sshkit 1.18.1 → 1.21.0

data/Dangerfile

@@ -1 +1 @@
-danger.import_dangerfile(github: "capistrano/danger")
+danger.import_dangerfile(github: "capistrano/danger", branch: "no-changelog")

data/Gemfile

@@ -7,13 +7,6 @@ platforms :rbx do
   gem 'json'
 end
 
-# Chandler requires Ruby >= 2.1.0, but depending on the Travis environment,
-# we may not meet that requirement. Only include the chandler gem if the Ruby
-# requirement is met. (Chandler is used only for `rake release`; see Rakefile.)
-if Gem::Requirement.new('>= 2.1.0').satisfied_by?(Gem::Version.new(RUBY_VERSION))
-  gem 'chandler', '>= 0.1.1'
-end
-
 # public_suffix 3+ requires ruby 2.1+
 if Gem::Requirement.new('< 2.1').satisfied_by?(Gem::Version.new(RUBY_VERSION))
   gem 'public_suffix', '< 3'

data/README.md

@@ -6,29 +6,31 @@ more servers.
 [![Gem Version](https://badge.fury.io/rb/sshkit.svg)](https://rubygems.org/gems/sshkit)
 [![Build Status](https://travis-ci.org/capistrano/sshkit.svg?branch=master)](https://travis-ci.org/capistrano/sshkit)
 
-## How might it work?
+## Example
 
-The typical use-case looks something like this:
+ - Connect to 2 servers
+ - Execute commands as `deploy` user with `RAILS_ENV=production`
+ - Execute commands in serial (default is `:parallel`)
 
 ```ruby
 require 'sshkit'
 require 'sshkit/dsl'
 include SSHKit::DSL
 
-on %w{1.example.com 2.example.com}, in: :sequence, wait: 5 do |host|
+on ["1.example.com", "2.example.com"], in: :sequence do |host|
+  puts "Now executing on #{host}"
   within "/opt/sites/example.com" do
     as :deploy  do
-      with rails_env: :production do
-        rake   "assets:precompile"
-        runner "S3::Sync.notify"
-        execute :node, "socket_server.js"
+      with RAILS_ENV: 'production' do
+        execute :rake, "assets:precompile"
+        execute :rails, "runner", "S3::Sync.notify"
       end
     end
   end
 end
 ```
 
-You can find many other examples of how to use SSHKit over in [EXAMPLES.md](EXAMPLES.md).
+Many other examples are in [EXAMPLES.md](EXAMPLES.md).
 
 ## Basic usage
 
@@ -37,7 +39,7 @@ You can pass one or more hosts as parameters; this runs commands via SSH. Altern
 pass `:local` to run commands locally. By default SSKit will run the commands on all hosts in
 parallel.
 
-#### Running commands
+### Running commands
 
 All backends support the `execute(*args)`, `test(*args)` & `capture(*args)` methods
 for executing a command. You can call any of these methods in the context of an `on()`
@@ -63,7 +65,7 @@ end
 By default the `capture` methods strips whitespace. If you need to preserve whitespace
 you can pass the `strip: false` option: `capture(:ls, '-l', strip: false)`
 
