RubyGems - secret - Versions diffs - 0.0.1 → 0.0.2 - Mend

secret 0.0.1 → 0.0.2

Files changed (18) hide show

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: a56b7cd7533a64c852d89901ba1460a2b487d498
+  data.tar.gz: 2993017272c967c3b9e7249f6be3eff1a9bc3e22
+SHA512:
+  metadata.gz: f263a042a3fb1373b73a7548143b36fc1eb6147cbdbd5ce58e7f6aa34c22bfa40cb014d6934186b220ee08c305976b3b87df8ffb1721091c120243b363297fdd
+  data.tar.gz: a80eb4b104b6fde26085b253e9d6065aa145d9a6cf65d8a54041e98310f4dd69e7b29abd4a88b3f1b2fd9f0faab5ee5f7bc126d2d23b2a0cc9b850a3778e3b76

data/.gitignore CHANGED Viewed

@@ -1,20 +1,23 @@
-*.gem
-*.rbc
-.bundle
-.config
-.yardoc
-Gemfile.lock
-InstalledFiles
-_yardoc
-coverage
-doc/
-lib/bundler/man
-pkg
-rdoc
-spec/reports
-test/tmp
-test/version_tmp
-tmp
-.idea
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+.idea
+*.komodoproject
+.komodotools
+test/secrets/*

data/Gemfile CHANGED Viewed

@@ -1,4 +1,4 @@
-source 'https://rubygems.org'
-# Specify your gem's dependencies in secret.gemspec
-gemspec
+source 'https://rubygems.org'
+# Specify your gem's dependencies in secret.gemspec
+gemspec

data/LICENSE.txt CHANGED Viewed

@@ -1,22 +1,22 @@
-Copyright (c) 2013 Christopher Thornton
-MIT License
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-"Software"), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+Copyright (c) 2013 Christopher Thornton
+MIT License
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md CHANGED Viewed

@@ -1,52 +1,60 @@
-Secret Files
-============
-Keeps your files more secure by ensuring saved files are chmoded 0700 by the same user who is running the process.
-For example, this could be used by a Rails application to store certificates only readable by the www-data process.
-The secret files gem includes some fun over-engineering with file locking!
-## Usage
-Add to your Gemfile:
-```ruby
-gem 'secret'
-```
-Now you should set up your "default" container in an initializer:
-```ruby
-Secret.configure_default 'path/to/secret/dir'
-```
-Finally, you should now be able to put stuff into the secret directory, or read contents!
-```ruby
-secret = Secret.default
-# Save the key
-secret.some_key.stash "ThisIsSomeKey"
-# Get the key
-puts secret.some_key.contents
-# Manually seek through the file
-secret.some_key.stream do |f|
-    f.seek 1, IO::SEEK_CUR
-end
-```
-## How Secure is It?
-Ths is only *somewhat* secure and will provide protection against:
-* Someone who gains access to your server with non-root access
-* Other non-root server processes
-However, this will **not** protect you against:
-* People with root access
-* Arbitrary code execution attacks by the owner (i.e. an `eval()` gone wrong)
-## Other Features
-This gem also includes locking support, meaning that it should (hopefully) be resillient against multiple processes
-writing to a file. The primary reason for this is because I really wanted to try file locking. However, don't do
-anything too tricky and you should be okay.
+Secret Files
+============
+Keeps your files more secure by ensuring saved files are chmoded 0700 by the same user who is running the process.
+For example, this could be used by a Rails application to store certificates only readable by the www-data process.
+The secret files gem includes some fun over-engineering with file locking!
+## Usage
+Add to your Gemfile:
+```ruby
+gem 'secret'
+```
+Now you should set up your "default" container in an initializer:
+```ruby
+Secret.configure_default 'path/to/secret/dir'
+```
+Finally, you should now be able to put stuff into the secret directory, or read contents!
+```ruby
+secret = Secret.default
+# Save the key
+secret.some_key.stash "ThisIsSomeKey"
+# Get the key
+puts secret.some_key.contents
+# Manually seek through the file
+secret.some_key.stream do |f|
+    f.seek 1, IO::SEEK_CUR
+end
+# Support for nested directories
+file = secret.file "certs/file.crt"
+file.stash "Contents of CA File"
+puts file.contents
+# Also support for shorthand syntax
+secret.stash "certs/file.key", "Contents of this key file!"
+puts secret.contents "certs/file.key"
+```
+## How Secure is It?
+Ths is only *somewhat* secure and will provide protection against:
+* Someone who gains access to your server with non-root access
+* Other non-root server processes
+However, this will **not** protect you against:
+* People with root access
+* Arbitrary code execution attacks by the owner (i.e. an `eval()` gone wrong)
+## Other Features
+This gem also includes locking support, meaning that it will be resillient against multiple processes
+writing to a file. This will **not** lock multiple threads from the same process.

