From f287ecedc78c0cc8fb485c5995b8d1cfae9f0fe8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Karel=20Ko=C4=8D=C3=AD?= Date: Wed, 20 Sep 2017 21:19:05 +0200 Subject: Commit current state --- utils/cleaner | 23 +++++++++++++++++++++++ utils/diff | 28 ++++++++++++++++++++++++++++ utils/echo | 13 +++++++------ utils/encrypt | 42 ++++++++++++++++++++++++++++++++++++++++++ utils/fdata | 36 ++++++++++++++++++++++++++++++++++++ utils/install | 7 +++++++ utils/lock | 5 +++++ utils/ops | 30 ++++++++++++++++++++++++++++++ utils/syscheck | 28 +++++++++++++--------------- 9 files changed, 191 insertions(+), 21 deletions(-) create mode 100644 utils/cleaner create mode 100644 utils/diff create mode 100644 utils/encrypt create mode 100644 utils/fdata create mode 100644 utils/install create mode 100644 utils/lock create mode 100644 utils/ops (limited to 'utils') diff --git a/utils/cleaner b/utils/cleaner new file mode 100644 index 0000000..4919085 --- /dev/null +++ b/utils/cleaner @@ -0,0 +1,23 @@ +# vim:ft=sh:noexpandtab +# Functions for cleanups + +EXIT_CODE=0 + +do_cleanup() { + echo "$CLEANUP_ACTIONS" | while read CMD; do + eval "$CMD" + done + exit $EXIT_CODE +} + +trap do_cleanup EXIT INT QUIT TERM ABRT + +cleaner_add() { + CLEANUP_ACTIONS="$CLEANUP_ACTIONS +$@" +} + +cleaner_rm() { + # TODO this might be problematic with special characters + CLEANUP_ACTIONS="$(echo "$CLEANUP_ACTIONS" | sed "/^$@$/d")" +} diff --git a/utils/diff b/utils/diff new file mode 100644 index 0000000..0d093c7 --- /dev/null +++ b/utils/diff @@ -0,0 +1,28 @@ +# vim:ft=sh:noexpandtab +# Clever diff function + +# TODO directory diff + +# This function does diff and reports changes on debug level +# First and second arguments have to be paths to compared files and third argument +# have to be a debug message prepended string. +# It exits with nonzero exit code if there is no difference. +do_diff() { + if [ ! -f "$1" ]; then + echo_error "No reference file to compare to: $1" + return 1 # We pretend that there is no change as reference file is missing + fi + if [ ! -f "$2" ]; then + echo_dbg "$3: No target file" + return 0 + fi + + # Do real diff if both files exists + local DIFF="$(diff --suppress-common-lines -ay "$1" "$2")" + if [ -n "$DIFF" ]; then + echo_dbg "$3: +$DIFF" + else + return 1 + fi +} diff --git a/utils/echo b/utils/echo index c936f63..eeb8fa9 100644 --- a/utils/echo +++ b/utils/echo @@ -5,21 +5,21 @@ ECHO_VERBOSE=0 echo_info() { set +x - [ $ECHO_VERBOSE -ge 0 ] || return + [ $ECHO_VERBOSE -ge 0 ] || return 0 echo -e "\e[1;34m$@\e[0m" >&2 [ $ECHO_VERBOSE -lt 3 ] || set -x } echo_warn() { set +x - [ $ECHO_VERBOSE -ge -1 ] || return + [ $ECHO_VERBOSE -ge -1 ] || return 0 echo -e "\e[1;33m$@\e[0m" >&2 [ $ECHO_VERBOSE -lt 3 ] || set -x } echo_error() { set +x - [ $ECHO_VERBOSE -ge -2 ] || return + [ $ECHO_VERBOSE -ge -2 ] || return 0 echo -e "\e[1;31m$@\e[0m" >&2 [ $ECHO_VERBOSE -lt 3 ] || set -x } @@ -31,20 +31,21 @@ echo_die() { fi [ $ECHO_VERBOSE -lt 3 ] || set -x # Suicide + EXIT_CODE=2 kill $$ } echo_dbg() { set +x - [ $ECHO_VERBOSE -ge 1 ] || return + [ $ECHO_VERBOSE -ge 1 ] || return 0 echo -e "\e[1;90m$@\e[0m" >&2 [ $ECHO_VERBOSE -lt 3 ] || set -x } echo_trace() { set +x - [ $ECHO_VERBOSE -ge 2 ] || return - echo -e "\e[1;90m$@\e[0m" >&2 + [ $ECHO_VERBOSE -ge 2 ] || return 0 + echo -e "\e[0;90m$@\e[0m" >&2 [ $ECHO_VERBOSE -lt 3 ] || set -x } diff --git a/utils/encrypt b/utils/encrypt new file mode 100644 index 0000000..d1cb938 --- /dev/null +++ b/utils/encrypt @@ -0,0 +1,42 @@ +# vim:ft=sh:noexpandtab +# Allows work with encrypted files using their temporally copy. + +if [ -n "$KEY_FILE" ] && [ -f "files/keys/$(hostname)" ]; then + SECRET_KEY="$(openssl aes-192-cbc -d -a -kfile "$KEY_FILE" -in files/keys/"$(hostname)")" +else + SECRET_KEY="$(gpg2 --decrypt files/keys/primary.gpg)" +fi + +# Decrypt to temporally file in /tmp +# First argument should be the path to file to be decrypted and second argument +# output file. +fdecrypt() { + PASS_ENC="$SECRET_KEY" openssl aes-192-cbc -d -a -pass env:PASS_ENC -in "$1" -out "$2" +} + +# Encrypt given file to target path +# First argument have to be a path to file to be encrypted and second argument +# output file. +fencprypt() { + PASS_ENC="$SECRET_KEY" openssl aes-192-cbc -e -a -pass env:PASS_ENC -in "$1" -out "$2" +} + +# Decrypt file to temporally one +# First argument have to be path to file to be extracted. +tfdecrypt() { + local TEMPF="$(mktemp /tmp/multiconfig_XXXXXXXX)" + fdecrypt "$1" "$TEMPF" + echo "$TEMPF" +} + +# Cat decrypted file +# First argument have to be a path to file to be catted. +catdecrypt() { + PASS_ENC="$SECRET_KEY" openssl aes-192-cbc -d -a -pass env:PASS_ENC -in "$1" +} + +# Encrypt stdin to file +# First argument have to be a path to output file. +outencrypt() { + PASS_ENC="$SECRET_KEY" openssl aes-192-cbc -e -a -pass env:PASS_ENC -out "$2" +} diff --git a/utils/fdata b/utils/fdata new file mode 100644 index 0000000..4d36242 --- /dev/null +++ b/utils/fdata @@ -0,0 +1,36 @@ +# vim:ft=sh:noexpandtab +# Datasets on filesystem + +FDATA_PATH="/tmp/multiconfig-fdata" +mkdir -p "$FDATA_PATH" +cleaner_add "rm -rf '$FDATA_PATH'" + +dict_set() { + local DPATH="$FDATA_PATH/$1"; shift + mkdir -p "$DPATH" + local FPATH="$DPATH/$1"; shift + echo "$@" > "$FPATH" +} + +dict_get() { + local P="$FDATA_PATH/$1/$2" + [ -f "$P" ] || return + cat "$P" +} + +dict_keys() { + local P="$FDATA_PATH/$1" + if [ -d "$P" ]; then + ls -A "$P" | tr '\n' ' ' + fi +} + +dict_contains() { + local P="$FDATA_PATH/$1/$2" + [ -f "$P" ] +} + +dict_empty() { + local P="$FDATA_PATH/$1" + [ ! -d "$P" ] || [ -z "$(ls -A "$P")" ] +} diff --git a/utils/install b/utils/install new file mode 100644 index 0000000..852163e --- /dev/null +++ b/utils/install @@ -0,0 +1,7 @@ +# vim:ft=sh:noexpandtab +# Various install functions + +# Install directory of file +install() { + true +} diff --git a/utils/lock b/utils/lock new file mode 100644 index 0000000..9d02dae --- /dev/null +++ b/utils/lock @@ -0,0 +1,5 @@ +# vim:ft=sh:noexpandtab +# This implements lock to check to run tool just once + +# TODO create lock