RubyGems - secret - Versions diffs - 0.0.1 → 0.0.2 - Mend

secret 0.0.1 → 0.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (18) hide show

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: a56b7cd7533a64c852d89901ba1460a2b487d498
+  data.tar.gz: 2993017272c967c3b9e7249f6be3eff1a9bc3e22
+SHA512:
+  metadata.gz: f263a042a3fb1373b73a7548143b36fc1eb6147cbdbd5ce58e7f6aa34c22bfa40cb014d6934186b220ee08c305976b3b87df8ffb1721091c120243b363297fdd
+  data.tar.gz: a80eb4b104b6fde26085b253e9d6065aa145d9a6cf65d8a54041e98310f4dd69e7b29abd4a88b3f1b2fd9f0faab5ee5f7bc126d2d23b2a0cc9b850a3778e3b76

data/.gitignore CHANGED Viewed

@@ -1,20 +1,23 @@
-*.gem
-*.rbc
-.bundle
-.config
-.yardoc
-Gemfile.lock
-InstalledFiles
-_yardoc
-coverage
-doc/
-lib/bundler/man
-pkg
-rdoc
-spec/reports
-test/tmp
-test/version_tmp
-tmp
-.idea
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+.idea
+*.komodoproject
+.komodotools
+test/secrets/*

data/Gemfile CHANGED Viewed

@@ -1,4 +1,4 @@
-source 'https://rubygems.org'
-# Specify your gem's dependencies in secret.gemspec
-gemspec
+source 'https://rubygems.org'
+# Specify your gem's dependencies in secret.gemspec
+gemspec

data/LICENSE.txt CHANGED Viewed

@@ -1,22 +1,22 @@
-Copyright (c) 2013 Christopher Thornton
-MIT License
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-"Software"), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+Copyright (c) 2013 Christopher Thornton
+MIT License
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md CHANGED Viewed

@@ -1,52 +1,60 @@
-Secret Files
-============
-Keeps your files more secure by ensuring saved files are chmoded 0700 by the same user who is running the process.
-For example, this could be used by a Rails application to store certificates only readable by the www-data process.
-The secret files gem includes some fun over-engineering with file locking!
-## Usage
-Add to your Gemfile:
-```ruby
-gem 'secret'
-```
-Now you should set up your "default" container in an initializer:
-```ruby
-Secret.configure_default 'path/to/secret/dir'
-```
-Finally, you should now be able to put stuff into the secret directory, or read contents!
-```ruby
-secret = Secret.default
-# Save the key
-secret.some_key.stash "ThisIsSomeKey"
-# Get the key
-puts secret.some_key.contents
-# Manually seek through the file
-secret.some_key.stream do |f|
-    f.seek 1, IO::SEEK_CUR
-end
-```
-## How Secure is It?
-Ths is only *somewhat* secure and will provide protection against:
-* Someone who gains access to your server with non-root access
-* Other non-root server processes
-However, this will **not** protect you against:
-* People with root access
-* Arbitrary code execution attacks by the owner (i.e. an `eval()` gone wrong)
-## Other Features
-This gem also includes locking support, meaning that it should (hopefully) be resillient against multiple processes
-writing to a file. The primary reason for this is because I really wanted to try file locking. However, don't do
-anything too tricky and you should be okay.
+Secret Files
+============
+Keeps your files more secure by ensuring saved files are chmoded 0700 by the same user who is running the process.
+For example, this could be used by a Rails application to store certificates only readable by the www-data process.
+The secret files gem includes some fun over-engineering with file locking!
+## Usage
+Add to your Gemfile:
+```ruby
+gem 'secret'
+```
+Now you should set up your "default" container in an initializer:
+```ruby
+Secret.configure_default 'path/to/secret/dir'
+```
+Finally, you should now be able to put stuff into the secret directory, or read contents!
+```ruby
+secret = Secret.default
+# Save the key
+secret.some_key.stash "ThisIsSomeKey"
+# Get the key
+puts secret.some_key.contents
+# Manually seek through the file
+secret.some_key.stream do |f|
+    f.seek 1, IO::SEEK_CUR
+end
+# Support for nested directories
+file = secret.file "certs/file.crt"
+file.stash "Contents of CA File"
+puts file.contents
+# Also support for shorthand syntax
+secret.stash "certs/file.key", "Contents of this key file!"
+puts secret.contents "certs/file.key"
+```
+## How Secure is It?
+Ths is only *somewhat* secure and will provide protection against:
+* Someone who gains access to your server with non-root access
+* Other non-root server processes
+However, this will **not** protect you against:
+* People with root access
+* Arbitrary code execution attacks by the owner (i.e. an `eval()` gone wrong)
+## Other Features
+This gem also includes locking support, meaning that it will be resillient against multiple processes
+writing to a file. This will **not** lock multiple threads from the same process.

