rpm/rage-encryption
SHA256
1
0
Fork 0
forked from pool/rage-encryption
Code Pull Requests Activity

Accepting request 951794 from home:cunix:security_branch

Browse Source 
open for review with issues tackled and some other small modifications (see build_args).

license script reworked.

OBS-URL: https://build.opensuse.org/request/show/951794
OBS-URL: https://build.opensuse.org/package/show/security/rage-encryption?expand=0&rev=4
This commit is contained in:
William Brown 2022-02-08 02:32:49 +00:00 committed by Git OBS Bridge
parent 4d59b501c6
commit 6ad50af872
6 changed files with 445 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
rage-0.7.0~git0.c93b914.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:fb263ec0f30999226a8189a3c345bbc1413db2cc053c4a58885cf25acd1f7818
size 116700

3
rage-0.7.1.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:6f4271cb546e8af46f26c806b186bd91282f4c20e76afbb6b8dae9b21cc12b9f
size 163772

18
rage-encryption.changes
View File

@ -1,3 +1,21 @@
-------------------------------------------------------------------
Mon Jan 31 12:00:00 UTC 2022 - cunix@mail.de
- Update to version 0.7.1
* Fixed a bug where non-canonical recipient stanza bodies in an age
file header would cause rage to crash instead of being rejected
* vendor.tar.xz updated from source code Cargo.lock file
- Added:
* binary rage-mount
* bash-completion for rage, rage-keygen and rage-mount
* manual pages for rage, rage-keygen and rage-mount
* Licenses files
* Licenses files of vendored crates extracted
with script "vendored_licenses_packager.sh"
* README and CHANGELOG files
* possibility to build without cargo-packaging for "older" distros
-------------------------------------------------------------------
Fri Nov 19 01:08:01 UTC 2021 - william.brown@suse.com

65
rage-encryption.spec
View File

@ -14,10 +14,12 @@
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define _buildshell /bin/bash
%define vlic_dir vendored
Name: rage-encryption
# This will be set by osc services, that will run after this.
Version: 0.7.0~git0.c93b914
Version: 0.7.1
Release: 0
Summary: Simple, modern, and secure file encryption tool
# If you know the license, put it's SPDX string here.
@ -27,10 +29,22 @@ License: ( 0BSD OR MIT OR Apache-2.0 ) AND ( Apache-2.0 OR BSL-1.0 ) AND
# https://en.opensuse.org/openSUSE:Package_group_guidelines
Group: Productivity/Security
Url: https://github.com/str4d/rage
Source0: rage-%{version}.tar.xz
Source0: rage-%{version}.tar.gz
Source1: vendor.tar.xz
Source2: cargo_config