and fail if no lock is present +# TODO remove lock at the exit using cleaner diff --git a/utils/ops b/utils/ops new file mode 100644 index 0000000..1365ec8 --- /dev/null +++ b/utils/ops @@ -0,0 +1,30 @@ +# vim:ft=sh:noexpandtab +# Utility functions for operations + +# Set operation we are working on +ops_set_current() { + OPERATION_CURRENT="$1" +} + +ops_require() { + while [ $# -gt 0 ]; do + dict_set "ops/$OPERATION_CURRENT" "$1" true + shift + done +} + +ops_required_any() { + if ! dict_empty "ops/$OPERATION_CURRENT"; then + echo_warn "$1 requires update for following components: $(ops_required_list)" + else + return 1 + fi +} + +ops_is_required() { + dict_contains "ops/$OPERATION_CURRENT" "$1" +} + +ops_required_list() { + dict_keys "ops/$OPERATION_CURRENT" +} diff --git a/utils/syscheck b/utils/syscheck index a0c29a0..fcddae4 100644 --- a/utils/syscheck +++ b/utils/syscheck @@ -3,19 +3,19 @@ # Check that we are root (this tool can be run only as root) # TODO uncomment -# [ "$(id -u)" = "0" ] || echo_die "Distconfig have to be run as root." +# [ "$(id -u)" = "0" ] || echo_die "Multiconfig have to be run as root." -# We have sudo or su -which sudo >/dev/null || which su >/dev/null || echo_die "There is no sudo or su command." +# We have su +which su >/dev/null || echo_die "There is no su command." # Check that we are not using csh or tcsh # Note: variable shell should be defined only on csh or tcsh (note lowercase) -[ -z "$shell" ] || echo_die "Distconfig doesn't support csh nor tcsh." +[ -z "$shell" ] || echo_die "Multiconfig doesn't support csh nor tcsh." # Check that we have gpg which gpg >/dev/null || echo_die "There is no gpg command." -# Check that trunk is signed using correct key +# Check that git trunk is signed using trusted key # TODO # Check root owner (should be root) @@ -31,18 +31,16 @@ which openssl >/dev/null || echo_die "There is no openssl command." # Check that we can decrypt using openssl and aes-192-cbc OPENSSL_TEST_PASSWORD="XduF2T_opDknbzN0EyJJCBFyS1i6yaBU5Beb6IZkFVHWZGWOIZCF1Cc0zrupjEaV" -[ "$(openssl aes-192-cbc -d -a -k "$OPENSSL_TEST_PASSWORD" < files/openssl_test_file)" = "It works!" ] || \ +[ "$(openssl aes-192-cbc -d -a -k "$OPENSSL_TEST_PASSWORD" -in files/openssl_test_file)" = "It works!" ] || \ echo_die "Test message couldn't been decrypted." -# Check that we have key file -[ -n "$KEY_FILE" ] || echo_die "No key specified. Please pass --key." - # Check that given key works with our machinery -# TODO +[ "$(catdecrypt files/encrypted_test)" = "It works!" ] || \ + echo_die "Encryption machinery failed to decrypt test file" # Check that we have internet connection -DC_INTERNET=true -if ! ping -c 5 -w 30 cynerd.cz >/dev/null; then - echo_warn "No internet connection detected. All operations requiring internet connection will be skipped" - DC_INTERNET=false -fi +#DC_INTERNET=true +#if ! ping -c 5 -w 30 cynerd.cz >/dev/null; then +# echo_warn "No internet connection detected. All operations requiring internet connection will be skipped" +# DC_INTERNET=false +#fi -- cgit v1.2.3