signpost-signer 0.1.2

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 03ec990f21112ed52f8b82c9e6c193583e5ca374
+  data.tar.gz: fe6d1975f70a60c401e025a15413f23e2be71f18
+SHA512:
+  metadata.gz: e1c1a0d4730f71514446691e8cc478e3261a6ee8a84bd4e684054212a8544fb0c077e7a7dd51a8fc26df684ba48d704662753919584aa3897315f6f3ae659b2d
+  data.tar.gz: a8cc56c26b93a84b920fafb4716490cb95639738f662326ff39d7d896b4b1558c0fc42c998247bbac77654e94bbbe3438521b12bd1b90031af235492e291c0ef

data/.gitignore

@@ -0,0 +1,10 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+/bin

data/.rspec

@@ -0,0 +1,2 @@
+--format documentation
+--color

data/.travis.yml

@@ -0,0 +1,4 @@
+language: ruby
+rvm:
+  - 2.0.0
+before_install: gem install bundler -v 1.11.2

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in signpost-signer.gemspec
+gemspec

data/README.md

@@ -0,0 +1,36 @@
+# Signpost::Signer
+
+Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/signpost/signer`. To experiment with that code, run `bin/console` for an interactive prompt.
+
+TODO: Delete this and the text above, and describe your gem
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'signpost-signer'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install signpost-signer
+
+## Usage
+
+TODO: Write usage instructions here
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/signpost-signer.
+

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/lib/signpost/signer.rb

@@ -0,0 +1,58 @@
+require 'time'
+require 'open3'
+
+require 'signpost/signer/version'
+
+module Signpost # :nodoc:
+  class SignpostError < StandardError
+  end
+
+  module Signer # :nodoc: TODO DOCME
+    ROOT = File.expand_path('../../../', __FILE__)
+    if RUBY_PLATFORM =~ /darwin/
+      BIN_SIGNER = File.expand_path('bin/signpost-sign-darwin', ROOT)
+    else
+      BIN_SIGNER = File.expand_path('bin/signpost-sign-linux', ROOT)
+    end
+
+    SignatureFailed = Class.new(Signpost::SignpostError)
+    SSHKeyError     = Class.new(Signpost::SignpostError)
+
+    KEYFILE_CANDIDATES = [
+      File.expand_path('~/.ssh/id_ed25519'),
+      File.expand_path('~/.ssh/id_rsa')
+    ].freeze
+
+    def self.sign_request(request, keyfile = find_keyfile)
+      request['Date'] = Time.now.httpdate unless request['Date']
+      canonical = canonicalize(request)
+      request['X-Signpost-Signature'] = sign(canonical, keyfile)
+      request
+    end
+
+    def self.find_keyfile
+      if kf = ENV['SIGNPOST_KEYFILE']
+        return File.expand_path(kf)
+      end
+      KEYFILE_CANDIDATES.each { |kf| return kf if File.exist?(kf) }
+      raise(SSHKeyError, "couldn't find a usable SSH key")
+    end
+
+    def self.canonicalize(request)
+      verb = request.method
+      date = request.fetch('Date')
+      host = request.fetch('Host')
+      path = request.path
+
+      [verb, date, host, path].join("\n") + "\n"
+    end
+
+    def self.sign(message, keyfile)
+      out, err, stat = Open3.capture3(
+        BIN_SIGNER, keyfile, stdin_data: message
+      )
+      return out.strip if stat.success?
+      raise(SignatureFailed, "signpost-sign failed: #{err.strip}")
+    end
+  end
+end

data/lib/signpost/signer/version.rb

@@ -0,0 +1,5 @@
+module Signpost
+  module Signer
+    VERSION = "0.1.2"
+  end
+end

data/signpost-signer.gemspec

@@ -0,0 +1,27 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'signpost/signer/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "signpost-signer"
+  spec.version       = Signpost::Signer::VERSION
+  spec.authors       = ["Burke Libbey"]
+  spec.email         = ["burke.libbey@shopify.com"]
+
+  spec.summary       = %q(Sign HTTP requests with X-Signpost-Signature)
+  spec.description   = %q(Sign HTTP requests with a local SSH keypair for verification on the server against a list of authorized_keys)
+  spec.homepage      = "https://github.com/Shopify/signpost"
+
+  bins = ['signpost-sign-linux', 'signpost-sign-darwin']
+  binfiles = bins.map { |b| "bin/#{b}" }
+
+  spec.files         = binfiles + `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.bindir        = 'bin'
+  spec.executables   = bins
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.11"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rspec", "~> 3.0"
+end

metadata

@@ -0,0 +1,101 @@
+--- !ruby/object:Gem::Specification
+name: signpost-signer
+version: !ruby/object:Gem::Version
+  version: 0.1.2
+platform: ruby
+authors:
+- Burke Libbey
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2016-09-15 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.11'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.11'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+description: Sign HTTP requests with a local SSH keypair for verification on the server
+  against a list of authorized_keys
+email:
+- burke.libbey@shopify.com
+executables:
+- signpost-sign-linux
+- signpost-sign-darwin
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
+- Gemfile
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- bin/signpost-sign-darwin
+- bin/signpost-sign-linux
+- lib/signpost/signer.rb
+- lib/signpost/signer/version.rb
+- signpost-signer.gemspec
+homepage: https://github.com/Shopify/signpost
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.1
+signing_key: 
+specification_version: 4
+summary: Sign HTTP requests with X-Signpost-Signature
+test_files: []