splice 0.1 → 0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/Gemfile +1 -1
- data/Gemfile.lock +1 -1
- data/bin/splice +9 -8
- data/lib/execution_context.rb +38 -4
- data/lib/splice.rb +74 -0
- data/lib/splice/version.rb +1 -1
- metadata +1 -2
- data/dna.yml +0 -5
data/Gemfile
CHANGED
data/Gemfile.lock
CHANGED
data/bin/splice
CHANGED
|
@@ -1,12 +1,13 @@
|
|
|
1
1
|
#!/usr/bin/env ruby
|
|
2
|
-
require '
|
|
3
|
-
require 'execution_context'
|
|
2
|
+
require 'splice'
|
|
4
3
|
include Splice
|
|
4
|
+
require 'optparse'
|
|
5
5
|
|
|
6
|
-
|
|
6
|
+
options = {}
|
|
7
|
+
OptionParser.new do |opts|
|
|
8
|
+
opts.banner = "Usage: splice [options]"
|
|
9
|
+
opts.on("--master","-m") { generate_master }
|
|
10
|
+
opts.on("-s","--sign FILE") {|f| sign_file(f) }
|
|
11
|
+
end.parse!
|
|
7
12
|
|
|
8
|
-
|
|
9
|
-
context.settings["splice"]["files"].each {|p| context.parse(p); puts "Parsed and wrote file #{p}" }
|
|
10
|
-
else
|
|
11
|
-
puts "ERROR: No files specified for processing."
|
|
12
|
-
end
|
|
13
|
+
parse_files
|
data/lib/execution_context.rb
CHANGED
|
@@ -1,6 +1,9 @@
|
|
|
1
|
-
|
|
1
|
+
require 'openssl'
|
|
2
|
+
SEARCH_PATHS = ["local.dna","/tmp/ephemeral.dna", "/etc/system.dna"] #Search paths, in order of priority
|
|
2
3
|
require 'erb'
|
|
4
|
+
|
|
3
5
|
module Splice
|
|
6
|
+
include OpenSSL
|
|
4
7
|
class ExecutionContext
|
|
5
8
|
attr_accessor :settings
|
|
6
9
|
|
|
@@ -8,11 +11,42 @@ module Splice
|
|
|
8
11
|
@settings = Hash.new
|
|
9
12
|
|
|
10
13
|
SEARCH_PATHS.each do |path|
|
|
11
|
-
is_not_tmp = true unless path == "/tmp/dna
|
|
14
|
+
is_not_tmp = true unless path == "/tmp/ephemeral.dna" and search_tmp == false
|
|
12
15
|
|
|
13
16
|
if File.exists?(path) and is_not_tmp
|
|
14
|
-
|
|
15
|
-
|
|
17
|
+
begin
|
|
18
|
+
dna_package = Marshal.load File.read(path)
|
|
19
|
+
rescue => e
|
|
20
|
+
puts "One or more dna files are invalid. Please check for corruption and try again."
|
|
21
|
+
exit 1
|
|
22
|
+
end
|
|
23
|
+
signature = dna_package[0]
|
|
24
|
+
payload = dna_package[1]
|
|
25
|
+
|
|
26
|
+
# First, we need to verify that the file
|
|
27
|
+
# has not been tampered with
|
|
28
|
+
|
|
29
|
+
begin
|
|
30
|
+
public_key = OpenSSL::PKey::RSA.new File.read("/etc/splice/bloodline.pem")
|
|
31
|
+
rescue => e
|
|
32
|
+
puts "ERROR: Invalid or no bloodline file installed. Please install the bloodline.pem file generated when you ran splice --master at /etc/splice/bloodline.pem"
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
file_signed_correctly = public_key.verify(OpenSSL::Digest::SHA1.new,signature,payload)
|
|
36
|
+
|
|
37
|
+
if !file_signed_correctly
|
|
38
|
+
puts "ERROR: One or more DNA files have been tampered with. Halting immediately."