-#### Transferring files
+### Transferring files
 
 All backends also support the `upload!` and `download!` methods for transferring files.
 For the remote backend, the file is transferred with scp.
@@ -75,7 +77,7 @@ on '1.example.com' do
 end
 ```
 
-#### Users, working directories, environment variables and umask
+### Users, working directories, environment variables and umask
 
 When running commands, you can tell SSHKit to set up the context for those
 commands using the following methods:
@@ -113,6 +115,11 @@ the raised error.
 Helpers such as `runner()` and `rake()` which expand to `execute(:rails, "runner", ...)` and
 `execute(:rake, ...)` are convenience helpers for Ruby, and Rails based apps.
 
+### Verbosity / Silence
+
+ - raise verbosity of a command: `execute "echo DEAD", verbosity: :ERROR`
+ - hide a command from output: `execute "echo HIDDEN", verbosity: :DEBUG`
+
 ## Parallel
 
 Notice on the `on()` call the `in: :sequence` option, the following will do
@@ -567,10 +574,20 @@ In order to do special gymnastics with SSH, tunneling, aliasing, complex options
 
 These system level files are the preferred way of setting up tunneling and proxies because the system implementations of these things are faster and better than the Ruby implementations you would get if you were to configure them through Net::SSH. In cases where it's not possible (Windows?), it should be possible to make use of the Net::SSH APIs to setup tunnels and proxy commands before deferring control to Capistrano/SSHKit..
 
-## SSHKit Related Blog Posts
+## Proxying
 
-[SSHKit Gem Basics](http://www.rubyplus.com/articles/591)
+To connect to the target host via a jump/bastion host, use a `Net::SSH::Proxy::Jump`
 
-[SSHKit Gem Part 2](http://www.rubyplus.com/articles/601)
+```ruby
+host = SSHKit::Host.new(
+  hostname: 'target.host.com',
+  ssh_options: { proxy: Net::SSH::Proxy::Jump.new("proxy.bar.com") }
+)
+on [host] do
+  execute :echo, '1'
+end
+```
+
+## SSHKit Related Blog Posts
 
 [Embedded Capistrano with SSHKit](http://ryandoyle.net/posts/embedded-capistrano-with-sshkit/)

data/RELEASING.md

@@ -5,7 +5,6 @@
 * You must have commit rights to the SSHKit repository.
 * You must have push rights for the sshkit gem on rubygems.org.
 * You must be using Ruby >= 2.1.0.
-* Your `~/.netrc` must be configured with your GitHub credentials, [as explained here](https://github.com/mattbrictson/chandler#2-configure-netrc).
 
 ## How to release
 
@@ -13,6 +12,6 @@
 2.  **Ensure the tests are passing by running `rake test`.** If functional tests fail, ensure you have [Vagrant](https://www.vagrantup.com) installed and have started it with `vagrant up`.
 3. Determine which would be the correct next version number according to [semver](http://semver.org/).
 4. Update the version in `./lib/sshkit/version.rb`.
-5. Update the `CHANGELOG`.
-6. Commit the changelog and version in a single commit, the message should be "Preparing vX.Y.Z"
-7. Run `rake release`; this will tag, push to GitHub, publish to rubygems.org, and upload the latest changelog entry to the [GitHub releases page](https://github.com/capistrano/sshkit/releases).
+5. Commit the `version.rb` change with a message like "Preparing vX.Y.Z"
+6. Run `rake release`; this will tag, push to GitHub, and publish to rubygems.org
+7. Update the draft release on the [GitHub releases page](https://github.com/capistrano/sshkit/releases) to point to the new tag and publish the release

data/Rakefile

@@ -30,10 +30,7 @@ RuboCop::RakeTask.new(:lint) do |task|
   task.options = ['--lint']
 end
 
-task "release:rubygem_push" do
-  # Delay loading Chandler until this point, since it requires Ruby >= 2.1,
-  # which may not be available in all environments (e.g. Travis).
-  # We assume that the person doing `rake release` has Ruby >= 2.1.
-  require "chandler/tasks"
-  Rake.application.invoke_task("chandler:push")
+Rake::Task["release"].enhance do