data/Rakefile CHANGED Viewed

	@@ -1 +1 @@
1	- require "bundler/gem_tasks"
1	+ require "bundler/gem_tasks"

data/lib/secret/container.rb CHANGED Viewed

@@ -1,64 +1,83 @@
-module Secret
-  class Container
-    attr_reader :directory, :files
-    # Initializes a container. Does significant checking on the directory to ensure it is writeable and it exists.
-    # @param [String] directory the directory to the container
-    # @param [Boolean] auto_create if true, will attempt to create the directory if it does not exist.
-    def initialize(directory, auto_create = true)
-      @directory = directory
-      @files = {}
-      # Do some checking about our directory
-      if ::File.exist?(directory)
-        raise ArgumentError, "Specified directory '#{directory}' is actually a file!" unless ::File.directory?(directory)
-      # Now make our directory if auto_create
-      else
-        raise ArgumentError, "Specified directory '#{directory}' does not exist!" unless auto_create
-        Dir.mkdir(directory, Secret::CHMOD_MODE) # Only give read/write access to this user
-      end
-      raise ArgumentError, "Directory '#{directory}' is not writeable!" unless ::File.writable?(directory)
-    end
-    # Gets a file stored in the container.
-    # @param [Symbol] filename the name of the file.
-    # @return [Secret::File] a secret file
-    def file(filename)
-      fn = filename.to_sym
-      f  = files[fn]
-      return f unless f.nil?
-      f  = Secret::File.new(self, filename)
-      files[fn] = f
-      return f
-    end
-    def method_missing(meth, *args, &block)
-      super(meth, *args, &block) if args.any? or block_given?
-      return file(meth)
-    end
-    # Deletes the cache of objects
-    def uncache!
-      @files = {}
-    end
-    # This should be called once in some sort of initializer.
-    def initialize_once!
-      destroy_all_locks!
-    end
-    # Viciously destroys all locks that the file and its containers may have. Use carefully!
-    # @return [Integer] the number of files destroyed.
-    def destroy_all_locks!
-      files = Dir[::File.join(directory, '*.lock')]
-      files.each{|f| ::File.delete(f) }
-      return files.count
-    end
-  end
+module Secret
+  class Container
+    attr_reader :directory, :files, :chmod_mode
+    # Initializes a container. Does significant checking on the directory to ensure it is writeable and it exists.
+    # @param [String] directory the directory to the container
+    # @param [Boolean] auto_create if true, will attempt to create the directory if it does not exist.
+    def initialize(directory, auto_create = true, chmod = Secret::CHMOD_MODE)
+      @directory = directory
+      @chmod_mode = chmod
+      @files = {}
+      # Do some checking about our directory
+      if ::File.exist?(directory)
+        raise ArgumentError, "Specified directory '#{directory}' is actually a file!" unless ::File.directory?(directory)
+      # Now make our directory if auto_create
+      else
+        raise ArgumentError, "Specified directory '#{directory}' does not exist!" unless auto_create
+        FileUtils.mkdir_p(directory, :mode => chmod_mode) # Only give read/write access to this user
+      end
+      raise ArgumentError, "Directory '#{directory}' is not writeable!" unless ::File.writable?(directory)
+    end
+    # Stashes the contents of a file
+    def stash(path, contents)
+      file(path).stash(contents)
+    end
+    def contents(path)
+      file(path).contents
+    end
+    # Gets a file stored in the container.
+    # @param [Symbol] filename the name of the file.
+    # @return [Secret::File] a secret file
+    def file(filename)
+      fn = filename.to_s
+      f  = files[fn]
+      return f unless f.nil?
+      d = ::File.dirname(fn)
+      container = d == "." ? self : dir(d)
+      f  = Secret::File.new(container, ::File.basename(filename) + Secret::FILE_EXT)
+      files[fn] = f
+      return f
+    end
+    # Another container within the directory
+    def dir(name)
+      Container.new ::File.join(directory, name), true, chmod_mode
+    end
+    def method_missing(meth, *args, &block)
+      super(meth, *args, &block) if args.any? or block_given?
+      return file(meth)
+    end
+    # Deletes the cache of objects
+    def uncache!
+      @files = {}
+    end
+    # This should be called once in some sort of initializer.
+    def initialize_once!
+      destroy_all_locks!
+    end
+    # Viciously destroys all locks that the file and its containers may have. Use carefully!
+    # @return [Integer] the number of files destroyed.
+    def destroy_all_locks!
+      files = Dir[::File.join(directory, '*.lock')]
+      files.each{|f| ::File.delete(f) }
+      return files.count
+    end
+  end
 end