|
|
39
|
+
exit(13)
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
path_settings = YAML.load(payload)
|
|
43
|
+
path_settings.each_pair do |key,value|
|
|
44
|
+
if key == "splice" and value["files"] and @settings["splice"] and @settings["splice"]["files"]
|
|
45
|
+
@settings["splice"]["files"] += value["files"]
|
|
46
|
+
else
|
|
47
|
+
@settings[key] ||= value
|
|
48
|
+
end
|
|
49
|
+
end
|
|
16
50
|
end
|
|
17
51
|
end
|
|
18
52
|
|
data/lib/splice.rb
CHANGED
|
@@ -1,4 +1,78 @@
|
|
|
1
1
|
require "splice/version"
|
|
2
|
+
require 'execution_context'
|
|
3
|
+
require 'pp'
|
|
4
|
+
require 'openssl'
|
|
2
5
|
|
|
3
6
|
module Splice
|
|
7
|
+
def parse_files
|
|
8
|
+
context = ExecutionContext.new
|
|
9
|
+
|
|
10
|
+
if context.settings["splice"] and context.settings["splice"]["files"] and context.settings["splice"]["files"].count > 0
|
|
11
|
+
context.settings["splice"]["files"].each {|p| context.parse(p); puts "Parsed and wrote file #{p}" }
|
|
12
|
+
else
|
|
13
|
+
puts "ERROR: No files specified for processing."
|
|
14
|
+
end
|
|
15
|
+
exit 0
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
def generate_master
|
|
19
|
+
puts "Generating new master file"
|
|
20
|
+
private_key = OpenSSL::PKey::RSA.new(2048)
|
|
21
|
+
public_key = private_key.public_key
|
|
22
|
+
|
|
23
|
+
private_cert = private_key.to_pem
|
|
24
|
+
public_cert = public_key.to_pem
|
|
25
|
+
|
|
26
|
+
if !Dir.exists?("/etc/splice_master/")
|
|
27
|
+
begin
|
|
28
|
+
Dir.mkdir("/etc/splice_master",0733)
|
|
29
|
+
rescue => e
|
|
30
|
+
puts "ERROR: could not write master key to disk. Check that you have permission to write to /etc/ and try again."
|
|
31
|
+
exit 4
|
|
32
|
+
end
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
begin
|
|
36
|
+
File.open("/etc/splice_master/splice.master",'w') {|f| f.write(private_key) }
|
|
37
|
+
File.open("bloodline.pem",'w') {|f| f.write(public_key) }
|
|
38
|
+
rescue => e
|
|
39
|
+
puts "ERROR: Could not write master key to disk."
|
|
40
|
+
exit 2
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
puts "New master created"
|
|
44
|
+
puts "Bloodline file saved to './bloodline.pem'"
|
|
45
|
+
exit 0
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
def sign_file(a_file)
|
|
49
|
+
puts "Signing file #{a_file}"
|
|
50
|
+
|
|
51
|
+
if !File.exists?("/etc/splice_master/splice.master")
|
|
52
|
+
puts "ERROR: No splice master key found. Run splice --master or import the correct key before you attempt to sign files."
|
|
53
|
+
exit 1
|
|
54
|
+
end
|
|
55
|
+
|
|
56
|
+
private_key = OpenSSL::PKey::RSA.new File.read('/etc/splice_master/splice.master')
|
|
57
|
+
file_contents = File.read(a_file)
|
|
58
|
+
sig = private_key.sign(OpenSSL::Digest::SHA1.new,file_contents)
|
|
59
|
+
new_file_name = File.basename(a_file)
|
|
60
|
+
new_file_name = new_file_name.split(".")
|
|
61
|
+
new_file_name.delete_at(new_file_name.count - 1) #Remove the file extension
|
|
62
|
+
new_file_name = new_file_name.join(".")
|
|
63
|
+
new_file_name += ".dna"
|
|
64
|
+
|
|
65
|
+
dna_payload = Marshal.dump [sig,file_contents]
|
|
66
|
+
|
|
67
|
+
begin
|
|
68
|
+
File.open(new_file_name,'w') { |f| f.write(dna_payload) }
|
|
69
|
+
rescue => e
|
|
70
|
+
puts "ERROR: Could not write signed DNA file to disk."
|
|
71
|
+
exit 6
|
|
72
|
+
end
|
|
73
|
+
|
|
74
|
+
puts "Signed configuration file #{a_file} to #{new_file_name}"
|
|
75
|
+
|
|
76
|
+
exit 0
|
|
77
|
+
end
|
|
4
78
|
end
|
data/lib/splice/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: splice
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: '0.
|
|
4
|
+
version: '0.2'
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -26,7 +26,6 @@ files:
|
|
|
26
26
|
- README.md
|
|
27
27
|
- Rakefile
|
|
28
28
|
- bin/splice
|
|
29
|
-
- dna.yml
|
|
30
29
|
- lib/execution_context.rb
|
|
31
30
|
- lib/splice.rb
|
|
32
31
|
- lib/splice/version.rb
|