+  puts "Don't forget to publish the release on GitHub!"
+  system "open https://github.com/capistrano/sshkit/releases"
 end

data/examples/simple_connection.rb

@@ -0,0 +1,9 @@
+# tiny example so you can play with the sshkit or make a failing example for an issue
+require 'bundler/setup'
+require 'sshkit'
+require 'sshkit/dsl'
+include SSHKit::DSL
+
+on [ENV.fetch("HOST")] do
+  execute "echo hello"
+end

data/lib/sshkit/backends/abstract.rb

@@ -1,3 +1,5 @@
+require 'shellwords'
+
 module SSHKit
 
   module Backend
@@ -80,13 +82,14 @@ module SSHKit
 
       def within(directory, &_block)
         (@pwd ||= []).push directory.to_s
+        escaped = Command.shellescape_except_tilde(pwd_path)
         execute <<-EOTEST, verbosity: Logger::DEBUG
-          if test ! -d #{File.join(@pwd)}
-            then echo "Directory does not exist '#{File.join(@pwd)}'" 1>&2
+          if test ! -d #{escaped}
+            then echo "Directory does not exist '#{escaped}'" 1>&2
             false
           fi
-          EOTEST
-          yield
+        EOTEST
+        yield
       ensure
         @pwd.pop
       end
@@ -108,8 +111,8 @@ module SSHKit
           @group = nil
         end
         execute <<-EOTEST, verbosity: Logger::DEBUG
-          if ! sudo -u #{@user} whoami > /dev/null
-            then echo "You cannot switch to user '#{@user}' using sudo, please check the sudoers file" 1>&2
+          if ! sudo -u #{@user.to_s.shellescape} whoami > /dev/null
+            then echo "You cannot switch to user '#{@user.to_s.shellescape}' using sudo, please check the sudoers file" 1>&2
             false
           fi
         EOTEST

data/lib/sshkit/backends/connection_pool.rb

@@ -21,7 +21,7 @@ end
 
 # The ConnectionPool caches connections and allows them to be reused, so long as
 # the reuse happens within the `idle_timeout` period. Timed out connections are
-# closed, forcing a new connection to be used in that case.
+# eventually closed, forcing a new connection to be used in that case.
 #
 # Additionally, a background thread is started to check for abandoned
 # connections that have timed out without any attempt at being reused. These
@@ -46,7 +46,11 @@ class SSHKit::Backend::ConnectionPool
     @caches = {}
     @caches.extend(MonitorMixin)
     @timed_out_connections = Queue.new
-    Thread.new { run_eviction_loop }
+
+    # Spin up eviction loop only if caching is enabled
+    if cache_enabled?
+      Thread.new { run_eviction_loop }
+    end
   end
 
   # Creates a new connection or reuses a cached connection (if possible) and
@@ -133,7 +137,7 @@ class SSHKit::Backend::ConnectionPool
       process_deferred_close
 
       # Periodically sweep all Caches to evict stale connections
-      sleep([idle_timeout, 5].min)
+      sleep(5)
       caches.values.each(&:evict)
     end
   end

data/lib/sshkit/backends/netssh.rb

@@ -109,7 +109,8 @@ module SSHKit
             message = "#{action} #{name} #{percentage.round(2)}%"
             percentage_r = (percentage / log_percent).truncate * log_percent
             if percentage_r > 0 && (last_name != name || last_percentage != percentage_r)
-              info message
+              verbosity = (options[:verbosity] || :INFO).downcase # TODO: ideally reuse command.rb logic
+              public_send verbosity, message
               last_name = name
               last_percentage = percentage_r
             else

data/lib/sshkit/command.rb

@@ -1,5 +1,6 @@
 require 'digest/sha1'
 require 'securerandom'
+require 'shellwords'
 
 # @author Lee Hambley
 module SSHKit
@@ -9,7 +10,7 @@ module SSHKit
 
     Failed = Class.new(SSHKit::StandardError)
 
-    attr_reader :command, :args, :options, :started_at, :started, :exit_status, :full_stdout, :full_stderr
+    attr_reader :command, :args, :options, :started_at, :started, :exit_status, :full_stdout, :full_stderr, :uuid
 
     # Initialize a new Command object
