
-Error: target STRING not available
-apollo@unity:~$ xclip -o
-Error: target STRING not available
-apollo@unity:~$ xclip -o
-Error: target STRING not available
-apollo@unity:~$ xclip -o
-       apollo@unity:~$ 
-apollo@unity:~$ xclip -o; echo
-       
-apollo@unity:~$ xclip -o; echo
-instead  of  -display.  However,  -v couldn't be used because it is ambiguous (it could be short for -verbose or
-apollo@unity:~$ xclip -o; echo
-0345 072 5555
-apollo@unity:~$ echo "safe deleted clipboard contents" | xclip
-apollo@unity:~$ xclip -o; echo
-safe deleted clipboard contents
-
-apollo@unity:~$ xclip -o; echo
- (traditionally with the middle mouse button
-apollo@unity:~$ xclip -o; echo
-safedb.yijx-r7zr.19093.1515.01.676152709.json
-
-=end
+      @line = "@password" if @line.nil?
+      unless ( @verse.has_key?( @line ) )
+        cannot_copy_line()
+        return
+      end
 
+      system "printf \"#{@verse[ @line ]}\" | xclip"
+      system "printf \"#{@verse[ @line ]}\" | xclip -selection clipbaord"
+
+      line_copied()
+
+    end
+
+
+    def line_copied()
+
+      puts ""
+      puts "The value for line \"#{@line}\" has been copied to the clipboard."
+      puts "You can use either Ctrl-v or a mouse middle click to paste it."
+      puts ""
+      puts "Wipe it from the clipboard with $ safe wipe"
+      puts ""
+
+    end
+
+
+    def cannot_copy_line()
+
+      puts ""
+      puts "No parameter line to copy was given."
+      puts "Also this verse does not have a @password line."
+      puts ""
 
     end
 

data/lib/controller/query/tell.rb

@@ -0,0 +1,36 @@
+#!/usr/bin/ruby
+
+module SafeDb
+
+  # Print out the secret key/value pairs. These are the ones with keys that start
+  # with the @ sysmbol.
+  class Tell < QueryVerse
+
+    # Print out the secret key/value pairs. These are the ones with keys that start
+    # with the @ sysmbol.
+    def query_verse()
+
+      @book.print_book_mark()
+      if @verse.empty?()
+
+        puts "    No lines in this chapter and verse location."
+        puts ""
+        return
+
+      end
+
+      show_map = {}
+      @verse.each do | key_str, value |
+        show_map.store( key_str, value ) if( key_str.start_with? "@" )
+      end
+
+      puts JSON.pretty_generate( show_map )
+      puts ""
+
+    end
+
+
+  end
+
+
+end

data/lib/controller/requirer.rb

@@ -86,10 +86,10 @@ module SafeDb
     def self.gems( gem_filepath )
 
       require_relative "../version"
-      require_relative "../controller/controller"
-      require_relative "../controller/admin/auth"
-      require_relative "../controller/edit/editverse"
-      require_relative "../controller/query/queryverse"
+      require_relative "../controller/abstract/controller"
+      require_relative "../controller/abstract/authenticate"
+      require_relative "../controller/abstract/edit_verse"
+      require_relative "../controller/abstract/query_verse"
 
       gem_basepath = File.expand_path "..", gem_filepath
       Dir["#{gem_basepath}/**/*.rb"].each do |gem_path|

data/lib/controller/visit/README.md

@@ -16,6 +16,40 @@ Use **`curl`** to pull down and place the following executable into /usr/local/b
 
 https://github.com/mozilla/geckodriver/releases/download/v0.24.0/geckodriver-v0.24.0-linux64.tar.gz
 
+``` bash
+curl -o /tmp/geckodriver https://releases.hashicorp.com/terraform/0.11.13/terraform_0.11.13_linux_amd64.zip
+sudo unzip /tmp/terraform.zip -d /usr/local/bin
+sudo chmod a+x /usr/local/bin/terraform
+rm /tmp/terraform.zip
+terraform --version
+```
+
+```
+## Geckodriver
+wget https://github.com/mozilla/geckodriver/releases/download/v0.23.0/geckodriver-v0.23.0-linux64.tar.gz
+sudo sh -c 'tar -x geckodriver -zf geckodriver-v0.23.0-linux64.tar.gz -O > /usr/bin/geckodriver'
+sudo chmod +x /usr/bin/geckodriver
+rm geckodriver-v0.23.0-linux64.tar.gz
+
+## Chromedriver
+wget https://chromedriver.storage.googleapis.com/2.29/chromedriver_linux64.zip
+unzip chromedriver_linux64.zip
+sudo chmod +x chromedriver
+sudo mv chromedriver /usr/bin/
+rm chromedriver_linux64.zip
+```
+
+gem install nokogiri
+
+gem install mini_magick -v 3.5
+
+gem install watir --no-ri --no-rdoc
+
+gem install watir-webdriver --no-ri --no-rdoc
+
+
+
+
 Now when you run the **`ruby visit.rb`** the browser should pop up and search for our search term.
 
