secure_archive 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 82f653d284a274fd591e3acb7a6de3c0419265a8
+  data.tar.gz: 0ec229f35935ff2de04ebef97f1a9334beb56841
+SHA512:
+  metadata.gz: 6d99cbb6dbe021bdfc1c98b6a281d050ac9d2bd5e879f714fc086439a9fcd9777295affe5b7e100fd7a2852c500cdd47fc9d08380e08e71f75d436e4f1e107cf
+  data.tar.gz: 3cd9186653a94c9e9ddce64fbe0d28e96f6f317cd47107706266ee631fc4c2f93e46e95152b7d44c90f675ee1e45cc9ef8783c621795c11e20848ebf33f94bb3

data/.gitignore

@@ -0,0 +1,14 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+*.bundle
+*.so
+*.o
+*.a
+mkmf.log

data/.rspec

@@ -0,0 +1,2 @@
+--format documentation
+--color

data/.travis.yml

@@ -0,0 +1,3 @@
+language: ruby
+rvm:
+  - 2.1.5

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in secure_archive.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2015 Romain Tartière
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,42 @@
+# SecureArchive
+
+Need to backup a tree of files but can't trust the storage?
+
+This gem provides a `gpg-archiver` command that can be used to build and
+maintain an encrypted copy of a directory tree using
+[GnuPG](https://www.gnupg.org/).  The encrypted directory can be backed-up
+to untrusted storage using your regular backup solution.
+
+## Installation
+
+If you plan to build an application embedding SecureArchive, add this line to
+your application's Gemfile:
+
+```ruby
+gem 'secure_archive'
+```
+
+And then execute:
+
+    $ bundle
+
+If you plan to use the `gpg-archiver` utility, simply run:
+
+    $ gem install secure_archive
+
+## Usage
+
+The `gpg-archiver` utility requires at least a GnuPG recipient (provided using the `-r` argument), followed by the source and target directories.  If the source directory has a trailing `/`, the directory content (and not the directory itself) will be archived, so the following commands are equivalent:
+
+~~~
+gpg-archiver -r user@example.com /var/www/example.com/uploads  /var/backup/example.com
+gpg-archiver -r user@example.com /var/www/example.com/uploads/ /var/backup/example.com/uploads
+~~~
+
+## Contributing
+
+1. Fork it ( https://github.com/sante-link/secure_archive/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create a new Pull Request

data/Rakefile

@@ -0,0 +1,7 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec
+

data/bin/gpg-archiver

@@ -0,0 +1,38 @@
+#!/usr/bin/env ruby
+
+require 'secure_archive'
+require 'optparse'
+require 'pathname'
+
+options = {
+  recipients: [],
+}
+
+def usage
+end
+
+opts_parser = OptionParser.new do |opts|
+  opts.banner = 'usage: gpg-archiver [options] source_directory destination_directory'
+  opts.separator('')
+  opts.separator('Available options:')
+  opts.on('-r', '--recipients=foo,bar', Array, 'Add recipients (required)') do |v|
+    options[:recipients] += v
+  end
+end
+
+opts_parser.parse!
+
+if options[:recipients].count == 0 || ARGV.count != 2 then
+  $stderr.puts opts_parser
+  exit 1
+end
+
+begin
+  archiver = SecureArchive::Archiver.new(ARGV.pop, SecureArchive::Encryptor::Gpg.new(options[:recipients]))
+  ARGV.each do |source|
+    archiver.archive_tree(source)
+  end
+rescue SecureArchive::Encryptor::Gpg::RecipientNotInKeyring => e
+  $stderr.puts e.message
+  exit 1
+end

data/lib/secure_archive.rb

@@ -0,0 +1,7 @@
+require 'secure_archive/archiver'
+require 'secure_archive/encryptor'
+require 'secure_archive/version'
+
+module SecureArchive
+  # Your code goes here...
+end

data/lib/secure_archive/archiver.rb

@@ -0,0 +1,52 @@
+require 'fileutils'
+
+module SecureArchive
+  class Archiver
+    def initialize(output, encryptor = SecureArchive::Encryptor::Plain.new)
+      @output = Pathname.new(output)
+      @encryptor = encryptor
+    end
+
+    def archive_tree(src)
+      source = Pathname.new(src)
+      output = @output
+      output += source.basename unless src.is_a?(String) && src[-1..-1] == '/'
+      encrypt_tree(source, output)
+      cleanup_tree(output, source)
+    end
+
+  private
+
+    def encrypt_tree(source, destination)
+      FileUtils.mkdir_p(destination) unless destination.directory?
+      Pathname.new(source).each_child do |file|
+        target = destination + file.basename
+        if file.directory? then
+          encrypt_tree(file.realpath, target)
+        elsif file.file? then
+          # mtime manipulation has shown problems, the following fails:
+          #     a.utime(b.atime, b.mtime)
+          #     a.stat == b.stat
+          # Compare time and allow up to 0.1s of difference
+          if !target.exist? || (target.stat.mtime - file.stat.mtime).abs > 0.1 then
+            @encryptor.encrypt_file(file, target)
+            target.utime(file.atime, file.mtime)
+          end
+        end
+      end
+    end
+
+    def cleanup_tree(dir, ref)
+      Pathname.new(dir).each_child do |file|
+        source = ref + file.basename
+        if source.exist? then
+          if file.directory? then
+            cleanup_tree(file.realpath, ref + file.basename)
+          end
+        else
+          file.rmtree
+        end
+      end
+    end
+  end
+end