# Licenses of dependency packages.
Source3: vendored_licenses_packager.sh
%if %{suse_version} > 1500
BuildRequires: cargo-packaging
%else
BuildRequires: rust+cargo >= 1.51
%endif
# for build scripts
BuildRequires: bash
# for feature mount
BuildRequires: fuse-devel
Recommends: pinentry
Recommends: %{name}-bash-completion
Conflicts: rage
ExclusiveArch: %{rust_tier1_arches}
@ -38,23 +52,66 @@ ExclusiveArch: %{rust_tier1_arches}
Rage is a simple, modern, and secure file encryption tool, using the age format. It features small
explicit keys, no config options, and UNIX-style composability.
%package bash-completion
Summary: Bash completion for %{name}
Group: Productivity/Security
BuildArch: noarch
Requires: bash-completion
Supplements: (%{name} and bash-completion)
Conflicts: rage
%description bash-completion
Bash command line completion support for %{name}
%prep
%setup -q -a 0 -n rage-%{version}
%setup -q -n rage-%{version} -a 1 -D -T
mkdir .cargo
cp %{SOURCE2} .cargo/config
cd vendor
# Find licenses of dependency packages and prepare for installation
bash %{SOURCE3} finder %{vlic_dir}
%build
%{cargo_build}
%define build_args --manifest-path rage/Cargo.toml --features "mount" --release %{?_smp_mflags}
%if %{suse_version} > 1500
%{cargo_build} --features "mount"
%else
cargo build %{build_args}
%endif
cargo run --example generate-completions %{build_args}
cargo run --example generate-docs %{build_args}
%install
install -D -d -m 0755 %{buildroot}%{_bindir}
install -m 0755 %{_builddir}/rage-%{version}/target/release/rage %{buildroot}%{_bindir}/rage
install -m 0755 %{_builddir}/rage-%{version}/target/release/rage-keygen %{buildroot}%{_bindir}/rage-keygen
install -m 0755 %{_builddir}/rage-%{version}/target/release/rage-keygen %{buildroot}%{_bindir}/rage-mount
for i in "" -keygen -mount; do
install -D -p -m 644 target/manpages/rage$i.1.gz %{buildroot}/%{_mandir}/man1/rage$i.1%{?ext_man}
install -D -p -m 644 target/completions/rage$i.bash %{buildroot}%{_datadir}/bash-completion/completions/rage$i
done
# Dependency Licenses
install -d -m 0755 %{buildroot}%{_licensedir}/%{name}/%{vlic_dir}
bash %{SOURCE3} installer vendor/%{vlic_dir} %{buildroot}/%{_licensedir}/%{name}/%{vlic_dir} verbose
%files
%{_bindir}/rage
%{_bindir}/rage-keygen
%{_bindir}/rage-mount
%doc README.md rage/CHANGELOG.md
# accept duplicates here
%license LICENSE-APACHE LICENSE-MIT
%{_licensedir}/%{name}/%{vlic_dir}/
%{_mandir}/man1/rage*.1%{?ext_man}
%files bash-completion
%license LICENSE-APACHE LICENSE-MIT
%{_datadir}/bash-completion/completions/rage*
%changelog