data/Rakefile CHANGED Viewed

	@@ -1 +1 @@
1	- require "bundler/gem_tasks"
1	+ require "bundler/gem_tasks"

data/lib/secret/container.rb CHANGED Viewed

@@ -1,64 +1,83 @@
-module Secret
-  class Container
-    attr_reader :directory, :files
-    # Initializes a container. Does significant checking on the directory to ensure it is writeable and it exists.
-    # @param [String] directory the directory to the container
-    # @param [Boolean] auto_create if true, will attempt to create the directory if it does not exist.
-    def initialize(directory, auto_create = true)
-      @directory = directory
-      @files = {}
-      # Do some checking about our directory
-      if ::File.exist?(directory)
-        raise ArgumentError, "Specified directory '#{directory}' is actually a file!" unless ::File.directory?(directory)
-      # Now make our directory if auto_create
-      else
-        raise ArgumentError, "Specified directory '#{directory}' does not exist!" unless auto_create
-        Dir.mkdir(directory, Secret::CHMOD_MODE) # Only give read/write access to this user
-      end
-      raise ArgumentError, "Directory '#{directory}' is not writeable!" unless ::File.writable?(directory)
-    end
-    # Gets a file stored in the container.
-    # @param [Symbol] filename the name of the file.
-    # @return [Secret::File] a secret file
-    def file(filename)
-      fn = filename.to_sym
-      f  = files[fn]
-      return f unless f.nil?
-      f  = Secret::File.new(self, filename)
-      files[fn] = f
-      return f
-    end
-    def method_missing(meth, *args, &block)
-      super(meth, *args, &block) if args.any? or block_given?
-      return file(meth)
-    end
-    # Deletes the cache of objects
-    def uncache!
-      @files = {}
-    end
-    # This should be called once in some sort of initializer.
-    def initialize_once!
-      destroy_all_locks!
-    end
-    # Viciously destroys all locks that the file and its containers may have. Use carefully!
-    # @return [Integer] the number of files destroyed.
-    def destroy_all_locks!
-      files = Dir[::File.join(directory, '*.lock')]
-      files.each{|f| ::File.delete(f) }
-      return files.count
-    end
-  end
+module Secret
+  class Container
+    attr_reader :directory, :files, :chmod_mode
+    # Initializes a container. Does significant checking on the directory to ensure it is writeable and it exists.
+    # @param [String] directory the directory to the container
+    # @param [Boolean] auto_create if true, will attempt to create the directory if it does not exist.
+    def initialize(directory, auto_create = true, chmod = Secret::CHMOD_MODE)
+      @directory = directory
+      @chmod_mode = chmod
+      @files = {}
+      # Do some checking about our directory
+      if ::File.exist?(directory)
+        raise ArgumentError, "Specified directory '#{directory}' is actually a file!" unless ::File.directory?(directory)
+      # Now make our directory if auto_create
+      else
+        raise ArgumentError, "Specified directory '#{directory}' does not exist!" unless auto_create
+        FileUtils.mkdir_p(directory, :mode => chmod_mode) # Only give read/write access to this user
+      end
+      raise ArgumentError, "Directory '#{directory}' is not writeable!" unless ::File.writable?(directory)
+    end
+    # Stashes the contents of a file
+    def stash(path, contents)
+      file(path).stash(contents)
+    end
+    def contents(path)
+      file(path).contents
+    end
+    # Gets a file stored in the container.
+    # @param [Symbol] filename the name of the file.
+    # @return [Secret::File] a secret file
+    def file(filename)
+      fn = filename.to_s
+      f  = files[fn]
+      return f unless f.nil?
+      d = ::File.dirname(fn)
+      container = d == "." ? self : dir(d)
+      f  = Secret::File.new(container, ::File.basename(filename) + Secret::FILE_EXT)
+      files[fn] = f
+      return f
+    end
+    # Another container within the directory
+    def dir(name)
+      Container.new ::File.join(directory, name), true, chmod_mode
+    end
+    def method_missing(meth, *args, &block)
+      super(meth, *args, &block) if args.any? or block_given?
+      return file(meth)
+    end
+    # Deletes the cache of objects
+    def uncache!
+      @files = {}
+    end
+    # This should be called once in some sort of initializer.
+    def initialize_once!
+      destroy_all_locks!
+    end
+    # Viciously destroys all locks that the file and its containers may have. Use carefully!
+    # @return [Integer] the number of files destroyed.
+    def destroy_all_locks!
+      files = Dir[::File.join(directory, '*.lock')]
+      files.each{|f| ::File.delete(f) }
+      return files.count
+    end
+  end
 end

