From 6d2d17dcc2a43685dbc9c5f6870523dd479b6f64 Mon Sep 17 00:00:00 2001 From: abdfnx Date: Thu, 14 Jan 2021 10:23:21 +0000 Subject: [PATCH] Big M for Dockerfile, start add vm command --- packages/backup.rb => .code | 0 Dockerfile | 112 ++++++++++++++++++++----- Gemfile | 1 + README.md | 74 ++++++++++++++++- core/Dockerfile | 161 ++++++++++++++++++++++++++++++++++++ packages/backup/backup.go | 0 packages/backup/backup.rb | 0 packages/vm/test.rb | 25 ++++++ packages/vm/vm.go | 0 packages/vm/vm.rb | 13 +++ tools/tool-brew.yml | 9 ++ tools/tool-docker.yml | 13 +++ 12 files changed, 385 insertions(+), 23 deletions(-) rename packages/backup.rb => .code (100%) create mode 100644 core/Dockerfile create mode 100644 packages/backup/backup.go create mode 100644 packages/backup/backup.rb create mode 100644 packages/vm/test.rb create mode 100644 packages/vm/vm.go create mode 100644 packages/vm/vm.rb create mode 100644 tools/tool-brew.yml create mode 100644 tools/tool-docker.yml diff --git a/packages/backup.rb b/.code similarity index 100% rename from packages/backup.rb rename to .code diff --git a/Dockerfile b/Dockerfile index ab7e4cbc..aa05a573 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,32 +1,104 @@ -# The reason of choosing gitpod/workspace-full, Because it contains everything, like brew, apt/apt-get, npm & more... -FROM gitpod/workspace-full +FROM debian:latest -# pkgs -ARG PKGS="curl wget ruby-full" -ARG UPD="sudo apt-get update" -ARG GITHUB_URL="https://raw.githubusercontent.com" +# vars +ARG UPD="apt-get update" +ARG UPD_s="sudo $UPD" +ARG INS="apt-get install" +ARG INS_s="sudo $INS" +ARG APT_REPO="add-apt-repository" +ARG APT_REPO_s="sudo $APT_REPO" +ENV GITHUB_URL="https://raw.githubusercontent.com" +ENV PKGS="zip unzip multitail curl lsof wget ssl-cert asciidoctor apt-transport-https ca-certificates gnupg-agent bash-completion build-essential htop jq software-properties-common less llvm locales man-db nano vim ruby-full " +ENV BUILDS="build-essential zlib1g-dev libncurses5-dev libgdbm-dev libnss3-dev libssl-dev libsqlite3-dev libreadline-dev libffi-dev libbz2-dev" -RUN $UPD && \ - sudo apt-get install $PKGS -y && \ - brew install dep && \ - gem install bundler && \ +RUN $UPD && $INS -y $PKGS && $UPD && \ + locale-gen en_US.UTF-8 && \ + mkdir /var/lib/apt/abdcodedoc-marks && \ + apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* && \ $UPD -# install cli apps (gh, corgit, manx and verx) & install deps from gemfile +ENV LANG=en_US.UTF-8 + +### git ### +RUN $INS -y git && \ + rm -rf /var/lib/apt/lists/* && \ + $UPD + +# sudo +RUN $UPD && $INS -y sudo && \ + adduser --disabled-password --gecos '' smx && \ + adduser smx sudo && \ + echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers + +### docker ### +LABEL abdcodex/layer=tool-docker +LABEL abdcodex/test=tools/tool-docker.yml +USER root + +RUN $UPD_s +RUN curl -o /var/lib/apt/abdcodedoc-marks/docker.gpg -fsSL https://download.docker.com/linux/debian/gpg && \ + sudo apt-key add /var/lib/apt/abdcodedoc-marks/docker.gpg && \ + $APT_REPO_s "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable" && \ + $UPD_s && \ + $INS_s -y docker-ce docker-ce-cli containerd.io docker-compose && \ + sudo cp /var/lib/dpkg/status /var/lib/apt/abdcodedoc-marks/tool-docker.status && \ + sudo apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* && \ + $UPD_s + +ENV HOME="/home/smx" +WORKDIR $HOME +USER smx + +### homebrew ### +LABEL abdcodex/layer=tool-brew +LABEL abdcodex/test=tools/tool-brew.yml + +RUN $UPD_s +ENV TRIGGER_BREW_REBUILD=1 +RUN mkdir ~/.cache && /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" +ENV PATH="$PATH:/home/linuxbrew/.linuxbrew/bin:/home/linuxbrew/.linuxbrew/sbin/" \ + MANPATH="$MANPATH:/home/linuxbrew/.linuxbrew/share/man" \ + INFOPATH="$INFOPATH:/home/linuxbrew/.linuxbrew/share/info" \ + HOMEBREW_NO_AUTO_UPDATE=1 + +### nodejs & npm ### +RUN curl -sL https://deb.nodesource.com/setup_15.x -o nodesource_setup.sh && \ + sudo bash nodesource_setup.sh && \ + $INS_s nodejs build-essential -y && \ + $UPD_s + +# install pkgs +RUN $UPD_s && \ + brew install dep && \ + sudo gem install bundler && \ + $UPD_s + +# install cli apps (gh, corgit, manx and verx) & install ruby deps from gemfile RUN brew install gh && \ /bin/bash -c "$(curl -fsSL $GITHUB_URL/Dev-x-Team/corgit/main/setup)" && \ - npm i -g @abdfnx/manx && \ + sudo npm i -g @abdfnx/manx && \ /bin/bash -c "$(curl -fsSL $GITHUB_URL/abdfnx/verx/HEAD/install.sh)" && \ - bundle install && \ - $UPD + $UPD_s + +COPY Gemfile ./ +RUN sudo bundle install && sudo