4
vendor.tar.xz
View File

@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:15f88e07dcc12835029e57da468e4a4b609725b257aa2ce14fd4e4a3427bb4d4
size 20663484
oid sha256:916b32d43698605249aade07c4163926b1dc0e66f730a8d648aa67a2a479b8df
size 20789696

361
vendored_licenses_packager.sh Normal file
View File

@ -0,0 +1,361 @@
#!/bin/bash
# written by cunix in 2019
# corrected by Bernhard Wiedemann in 2020 (pipe through sort)
# updated by cunix in 2021 + 2022
function helper {
echo Without any guarantee or promise this may be used to try helping
echo packagers to include some legal files from vendored source code archives.
echo
echo Script has to be run twice in spec file:
echo
echo 1. in archive directory to find packages with:
echo bash path_to_this_file finder path_to_tmp_target_directory
echo example in section %prep:
echo cd vendor
echo bash %{SOURCE2} finder vendored
echo
echo 2. to install and link found files with:
echo bash path_to_this_file installer path_to_tmp_target_directory path_to_buildroot_target_directory
echo example in section %install:
echo install -d -m 0755 %{buildroot}%{_licensedir}/%{name}/vendored
echo bash %{SOURCE2} installer vendor/vendored %{buildroot}/%{_licensedir}/%{name}/vendored
echo
echo 3. Files should be packaged:
echo example in section %files:
echo %{_licensedir}/%{name}/vendored/
echo
echo
echo Some more details in source code.
}
function finder {
# Tries to find and prepare licenses from vendored packages for
# installation as file or link to existing file.
#
# $1 should be a destination directory for vendored licenses
vendor_licenses_dir=$1
knows_the_risk=$2
username=$(whoami)
build_user="abuild"
workingdir=$(pwd)
licenses_file=$(mktemp /tmp/license_files_XXXXXXXXXX.txt)
licenses_directories=$(mktemp /tmp/license_dirs_XXXXXXXXXX.txt)
real_files=0
linked_files=0
goahead=0
hash_list=()
filename_list=()
legal_file_names="copying copyright legal licence license notice patents unlicense"
legal_directory_names="licence license"
if [[ -z "$vendor_licenses_dir" ]]
then
echo missing directory as parameter
exit 1
else
if [[ "$vendor_licenses_dir" = "/" ]] || [[ "$vendor_licenses_dir" = "/home" ]] \
|| [[ "$vendor_licenses_dir" = "/home/" ]] || [[ "$vendor_licenses_dir" = "/home/$username" ]] \
|| [[ "$vendor_licenses_dir" = "/home/$username/" ]] || [[ "$vendor_licenses_dir" = "$HOME" ]]
then
echo Do not use "$vendor_licenses_dir" as destination directory.
echo It will delete all your files.
exit 1
else
if [[ "$username" != "$build_user" ]]
then
if [[ -n "$knows_the_risk" ]]
then
if [[ "$knows_the_risk" = "runanyway" ]]
then
build_user="$username"
fi
fi
fi
if [[ "$username" = "$build_user" ]]
then
mkdir -pv $vendor_licenses_dir
if [[ -d "$vendor_licenses_dir" ]]
then
echo Searching for licenses ...
rm $licenses_file $licenses_directories
for item in $legal_file_names
do
echo searching for file names starting with $item
found=$(find ./*/ -type f -iname "$item*" | sort)
f=$(echo_to_file $licenses_file "$found")
echo found: $f
done
for item in $legal_directory_names
do
echo searching for directory names starting with $item
found=$(find ./*/ -type d -iname "$item*" | sort)
d=$(echo_to_file $licenses_directories "$found")
echo found: $d
done
if [[ -f "$licenses_directories" ]]
then
while read line
do
fl=$(find $line -type f | sort)
f=$(echo_to_file $licenses_file "$fl")
echo files added from directory "$line" : $f
done < $licenses_directories
fi
goahead=1
else
echo "$vendor_licenses_dir" is not a directory.
exit 1
fi
else
echo Script should only be executed in build environment indicated by user $build_user
exit 1
fi
fi
fi
if [[ -f "$licenses_file" ]]
then
if [[ $goahead -eq 1 ]]
then
echo Removing $vendor_licenses_dir
rm -r "$vendor_licenses_dir"
mkdir -pv $vendor_licenses_dir
echo Processing licenses . . .
while read line
do
filenamepre=${line////__}
filename=${filenamepre//.__/}
hash_output=$(sha256sum "$line")
hash=${hash_output:0:66}
hash_list_len=${#hash_list[@]}
if [[ $hash_list_len -eq 0 ]]
then
cat "$line" > $vendor_licenses_dir/$filename