data/lib/secret/encryption.rb CHANGED Viewed

@@ -1,45 +1,45 @@
-require 'openssl'
-module Secret
-  module Encryption
-    def encrypt_basic(passphrase)
-      cipher = OpenSSL::Cipher.new('aes-256-cbc')
-      cipher.encrypt
-      key = passphrase
-      iv  = cipher.random_iv
-      out = StringIO.new("", "wb") do |outf|
-        StringIO.new(contents, "rb") do |inf|
-          while inf.read(4096, buf)
-            outf << cipher.update(buf)
-          end
-          outf << cipher.final
-        end
-      end
-      return out.string
-    end
-    # Checks to see if the file is encrypted
-    def encrypted?
-      ::File.exist?(encrypted_meta_filename)
-    end
-    def stash(content); raise "Not Implemented"; end
-    def contents; raise "Not Implemented"; end
-    protected
-    def encrypted_meta_filename
-      raise NotImplementedError, "Must implement dis!"
-    end
-  end
+require 'openssl'
+module Secret
+  module Encryption
+    def encrypt_basic(passphrase)
+      cipher = OpenSSL::Cipher.new('aes-256-cbc')
+      cipher.encrypt
+      key = passphrase
+      iv  = cipher.random_iv
+      out = StringIO.new("", "wb") do |outf|
+        StringIO.new(contents, "rb") do |inf|
+          while inf.read(4096, buf)
+            outf << cipher.update(buf)
+          end
+          outf << cipher.final
+        end
+      end
+      return out.string
+    end
+    # Checks to see if the file is encrypted
+    def encrypted?
+      ::File.exist?(encrypted_meta_filename)
+    end
+    def stash(content); raise "Not Implemented"; end
+    def contents; raise "Not Implemented"; end
+    protected
+    def encrypted_meta_filename
+      raise NotImplementedError, "Must implement dis!"
+    end
+  end
 end