data/lib/secure_archive/encryptor.rb

@@ -0,0 +1,2 @@
+require 'secure_archive/encryptor/gpg'
+require 'secure_archive/encryptor/plain'

data/lib/secure_archive/encryptor/gpg.rb

@@ -0,0 +1,26 @@
+require 'gpgme'
+
+module SecureArchive
+  module Encryptor
+    class Gpg
+      class RecipientNotInKeyring < StandardError
+      end
+
+      def initialize(recipients)
+        @crypto = GPGME::Crypto.new
+        recipients.each do |recipient|
+          if GPGME::Key.find(:public, recipient).count == 0 then
+            raise RecipientNotInKeyring, "Recipient #{recipient} does not exist in keyring"
+          end
+        end
+        @recipients = recipients
+      end
+
+      def encrypt_file(source, destination)
+        File.open(destination, 'w') do |w|
+          @crypto.encrypt(File.open(source), recipients: @recipients, output: w, always_trust: true)
+        end
+      end
+    end
+  end
+end

data/lib/secure_archive/encryptor/plain.rb

@@ -0,0 +1,19 @@
+module SecureArchive
+  module Encryptor
+    class Plain
+      def encrypt_file(source, destination)
+        destination.open('w') do |w|
+          source.open do |r|
+            buf = r.read(1024 * 16)
+            while (buf) do
+              w.write(buf)
+              buf = r.read(1024 * 16)
+            end
+          end
+        end
+      end
+    end
+  end
+end
+
+

data/lib/secure_archive/version.rb

@@ -0,0 +1,3 @@
+module SecureArchive
+  VERSION = "0.0.1"
+end

data/secure_archive.gemspec

@@ -0,0 +1,24 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'secure_archive/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "secure_archive"
+  spec.version       = SecureArchive::VERSION
+  spec.authors       = ["Romain Tartière"]
+  spec.email         = ["romain@blogreen.org"]
+  spec.summary       = %q{Create encrypted directory tree archive for backing-up sensitive data.}
+  spec.homepage      = "https://github.com/sante-link/secure_archive"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0")
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+  spec.add_dependency "gpgme", "~> 2.0.8"
+
+  spec.add_development_dependency "bundler", "~> 1.7"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rspec"
+end

data/spec/secure_archive/encryptor/gpg_spec.rb

@@ -0,0 +1,35 @@
+require 'spec_helper'
+
+require 'tempfile'
+
+describe SecureArchive::Encryptor::Gpg do
+  let(:recipients) { [ 'romain@blogreen.org' ] }
+  let(:gpg) { SecureArchive::Encryptor::Gpg.new(recipients) }
+
+  before do
+    @src = Tempfile.new('secure_archive')
+    @dst = Tempfile.new('secure_archive')
+
+    @src.write('Hello, world!')
+    @src.close
+  end
+
+  after do
+    @src.unlink
+    @dst.unlink
+  end
+
+  it 'encrypts data' do
+    gpg.encrypt_file(@src.path, @dst.path)
+
+    expect(File.size?(@dst.path)).to be_truthy
+  end
+
+  describe 'with invalid recipients' do
+    let(:recipients) { [ 'invalid@example.com' ] }
+
+    it 'raises exception' do
+      expect { gpg.encrypt_file(@src.path, @dst.path) }.to raise_exception(SecureArchive::Encryptor::Gpg::RecipientNotInKeyring)
+    end
+  end
+end