     #
@@ -25,6 +26,7 @@ module SSHKit
       @args    = args
       @options.symbolize_keys!
       @stdout, @stderr, @full_stdout, @full_stderr = String.new, String.new, String.new, String.new
+      @uuid = Digest::SHA1.hexdigest(SecureRandom.random_bytes(10))[0..7]
     end
 
     def complete?
@@ -41,10 +43,6 @@ module SSHKit
       @started = new_started
     end
 
-    def uuid
-      @uuid ||= Digest::SHA1.hexdigest(SecureRandom.random_bytes(10))[0..7]
-    end
-
     def success?
       exit_status.nil? ? false : exit_status.to_i == 0
     end
@@ -145,7 +143,7 @@ module SSHKit
 
     def within(&_block)
       return yield unless options[:in]
-      sprintf("cd #{options[:in]} && %s", yield)
+      "cd #{self.class.shellescape_except_tilde(options[:in])} && #{yield}"
     end
 
     def environment_hash
@@ -161,28 +159,30 @@ module SSHKit
     end
 
     def with(&_block)
-      return yield unless environment_hash.any?
-      "( export #{environment_string} ; #{yield} )"
+      env_string = environment_string
+      return yield if env_string.empty?
+      "( export #{env_string} ; #{yield} )"
     end
 
     def user(&_block)
       return yield unless options[:user]
-      "sudo -u #{options[:user]} #{environment_string + " " unless environment_string.empty?}-- sh -c '#{yield}'"
+      env_string = environment_string
+      "sudo -u #{options[:user].to_s.shellescape} #{env_string + " " unless env_string.empty?}-- sh -c #{yield.shellescape}"
     end
 
     def in_background(&_block)
       return yield unless options[:run_in_background]
-      sprintf("( nohup %s > /dev/null & )", yield)
+      "( nohup #{yield} > /dev/null & )"
     end
 
     def umask(&_block)
       return yield unless SSHKit.config.umask
-      sprintf("umask #{SSHKit.config.umask} && %s", yield)
+      "umask #{SSHKit.config.umask} && #{yield}"
     end
 
     def group(&_block)
       return yield unless options[:group]
-      %Q(sg #{options[:group]} -c "#{yield}")
+      "sg #{options[:group].to_s.shellescape} -c #{yield.shellescape}"
       # We could also use the so-called heredoc format perhaps:
       #"newgrp #{options[:group]} <<EOC \\\"%s\\\" EOC" % %Q{#{yield}}
     end
@@ -219,6 +219,11 @@ module SSHKit
       end
     end
 
+    # allow using home directory but escape everything else like spaces etc
+    def self.shellescape_except_tilde(file)
+      file.shellescape.gsub("\\~", "~")
+    end
+
     private
 
     def default_options
@@ -234,7 +239,7 @@ module SSHKit
 
     def call_interaction_handler(stream_name, data, channel)
       interaction_handler = options[:interaction_handler]
-      interaction_handler = MappingInteractionHandler.new(interaction_handler) if interaction_handler.kind_of?(Hash)
+      interaction_handler = MappingInteractionHandler.new(interaction_handler) if interaction_handler.kind_of?(Hash) or interaction_handler.kind_of?(Proc)
       interaction_handler.on_data(self, stream_name, data, channel) if interaction_handler.respond_to?(:on_data)
     end
 

data/lib/sshkit/host.rb

@@ -151,18 +151,20 @@ module SSHKit
   # @private
   # :nodoc:
   class IPv6HostWithPortParser < SimpleHostParser
+    IPV6_REGEX = /\[([a-fA-F0-9:]+)\](?:\:(\d+))?/
 
     def self.suitable?(host_string)
-      host_string.match(/[a-fA-F0-9:]+:\d+/)
+      host_string.match(IPV6_REGEX)
     end
 
     def port
-      @host_string.split(':').last.to_i
+      prt = @host_string.match(IPV6_REGEX)[2]
+      prt = prt.to_i unless prt.nil?
+      prt
     end
 
     def hostname
-      @host_string.gsub!(/\[|\]/, '')
-      @host_string.split(':')[0..-2].join(':')
+      @host_string.match(IPV6_REGEX)[1]
     end
 
   end

data/lib/sshkit/version.rb

@@ -1,3 +1,3 @@
 module SSHKit
-  VERSION = "1.18.1".freeze
+  VERSION = "1.21.0".freeze
 end

data/sshkit.gemspec

@@ -9,6 +9,9 @@ Gem::Specification.new do |gem|