data/lib/secret/file.rb CHANGED Viewed

@@ -1,187 +1,179 @@
-module Secret
-  # Handles file operations.
-  #
-  # Note that locking operations are not perfect!
-  class File
-    include Secret::Locking
-    # include Secret::Encryption
-    attr_reader :container, :identifier
-    # Lock timeout in MS. Defaults to 5000 MS
-    attr_accessor :lock_timeout_ms
-    # Whether this current object holds the lock over the file.
-    # @return [Boolean] TRUE if this object was the one that holds the lock (i.e. created the lock), FALSE if another
-    #   object holds the lock, or the file simply isn't locked.
-    attr_reader :owns_lock
-    # Creates a new secret file. The specified identifier doesn't already need to exist.
-    # @param [Secret::Container] container the container object
-    # @param [Symbol] identifier an unique identifier for this container
-    def initialize(container, identifier)
-      raise ArgumentError, "Container must be a Secret::Container object" unless container.is_a?(Secret::Container)
-      @container = container; @identifier = identifier; @owns_lock = false
-      @lock_timeout_ms = Secret::Locking::DEFAULT_LOCK_WAIT_MS
-    end
-    # Checks whether this file actually exists or not
-    # @return [Boolean] true if the file exists (i.e. has content), false if otherwise.
-    def exist?
-      ::File.exist?(file_path)
-    end
-    # Gets a file stream of this file. If the file doesn't exist, then a blank file will be created. By default,
-    # this allows you to write to the file. However, please use the {#stash} command, as it accounts for mid-write
-    # crashes. Don't forget to close the file stream when you're done!
-    # @param [String] mode the mode for this file. Currently defaults to 'r+', which is read-write, with the
-    #   file pointer at the beginning of the file.
-    # @return [IO] an IO stream to this file, if not using a block
-    # @note This completely bypasses any internal locking mechanisms if not using a block!
-    # @example
-    #     file = container.some_file
-    #
-    #     # Unsafe way!
-    #     io = file.stream
-    #     io.write "Hello World!"
-    #     io.close
-    #
-    #     # Safe way, with locking support
-    #     file.stream do |f|
-    #       f.write "Hello World!"
-    #     end
-    def stream(mode = 'r+', &block)
-      touch!
-      return ::File.open(file_path, mode, Secret::CHMOD_MODE)  unless block_given?
-      wait_for_unlock(true, lock_timeout_ms) do
-        io = ::File.open(file_path, mode, Secret::CHMOD_MODE)
-        block.call(io)
-        io.close unless io.closed?
-      end
-    end
-    # Gets the contents of the file in a string format. Will return an empty string if the file doesn't exist, or the
-    # file just so happens to be empty.
-    # @return [String] the contents of the file
-    def contents
-      wait_for_unlock(false, lock_timeout_ms) do
-        io = stream
-        str = io.read
-        io.close
-      end
-      return str
-    end
-    # Creates a new file if it doesn't exist. Doesn't actually change the last updated timestamp.
-    # @return [Boolean] true if an empty file was created, false if the file already existed.
-    def touch!
-      unless exist?
-        ::File.open(file_path, 'w') {}
-        secure!
-        return true
-      end
-      return false
-    end
-    # Secures the file by chmoding it to 0700
-    # @raise [IOError] if the file doesn't exist on the server.
-    def secure!
-      raise IOError, "File doesn't exist" unless exist?
-      ::File.chmod(Secret::CHMOD_MODE, file_path)
-    end
-    # Stashes some content into the file! This will write a temporary backup file before stashing, in order to prevent
-    # any partial writes if the server crashes. Once this finishes executing, you can be sure that contents have been
-    # written.
-    # @param [String] content the contents to stash. **Must be a string!**
-    # @raise [ArgumentError] if content is anything other than a String object!
-    def stash(content)
-      raise ArgumentError, "Content must be a String (was type of type #{content.class.name})" unless content.is_a?(String)
-      # Get an exclusive lock
-      wait_for_unlock(true, lock_timeout_ms) do
-        touch!
-        # Think of this as a beginning of a transaction.
-        # Open a temporary file for writing, and close it immediately
-        ::File.open(tmp_file_path, "w", Secret::CHMOD_MODE){|f| f.write content }
-        # Rename the existing file path
-        ::File.rename(file_path, backup_file_path)
-        # Now rename the temporary file to the correct file
-        ::File.rename(tmp_file_path, file_path)
-        # Delete the backup
-        ::File.delete(backup_file_path)
-        # Committed! Secure it just in case
-        secure!
-      end
-    end
-    # Attempts to restore a backup (i.e. if the computer crashed while doing a stash command)
-    # @return [Boolean] true if the backup was successfully restored, false otherwise
-    def restore_backup!
-      return false if locked?
-      return false unless ::File.exist?(backup_file_path)
-      # Ideally we want to get an exclusive lock when doing this!
-      wait_for_unlock(true, lock_timeout_ms) do
-        # If the file actually exists, then the backup file probably wasn't deleted, so just
-        # delete the backup file.
-        if ::File.exist?(file_path)
-          ::File.delete(backup_file_path)
-          return true
-        # Otherwise, the temporary file probably wasn't renamed, so restore the backup and delete the temporary file
-        # if it exists. It's possible the file was corrupted in the middle of writing, so it is better to resort
-        # to an old and complete file rather than a new and possibly corrupted file.
-        else
-          ::File.rename(backup_file_path, file_path)
-          ::File.delete(tmp_file_path) if ::File.exist?(tmp_file_path)
-          return true
-        end
-      end
-    end
-    protected
-    # Gets the path of the lock file
-    def lock_file_path
-      return file_path + '.lock'
-    end
-    private
-    # Gets the actual file path of this container. Intentionally made private (security through obscurity)
-    # @return [String] the absolute path to where this file is
-    def file_path
-      @the_file_path = ::File.join(container.directory, identifier.to_s) if @the_file_path.nil?
-      return @the_file_path
-    end
-    # The path of the temporary file. Used as a temporary container for stashing. This file will then be re-named.