 ### Reading Material

data/lib/controller/visit/visit.rb

@@ -27,3 +27,36 @@ module SafeDb
 
 
 end
+
+
+=begin
+
+ install python3 and pip3
+ pip3 install selinium
+ then place the below code in a file and run with python <<file-name.py>>
+ note that a logfile called "geckodriver.log" will be created
+
+ -------------------------------------------
+#!/usr/bin/env python
+
+from selenium import webdriver
+from selenium.webdriver.common.keys import Keys
+
+import time
+from selenium import webdriver
+from selenium.webdriver.common.by import By
+from selenium.webdriver.support.ui import WebDriverWait
+from selenium.webdriver.support import expected_conditions as EC
+from selenium.webdriver.common.keys import Keys
+
+browser = webdriver.Firefox()
+browser.get('http://www.google.co.uk')
+
+search = browser.find_element_by_name('q')
+search.send_keys("sainsburys")
+search.send_keys(Keys.RETURN)
+time.sleep(20)
+browser.quit()
+
+
+=end

data/lib/manual/copy-paste.md

@@ -1,7 +1,24 @@
+<tt>Copy and paste data to and from the **clipboard**</tt>.
 
-# safe copy | safe paste
+# safe copy | safe clear | safe paste
+
+## copy | intro
+
+Copy into the clipboard the value held by the named line at the current book's open chapter and verse. This is more accurate and more secure than echoing the password and then performing a SELECT then COPY and then PASTE.
+
+Use <b>safe clear</b> to wipe (overwrite) the sensitive value in the clipboard.
+
+
+## paste | intro
+
+Paste does the reverse of copy and also **auto-clears** the clipboard.
+
+In the external application you select the text to copy, you then switch and type in something like **`safe paste @github.token`** - all verse lines will be displayed with sensitive values masked out. Note the extra line.
+
+### Overwriting the Line's Value
+
+If the line already exists and holds a value the paste operation will put the outgoing key/value pair into the **safe recycle bin**. This gives you a restore option.
 
-<tt>Copy and paste data to and from the **clipboard**</tt>.
 
 ## pre-condition - install xclip
 

data/lib/manual/push-pull.md

@@ -0,0 +1,46 @@
+
+#### Use `safe push` and `safe pull` to remotely store and retrieve your safe books.
+
+<span style="font-family:Papyrus; font-size:2em;">**`safe remote --provision`** must have been run with access to the Github repository token so that it can **create the git repository backend** and furnish that repository with a public key so that a **`git push`** can occur during a **`safe push`** execution.</span>
+
+**A push puts your crypt files into remote storage and writes a single file to a (usb key or phone) removable drive. A pull reads the file, accesses the right repository and restores (or refreshes) your safe database.**
+
+The ***removable.drive*** folder **need not be removable**, but if you are moving from one machine to another, it helps if the path sits on a removable USB key, an external drive, or a smartphone.
+
+
+
+# safe push --to="/path/to/removable/drive"
+
+The first time you **`safe push`** on a machine you must provide a path to a folder on a removable drive. This is cached against a reference in the form **`username@<MACHINE_ID>`**.
+
+Simply provide the **`--to`** option to use a different removable drive folder.
+
+
+
+## safe push
+
+You **`safe push`** to synchronize your local and remote safe database.
+
+```
+safe login db.admin   # once per session (shell)
+safe push             # as often as you like
+```
+
+The following will be true after every successful **`safe push`** operation.
+
+After **`safe push`** notice a file called safe-database.ini within the removable drive folder.
+
+
+## when to reconfigure the removable drive
+
+Configure the removable.drive **once per user/machine** combo. You'll need to rerun the command when configuring safedb
+
+- for **another user** on the same machine
+- on a **different machine**
+- to add more **removable drive** paths
+
+<span style="font-family:Papyrus; font-size:2em;">Currently safe only supports a github backend, but this will be expanded to include s3 buckets, git repositories, ssh and sftp, dropbox, google drive and even key-value stores like etcd, redis and Amazon's dynamo db.</span>
+
+
+
+# safe pull --from="/path/to/removable/drive"