splice 0.1 → 0.2
Sign up to get free protection for your applications and to get access to all the features.
- data/Gemfile +1 -1
- data/Gemfile.lock +1 -1
- data/bin/splice +9 -8
- data/lib/execution_context.rb +38 -4
- data/lib/splice.rb +74 -0
- data/lib/splice/version.rb +1 -1
- metadata +1 -2
- data/dna.yml +0 -5
data/Gemfile
CHANGED
data/Gemfile.lock
CHANGED
data/bin/splice
CHANGED
|
@@ -1,12 +1,13 @@
|
|
|
1
1
|
#!/usr/bin/env ruby
|
|
2
|
-
require '
|
|
3
|
-
require 'execution_context'
|
|
2
|
+
require 'splice'
|
|
4
3
|
include Splice
|
|
4
|
+
require 'optparse'
|
|
5
5
|
|
|
6
|
-
|
|
6
|
+
options = {}
|
|
7
|
+
OptionParser.new do |opts|
|
|
8
|
+
opts.banner = "Usage: splice [options]"
|
|
9
|
+
opts.on("--master","-m") { generate_master }
|
|
10
|
+
opts.on("-s","--sign FILE") {|f| sign_file(f) }
|
|
11
|
+
end.parse!
|
|
7
12
|
|
|
8
|
-
|
|
9
|
-
context.settings["splice"]["files"].each {|p| context.parse(p); puts "Parsed and wrote file #{p}" }
|
|
10
|
-
else
|
|
11
|
-
puts "ERROR: No files specified for processing."
|
|
12
|
-
end
|
|
13
|
+
parse_files
|
data/lib/execution_context.rb
CHANGED
|
@@ -1,6 +1,9 @@
|
|
|
1
|
-
|
|
1
|
+
require 'openssl'
|
|
2
|
+
SEARCH_PATHS = ["local.dna","/tmp/ephemeral.dna", "/etc/system.dna"] #Search paths, in order of priority
|
|
2
3
|
require 'erb'
|
|
4
|
+
|
|
3
5
|
module Splice
|
|
6
|
+
include OpenSSL
|
|
4
7
|
class ExecutionContext
|
|
5
8
|
attr_accessor :settings
|
|
6
9
|
|
|
@@ -8,11 +11,42 @@ module Splice
|
|
|
8
11
|
@settings = Hash.new
|
|
9
12
|
|
|
10
13
|
SEARCH_PATHS.each do |path|
|
|
11
|
-
is_not_tmp = true unless path == "/tmp/dna
|
|
14
|
+
is_not_tmp = true unless path == "/tmp/ephemeral.dna" and search_tmp == false
|
|
12
15
|
|
|
13
16
|
if File.exists?(path) and is_not_tmp
|
|
14
|
-
|
|
15
|
-
|
|
17
|
+
begin
|
|
18
|
+
dna_package = Marshal.load File.read(path)
|
|
19
|
+
rescue => e
|
|
20
|
+
puts "One or more dna files are invalid. Please check for corruption and try again."
|
|
21
|
+
exit 1
|
|
22
|
+
end
|
|
23
|
+
signature = dna_package[0]
|
|
24
|
+
payload = dna_package[1]
|
|
25
|
+
|
|
26
|
+
# First, we need to verify that the file
|
|
27
|
+
# has not been tampered with
|
|
28
|
+
|
|
29
|
+
begin
|
|
30
|
+
public_key = OpenSSL::PKey::RSA.new File.read("/etc/splice/bloodline.pem")
|
|
31
|
+
rescue => e
|
|
32
|
+
puts "ERROR: Invalid or no bloodline file installed. Please install the bloodline.pem file generated when you ran splice --master at /etc/splice/bloodline.pem"
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
file_signed_correctly = public_key.verify(OpenSSL::Digest::SHA1.new,signature,payload)
|
|
36
|
+
|
|
37
|
+
if !file_signed_correctly
|
|
38
|
+
puts "ERROR: One or more DNA files have been tampered with. Halting immediately."