-    # @return [String] the path to the temporary file
-    def tmp_file_path
-      return file_path + ".tmp"
-    end
-    # Gets the path of the backup file
-    # @return [String] the path of the backup file
-    def backup_file_path
-      return file_path + '.bak'
-    end
-  end
+module Secret
+  # Handles file operations. Uses Ruby's internal file locking mechanisms.
+  class File
+    # include Secret::Encryption
+    attr_reader :container, :identifier
+    # Creates a new secret file. The specified identifier doesn't already need to exist.
+    # @param [Secret::Container] container the container object
+    # @param [Symbol] identifier an unique identifier for this container
+    def initialize(container, identifier)
+      raise ArgumentError, "Container must be a Secret::Container object" unless container.is_a?(Secret::Container)
+      @container = container; @identifier = identifier
+      touch!
+      ensure_writeable!
+    end
+    # Checks whether this file actually exists or not
+    # @return [Boolean] true if the file exists (i.e. has content), false if otherwise.
+    def exist?
+      ::File.exist?(file_path)
+    end
+    # Gets a file stream of this file. If the file doesn't exist, then a blank file will be created. By default,
+    # this allows you to write to the file. However, please use the {#stash} command, as it accounts for mid-write
+    # crashes. Don't forget to close the file stream when you're done!
+    # @param [String] mode the mode for this file. Currently defaults to 'r+', which is read-write, with the
+    #   file pointer at the beginning of the file.
+    # @return [IO] an IO stream to this file, if not using a block
+    # @note Uses an exclusive lock on this file
+    # @example
+    #     file = container.some_file
+    #
+    #     # Unsafe way!
+    #     io = file.stream
+    #     io.write "Hello World!"
+    #     io.close
+    #
+    #     # Safe way, with locking support
+    #     file.stream do |f|
+    #       f.write "Hello World!"
+    #     end
+    def stream(mode = 'r', &block)
+      touch!
+      ensure_writeable!
+      return ::File.open(file_path, mode, container.chmod_mode)  unless block_given?
+      ::File.open(file_path, mode, container.chmod_mode) do |f|
+        begin
+          f.flock(::File::LOCK_EX) # Lock with exclusive mode
+          block.call(f)
+        ensure
+          f.flock(::File::LOCK_UN)
+        end
+      end
+    end
+    # Gets the contents of the file in a string format. Will return an empty string if the file doesn't exist, or the
+    # file just so happens to be empty.
+    # @return [String] the contents of the file
+    def contents
+      str = nil
+      stream 'r' do |f|
+        str = f.read
+      end
+      return str
+    end
+    # Creates a new file if it doesn't exist. Doesn't actually change the last updated timestamp.
+    # @return [Boolean] true if an empty file was created, false if the file already existed.
+    def touch!
+      unless exist?
+        ::File.open(file_path, 'w', container.chmod_mode) {}
+        secure!
+        return true
+      end
+      return false
+    end
+    # Secures the file by chmoding it to 0700
+    # @raise [IOError] if the file doesn't exist on the server.
+    def secure!
+      raise IOError, "File doesn't exist" unless exist?
+      ::File.chmod(container.chmod_mode, file_path)
+    end
+    # Stashes some content into the file! This will write a temporary backup file before stashing, in order to prevent
+    # any partial writes if the server crashes. Once this finishes executing, you can be sure that contents have been
+    # written.
+    # @param [String] content the contents to stash. **Must be a string!**
+    # @raise [ArgumentError] if content is anything other than a String object!
+    def stash(content)
+      raise ArgumentError, "Content must be a String (was type of type #{content.class.name})" unless content.is_a?(String)
+      touch!
+      ensure_writeable!
+      # Think of this as a beginning of a transaction.
+      ::File.open(file_path, 'a', container.chmod_mode) do |f|
+        begin
+          f.flock(::File::LOCK_EX)
+          # Open a temporary file for writing, and close it immediately
+          ::File.open(tmp_file_path, "w", container.chmod_mode){|f| f.write content }
+          # Rename tmp file to backup file now we know contents are sane
+          ::File.rename(tmp_file_path, backup_file_path)
+          # Truncate file contents to zero bytes
+          f.truncate 0
+          # Write content
+          f.write content
+        ensure
+          # Now unlock file!
+          f.flock(::File::LOCK_UN)
+        end
+        # Delete backup file
+        ::File.delete(backup_file_path)
+      end
+      # Committed! Secure it just in case
+      secure!
+    end
+    def ensure_writeable!
+      unless ::File.writable?(file_path)
+        raise FileUnreadableError, "File is not writeable - perhaps it was created by a different process?"
+      end
+    end
+    # Attempts to restore a backup (i.e. if the computer crashed while doing a stash command)
+    # @return [Boolean] true if the backup was successfully restored, false otherwise
+    def restore_backup!
+      return false unless ::File.exist?(backup_file_path)
+      # We know backup exists, so let's write to the file. We want to truncate file contents.
+      # Now copy file contents over from the backup file. We use this method to use locking.
+      ::File.open(file_path, 'w', container.chmod_mode) do |f|
+        begin
+          f.flock ::File::LOCK_EX
+          ::File.open(backup_file_path, 'r', container.chmod_mode) do |b|
+            f.write b.read
+          end
+        ensure
+          f.flock ::File::LOCK_UN
+        end
+      end
+      return true
+    end
+    private
+    # Gets the actual file path of this container. Intentionally made private (security through obscurity)
+    # @return [String] the absolute path to where this file is
+    def file_path
+      @the_file_path = ::File.join(container.directory, identifier.to_s) if @the_file_path.nil?
+      return @the_file_path
+    end
+    # The path of the temporary file. Used as a temporary container for stashing. This file will then be re-named.
+    # @return [String] the path to the temporary file
+    def tmp_file_path
+      return file_path + ".tmp"
+    end
+    # Gets the path of the backup file
+    # @return [String] the path of the backup file
+    def backup_file_path
+      return file_path + '.bak'
+    end
+  end
 end

