mirror of
ssh://git.janware.com/janware/proj/jw-pkg
synced 2026-04-28 15:25:23 +02:00
5 commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 281e6e2440 | |||
| f3c4a51b85 | |||
| 1ffac7b365 | |||
| 699980c32e | |||
| 18de6f2cf2 |
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
| 281e6e2440 |
cmds.secrets.CompileTemplates: Log missing secrets
Log the number of secrets missing to fully compile all templates. Signed-off-by: Jan Lindemann <jan@janware.com> |
|||
| f3c4a51b85 |
cmds.secrets.CmdCompileTemplates: Support -ogm
Add support for the -o (--owner) -g (--group) -m (--mode) options. They allow to specify a default for compiling templates, but _don't_ override what's in the #conf: specification line in .jw-tmpl or .jw-secret files. Signed-off-by: Jan Lindemann <jan@janware.com> |
|||
| 1ffac7b365 |
cmds.secrets.CmdXX: Add option --all
Support option --all to jw-pkg.py secrets list-compilation-output and list-secrets (CmdListCompilationOutput & CmdSecrets). This allows them to also report non-existent files. Signed-off-by: Jan Lindemann <jan@janware.com> |
|||
| 699980c32e |
cmds.secrets.Cmd: Fix errors on Kali 2026.1
Fix errors dug up by testing on Kali Linux 2026.1: - Nested class Cmds.Attrs is constructed without scope - "replace" falls back to empty list, not empty dictionary Signed-off-by: Jan Lindemann <jan@janware.com> |
|||
| 18de6f2cf2 |
cmds.CmdSecrets: Add command class + subcommands
jw-pkg.py secrets [sub-command] [packages] is a set of utility
commands designed to manage configuration files containing secrets.
To keep secrets from leaking via version control or packages, a
_template_ should be packaged for every sensitive configuration file.
Then, during post-install, configuration files can be generated from
packaged templates via
jw-pkg.py secrets compile-templates <package> <package> ...
During post-uninstall
jw-pkg.py secrets rm-compilation-output <package> <package> ...
removes them.
Not specifying any packages will compile or remove all templates on
the system.
To identify which files to consider and generate or remove, the
compilation scans <package> for files ending in .jw-tmpl. For each
match, e.g.
/path/to/some.conf.jw-tmpl
it will read key-value pairs from
/path/to/some.conf.jw-secret
and generate
/path/to/some.conf
from it, replacing all keys by their respective values. The file
attributes of the generated file can be determined by the first line:
of some.conf.jw-tmpl or some.conf.jw-secret:
# conf: owner=mysql; group=mysql; mode=0640
There are other commands for managing all secrets on the system at
once, see jw-pkg.py secrets --help:
compile-templates Compile package template files
list-compilation-output
List package compilation output files
list-secrets List package secret files
list-templates List package template files
rm-compilation-output
Remove package compilation output files
Signed-off-by: Jan Lindemann <jan@janware.com>
|