data/lib/secret/encryption.rb CHANGED Viewed

@@ -1,45 +1,45 @@
-require 'openssl'
-module Secret
-  module Encryption
-    def encrypt_basic(passphrase)
-      cipher = OpenSSL::Cipher.new('aes-256-cbc')
-      cipher.encrypt
-      key = passphrase
-      iv  = cipher.random_iv
-      out = StringIO.new("", "wb") do |outf|
-        StringIO.new(contents, "rb") do |inf|
-          while inf.read(4096, buf)
-            outf << cipher.update(buf)
-          end
-          outf << cipher.final
-        end
-      end
-      return out.string
-    end
-    # Checks to see if the file is encrypted
-    def encrypted?
-      ::File.exist?(encrypted_meta_filename)
-    end
-    def stash(content); raise "Not Implemented"; end
-    def contents; raise "Not Implemented"; end
-    protected
-    def encrypted_meta_filename
-      raise NotImplementedError, "Must implement dis!"
-    end
-  end
+require 'openssl'
+module Secret
+  module Encryption
+    def encrypt_basic(passphrase)
+      cipher = OpenSSL::Cipher.new('aes-256-cbc')
+      cipher.encrypt
+      key = passphrase
+      iv  = cipher.random_iv
+      out = StringIO.new("", "wb") do |outf|
+        StringIO.new(contents, "rb") do |inf|
+          while inf.read(4096, buf)
+            outf << cipher.update(buf)
+          end
+          outf << cipher.final
+        end
+      end
+      return out.string
+    end
+    # Checks to see if the file is encrypted
+    def encrypted?
+      ::File.exist?(encrypted_meta_filename)
+    end
+    def stash(content); raise "Not Implemented"; end
+    def contents; raise "Not Implemented"; end
+    protected
+    def encrypted_meta_filename
+      raise NotImplementedError, "Must implement dis!"
+    end
+  end
 end