data/lib/secret/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
-module Secret
-  VERSION = "0.0.1"
-end
+module Secret
+  VERSION = "0.0.2"
+end

data/lib/secret.rb CHANGED Viewed

@@ -1,36 +1,34 @@
-require "secret/version"
-require "secret/locking"
-require "secret/file"
-require "secret/container"
-module Secret
-  # The chmod mode to use for files.
-  CHMOD_MODE = 0700
-  # Gets the UID of the current process
-  def self.uid
-    return Process.uid
-  end
-  # Gets the default container
-  # @return [Secret::Container] the default container
-  def self.default
-    raise ArgumentError, "Must call 'Secret.configure_default' before you can access the default container" unless @default
-    return @default
-  end
-  # Configures the default container once
-  def self.configure_default(directory, auto_create = true)
-    unless @default
-      @default = Secret::Container.new(directory, auto_create)
-      @default.initialize_once!
-      return true
-    else
-      return false
-    end
-  end
-  class FileLockedError < Exception; end
-end
+require "secret/version"
+require "secret/file"
+require "secret/container"
+module Secret
+  # The chmod mode to use for files.
+  CHMOD_MODE = 0700
+  # The file extension for secret files
+  FILE_EXT = ".sfile"
+  # Gets the default container
+  # @return [Secret::Container] the default container
+  def self.default
+    raise ArgumentError, "Must call 'Secret.configure_default' before you can access the default container" unless @default
+    return @default
+  end
+  # Configures the default container once
+  def self.configure_default(directory, auto_create = true)
+    unless @default
+      @default = Secret::Container.new(directory, auto_create)
+      @default.initialize_once!
+      return true
+    else
+      return false
+    end
+  end
+  class FileUnreadableError < Exception; end
+end

data/secret.gemspec CHANGED Viewed

@@ -1,23 +1,23 @@
-# coding: utf-8
-lib = File.expand_path('../lib', __FILE__)
-$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require 'secret/version'
-Gem::Specification.new do |spec|
-  spec.name          = "secret"
-  spec.version       = Secret::VERSION
-  spec.authors       = ["Christopher Thornton"]
-  spec.email         = ["rmdirbin@gmail.com"]
-  spec.description   = %q{Keeps your files more secure by ensuring saved files are chmoded 0700 by the same user who is running the process.}
-  spec.summary       = %q{Keeps files more secure on server environments}
-  spec.homepage      = "https://github.com/cgthornt/secret"
-  spec.license       = "MIT"
-  spec.files         = `git ls-files`.split($/)
-  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
-  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
-  spec.require_paths = ["lib"]
-  spec.add_development_dependency "bundler", "~> 1.3"
-  spec.add_development_dependency "rake"
-end
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'secret/version'
+Gem::Specification.new do |spec|
+  spec.name          = "secret"
+  spec.version       = Secret::VERSION
+  spec.authors       = ["Christopher Thornton"]
+  spec.email         = ["rmdirbin@gmail.com"]
+  spec.description   = %q{Keeps your files more secure by ensuring saved files are chmoded 0700 by the same user who is running the process.}
+  spec.summary       = %q{Keeps files more secure on server environments}
+  spec.homepage      = "https://github.com/cgthornt/secret"
+  spec.license       = "MIT"
+  spec.files         = `git ls-files`.split($/)
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+  spec.add_development_dependency "bundler", "~> 1.3"
+  spec.add_development_dependency "rake"
+end

data/test/Gemfile CHANGED Viewed

@@ -1,3 +1,6 @@
-source 'https://rubygems.org'
-gem 'secret', path: '../'
+source 'https://rubygems.org'
+gem 'secret', path: '../'
+#gem 'ffi'
+#gem 'win32-process'