   gem.description   = %q{A comprehensive toolkit for remotely running commands in a structured manner on groups of servers.}
   gem.homepage      = "http://github.com/capistrano/sshkit"
   gem.license       = "MIT"
+  gem.metadata      = {
+    "changelog_uri" => "https://github.com/capistrano/sshkit/releases"
+  }
 
   gem.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
   gem.files         = `git ls-files`.split("\n")

data/test/functional/backends/test_local.rb

@@ -99,6 +99,24 @@ module SSHKit
         end.run
         assert_equal("Enter Data\nCaptured SOME DATA", captured_command_result)
       end
+
+      def test_interaction_handler_with_proc
+        captured_command_result = nil
+        Local.new do
+          command = 'echo Enter Data; read the_data; echo Captured $the_data;'
+          captured_command_result = capture(command, interaction_handler:
+            lambda { |data|
+              case data
+              when "Enter Data\n"
+                "SOME DATA\n"
+              when "Captured SOME DATA\n"
+                nil
+              end
+            }
+          )
+        end.run
+        assert_equal("Enter Data\nCaptured SOME DATA", captured_command_result)
+      end
     end
   end
 end

data/test/functional/backends/test_netssh.rb

@@ -38,7 +38,7 @@ module SSHKit
           "Command: /usr/bin/env ls -l\n",
           "Command: if test ! -d /tmp; then echo \"Directory does not exist '/tmp'\" 1>&2; false; fi\n",
           "Command: if ! sudo -u root whoami > /dev/null; then echo \"You cannot switch to user 'root' using sudo, please check the sudoers file\" 1>&2; false; fi\n",
-          "Command: cd /tmp && ( export RAILS_ENV=\"production\" ; sudo -u root RAILS_ENV=\"production\" -- sh -c '/usr/bin/env touch restart.txt' )\n"
+          "Command: cd /tmp && ( export RAILS_ENV=\"production\" ; sudo -u root RAILS_ENV=\"production\" -- sh -c /usr/bin/env\\ touch\\ restart.txt )\n"
         ], command_lines
       end
 
@@ -82,7 +82,7 @@ module SSHKit
         command_lines = @output.lines.select { |line| line.start_with?('Command:') }
         assert_equal [
           "Command: if ! sudo -u root whoami > /dev/null; then echo \"You cannot switch to user 'root' using sudo, please check the sudoers file\" 1>&2; false; fi\n",
-          "Command: sudo -u root -- sh -c 'sg admin -c \"/usr/bin/env touch restart.txt\"'\n"
+          "Command: sudo -u root -- sh -c sg\\ admin\\ -c\\ /usr/bin/env\\\\\\ touch\\\\\\ restart.txt\n"
         ], command_lines
       end
 
@@ -96,21 +96,18 @@ module SSHKit
       end
 
       def test_ssh_option_merge
-        verify_host_opt = if Net::SSH::Version::MAJOR >= 5
-                            { verify_host_key: :always }
-                          else
-                            { paranoid: true }
-                          end
-        a_host.ssh_options = verify_host_opt
+        keepalive_opt = { keepalive: true }
+        test_host = a_host.dup
+        test_host.ssh_options = keepalive_opt
         host_ssh_options = {}
         SSHKit::Backend::Netssh.config.ssh_options = { forward_agent: false }
-        Netssh.new(a_host) do |host|
+        Netssh.new(test_host) do |host|
           capture(:uname)
           host_ssh_options = host.ssh_options
         end.run
-        assert_equal [:forward_agent, *verify_host_opt.keys, :known_hosts, :logger, :password_prompt].sort, host_ssh_options.keys.sort
+        assert_equal [:forward_agent, *keepalive_opt.keys, :known_hosts, :logger, :password_prompt].sort, host_ssh_options.keys.sort
         assert_equal false, host_ssh_options[:forward_agent]
-        assert_equal verify_host_opt.values.first, host_ssh_options[verify_host_opt.keys.first]
+        assert_equal keepalive_opt.values.first, host_ssh_options[keepalive_opt.keys.first]
         assert_instance_of SSHKit::Backend::Netssh::KnownHosts, host_ssh_options[:known_hosts]
       end