Merge pull request #995 from subutai-io/dev

Dev -> Master

cli/encrypt.go

@@ -0,0 +1,60 @@
+package cli
+
+import (
+	"strings"
+	"github.com/subutai-io/agent/lib/fs"
+	"github.com/subutai-io/agent/lib/gpg"
+	"github.com/subutai-io/agent/log"
+	"github.com/subutai-io/agent/config"
+	"path"
+)
+
+//gpg1 --batch --passphrase {pwd} --symmetric --cipher-algo AES256 {/path/to/file}
+func EncryptFile(pathToFile, password string) {
+	pathToFile = strings.TrimSpace(pathToFile)
+	password = strings.TrimSpace(password)
+
+	checkArgument(pathToFile != "", "Invalid path to file")
+	checkArgument(password != "", "Invalid password")
+
+	checkCondition(fs.FileExists(pathToFile), func() {
+		checkState(fs.FileExists(path.Join(config.Agent.CacheDir, pathToFile)), "File %s not found", pathToFile)
+		pathToFile = path.Join(config.Agent.CacheDir, pathToFile)
+	})
+
+	destFile := pathToFile + ".gpg"
+	if fs.FileExists(destFile) {
+		fs.DeleteFile(destFile)
+	}
+
+	log.Check(log.ErrorLevel, "Encrypting file", gpg.EncryptFile(pathToFile, password))
+
+	log.Info("Encrypted file to " + pathToFile + ".gpg")
+}
+
+//gpg1 --batch --passphrase {pwd} --output {/path/to/file} --decrypt {/path/to/file}
+func DecryptFile(pathToSrcFile, pathToDestFile, password string) {
+	pathToSrcFile = strings.TrimSpace(pathToSrcFile)
+	pathToDestFile = strings.TrimSpace(pathToDestFile)
+	password = strings.TrimSpace(password)
+
+	checkArgument(pathToSrcFile != "", "Invalid path to encrypted source file")
+	checkArgument(password != "", "Invalid password")
+
+	checkCondition(fs.FileExists(pathToSrcFile), func() {
+		checkState(fs.FileExists(path.Join(config.Agent.CacheDir, pathToSrcFile)), "File %s not found", pathToSrcFile)
+		pathToSrcFile = path.Join(config.Agent.CacheDir, pathToSrcFile)
+	})
+
+	if pathToDestFile == "" {
+		pathToDestFile = strings.TrimSuffix(pathToSrcFile, ".gpg") + "-decrypted"
+	}
+
+	if fs.FileExists(pathToDestFile) {
+		fs.DeleteDir(pathToDestFile)
+	}
+
+	log.Check(log.ErrorLevel, "Decrypting file", gpg.DecryptFile(pathToSrcFile, pathToDestFile, password))
+
+	log.Info("Decrypted file to " + pathToDestFile)
+}

lib/exec/command.go

@@ -8,7 +8,6 @@ import (
 	"github.com/subutai-io/agent/log"
 	"os"
 	"io"
-	"github.com/subutai-io/agent/config"
 )
 
 // executes command
@@ -20,7 +19,6 @@ func ExecB(command string, args ...string) ([]byte, error) {
 
 	cmd := exec.Command(command, args...)
 	cmd.Env = os.Environ()
-	cmd.Env = append(cmd.Env, "IPFS_PATH="+config.CDN.IpfsPath)
 
 	var out bytes.Buffer
 	var stderr bytes.Buffer
@@ -40,13 +38,10 @@ func ExecB(command string, args ...string) ([]byte, error) {
 // executes command
 // returns stdout and nil if command executes successfully
 // returns stderr and error if command executes with error
-func Execute(command string, args ...string) (string, error) {
-
-	log.Debug("Executing command " + command + " " + strings.Join(args, " "))
+func ExecuteNoLog(command string, args ...string) (string, error) {
 
 	cmd := exec.Command(command, args...)
 	cmd.Env = os.Environ()
-	cmd.Env = append(cmd.Env, "IPFS_PATH="+config.CDN.IpfsPath)
 
 	var out bytes.Buffer
 	var stderr bytes.Buffer
@@ -67,6 +62,16 @@ func Execute(command string, args ...string) (string, error) {
 	return out.String(), nil
 }
 
+// executes command
+// returns stdout and nil if command executes successfully
+// returns stderr and error if command executes with error
+func Execute(command string, args ...string) (string, error) {
+
+	log.Debug("Executing command " + command + " " + strings.Join(args, " "))
+
+	return ExecuteNoLog(command, args...)
+}
+
 // executes command using /bin/bash
 // returns stdout and nil if command executes successfully
 // returns stderr and error if command executes with error

lib/gpg/gpg.go

@@ -74,6 +74,18 @@ func ensureGPGVersion() {
 	}
 }
 
+func EncryptFile(pathToFile, password string) error {
+	_, err := exec2.ExecuteNoLog(GPG, "--batch", "--passphrase", password, "--symmetric", "--cipher-algo", "AES256", pathToFile)
+
+	return err
+}
+
+func DecryptFile(pathToSrcFile, pathToDestFile, password string) error {
+	_, err := exec2.ExecuteNoLog(GPG, "--batch", "--passphrase", password, "--output", pathToDestFile, "--decrypt", pathToSrcFile)
+
+	return err
+}
+
 //ImportPk imports Public Key "gpg2 --import pubkey.key" to RH
 func ImportPk(k []byte) error {
 	tmpfile, err := ioutil.TempFile("", "subutai-epub")

main.go

@@ -300,6 +300,16 @@ var (
 	cdnUploadCmdFile  = cdnUploadCmd.Flag("file", "path to file to upload").Short('f').Required().String()
 	cndUploadCmdToken = cdnUploadCmd.Flag("token", "CDN token").Short('t').Required().String()
 
+	fileCmd                = app.Command("file", "Encrypt/decrypt files with password")
+	fileEncryptCmd         = fileCmd.Command("encrypt", "Encrypt file")
+	fileEncryptCmdPath     = fileEncryptCmd.Flag("source", "Source file to encrypt").Short('s').Required().String()
+	fileEncryptCmdPassword = fileEncryptCmd.Flag("password", "Password to use for encryption").Short('p').Required().String()
+
+	fileDecryptCmd           = fileCmd.Command("decrypt", "Decrypt file")
+	fileDecryptCmdSourcePath = fileDecryptCmd.Flag("source", "Source file to decrypt").Short('s').Required().String()
+	fileDecryptCmdTargetPath = fileDecryptCmd.Flag("target", "Target decrypted file").Short('t').String()
+	fileDecryptCmdPassword   = fileDecryptCmd.Flag("password", "Password to use for decryption").Short('p').Required().String()
+
 	//restart command
 	restartCmd          = app.Command("restart", "Restart Subutai container")
 	restartCmdContainer = restartCmd.Arg("name(s)", "container name(s)").Required().Strings()
@@ -497,6 +507,11 @@ func main() {
 	case cdnUploadCmd.FullCommand():
 		cli.UploadRawFile(*cdnUploadCmdFile, *cndUploadCmdToken)
 
+	case fileEncryptCmd.FullCommand():
+		cli.EncryptFile(*fileEncryptCmdPath, *fileEncryptCmdPassword)
+	case fileDecryptCmd.FullCommand():
+		cli.DecryptFile(*fileDecryptCmdSourcePath, *fileDecryptCmdTargetPath, *fileDecryptCmdPassword)
+
 	case metricsCmd.FullCommand():
 		fmt.Println(cli.GetHostMetrics(*metricsHost, *metricsStart, *metricsEnd))