splice 0.3 → 0.5
Sign up to get free protection for your applications and to get access to all the features.
- data/Gemfile.lock +1 -1
- data/lib/execution_context.rb +14 -10
- data/lib/splice.rb +16 -9
- data/lib/splice/version.rb +1 -1
- metadata +2 -2
data/Gemfile.lock
CHANGED
data/lib/execution_context.rb
CHANGED
|
@@ -2,6 +2,7 @@ require 'openssl'
|
|
|
2
2
|
SEARCH_PATHS = ["local.dna","/tmp/ephemeral.dna", "/etc/system.dna"] #Search paths, in order of priority
|
|
3
3
|
require 'erb'
|
|
4
4
|
require 'yaml'
|
|
5
|
+
require 'digest/sha1'
|
|
5
6
|
|
|
6
7
|
module Splice
|
|
7
8
|
include OpenSSL
|
|
@@ -11,28 +12,31 @@ module Splice
|
|
|
11
12
|
def initialize(search_tmp = false)
|
|
12
13
|
@settings = Hash.new
|
|
13
14
|
|
|
14
|
-
SEARCH_PATHS.each do |path|
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
if File.exists?(path) and is_not_tmp
|
|
15
|
+
SEARCH_PATHS.each do |path|
|
|
16
|
+
if File.exists?(path)
|
|
18
17
|
begin
|
|
19
|
-
|
|
18
|
+
delim = "!)@(#*$*$&%^)"
|
|
19
|
+
dna_package = File.read(path)
|
|
20
|
+
dna_package = dna_package.split(delim)
|
|
20
21
|
rescue => e
|
|
21
|
-
puts "One or more dna files are invalid. Please check for corruption and try again."
|
|
22
|
+
puts "One or more dna files are invalid. Please check for corruption and try again.\n\n#{e.message}\n#{e.backtrace}"
|
|
22
23
|
exit 1
|
|
23
24
|
end
|
|
24
|
-
|
|
25
|
+
|
|
26
|
+
signature = Base64.decode64(dna_package[0])
|
|
25
27
|
payload = dna_package[1]
|
|
26
28
|
|
|
27
29
|
# First, we need to verify that the file
|
|
28
30
|
# has not been tampered with
|
|
29
31
|
|
|
30
32
|
begin
|
|
31
|
-
public_key = OpenSSL::PKey::RSA.new File.read("/etc/splice/bloodline
|
|
33
|
+
public_key = OpenSSL::PKey::RSA.new File.read("/etc/splice/bloodline")
|
|
34
|
+
throw "no bloodline" if public_key.nil?
|
|
32
35
|
rescue => e
|
|
33
|
-
puts "ERROR: Invalid or no bloodline file installed. Please install the bloodline
|
|
36
|
+
puts "ERROR: Invalid or no bloodline file installed. Please install the bloodline file generated when you ran splice --master at /etc/splice/bloodline"
|
|
37
|
+
exit 14
|
|
34
38
|
end
|
|
35
|
-
|
|
39
|
+
|
|
36
40
|
file_signed_correctly = public_key.verify(OpenSSL::Digest::SHA1.new,signature,payload)
|
|
37
41
|
|
|
38
42
|
if !file_signed_correctly
|
data/lib/splice.rb
CHANGED
|
@@ -2,11 +2,13 @@ require "splice/version"
|
|
|
2
2
|
require 'execution_context'
|
|
3
3
|
require 'pp'
|
|
4
4
|
require 'openssl'
|
|
5
|
+
require 'base64'
|
|
6
|
+
require 'digest/sha1'
|
|
5
7
|
|
|
6
8
|
module Splice
|
|
7
9
|
def parse_files
|
|
8
10
|
context = ExecutionContext.new
|
|
9
|
-
|
|
11
|
+
|
|
10
12
|
if context.settings["splice"] and context.settings["splice"]["files"] and context.settings["splice"]["files"].count > 0
|
|
11
13
|
context.settings["splice"]["files"].each {|p| context.parse(p); puts "Parsed and wrote file #{p}" }
|
|
12
14
|
else
|
|
@@ -23,9 +25,10 @@ module Splice
|
|
|
23
25
|
private_cert = private_key.to_pem
|
|
24
26
|
public_cert = public_key.to_pem
|
|
25
27
|
|
|
26
|
-
if !Dir.exists?("/etc/
|
|
28
|
+
if !Dir.exists?("/etc/splice/master/")
|
|
27
29
|
begin
|
|
28
|
-
Dir.mkdir("/etc/
|
|
30
|
+
Dir.mkdir("/etc/splice",0733) if !Dir.exists?("/etc/splice")
|
|
31
|
+
Dir.mkdir("/etc/splice/master/",0733)
|
|
29
32
|
rescue => e
|
|
30
33
|
puts "ERROR: could not write master key to disk. Check that you have permission to write to /etc/ and try again."
