From 6ad50af8724d8feb0d72631d7de0cadfb60c0a725e3119c6652b5137a529967c Mon Sep 17 00:00:00 2001 From: William Brown Date: Tue, 8 Feb 2022 02:32:49 +0000 Subject: [PATCH] Accepting request 951794 from home:cunix:security_branch open for review with issues tackled and some other small modifications (see build_args). license script reworked. OBS-URL: https://build.opensuse.org/request/show/951794 OBS-URL: https://build.opensuse.org/package/show/security/rage-encryption?expand=0&rev=4 --- rage-0.7.0~git0.c93b914.tar.xz | 3 - rage-0.7.1.tar.gz | 3 + rage-encryption.changes | 18 ++ rage-encryption.spec | 65 +++++- vendor.tar.xz | 4 +- vendored_licenses_packager.sh | 361 +++++++++++++++++++++++++++++++++ 6 files changed, 445 insertions(+), 9 deletions(-) delete mode 100644 rage-0.7.0~git0.c93b914.tar.xz create mode 100644 rage-0.7.1.tar.gz create mode 100644 vendored_licenses_packager.sh diff --git a/rage-0.7.0~git0.c93b914.tar.xz b/rage-0.7.0~git0.c93b914.tar.xz deleted file mode 100644 index 49e734f..0000000 --- a/rage-0.7.0~git0.c93b914.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:fb263ec0f30999226a8189a3c345bbc1413db2cc053c4a58885cf25acd1f7818 -size 116700 diff --git a/rage-0.7.1.tar.gz b/rage-0.7.1.tar.gz new file mode 100644 index 0000000..c1faa2e --- /dev/null +++ b/rage-0.7.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:6f4271cb546e8af46f26c806b186bd91282f4c20e76afbb6b8dae9b21cc12b9f +size 163772 diff --git a/rage-encryption.changes b/rage-encryption.changes index a589ecc..dfcd551 100644 --- a/rage-encryption.changes +++ b/rage-encryption.changes @@ -1,3 +1,21 @@ +------------------------------------------------------------------- +Mon Jan 31 12:00:00 UTC 2022 - cunix@mail.de + +- Update to version 0.7.1 + * Fixed a bug where non-canonical recipient stanza bodies in an age + file header would cause rage to crash instead of being rejected + * vendor.tar.xz updated from source code Cargo.lock file + +- Added: + * binary rage-mount + * bash-completion for rage, rage-keygen and rage-mount + * manual pages for rage, rage-keygen and rage-mount + * Licenses files + * Licenses files of vendored crates extracted + with script "vendored_licenses_packager.sh" + * README and CHANGELOG files + * possibility to build without cargo-packaging for "older" distros + ------------------------------------------------------------------- Fri Nov 19 01:08:01 UTC 2021 - william.brown@suse.com diff --git a/rage-encryption.spec b/rage-encryption.spec index f4a2631..1f1d0a2 100644 --- a/rage-encryption.spec +++ b/rage-encryption.spec @@ -14,10 +14,12 @@ # Please submit bugfixes or comments via https://bugs.opensuse.org/ # +%define _buildshell /bin/bash +%define vlic_dir vendored Name: rage-encryption # This will be set by osc services, that will run after this. -Version: 0.7.0~git0.c93b914 +Version: 0.7.1 Release: 0 Summary: Simple, modern, and secure file encryption tool # If you know the license, put it's SPDX string here. @@ -27,10 +29,22 @@ License: ( 0BSD OR MIT OR Apache-2.0 ) AND ( Apache-2.0 OR BSL-1.0 ) AND # https://en.opensuse.org/openSUSE:Package_group_guidelines Group: Productivity/Security Url: https://github.com/str4d/rage -Source0: rage-%{version}.tar.xz +Source0: rage-%{version}.tar.gz Source1: vendor.tar.xz Source2: cargo_config +# Licenses of dependency packages. +Source3: vendored_licenses_packager.sh +%if %{suse_version} > 1500 BuildRequires: cargo-packaging +%else +BuildRequires: rust+cargo >= 1.51 +%endif +# for build scripts +BuildRequires: bash +# for feature mount +BuildRequires: fuse-devel +Recommends: pinentry +Recommends: %{name}-bash-completion Conflicts: rage ExclusiveArch: %{rust_tier1_arches} @@ -38,23 +52,66 @@ ExclusiveArch: %{rust_tier1_arches} Rage is a simple, modern, and secure file encryption tool, using the age format. It features small explicit keys, no config options, and UNIX-style composability. +%package bash-completion +Summary: Bash completion for %{name} +Group: Productivity/Security +BuildArch: noarch +Requires: bash-completion +Supplements: (%{name} and bash-completion) +Conflicts: rage + +%description bash-completion +Bash command line completion support for %{name} + %prep %setup -q -a 0 -n rage-%{version} %setup -q -n rage-%{version} -a 1 -D -T mkdir .cargo cp %{SOURCE2} .cargo/config +cd vendor +# Find licenses of dependency packages and prepare for installation +bash %{SOURCE3} finder %{vlic_dir} + %build -%{cargo_build} +%define build_args --manifest-path rage/Cargo.toml --features "mount" --release %{?_smp_mflags} + +%if %{suse_version} > 1500 +%{cargo_build} --features "mount" +%else +cargo build %{build_args} +%endif + +cargo run --example generate-completions %{build_args} +cargo run --example generate-docs %{build_args} %install install -D -d -m 0755 %{buildroot}%{_bindir} install -m 0755 %{_builddir}/rage-%{version}/target/release/rage %{buildroot}%{_bindir}/rage install -m 0755 %{_builddir}/rage-%{version}/target/release/rage-keygen %{buildroot}%{_bindir}/rage-keygen +install -m 0755 %{_builddir}/rage-%{version}/target/release/rage-keygen %{buildroot}%{_bindir}/rage-mount + +for i in "" -keygen -mount; do + install -D -p -m 644 target/manpages/rage$i.1.gz %{buildroot}/%{_mandir}/man1/rage$i.1%{?ext_man} + install -D -p -m 644 target/completions/rage$i.bash %{buildroot}%{_datadir}/bash-completion/completions/rage$i +done + +# Dependency Licenses +install -d -m 0755 %{buildroot}%{_licensedir}/%{name}/%{vlic_dir} +bash %{SOURCE3} installer vendor/%{vlic_dir} %{buildroot}/%{_licensedir}/%{name}/%{vlic_dir} verbose %files %{_bindir}/rage %{_bindir}/rage-keygen +%{_bindir}/rage-mount +%doc README.md rage/CHANGELOG.md +# accept duplicates here +%license LICENSE-APACHE LICENSE-MIT +%{_licensedir}/%{name}/%{vlic_dir}/ +%{_mandir}/man1/rage*.1%{?ext_man} + +%files bash-completion +%license LICENSE-APACHE LICENSE-MIT +%{_datadir}/bash-completion/completions/rage* %changelog - diff --git a/vendor.tar.xz b/vendor.tar.xz index 3258c69..e95c928 100644 --- a/vendor.tar.xz +++ b/vendor.tar.xz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:15f88e07dcc12835029e57da468e4a4b609725b257aa2ce14fd4e4a3427bb4d4 -size 20663484 +oid sha256:916b32d43698605249aade07c4163926b1dc0e66f730a8d648aa67a2a479b8df +size 20789696 diff --git a/vendored_licenses_packager.sh b/vendored_licenses_packager.sh new file mode 100644 index 0000000..3dfdb21 --- /dev/null +++ b/vendored_licenses_packager.sh @@ -0,0 +1,361 @@ +#!/bin/bash + +# written by cunix in 2019 +# corrected by Bernhard Wiedemann in 2020 (pipe through sort) +# updated by cunix in 2021 + 2022 + + +function helper { + echo Without any guarantee or promise this may be used to try helping + echo packagers to include some legal files from vendored source code archives. + echo + echo Script has to be run twice in spec file: + echo + echo 1. in archive directory to find packages with: + echo bash path_to_this_file finder path_to_tmp_target_directory + echo example in section %prep: + echo cd vendor + echo bash %{SOURCE2} finder vendored + echo + echo 2. to install and link found files with: + echo bash path_to_this_file installer path_to_tmp_target_directory path_to_buildroot_target_directory + echo example in section %install: + echo install -d -m 0755 %{buildroot}%{_licensedir}/%{name}/vendored + echo bash %{SOURCE2} installer vendor/vendored %{buildroot}/%{_licensedir}/%{name}/vendored + echo + echo 3. Files should be packaged: + echo