data/lib/secret/file.rb CHANGED Viewed

@@ -1,187 +1,179 @@
-module Secret
-  # Handles file operations.
-  #
-  # Note that locking operations are not perfect!
-  class File
-    include Secret::Locking
-    # include Secret::Encryption
-    attr_reader :container, :identifier
-    # Lock timeout in MS. Defaults to 5000 MS
-    attr_accessor :lock_timeout_ms
-    # Whether this current object holds the lock over the file.
-    # @return [Boolean] TRUE if this object was the one that holds the lock (i.e. created the lock), FALSE if another
-    #   object holds the lock, or the file simply isn't locked.
-    attr_reader :owns_lock
-    # Creates a new secret file. The specified identifier doesn't already need to exist.
-    # @param [Secret::Container] container the container object
-    # @param [Symbol] identifier an unique identifier for this container
-    def initialize(container, identifier)
-      raise ArgumentError, "Container must be a Secret::Container object" unless container.is_a?(Secret::Container)
-      @container = container; @identifier = identifier; @owns_lock = false
-      @lock_timeout_ms = Secret::Locking::DEFAULT_LOCK_WAIT_MS
-    end
-    # Checks whether this file actually exists or not
-    # @return [Boolean] true if the file exists (i.e. has content), false if otherwise.
-    def exist?
-      ::File.exist?(file_path)
-    end
-    # Gets a file stream of this file. If the file doesn't exist, then a blank file will be created. By default,
-    # this allows you to write to the file. However, please use the {#stash} command, as it accounts for mid-write
-    # crashes. Don't forget to close the file stream when you're done!
-    # @param [String] mode the mode for this file. Currently defaults to 'r+', which is read-write, with the
-    #   file pointer at the beginning of the file.
-    # @return [IO] an IO stream to this file, if not using a block
-    # @note This completely bypasses any internal locking mechanisms if not using a block!
-    # @example
-    #     file = container.some_file
-    #
-    #     # Unsafe way!
-    #     io = file.stream
-    #     io.write "Hello World!"
-    #     io.close
-    #
-    #     # Safe way, with locking support
-    #     file.stream do |f|
-    #       f.write "Hello World!"
-    #     end
-    def stream(mode = 'r+', &block)
-      touch!
-      return ::File.open(file_path, mode, Secret::CHMOD_MODE)  unless block_given?
-      wait_for_unlock(true, lock_timeout_ms) do
-        io = ::File.open(file_path, mode, Secret::CHMOD_MODE)
-        block.call(io)
-        io.close unless io.closed?
-      end
-    end
-    # Gets the contents of the file in a string format. Will return an empty string if the file doesn't exist, or the
-    # file just so happens to be empty.
-    # @return [String] the contents of the file
-    def contents
-      wait_for_unlock(false, lock_timeout_ms) do
-        io = stream
-        str = io.read
-        io.close
-      end
-      return str
-    end
-    # Creates a new file if it doesn't exist. Doesn't actually change the last updated timestamp.
-    # @return [Boolean] true if an empty file was created, false if the file already existed.
-    def touch!
-      unless exist?
-        ::File.open(file_path, 'w') {}
-        secure!
-        return true
-      end
-      return false
-    end
-    # Secures the file by chmoding it to 0700
-    # @raise [IOError] if the file doesn't exist on the server.
-    def secure!
-      raise IOError, "File doesn't exist" unless exist?
-      ::File.chmod(Secret::CHMOD_MODE, file_path)
-    end
-    # Stashes some content into the file! This will write a temporary backup file before stashing, in order to prevent
-    # any partial writes if the server crashes. Once this finishes executing, you can be sure that contents have been
-    # written.
-    # @param [String] content the contents to stash. **Must be a string!**
-    # @raise [ArgumentError] if content is anything other than a String object!
-    def stash(content)
-      raise ArgumentError, "Content must be a String (was type of type #{content.class.name})" unless content.is_a?(String)
-      # Get an exclusive lock
-      wait_for_unlock(true, lock_timeout_ms) do
-        touch!
-        # Think of this as a beginning of a transaction.
-        # Open a temporary file for writing, and close it immediately
-        ::File.open(tmp_file_path, "w", Secret::CHMOD_MODE){|f| f.write content }
-        # Rename the existing file path
-        ::File.rename(file_path, backup_file_path)
-        # Now rename the temporary file to the correct file
-        ::File.rename(tmp_file_path, file_path)
-        # Delete the backup
-        ::File.delete(backup_file_path)
-        # Committed! Secure it just in case
-        secure!
-      end
-    end
-    # Attempts to restore a backup (i.e. if the computer crashed while doing a stash command)
-    # @return [Boolean] true if the backup was successfully restored, false otherwise
-    def restore_backup!
-      return false if locked?
-      return false unless ::File.exist?(backup_file_path)
-      # Ideally we want to get an exclusive lock when doing this!
-      wait_for_unlock(true, lock_timeout_ms) do
-        # If the file actually exists, then the backup file probably wasn't deleted, so just
-        # delete the backup file.
-        if ::File.exist?(file_path)
-          ::File.delete(backup_file_path)
-          return true
-        # Otherwise, the temporary file probably wasn't renamed, so restore the backup and delete the temporary file
-        # if it exists. It's possible the file was corrupted in the middle of writing, so it is better to resort
-        # to an old and complete file rather than a new and possibly corrupted file.
-        else
-          ::File.rename(backup_file_path, file_path)
-          ::File.delete(tmp_file_path) if ::File.exist?(tmp_file_path)
-          return true
-        end
-      end
-    end
-    protected
-    # Gets the path of the lock file
-    def lock_file_path
-      return file_path + '.lock'
-    end
-    private
-    # Gets the actual file path of this container. Intentionally made private (security through obscurity)
-    # @return [String] the absolute path to where this file is
-    def file_path
-      @the_file_path = ::File.join(container.directory, identifier.to_s) if @the_file_path.nil?
-      return @the_file_path
-    end
-    # The path of the temporary file. Used as a temporary container for stashing. This file will then be re-named.