|
|
31
34
|
exit 4
|
|
@@ -33,27 +36,27 @@ module Splice
|
|
|
33
36
|
end
|
|
34
37
|
|
|
35
38
|
begin
|
|
36
|
-
File.open("/etc/
|
|
37
|
-
File.open("bloodline
|
|
39
|
+
File.open("/etc/splice/master/splice.pem",'w') {|f| f.write(private_key) }
|
|
40
|
+
File.open("bloodline",'w') {|f| f.write(public_key) }
|
|
38
41
|
rescue => e
|
|
39
42
|
puts "ERROR: Could not write master key to disk."
|
|
40
43
|
exit 2
|
|
41
44
|
end
|
|
42
45
|
|
|
43
46
|
puts "New master created"
|
|
44
|
-
puts "Bloodline file saved to './bloodline
|
|
47
|
+
puts "Bloodline file saved to './bloodline'"
|
|
45
48
|
exit 0
|
|
46
49
|
end
|
|
47
50
|
|
|
48
51
|
def sign_file(a_file)
|
|
49
52
|
puts "Signing file #{a_file}"
|
|
50
53
|
|
|
51
|
-
if !File.exists?("/etc/
|
|
54
|
+
if !File.exists?("/etc/splice/master/splice.pem")
|
|
52
55
|
puts "ERROR: No splice master key found. Run splice --master or import the correct key before you attempt to sign files."
|
|
53
56
|
exit 1
|
|
54
57
|
end
|
|
55
58
|
|
|
56
|
-
private_key = OpenSSL::PKey::RSA.new File.read('/etc/
|
|
59
|
+
private_key = OpenSSL::PKey::RSA.new File.read('/etc/splice/master/splice.pem')
|
|
57
60
|
file_contents = File.read(a_file)
|
|
58
61
|
sig = private_key.sign(OpenSSL::Digest::SHA1.new,file_contents)
|
|
59
62
|
new_file_name = File.basename(a_file)
|
|
@@ -62,7 +65,8 @@ module Splice
|
|
|
62
65
|
new_file_name = new_file_name.join(".")
|
|
63
66
|
new_file_name += ".dna"
|
|
64
67
|
|
|
65
|
-
|
|
68
|
+
delim = "!)@(#*$*$&%^)"
|
|
69
|
+
dna_payload = [Base64.encode64(sig),file_contents].join(delim)
|
|
66
70
|
|
|
67
71
|
begin
|
|
68
72
|
File.open(new_file_name,'w') { |f| f.write(dna_payload) }
|
|
@@ -72,6 +76,9 @@ module Splice
|
|
|
72
76
|
end
|
|
73
77
|
|
|
74
78
|
puts "Signed configuration file #{a_file} to #{new_file_name}"
|
|
79
|
+
puts "SHA1 Signatures:"
|
|
80
|
+
puts "Signature: " + Digest::SHA1.hexdigest(sig)
|
|
81
|
+
puts "Payload: " + Digest::SHA1.hexdigest(file_contents)
|
|
75
82
|
|
|
76
83
|
exit 0
|
|
77
84
|
end
|
data/lib/splice/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: splice
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: '0.
|
|
4
|
+
version: '0.5'
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2012-
|
|
12
|
+
date: 2012-08-22 00:00:00.000000000 Z
|
|
13
13
|
dependencies: []
|
|
14
14
|
description: A simple way to manage Linux server configurations.
|
|
15
15
|
email:
|