data/test/spawn.rb ADDED Viewed

@@ -0,0 +1,16 @@
+require 'rubygems'
+require 'bundler/setup'
+require 'secret'
+Secret.configure_default 'secrets'
+container = Secret.default
+f = "running.txt"
+File.open(f, 'w'){|f| f.write "Running..." }
+container.test1.stream 'w' do |f|
+  puts "Sleeping for 10 seconds..."
+  sleep(10)
+  f.write "New Contents"
+end
+File.delete(f)

data/test/tester.rb CHANGED Viewed

@@ -1,10 +1,36 @@
-require 'rubygems'
-require 'bundler/setup'
-require 'secret'
-Secret.configure_default 'secrets'
-container = Secret.default
-container.cert_key.stash "Hello World!"
-puts container.cert_key.encrypt_basic "password"
+require 'rubygems'
+require 'bundler/setup'
+# require 'win32/process'
+require 'secret'
+Secret.configure_default 'secrets'
+container = Secret.default
+container.stash "key.crt", "The contents of this key!"
+puts "Contents of key: '#{container.contents 'key.crt'}'"
+exit(0)
+container.something.stash "My Secret Text!"
+container.file(:someting_else).stash "More secret text"
+container.dir('test')
+puts "Testing some multi-process action"
+container.test1.stash "Original Content"
+# Windows - testing file locking
+p = Process.create(
+  :app_name => 'ruby spawn.rb',
+  :creation_flags   => Process::DETACHED_PROCESS,
+  :process_inherit  => false,
+  :thread_inherit   => true,
+)
+sleep(1)
+puts p.inspect
+puts "New contents:"
+puts "'#{container.test1.contents}'"

metadata CHANGED Viewed

@@ -1,20 +1,18 @@
 --- !ruby/object:Gem::Specification
 name: secret
 version: !ruby/object:Gem::Version
-  version: 0.0.1
-  prerelease:
+  version: 0.0.2
 platform: ruby
 authors:
 - Christopher Thornton
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2013-05-04 00:00:00.000000000 Z
+date: 2013-05-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -22,7 +20,6 @@ dependencies:
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -30,17 +27,15 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 description: Keeps your files more secure by ensuring saved files are chmoded 0700
@@ -60,44 +55,36 @@ files:
 - lib/secret/container.rb
 - lib/secret/encryption.rb
 - lib/secret/file.rb
-- lib/secret/locking.rb
 - lib/secret/version.rb
 - secret.gemspec
 - test/Gemfile
-- test/secrets/cert_key
+- test/spawn.rb
 - test/tester.rb
 homepage: https://github.com/cgthornt/secret
 licenses:
 - MIT
+metadata: {}
 post_install_message:
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
-      segments:
-      - 0
-      hash: 296992438860896651
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
-      segments:
-      - 0
-      hash: 296992438860896651
 requirements: []
 rubyforge_project:
-rubygems_version: 1.8.25
+rubygems_version: 2.0.0
 signing_key:
-specification_version: 3
+specification_version: 4
 summary: Keeps files more secure on server environments
 test_files:
 - test/Gemfile
-- test/secrets/cert_key
+- test/spawn.rb
 - test/tester.rb