example in section %files: + echo %{_licensedir}/%{name}/vendored/ + echo + echo + echo Some more details in source code. +} + + +function finder { + # Tries to find and prepare licenses from vendored packages for + # installation as file or link to existing file. + # + # $1 should be a destination directory for vendored licenses + + vendor_licenses_dir=$1 + knows_the_risk=$2 + username=$(whoami) + build_user="abuild" + workingdir=$(pwd) + licenses_file=$(mktemp /tmp/license_files_XXXXXXXXXX.txt) + licenses_directories=$(mktemp /tmp/license_dirs_XXXXXXXXXX.txt) + real_files=0 + linked_files=0 + goahead=0 + hash_list=() + filename_list=() + + legal_file_names="copying copyright legal licence license notice patents unlicense" + legal_directory_names="licence license" + + if [[ -z "$vendor_licenses_dir" ]] + then + echo missing directory as parameter + exit 1 + else + if [[ "$vendor_licenses_dir" = "/" ]] || [[ "$vendor_licenses_dir" = "/home" ]] \ + || [[ "$vendor_licenses_dir" = "/home/" ]] || [[ "$vendor_licenses_dir" = "/home/$username" ]] \ + || [[ "$vendor_licenses_dir" = "/home/$username/" ]] || [[ "$vendor_licenses_dir" = "$HOME" ]] + then + echo Do not use "$vendor_licenses_dir" as destination directory. + echo It will delete all your files. + exit 1 + else + if [[ "$username" != "$build_user" ]] + then + if [[ -n "$knows_the_risk" ]] + then + if [[ "$knows_the_risk" = "runanyway" ]] + then + build_user="$username" + fi + fi + fi + if [[ "$username" = "$build_user" ]] + then + mkdir -pv $vendor_licenses_dir + if [[ -d "$vendor_licenses_dir" ]] + then + echo Searching for licenses ... + rm $licenses_file $licenses_directories + for item in $legal_file_names + do + echo searching for file names starting with $item + found=$(find ./*/ -type f -iname "$item*" | sort) + f=$(echo_to_file $licenses_file "$found") + echo found: $f + done + for item in $legal_directory_names + do + echo searching for directory names starting with $item + found=$(find ./*/ -type d -iname "$item*" | sort) + d=$(echo_to_file $licenses_directories "$found") + echo found: $d + done + if [[ -f "$licenses_directories" ]] + then + while read line + do + fl=$(find $line -type f | sort) + f=$(echo_to_file $licenses_file "$fl") + echo files added from directory "$line" : $f + done < $licenses_directories + fi + goahead=1 + else + echo "$vendor_licenses_dir" is not a directory. + exit 1 + fi + else + echo Script should only be executed in build environment indicated by user $build_user + exit 1 + fi + fi + fi + + if [[ -f "$licenses_file" ]] + then + if [[ $goahead -eq 1 ]] + then + echo Removing $vendor_licenses_dir + rm -r "$vendor_licenses_dir" + mkdir -pv $vendor_licenses_dir + echo Processing licenses . . . + while read line + do + filenamepre=${line////__} + filename=${filenamepre//.__/} + hash_output=$(sha256sum "$line") + hash=${hash_output:0:66} + hash_list_len=${#hash_list[@]} + if [[ $hash_list_len -eq 0 ]] + then + cat "$line" > $vendor_licenses_dir/$filename + hash_list[0]=$hash + filename_list[0]=$filename + real_files=$(($real_files+1)) + else + counter=0 + match=0 + for item in ${hash_list[@]} + do + if test $item = $hash + then + match=1 + break + fi + counter=$(($counter+1)) + done + if [[ $match -eq 0 ]] + then + hash_list[$counter]=$hash + filename_list[$counter]=$filename + cat "$line" > $vendor_licenses_dir/$filename + real_files=$(($real_files+1)) + else + cd $vendor_licenses_dir + ln -s "${filename_list[$counter]}" "$filename" + linked_files=$(($linked_files+1)) + cd $workingdir + fi + fi + done < $licenses_file + echo License files to install: $real_files + echo License files to link: $linked_files + all_files=$(find "$vendor_licenses_dir") + size=0 + for item in $all_files + do + file_size=$(stat --format=%s "$item") + if [[ $file_size -ne 0 ]] + then + size=$(($size+$file_size)) + fi + done + size_string="" + sz=$size + if [[ $size -gt 10000000 ]] + then + sz=$(($size/1000000)) + size_string="Mega" + else + if [[ $size -gt 10000 ]] + then + sz=$(($size/1000)) + size_string="Kilo" + fi + fi + echo Size of licenses to package approximately: $sz $size_string Bytes + else + echo Does not package licenses. + exit 1 + fi + else + echo No licenses found to package. + fi +} + + +function installer { + # Installs or links previously found licenses. + # + # $1 should be the soure directory, prepared with script "find_licenses.sh" + # $2 should be the (already created) destination directory + # $3 set to "verbose" gives more results output + + vendor_licenses_dir=$1 + install_licenses_dir=$2 + verbose=$3 + licenses_files=$(mktemp /tmp/real_license_files_XXXXXXXXXX.txt) + licenses_links=$(mktemp /tmp/link_license_files_XXXXXXXXXX.txt) + real_files=0 + linked_files=0 + + rm $licenses_files + rm $licenses_links + + if [[ -z "$vendor_licenses_dir" ]] || [[ -z "$install_licenses_dir" ]] + then + echo needed arguments: + echo 1. Source Directory with vendored licenses + echo 2. Existing Target Directory to install vendored licenses in + exit 1 + else + find -P $vendor_licenses_dir -type f -fprintf $licenses_files "%f\n" + find -P $vendor_licenses_dir -type l -fprintf $licenses_links "%f %l\n" + + declare -A installers + declare -A linkers + while read line + do + install -D -m 0644 $vendor_licenses_dir/$line $install_licenses_dir/$line + real_files=$(($real_files+1)) + installers["$line"]=0 + done < $licenses_files + + cd $install_licenses_dir + while read line + do + combo=($line) + ln -s ${combo[1]} ${combo[0]} + linked_files=$(($linked_files+1)) + installers["${combo[1]}"]=$((${installers["${combo[1]}"]}+1)) + linkers["${combo[0]}"]="${combo[1]}" + done < $licenses_links + + if [[ -n "$verbose" ]] + then + if [[ "$verbose" = "verbose" ]] + then + max=0 + for item in ${!installers[@]} + do + if [[ ${installers["$item"]} > $max ]] + then + max=${installers["$item"]} + fi + done + installers_len=${#installers[@]} + ct=0 + c=0 + sorted=() + while [[ $ct -le $max ]] && [[ $c -lt $installers_len ]] + do + for item in ${!installers[@]} + do + if [[ ${installers["$item"]} -eq $ct ]] + then + sorted[$c]="$item" + c=$(($c+1)) + fi + done + ct=$(($ct+1)) + done + for item in ${sorted[@]} + do + echo installed "$item" with ${installers["$item"]} Links + for i in ${!linkers[@]} + do + if [[ ${linkers["$i"]} = "$item" ]] + then + echo linked: "$i" "->" "$item" + fi + done + done + fi + fi + fi + + echo Number of license files installed: $real_files + echo Number of license files linked: $linked_files + +} + + +function echo_to_file { + c=0 + for i in $2 + do + echo "$i" >> $1 + c=$(($c+1)) + done + echo $c +} + + +function main { + arg1="$1" + arg2="$2" + arg3="$3" + arg4="$4" + arg5="$5" + with_disclaimer="" + for i in $@ + do + if [[ "$i" = "--no_disclaimer" ]] + then + with_disclaimer=" " + break + fi + done + if [[ -z "$with_disclaimer" ]] + then + echo DISCLAIMER: + echo No promise is made that any obligation stated in license of + echo vendored source code or in another way will be met or + echo fulfilled by using this script! + echo USE AT YOUR OWN RISK! + echo + fi + runsomething="" + if [[ -n "$arg1" ]] + then + case "$arg1" in + "finder") + runsomething="f" + finder $arg2 $arg3 + ;; + "installer") + runsomething="i" + installer $arg2 $arg3 $arg4 + ;; + "help") + runsomething="h" + helper + ;; + esac + fi + if [[ -z "$runsomething" ]] + then + echo Only commands \'help\', \'finder\' and \'installer\' are valid. + exit 1 + fi +} + +main $@