-    # @return [String] the path to the temporary file
-    def tmp_file_path
-      return file_path + ".tmp"
-    end
-    # Gets the path of the backup file
-    # @return [String] the path of the backup file
-    def backup_file_path
-      return file_path + '.bak'
-    end
-  end
+module Secret
+  # Handles file operations. Uses Ruby's internal file locking mechanisms.
+  class File
+    # include Secret::Encryption
+    attr_reader :container, :identifier
+    # Creates a new secret file. The specified identifier doesn't already need to exist.
+    # @param [Secret::Container] container the container object
+    # @param [Symbol] identifier an unique identifier for this container
+    def initialize(container, identifier)
+      raise ArgumentError, "Container must be a Secret::Container object" unless container.is_a?(Secret::Container)
+      @container = container; @identifier = identifier
+      touch!
+      ensure_writeable!
+    end
+    # Checks whether this file actually exists or not
+    # @return [Boolean] true if the file exists (i.e. has content), false if otherwise.
+    def exist?
+      ::File.exist?(file_path)
+    end
+    # Gets a file stream of this file. If the file doesn't exist, then a blank file will be created. By default,
+    # this allows you to write to the file. However, please use the {#stash} command, as it accounts for mid-write
+    # crashes. Don't forget to close the file stream when you're done!
+    # @param [String] mode the mode for this file. Currently defaults to 'r+', which is read-write, with the
+    #   file pointer at the beginning of the file.
+    # @return [IO] an IO stream to this file, if not using a block
+    # @note Uses an exclusive lock on this file
+    # @example
+    #     file = container.some_file
+    #
+    #     # Unsafe way!
+    #     io = file.stream
+    #     io.write "Hello World!"
+    #     io.close
+    #
+    #     # Safe way, with locking support
+    #     file.stream do |f|
+    #       f.write "Hello World!"
+    #     end
+    def stream(mode = 'r', &block)
+      touch!
+      ensure_writeable!
+      return ::File.open(file_path, mode, container.chmod_mode)  unless block_given?
+      ::File.open(file_path, mode, container.chmod_mode) do |f|
+        begin
+          f.flock(::File::LOCK_EX) # Lock with exclusive mode
+          block.call(f)
+        ensure
+          f.flock(::File::LOCK_UN)
+        end
+      end
+    end
+    # Gets the contents of the file in a string format. Will return an empty string if the file doesn't exist, or the
+    # file just so happens to be empty.
+    # @return [String] the contents of the file
+    def contents
+      str = nil
+      stream 'r' do |f|
+        str = f.read
+      end
+      return str
+    end
+    # Creates a new file if it doesn't exist. Doesn't actually change the last updated timestamp.
+    # @return [Boolean] true if an empty file was created, false if the file already existed.
+    def touch!
+      unless exist?
+        ::File.open(file_path, 'w', container.chmod_mode) {}
+        secure!
+        return true
+      end
+      return false
+    end
+    # Secures the file by chmoding it to 0700
+    # @raise [IOError] if the file doesn't exist on the server.
+    def secure!
+      raise IOError, "File doesn't exist" unless exist?
+      ::File.chmod(container.chmod_mode, file_path)
+    end
+    # Stashes some content into the file! This will write a temporary backup file before stashing, in order to prevent
+    # any partial writes if the server crashes. Once this finishes executing, you can be sure that contents have been
+    # written.
+    # @param [String] content the contents to stash. **Must be a string!**
+    # @raise [ArgumentError] if content is anything other than a String object!
+    def stash(content)
+      raise ArgumentError, "Content must be a String (was type of type #{content.class.name})" unless content.is_a?(String)
+      touch!
+      ensure_writeable!
+      # Think of this as a beginning of a transaction.
+      ::File.open(file_path, 'a', container.chmod_mode) do |f|
+        begin
+          f.flock(::File::LOCK_EX)
+          # Open a temporary file for writing, and close it immediately
+          ::File.open(tmp_file_path, "w", container.chmod_mode){|f| f.write content }
+          # Rename tmp file to backup file now we know contents are sane
+          ::File.rename(tmp_file_path, backup_file_path)
+          # Truncate file contents to zero bytes
+          f.truncate 0
+          # Write content
+          f.write content
+        ensure
+          # Now unlock file!
+          f.flock(::File::LOCK_UN)
+        end
+        # Delete backup file
+        ::File.delete(backup_file_path)
+      end
+      # Committed! Secure it just in case
+      secure!
+    end
+    def ensure_writeable!
+      unless ::File.writable?(file_path)
+        raise FileUnreadableError, "File is not writeable - perhaps it was created by a different process?"
+      end
+    end
+    # Attempts to restore a backup (i.e. if the computer crashed while doing a stash command)
+    # @return [Boolean] true if the backup was successfully restored, false otherwise
+    def restore_backup!
+      return false unless ::File.exist?(backup_file_path)
+      # We know backup exists, so let's write to the file. We want to truncate file contents.
+      # Now copy file contents over from the backup file. We use this method to use locking.
+      ::File.open(file_path, 'w', container.chmod_mode) do |f|
+        begin
+          f.flock ::File::LOCK_EX
+          ::File.open(backup_file_path, 'r', container.chmod_mode) do |b|
+            f.write b.read
+          end
+        ensure
+          f.flock ::File::LOCK_UN
+        end
+      end
+      return true
+    end
+    private
+    # Gets the actual file path of this container. Intentionally made private (security through obscurity)
+    # @return [String] the absolute path to where this file is
+    def file_path
+      @the_file_path = ::File.join(container.directory, identifier.to_s) if @the_file_path.nil?
+      return @the_file_path
+    end
+    # The path of the temporary file. Used as a temporary container for stashing. This file will then be re-named.
+    # @return [String] the path to the temporary file
+    def tmp_file_path
+      return file_path + ".tmp"
+    end
+    # Gets the path of the backup file
+    # @return [String] the path of the backup file
+    def backup_file_path
+      return file_path + '.bak'
+    end
+  end
 end

