From 51a1e1c6db33ed2868ec74728f854237e3dfd86a Mon Sep 17 00:00:00 2001 From: elijah Date: Tue, 21 Oct 2014 15:14:23 -0700 Subject: update platform to take advantage of new platform.rb. requires leap_cli 1.6 --- provider_base/lib/macros/files.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'provider_base/lib') diff --git a/provider_base/lib/macros/files.rb b/provider_base/lib/macros/files.rb index 0a491325..b3ba4a06 100644 --- a/provider_base/lib/macros/files.rb +++ b/provider_base/lib/macros/files.rb @@ -71,7 +71,7 @@ module LeapCli end relative_path = Path.relative_path(actual_path) @node.file_paths << relative_path - @node.manager.provider.hiera_sync_destination + '/' + relative_path + File.join(Leap::Platform.files_dir, relative_path) end end -- cgit v1.2.3 From 1d4670f8b9b4c1f3d4cd8017a3f6145ccdd41312 Mon Sep 17 00:00:00 2001 From: elijah Date: Fri, 31 Oct 2014 00:01:57 -0700 Subject: add support for property tor.key --- provider_base/lib/macros.rb | 1 + provider_base/lib/macros/files.rb | 14 ++++++- provider_base/lib/macros/keys.rb | 78 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 91 insertions(+), 2 deletions(-) create mode 100644 provider_base/lib/macros/keys.rb (limited to 'provider_base/lib') diff --git a/provider_base/lib/macros.rb b/provider_base/lib/macros.rb index 854b92b5..ecc3e6ba 100644 --- a/provider_base/lib/macros.rb +++ b/provider_base/lib/macros.rb @@ -9,6 +9,7 @@ require_relative 'macros/core' require_relative 'macros/files' require_relative 'macros/haproxy' require_relative 'macros/hosts' +require_relative 'macros/keys' require_relative 'macros/nodes' require_relative 'macros/secrets' require_relative 'macros/stunnel' diff --git a/provider_base/lib/macros/files.rb b/provider_base/lib/macros/files.rb index b3ba4a06..958958bc 100644 --- a/provider_base/lib/macros/files.rb +++ b/provider_base/lib/macros/files.rb @@ -48,13 +48,22 @@ module LeapCli # * if the path does not exist locally, but exists in provider_base, then the default file from # provider_base is copied locally. this is required for rsync to work correctly. # - def file_path(path) + def file_path(path, options={}) if path.is_a? Symbol path = [path, @node.name] + elsif path.is_a? String + # ensure it prefixed with files/ + unless path =~ /^files\// + path = "files/" + path + end end actual_path = Path.find_file(path) if actual_path.nil? - Util::log 2, :skipping, "file_path(\"#{path}\") because there is no such file." + if options[:missing] + raise FileMissing.new(Path.named_path(path), options) + else + Util::log 2, :skipping, "file_path(\"#{path}\") because there is no such file." + end nil else if actual_path =~ /^#{Regexp.escape(Path.provider_base)}/ @@ -70,6 +79,7 @@ module LeapCli actual_path += '/' # ensure directories end with /, important for building rsync command end relative_path = Path.relative_path(actual_path) + relative_path.sub!(/^files\//, '') # remove "files/" prefix @node.file_paths << relative_path File.join(Leap::Platform.files_dir, relative_path) end diff --git a/provider_base/lib/macros/keys.rb b/provider_base/lib/macros/keys.rb new file mode 100644 index 00000000..0d46acb5 --- /dev/null +++ b/provider_base/lib/macros/keys.rb @@ -0,0 +1,78 @@ +# encoding: utf-8 + +# +# Macro for dealing with cryptographic keys +# + +module LeapCli + module Macro + + # + # return the path to the tor public key + # generating key if it is missing + # + def tor_public_key_path(path_name, key_type) + path = file_path(path_name) + if path.nil? + generate_tor_key(key_type) + end + return path + end + + # + # return the path to the tor private key + # generating key if it is missing + # + def tor_private_key_path(path_name, key_type) + path = file_path(path_name) + if path.nil? + generate_tor_key(key_type) + end + return path + end + + # + # on the command line an onion address can be created + # from an rsa public key using this: + # + # base64 -d < ./pubkey | sha1sum | awk '{print $1}' | + # perl -e '$l=<>; chomp $l; print pack("H*", $l)' | + # python -c 'import base64, sys; t=sys.stdin.read(); print base64.b32encode(t[:10]).lower()' + # + # path_name is the named path of the tor public key. + # + def onion_address(path_name) + require 'base32' + require 'base64' + require 'openssl' + path = Path.find_file([path_name, self.name]) + if path && File.exists?(path) + public_key_str = File.readlines(path).grep(/^[^-]/).join + public_key = Base64.decode64(public_key_str) + sha1sum_string = Digest::SHA1.new.hexdigest(public_key) + sha1sum_binary = [sha1sum_string].pack('H*') + Base32.encode(sha1sum_binary.slice(0,10)).downcase + else + LeapCli.log :warning, 'Tor public key file "%s" does not exist' % tor_public_key_path + end + end + + private + + def generate_tor_key(key_type) + if key_type == 'RSA' + require 'certificate_authority' + keypair = CertificateAuthority::MemoryKeyMaterial.new + bit_size = 1024 + LeapCli.log :generating, "%s bit RSA Tor key" % bit_size do + keypair.generate_key(bit_size) + LeapCli::Util.write_file! [:node_tor_priv_key, self.name], keypair.private_key.to_pem + LeapCli::Util.write_file! [:node_tor_pub_key, self.name], keypair.public_key.to_pem + end + else + LeapCli.bail! 'tor.key.type of %s is not yet supported' % key_type + end + end + + end +end -- cgit v1.2.3 From 90b672ed58982b232b1c96febcd9736ae5fc4faf Mon Sep 17 00:00:00 2001 From: elijah Date: Tue, 4 Nov 2014 12:25:54 -0800 Subject: tor - to activate hidden service, now set tor.hidden_service.active = true --- provider_base/lib/macros/keys.rb | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'provider_base/lib') diff --git a/provider_base/lib/macros/keys.rb b/provider_base/lib/macros/keys.rb index 0d46acb5..ea4c3df2 100644 --- a/provider_base/lib/macros/keys.rb +++ b/provider_base/lib/macros/keys.rb @@ -15,8 +15,10 @@ module LeapCli path = file_path(path_name) if path.nil? generate_tor_key(key_type) + file_path(path_name) + else + path end - return path end # @@ -27,8 +29,10 @@ module LeapCli path = file_path(path_name) if path.nil? generate_tor_key(key_type) + file_path(path_name) + else + path end - return path end # -- cgit v1.2.3