data/lib/secret/locking.rb DELETED Viewed

@@ -1,142 +0,0 @@
-module Secret
-  # Locking utilities!
-  module Locking
-    # By default, wait for locks for 5 seconds
-    DEFAULT_LOCK_WAIT_MS = 5000
-    # Locks the current file. May prevent other object instances (or processes) from reading / writing to this file.
-    # You may use this to upgrade your lock if you wish.
-    # @param [Boolean] exclusive if TRUE, holds an exclusive lock meaning that other processes cannot read or write
-    #   to the file. If FALSE, allows other files to read from the file, but not to write.
-    # @return [Boolean] true if the lock was created successfully, false if it was not (likely due to another process holding a lock,
-    #  or we already hold the lock).
-    # @note Remember to unlock the file once you are done using it!
-    def lock!(exclusive = false)
-      return false if(locked? and !owns_lock?)
-      # Write
-      # The file contents will be of '<exclusive bit>:<process id>'
-      lock_string = (exclusive ? '0' : '1') + ":#{Process.pid}"
-      ::File.open(lock_file_path, 'w',Secret::CHMOD_MODE) { |f| f.write lock_string }
-      @owns_lock = true
-      return true
-    end
-    # Checks to see if this file is locked. Has no indication of whether we own the lock or not.
-    # @param [Boolean] exclusive if TRUE, only checks if it's an exclusive lock
-    # @return [Boolean] true if the file is locked, false otherwise.
-    def locked?(exclusive = false)
-      return false unless ::File.exist?(lock_file_path)
-      return true unless exclusive # Don't bother checking for non-exlusive
-      ex = false
-      begin
-        # Quickly peek at the file to see if it is exclusive
-        ::File.open(lock_file_path, 'r', Secret::CHMOD_MODE) do |f|
-          ex = f.seek(1, IO::SEEK_CUR) == '1'
-          f.close
-        end
-        return ex
-      rescue Exception => e
-        return false
-      end
-    end
-    # An alias for {#owns_lock}
-    def owns_lock?
-      return owns_lock
-    end
-    # Unlocks this file.
-    # @return [Boolean] true if unlock was successful, false if unlock was unsuccessful (i.e. the file wasn't locked,
-    #   or we don't own the lock)
-    def unlock!
-      return false if !locked?
-      return false if !owns_lock?
-      ::File.delete(lock_file_path)
-      @owns_lock = false
-      return true
-    end
-    # Forcibly unlocks this file, regardless of whether the lock is owned
-    # @return [Boolean] true if unlock was successful, false if the file isn't locked.
-    def force_unlock!
-      return false if !locked?
-      ::File.delete(lock_file_path)
-      @owns_lock = false
-      return true
-    end
-    # Waits for the file to become unlocked for 'max_time_ms'. If file is locked for that long, then raises an
-    # {Secret::::FileLockedError}.
-    # @param [Boolean] exclusive if TRUE, waits for an exclusive lock or shared lock, and then locks with an
-    #   exclusive lock if a block is given. If FALSE, then only waits for an exclusive lock.
-    # @param [Integer] max_time_ms the maximum number of MS to wait until raising an error. If negative, waits forever.
-    # @param [Integer] sleep_ms the number of MS to sleep before polling the lock again
-    # @param [Proc] block pass a block to then execute block while locked (i.e. {#lock_and_do})
-    def wait_for_unlock(exclusive = false, max_time_ms = DEFAULT_LOCK_WAIT_MS, sleep_ms = 100, &block)
-      ms_start = (Time.now.to_f * 1000.0).to_i
-      wait_exclusive = exclusive or block_given?
-      sleep_ms = sleep_ms / 1000.0
-      while locked?(!wait_exclusive)
-        break if owns_lock?
-        sleep(sleep_ms)
-        continue if max_time_ms < 0
-        ms_new = (Time.now.to_f * 1000.0).to_i
-        if (ms_new - ms_start) > max_time_ms
-          raise Secret::FileLockedError, "Timeout of #{max_time_ms} MS exceeded while waiting for lock!"
-        end
-      end
-      # If we are here, waiting has finished
-      lock_and_do(exclusive, &block) if block_given?
-    end
-    # Locks and executes a block, then unlocks upon block execution. This will always ensure that the lock
-    # is released upon block execution, regardless of error or no.
-    # @param [Boolean] exclusive if TRUE, uses an exclusive lock. If false, uses a shared lock
-    # @raise [ArgumentError] if a block is not provided
-    # @raise [FileLockedError] if the file is locked
-    def lock_and_do(exclusive = false, &block)
-      raise ArgumentError, 'Block not given' unless block_given?
-      raise Secret::FileLockedError, 'Cannot lock a file if it is already locked!' if locked?
-      lock!(exclusive)
-      begin
-        block.call
-      rescue Exception => e
-        raise e
-      ensure
-        unlock!
-      end
-    end
-    # Gets information about the current lock:
-    #
-    #   {:pid => 123123, :exclusive => true }
-    #
-    # @return [Hash,nil] information about the current lock, or nil if no lock is present
-    def lock_info
-      return nil unless locked?
-      begin
-        str = nil
-        ::File.open(lock_file_path, 'r', Secret::CHMOD_MODE) {|f| str = f.read }
-        ex,pid = str.split ':'
-        return {:exclusive => (ex == "1"), :pid => pid.to_i}
-      rescue Exception => e
-        return nil
-      end
-    end
-    protected
-    def lock_file_path
-      raise NotImplementedError, "'lock_file_path' needs to be implemented"
-    end
-  end
-end

data/test/secrets/cert_key DELETED Viewed

	@@ -1 +0,0 @@
1	- Hello World!