|
|
39
|
+
exit(13)
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
path_settings = YAML.load(payload)
|
|
43
|
+
path_settings.each_pair do |key,value|
|
|
44
|
+
if key == "splice" and value["files"] and @settings["splice"] and @settings["splice"]["files"]
|
|
45
|
+
@settings["splice"]["files"] += value["files"]
|
|
46
|
+
else
|
|
47
|
+
@settings[key] ||= value
|
|
48
|
+
end
|
|
49
|
+
end
|
|
16
50
|
end
|
|
17
51
|
end
|
|
18
52
|
|
data/lib/splice.rb
CHANGED
|
@@ -1,4 +1,78 @@
|
|
|
1
1
|
require "splice/version"
|
|
2
|
+
require 'execution_context'
|
|
3
|
+
require 'pp'
|
|
4
|
+
require 'openssl'
|
|
2
5
|
|
|
3
6
|
module Splice
|
|
7
|
+
def parse_files
|
|
8
|
+
context = ExecutionContext.new
|
|
9
|
+
|
|
10
|
+
if context.settings["splice"] and context.settings["splice"]["files"] and context.settings["splice"]["files"].count > 0
|
|
11
|
+
context.settings["splice"]["files"].each {|p| context.parse(p); puts "Parsed and wrote file #{p}" }
|
|
12
|
+
else
|
|
13
|
+
puts "ERROR: No files specified for processing."
|
|
14
|
+
end
|
|
15
|
+
exit 0
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
def generate_master
|
|
19
|
+
puts "Generating new master file"
|
|
20
|
+
private_key = OpenSSL::PKey::RSA.new(2048)
|
|
21
|
+
public_key = private_key.public_key
|
|
22
|
+
|
|
23
|
+
private_cert = private_key.to_pem
|
|
24
|
+
public_cert = public_key.to_pem
|
|
25
|
+
|
|
26
|
+
if !Dir.exists?("/etc/splice_master/")
|
|
27
|
+
begin
|
|
28
|
+
Dir.mkdir("/etc/splice_master",0733)
|
|
29
|
+
rescue => e
|
|
30
|
+
puts "ERROR: could not write master key to disk. Check that you have permission to write to /etc/ and try again."
|
|
31
|
+
exit 4
|
|
32
|
+
end
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
begin
|
|
36
|
+
File.open("/etc/splice_master/splice.master",'w') {|f| f.write(private_key) }
|
|
37
|
+
File.open("bloodline.pem",'w') {|f| f.write(public_key) }
|
|
38
|
+
rescue => e
|
|
39
|
+
puts "ERROR: Could not write master key to disk."
|
|
40
|
+
exit 2
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
puts "New master created"
|
|
44
|
+
puts "Bloodline file saved to './bloodline.pem'"
|
|
45
|
+
exit 0
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
def sign_file(a_file)
|
|
49
|
+
puts "Signing file #{a_file}"
|
|
50
|
+
|
|
51
|
+
if !File.exists?("/etc/splice_master/splice.master")
|
|
52
|
+
puts "ERROR: No splice master key found. Run splice --master or import the correct key before you attempt to sign files."
|
|
53
|
+
exit 1
|
|
54
|
+
end
|
|
55
|
+
|
|
56
|
+
private_key = OpenSSL::PKey::RSA.new File.read('/etc/splice_master/splice.master')
|
|
57
|
+
file_contents = File.read(a_file)
|
|
58
|
+
sig = private_key.sign(OpenSSL::Digest::SHA1.new,file_contents)
|
|
59
|
+
new_file_name = File.basename(a_file)
|
|
60
|
+
new_file_name = new_file_name.split(".")
|
|
61
|
+
new_file_name.delete_at(new_file_name.count - 1) #Remove the file extension
|
|
62
|
+
new_file_name = new_file_name.join(".")
|
|
63
|
+
new_file_name += ".dna"
|
|
64
|
+
|
|
65
|
+
dna_payload = Marshal.dump [sig,file_contents]
|
|
66
|
+
|
|
67
|
+
begin
|
|
68
|
+
File.open(new_file_name,'w') { |f| f.write(dna_payload) }
|
|
69
|
+
rescue => e
|
|
70
|
+
puts "ERROR: Could not write signed DNA file to disk."
|
|
71
|
+
exit 6
|
|
72
|
+
end
|
|
73
|
+
|
|
74
|
+
puts "Signed configuration file #{a_file} to #{new_file_name}"
|
|
75
|
+
|
|
76
|
+
exit 0
|
|
77
|
+
end
|
|
4
78
|
end
|
data/lib/splice/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: splice
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: '0.
|
|
4
|
+
version: '0.2'
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -26,7 +26,6 @@ files:
|
|
|
26
26
|
- README.md
|
|
27
27
|
- Rakefile
|
|
28
28
|
- bin/splice
|
|
29
|
-
- dna.yml
|
|
30
29
|
- lib/execution_context.rb
|
|
31
30
|
- lib/splice.rb
|
|
32
31
|
- lib/splice/version.rb
|