data/spec/secure_archive_spec.rb

@@ -0,0 +1,80 @@
+require 'spec_helper'
+
+require 'tmpdir'
+
+describe SecureArchive do
+  it 'has a version number' do
+    expect(SecureArchive::VERSION).not_to be nil
+  end
+
+  describe 'processes a tree of files' do
+    before do
+      @source_dir = Pathname.new(Dir.mktmpdir)
+      @archive_dir = Pathname.new(Dir.mktmpdir)
+    end
+
+    after do
+      FileUtils.remove_entry_secure(@source_dir)
+      FileUtils.remove_entry_secure(@archive_dir)
+    end
+
+    it 'copies new files' do
+      FileUtils.touch(@source_dir + 'a')
+      FileUtils.touch(@source_dir + 'b')
+      FileUtils.touch(@source_dir + 'c')
+
+      expect_any_instance_of(SecureArchive::Encryptor::Plain).to receive(:encrypt_file).with(@source_dir + 'a', @archive_dir + 'a').and_call_original
+      expect_any_instance_of(SecureArchive::Encryptor::Plain).to receive(:encrypt_file).with(@source_dir + 'b', @archive_dir + 'b').and_call_original
+      expect_any_instance_of(SecureArchive::Encryptor::Plain).to receive(:encrypt_file).with(@source_dir + 'c', @archive_dir + 'c').and_call_original
+
+      archiver = SecureArchive::Archiver.new(@archive_dir)
+      archiver.archive_tree(@source_dir.realpath.to_s + '/')
+    end
+
+    it 'updates changed files' do
+      now = Time.now
+      FileUtils.touch(@source_dir + 'a', mtime: now)
+      FileUtils.touch(@source_dir + 'b', mtime: now)
+      FileUtils.touch(@source_dir + 'c', mtime: now)
+      FileUtils.touch(@archive_dir + 'a', mtime: now)
+      FileUtils.touch(@archive_dir + 'b', mtime: now - 5)
+      FileUtils.touch(@archive_dir + 'c', mtime: now + 20)
+
+      expect_any_instance_of(SecureArchive::Encryptor::Plain).not_to receive(:encrypt_file).with(@source_dir + 'a', @archive_dir + 'a').and_call_original
+      expect_any_instance_of(SecureArchive::Encryptor::Plain).to receive(:encrypt_file).with(@source_dir + 'b', @archive_dir + 'b').and_call_original
+      expect_any_instance_of(SecureArchive::Encryptor::Plain).to receive(:encrypt_file).with(@source_dir + 'c', @archive_dir + 'c').and_call_original
+
+      archiver = SecureArchive::Archiver.new(@archive_dir)
+      archiver.archive_tree(@source_dir.realpath.to_s + '/')
+    end
+
+    it 'removes deleted files' do
+      FileUtils.touch(@archive_dir + 'a')
+      FileUtils.touch(@archive_dir + 'b')
+      FileUtils.touch(@archive_dir + 'c')
+
+      expect(FileUtils).to receive(:rm_r).with((@archive_dir + 'a').to_s).and_call_original
+      expect(FileUtils).to receive(:rm_r).with((@archive_dir + 'b').to_s).and_call_original
+      expect(FileUtils).to receive(:rm_r).with((@archive_dir + 'c').to_s).and_call_original
+
+      archiver = SecureArchive::Archiver.new(@archive_dir)
+      archiver.archive_tree(@source_dir.realpath.to_s + '/')
+    end
+
+    it 'creates an additional directory without trailing slash' do
+      now = Time.now
+      FileUtils.mkdir_p(@archive_dir + @source_dir.basename)
+      FileUtils.touch(@source_dir + 'a')
+      FileUtils.touch(@source_dir + 'b', mtime: now)
+      FileUtils.touch(@archive_dir + @source_dir.basename + 'b', mtime: now)
+      FileUtils.touch(@archive_dir + @source_dir.basename + 'c', mtime: now - 20)
+
+      expect_any_instance_of(SecureArchive::Encryptor::Plain).to receive(:encrypt_file).with(@source_dir + 'a', @archive_dir + @source_dir.basename + 'a').and_call_original
+      expect_any_instance_of(SecureArchive::Encryptor::Plain).not_to receive(:encrypt_file).with(@source_dir + 'b', @archive_dir + @source_dir.basename + 'b').and_call_original
+      expect(FileUtils).to receive(:rm_r).with((@archive_dir + @source_dir.basename + 'c').to_s).and_call_original
+
+      archiver = SecureArchive::Archiver.new(@archive_dir)
+      archiver.archive_tree(@source_dir.realpath.to_s)
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,2 @@
+$LOAD_PATH.unshift File.expand_path('../../lib', __FILE__)
+require 'secure_archive'

metadata

@@ -0,0 +1,122 @@
+--- !ruby/object:Gem::Specification
+name: secure_archive
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Romain Tartière
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-01-12 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: gpgme
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.0.8
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.0.8
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: 
+email:
+- romain@blogreen.org
+executables:
+- gpg-archiver
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/gpg-archiver
+- lib/secure_archive.rb
+- lib/secure_archive/archiver.rb
+- lib/secure_archive/encryptor.rb
+- lib/secure_archive/encryptor/gpg.rb
+- lib/secure_archive/encryptor/plain.rb
+- lib/secure_archive/version.rb
+- secure_archive.gemspec
+- spec/secure_archive/encryptor/gpg_spec.rb
+- spec/secure_archive_spec.rb
+- spec/spec_helper.rb
+homepage: https://github.com/sante-link/secure_archive
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.3
+signing_key: 
+specification_version: 4
+summary: Create encrypted directory tree archive for backing-up sensitive data.
+test_files:
+- spec/secure_archive/encryptor/gpg_spec.rb
+- spec/secure_archive_spec.rb
+- spec/spec_helper.rb