janware/jw-pkg
1
mirror of ssh://git.janware.com/janware/proj/jw-pkg synced 2026-04-25 09:35:54 +02:00
Code Activity Actions
4,499 commits 1 branch 0 tags 5 MiB
Commit graph

6 commits

Author SHA1 Message Date
Jan Lindemann
5ad65f85fd cmds.secrets.lib.util: Add module 
To be able to use secret handling code from other modules, move the
bulk of it from the "secrets"-command centric implementation in
cmds.secrets.Cmd into a new module cmds.secrets.lib.util.

Signed-off-by: Jan Lindemann <jan@janware.com>
 2026-04-11 14:56:21 +02:00
Jan Lindemann
281e6e2440 cmds.secrets.CompileTemplates: Log missing secrets 
Log the number of secrets missing to fully compile all templates.

Signed-off-by: Jan Lindemann <jan@janware.com>
 2026-03-09 20:01:26 +01:00
Jan Lindemann
f3c4a51b85 cmds.secrets.CmdCompileTemplates: Support -ogm 
Add support for the -o (--owner) -g (--group) -m (--mode) options.
They allow to specify a default for compiling templates, but _don't_
override what's in the #conf: specification line in .jw-tmpl or
.jw-secret files.

Signed-off-by: Jan Lindemann <jan@janware.com>
 2026-03-09 19:58:28 +01:00
Jan Lindemann
1ffac7b365 cmds.secrets.CmdXX: Add option --all 
Support option --all to jw-pkg.py secrets list-compilation-output and
list-secrets (CmdListCompilationOutput & CmdSecrets). This allows
them to also report non-existent files.

Signed-off-by: Jan Lindemann <jan@janware.com>
 2026-03-09 19:58:02 +01:00
Jan Lindemann
699980c32e cmds.secrets.Cmd: Fix errors on Kali 2026.1 
Fix errors dug up by testing on Kali Linux 2026.1:

  - Nested class Cmds.Attrs is constructed without scope

  - "replace" falls back to empty list, not empty dictionary

Signed-off-by: Jan Lindemann <jan@janware.com>
 2026-03-09 19:57:56 +01:00
Jan Lindemann
18de6f2cf2 cmds.CmdSecrets: Add command class + subcommands 
jw-pkg.py secrets [sub-command] [packages] is a set of utility
commands designed to manage configuration files containing secrets.

To keep secrets from leaking via version control or packages, a
_template_ should be packaged for every sensitive configuration file.
Then, during post-install, configuration files can be generated from
packaged templates via

  jw-pkg.py secrets compile-templates <package> <package> ...

During post-uninstall

  jw-pkg.py secrets rm-compilation-output <package> <package> ...

removes them.

Not specifying any packages will compile or remove all templates on
the system.

To identify which files to consider and generate or remove, the
compilation scans <package> for files ending in .jw-tmpl. For each
match, e.g.

  /path/to/some.conf.jw-tmpl

it will read key-value pairs from

  /path/to/some.conf.jw-secret

and generate

  /path/to/some.conf

from it, replacing all keys by their respective values. The file
attributes of the generated file can be determined by the first line:
of some.conf.jw-tmpl or some.conf.jw-secret:

  # conf: owner=mysql; group=mysql; mode=0640

There are other commands for managing all secrets on the system at
once, see jw-pkg.py secrets --help:

    compile-templates   Compile package template files
    list-compilation-output
                        List package compilation output files
    list-secrets        List package secret files
    list-templates      List package template files
    rm-compilation-output
                        Remove package compilation output files

Signed-off-by: Jan Lindemann <jan@janware.com>
 2026-03-07 21:51:17 +01:00