data/lib/secret/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
-module Secret
-  VERSION = "0.0.1"
-end
+module Secret
+  VERSION = "0.0.2"
+end

data/lib/secret.rb CHANGED Viewed

@@ -1,36 +1,34 @@
-require "secret/version"
-require "secret/locking"
-require "secret/file"
-require "secret/container"
-module Secret
-  # The chmod mode to use for files.
-  CHMOD_MODE = 0700
-  # Gets the UID of the current process
-  def self.uid
-    return Process.uid
-  end
-  # Gets the default container
-  # @return [Secret::Container] the default container
-  def self.default
-    raise ArgumentError, "Must call 'Secret.configure_default' before you can access the default container" unless @default
-    return @default
-  end
-  # Configures the default container once
-  def self.configure_default(directory, auto_create = true)
-    unless @default
-      @default = Secret::Container.new(directory, auto_create)
-      @default.initialize_once!
-      return true
-    else
-      return false
-    end
-  end
-  class FileLockedError < Exception; end
-end
+require "secret/version"
+require "secret/file"
+require "secret/container"
+module Secret
+  # The chmod mode to use for files.
+  CHMOD_MODE = 0700
+  # The file extension for secret files
+  FILE_EXT = ".sfile"
+  # Gets the default container
+  # @return [Secret::Container] the default container
+  def self.default
+    raise ArgumentError, "Must call 'Secret.configure_default' before you can access the default container" unless @default
+    return @default
+  end
+  # Configures the default container once
+  def self.configure_default(directory, auto_create = true)
+    unless @default
+      @default = Secret::Container.new(directory, auto_create)
+      @default.initialize_once!
+      return true
+    else
+      return false
+    end
+  end
+  class FileUnreadableError < Exception; end
+end

data/secret.gemspec CHANGED Viewed

@@ -1,23 +1,23 @@
-# coding: utf-8
-lib = File.expand_path('../lib', __FILE__)
-$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require 'secret/version'
-Gem::Specification.new do |spec|
-  spec.name          = "secret"
-  spec.version       = Secret::VERSION
-  spec.authors       = ["Christopher Thornton"]
-  spec.email         = ["rmdirbin@gmail.com"]
-  spec.description   = %q{Keeps your files more secure by ensuring saved files are chmoded 0700 by the same user who is running the process.}
-  spec.summary       = %q{Keeps files more secure on server environments}
-  spec.homepage      = "https://github.com/cgthornt/secret"
-  spec.license       = "MIT"
-  spec.files         = `git ls-files`.split($/)
-  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
-  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
-  spec.require_paths = ["lib"]
-  spec.add_development_dependency "bundler", "~> 1.3"
-  spec.add_development_dependency "rake"
-end
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'secret/version'
+Gem::Specification.new do |spec|
+  spec.name          = "secret"
+  spec.version       = Secret::VERSION
+  spec.authors       = ["Christopher Thornton"]
+  spec.email         = ["rmdirbin@gmail.com"]
+  spec.description   = %q{Keeps your files more secure by ensuring saved files are chmoded 0700 by the same user who is running the process.}
+  spec.summary       = %q{Keeps files more secure on server environments}
+  spec.homepage      = "https://github.com/cgthornt/secret"
+  spec.license       = "MIT"
+  spec.files         = `git ls-files`.split($/)
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+  spec.add_development_dependency "bundler", "~> 1.3"
+  spec.add_development_dependency "rake"
+end