hash_list[0]=$hash
filename_list[0]=$filename
real_files=$(($real_files+1))
else
counter=0
match=0
for item in ${hash_list[@]}
do
if test $item = $hash
then
match=1
break
fi
counter=$(($counter+1))
done
if [[ $match -eq 0 ]]
then
hash_list[$counter]=$hash
filename_list[$counter]=$filename
cat "$line" > $vendor_licenses_dir/$filename
real_files=$(($real_files+1))
else
cd $vendor_licenses_dir
ln -s "${filename_list[$counter]}" "$filename"
linked_files=$(($linked_files+1))
cd $workingdir
fi
fi
done < $licenses_file
echo License files to install: $real_files
echo License files to link: $linked_files
all_files=$(find "$vendor_licenses_dir")
size=0
for item in $all_files
do
file_size=$(stat --format=%s "$item")
if [[ $file_size -ne 0 ]]
then
size=$(($size+$file_size))
fi
done
size_string=""
sz=$size
if [[ $size -gt 10000000 ]]
then
sz=$(($size/1000000))
size_string="Mega"
else
if [[ $size -gt 10000 ]]
then
sz=$(($size/1000))
size_string="Kilo"
fi
fi
echo Size of licenses to package approximately: $sz $size_string Bytes
else
echo Does not package licenses.
exit 1
fi
else
echo No licenses found to package.
fi
}
function installer {
# Installs or links previously found licenses.
#
# $1 should be the soure directory, prepared with script "find_licenses.sh"
# $2 should be the (already created) destination directory
# $3 set to "verbose" gives more results output
vendor_licenses_dir=$1
install_licenses_dir=$2
verbose=$3
licenses_files=$(mktemp /tmp/real_license_files_XXXXXXXXXX.txt)
licenses_links=$(mktemp /tmp/link_license_files_XXXXXXXXXX.txt)
real_files=0
linked_files=0
rm $licenses_files
rm $licenses_links
if [[ -z "$vendor_licenses_dir" ]] || [[ -z "$install_licenses_dir" ]]
then
echo needed arguments:
echo 1. Source Directory with vendored licenses
echo 2. Existing Target Directory to install vendored licenses in
exit 1
else
find -P $vendor_licenses_dir -type f -fprintf $licenses_files "%f\n"
find -P $vendor_licenses_dir -type l -fprintf $licenses_links "%f %l\n"
declare -A installers
declare -A linkers
while read line
do
install -D -m 0644 $vendor_licenses_dir/$line $install_licenses_dir/$line
real_files=$(($real_files+1))
installers["$line"]=0
done < $licenses_files
cd $install_licenses_dir
while read line
do
combo=($line)
ln -s ${combo[1]} ${combo[0]}
linked_files=$(($linked_files+1))
installers["${combo[1]}"]=$((${installers["${combo[1]}"]}+1))
linkers["${combo[0]}"]="${combo[1]}"
done < $licenses_links
if [[ -n "$verbose" ]]
then
if [[ "$verbose" = "verbose" ]]
then
max=0
for item in ${!installers[@]}
do
if [[ ${installers["$item"]} > $max ]]
then
max=${installers["$item"]}
fi
done
installers_len=${#installers[@]}
ct=0
c=0
sorted=()
while [[ $ct -le $max ]] && [[ $c -lt $installers_len ]]
do
for item in ${!installers[@]}
do
if [[ ${installers["$item"]} -eq $ct ]]
then
sorted[$c]="$item"
c=$(($c+1))
fi
done
ct=$(($ct+1))
done
for item in ${sorted[@]}
do
echo installed "$item" with ${installers["$item"]} Links
for i in ${!linkers[@]}
do
if [[ ${linkers["$i"]} = "$item" ]]
then
echo linked: "$i" "->" "$item"
fi
done
done
fi
fi
fi
echo Number of license files installed: $real_files
echo Number of license files linked: $linked_files
}
function echo_to_file {
c=0
for i in $2
do
echo "$i" >> $1
c=$(($c+1))
done
echo $c
}
function main {
arg1="$1"
arg2="$2"
arg3="$3"
arg4="$4"
arg5="$5"
with_disclaimer=""
for i in $@
do
if [[ "$i" = "--no_disclaimer" ]]
then
with_disclaimer=" "
break
fi
done
if [[ -z "$with_disclaimer" ]]
then
echo DISCLAIMER:
echo No promise is made that any obligation stated in license of
echo vendored source code or in another way will be met or
echo fulfilled by using this script!
echo USE AT YOUR OWN RISK!
echo
fi
runsomething=""
if [[ -n "$arg1" ]]
then
case "$arg1" in
"finder")
runsomething="f"
finder $arg2 $arg3
;;
"installer")
runsomething="i"
installer $arg2 $arg3 $arg4
;;
"help")
runsomething="h"
helper
;;
esac
fi
if [[ -z "$runsomething" ]]
then
echo Only commands \'help\', \'finder\' and \'installer\' are valid.
exit 1
fi
}
main $@