data/test/Gemfile CHANGED Viewed

@@ -1,3 +1,6 @@
-source 'https://rubygems.org'
-gem 'secret', path: '../'
+source 'https://rubygems.org'
+gem 'secret', path: '../'
+#gem 'ffi'
+#gem 'win32-process'

data/test/spawn.rb ADDED Viewed

@@ -0,0 +1,16 @@
+require 'rubygems'
+require 'bundler/setup'
+require 'secret'
+Secret.configure_default 'secrets'
+container = Secret.default
+f = "running.txt"
+File.open(f, 'w'){|f| f.write "Running..." }
+container.test1.stream 'w' do |f|
+  puts "Sleeping for 10 seconds..."
+  sleep(10)
+  f.write "New Contents"
+end
+File.delete(f)

data/test/tester.rb CHANGED Viewed

@@ -1,10 +1,36 @@
-require 'rubygems'
-require 'bundler/setup'
-require 'secret'
-Secret.configure_default 'secrets'
-container = Secret.default
-container.cert_key.stash "Hello World!"
-puts container.cert_key.encrypt_basic "password"
+require 'rubygems'
+require 'bundler/setup'
+# require 'win32/process'
+require 'secret'
+Secret.configure_default 'secrets'
+container = Secret.default
+container.stash "key.crt", "The contents of this key!"
+puts "Contents of key: '#{container.contents 'key.crt'}'"
+exit(0)
+container.something.stash "My Secret Text!"
+container.file(:someting_else).stash "More secret text"
+container.dir('test')
+puts "Testing some multi-process action"
+container.test1.stash "Original Content"
+# Windows - testing file locking
+p = Process.create(
+  :app_name => 'ruby spawn.rb',
+  :creation_flags   => Process::DETACHED_PROCESS,
+  :process_inherit  => false,
+  :thread_inherit   => true,
+)
+sleep(1)
+puts p.inspect
+puts "New contents:"
+puts "'#{container.test1.contents}'"

metadata CHANGED Viewed

@@ -1,20 +1,18 @@
 --- !ruby/object:Gem::Specification
 name: secret
 version: !ruby/object:Gem::Version
-  version: 0.0.1
-  prerelease:
+  version: 0.0.2
 platform: ruby
 authors:
 - Christopher Thornton
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2013-05-04 00:00:00.000000000 Z
+date: 2013-05-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -22,7 +20,6 @@ dependencies:
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -30,17 +27,15 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 description: Keeps your files more secure by ensuring saved files are chmoded 0700
@@ -60,44 +55,36 @@ files:
 - lib/secret/container.rb
 - lib/secret/encryption.rb
 - lib/secret/file.rb
-- lib/secret/locking.rb
 - lib/secret/version.rb
 - secret.gemspec
 - test/Gemfile
-- test/secrets/cert_key
+- test/spawn.rb
 - test/tester.rb
 homepage: https://github.com/cgthornt/secret
 licenses:
 - MIT
+metadata: {}
 post_install_message:
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
-      segments:
-      - 0
-      hash: 296992438860896651
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
-      segments:
-      - 0
-      hash: 296992438860896651
 requirements: []
 rubyforge_project:
-rubygems_version: 1.8.25
+rubygems_version: 2.0.0
 signing_key:
-specification_version: 3
+specification_version: 4
 summary: Keeps files more secure on server environments
 test_files:
 - test/Gemfile
-- test/secrets/cert_key
+- test/spawn.rb
 - test/tester.rb

data/lib/secret/locking.rb DELETED Viewed

@@ -1,142 +0,0 @@
-module Secret
-  # Locking utilities!
-  module Locking
-    # By default, wait for locks for 5 seconds
-    DEFAULT_LOCK_WAIT_MS = 5000
-    # Locks the current file. May prevent other object instances (or processes) from reading / writing to this file.
-    # You may use this to upgrade your lock if you wish.
-    # @param [Boolean] exclusive if TRUE, holds an exclusive lock meaning that other processes cannot read or write
-    #   to the file. If FALSE, allows other files to read from the file, but not to write.
-    # @return [Boolean] true if the lock was created successfully, false if it was not (likely due to another process holding a lock,
-    #  or we already hold the lock).
-    # @note Remember to unlock the file once you are done using it!
-    def lock!(exclusive = false)
-      return false if(locked? and !owns_lock?)
-      # Write
-      # The file contents will be of '<exclusive bit>:<process id>'
-      lock_string = (exclusive ? '0' : '1') + ":#{Process.pid}"
-      ::File.open(lock_file_path, 'w',Secret::CHMOD_MODE) { |f| f.write lock_string }
-      @owns_lock = true
-      return true
-    end
-    # Checks to see if this file is locked. Has no indication of whether we own the lock or not.
-    # @param [Boolean] exclusive if TRUE, only checks if it's an exclusive lock
-    # @return [Boolean] true if the file is locked, false otherwise.
-    def locked?(exclusive = false)
-      return false unless ::File.exist?(lock_file_path)
-      return true unless exclusive # Don't bother checking for non-exlusive
-      ex = false
-      begin
-        # Quickly peek at the file to see if it is exclusive
-        ::File.open(lock_file_path, 'r', Secret::CHMOD_MODE) do |f|
-          ex = f.seek(1, IO::SEEK_CUR) == '1'
-          f.close
-        end
-        return ex
-      rescue Exception => e
-        return false
-      end
-    end
-    # An alias for {#owns_lock}
-    def owns_lock?
-      return owns_lock
-    end
-    # Unlocks this file.
-    # @return [Boolean] true if unlock was successful, false if unlock was unsuccessful (i.e. the file wasn't locked,
-    #   or we don't own the lock)
-    def unlock!
-      return false if !locked?
-      return false if !owns_lock?
-      ::File.delete(lock_file_path)
-      @owns_lock = false
-      return true
-    end
-    # Forcibly unlocks this file, regardless of whether the lock is owned
-    # @return [Boolean] true if unlock was successful, false if the file isn't locked.
-    def force_unlock!
-      return false if !locked?
-      ::File.delete(lock_file_path)
-      @owns_lock = false
-      return true
-    end
-    # Waits for the file to become unlocked for 'max_time_ms'. If file is locked for that long, then raises an
-    # {Secret::::FileLockedError}.
-    # @param [Boolean] exclusive if TRUE, waits for an exclusive lock or shared lock, and then locks with an
-    #   exclusive lock if a block is given. If FALSE, then only waits for an exclusive lock.
-    # @param [Integer] max_time_ms the maximum number of MS to wait until raising an error. If negative, waits forever.
-    # @param [Integer] sleep_ms the number of MS to sleep before polling the lock again
-    # @param [Proc] block pass a block to then execute block while locked (i.e. {#lock_and_do})
-    def wait_for_unlock(exclusive = false, max_time_ms = DEFAULT_LOCK_WAIT_MS, sleep_ms = 100, &block)
-      ms_start = (Time.now.to_f * 1000.0).to_i
-      wait_exclusive = exclusive or block_given?
-      sleep_ms = sleep_ms / 1000.0
-      while locked?(!wait_exclusive)
-        break if owns_lock?
-        sleep(sleep_ms)
-        continue if max_time_ms < 0
-        ms_new = (Time.now.to_f * 1000.0).to_i
-        if (ms_new - ms_start) > max_time_ms
-          raise Secret::FileLockedError, "Timeout of #{max_time_ms} MS exceeded while waiting for lock!"
-        end
-      end
-      # If we are here, waiting has finished
-      lock_and_do(exclusive, &block) if block_given?
-    end
-    # Locks and executes a block, then unlocks upon block execution. This will always ensure that the lock
-    # is released upon block execution, regardless of error or no.
-    # @param [Boolean] exclusive if TRUE, uses an exclusive lock. If false, uses a shared lock
-    # @raise [ArgumentError] if a block is not provided
-    # @raise [FileLockedError] if the file is locked
-    def lock_and_do(exclusive = false, &block)
-      raise ArgumentError, 'Block not given' unless block_given?
-      raise Secret::FileLockedError, 'Cannot lock a file if it is already locked!' if locked?
-      lock!(exclusive)
-      begin
-        block.call
-      rescue Exception => e
-        raise e
-      ensure
-        unlock!
-      end
-    end
-    # Gets information about the current lock:
-    #
-    #   {:pid => 123123, :exclusive => true }
-    #
-    # @return [Hash,nil] information about the current lock, or nil if no lock is present
-    def lock_info
-      return nil unless locked?
-      begin
-        str = nil
-        ::File.open(lock_file_path, 'r', Secret::CHMOD_MODE) {|f| str = f.read }
-        ex,pid = str.split ':'
-        return {:exclusive => (ex == "1"), :pid => pid.to_i}
-      rescue Exception => e
-        return nil
-      end
-    end
-    protected
-    def lock_file_path
-      raise NotImplementedError, "'lock_file_path' needs to be implemented"
-    end
-  end
-end

data/test/secrets/cert_key DELETED Viewed

	@@ -1 +0,0 @@
1	- Hello World!