rm -rf Gemfile* -# secman +### secman ### RUN /bin/bash -c "$(curl -fsSL $GITHUB_URL/abdfnx/secman/HEAD/tools/install_linux.sh)" && \ - $UPD + $UPD_s -# zsh & omz (oh my zsh) -RUN brew install zsh && \ +# zsh +RUN brew install zsh +ENV src=".zshrc" +RUN zsh && \ sh -c "$(curl -fsSL https://raw.github.com/robbyrussell/oh-my-zsh/master/tools/install.sh)" && \ - $UPD + $UPD_s && \ + git clone https://github.com/zsh-users/zsh-syntax-highlighting.git ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-syntax-highlighting && \ + git clone https://github.com/zsh-users/zsh-autosuggestions ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-autosuggestions + +RUN echo 'ZSH_THEME="af-magic"' >> $src && \ + echo 'plugins=( git zsh-syntax-highlighting zsh-autosuggestions )' >> $src + +RUN /bin/bash -c "source $src" -WORKDIR /core +ENTRYPOINT ["zsh"] diff --git a/Gemfile b/Gemfile index b5db34b9..85fe956b 100644 --- a/Gemfile +++ b/Gemfile @@ -2,3 +2,4 @@ source 'https://rubygems.org' gem 'colorize' gem 'open-uri', '~> 0.1.0' +gem 'optparse' \ No newline at end of file diff --git a/README.md b/README.md index 66ff1fa5..7ac0bc03 100644 --- a/README.md +++ b/README.md @@ -1,13 +1,24 @@ # [][smUrl] [!["GitHub Discussions"](https://img.shields.io/badge/%20GitHub-%20Discussions-gray.svg?longCache=true&logo=github&colorB=purple)](https://github.com/abdfnx/secman/discussions) -[![MIT LICENSE](http://img.shields.io/badge/license-MIT-blue.svg?style=flat-square)](LICENSE) +[![MIT LICENSE](http://img.shields.io/badge/license-MIT-blue.svg?style=flat-square)](https://github.com/abdfnx/secman/blob/main/LICENSE) > stores, retrieves, generates, and synchronizes passwords and files securely and is written in [][goUrl] 💪! The most important difference is secman is not GPG based. Instead it uses a master password to securely store your passwords. It also supports encrypting arbitrary files. `secman is meant to be secure enough that you can publicly post your vault.` -## Installation +## Installation ⬇ + +## secman with [docker][dkUrl] (_Recommended_) + +> you can create secman virtual machine by [docker][dkUrl] + +```sh +❯ docker pull abdcodedoc/secman:latest +❯ docker run -t -i --privileged abdcodedoc/secman +``` + +## without docker `secman` requires [Go][goUrl] version 1.11 or later. @@ -142,7 +153,7 @@ secman can also create randomly generated passwords. The default length of secma ### Deleting a vault entry -```sh +```code ❯ secman ├──bb | └──ff @@ -170,6 +181,62 @@ remove is used for removing sites from the password vault. `secman rm` is an ali All subcommands support the `--help` flag. +## `secman-sync` + +#### auth + +you should authenticate by [`gh cli`](https://cli.github.com) to use **sync** feature + +```sh +❯ gh auth login +``` + +#### sync + +```sh +❯ secman-sync sync +``` + +if you sync your passwords for first time, `create` command will create a private github repo and store the passwords on it + +`secman-sync sy` is an alias of `secman-sync sync` + +#### clone + +```sh +❯ secman-sync clone +``` + +if you lose your passwords, or you use more than device, you can clone your private repo + +`secman-sync cn` is an alias of `secman-sync clone` + +#### push + +```sh +❯ secman-sync push +``` + +if there's a new password/s, it's well push it to the repo, like git + +`secman-sync ph` is an alias of `secman-sync push` + +#### pull + +```sh +❯ secman-sync pull +``` + +we know what `pull` do + +alias: `secman-sync pl` + +#### getting help + +```sh +❯ secman-sync --help | -h +``` + ## CRYPTOGRAPHY DETAILS ### Generating Passwords @@ -236,3 +303,4 @@ SOFTWARE. [goUrl]: https://goland.org [smUrl]: https://secman.web.app +[dkUrl]: https://docker.com diff --git a/core/Dockerfile b/core/Dockerfile new file mode 100644 index 00000000..9129b93f --- /dev/null +++ b/core/Dockerfile @@ -0,0 +1,161 @@ +FROM buildpack-deps + +### base ### +RUN yes | unminimize \ + && apt-get install -yq \ + asciidoctor \ + bash-completion \ + build-essential \ + htop \ + jq \ + less \ + llvm \ + locales \ + man-db \ + nano \ + software-properties-common \ + sudo \ + vim \ + && locale-gen en_US.UTF-8 \ + && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* +ENV LANG=en_US.UTF-8 + +### sm user ### +# '-l': see https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#user +RUN useradd -l -u 33333 -G sudo -md /home/sm -s /bin/bash -p sm sm \ + # passwordless sudo for users in the 'sudo' group + && sed -i.bkp -e 's/%sudo\s\+ALL=(ALL\(:ALL\)\?)\s\+ALL/%sudo ALL=NOPASSWD:ALL/g' /etc/sudoers +ENV HOME=/home/sm +WORKDIR $HOME +# custom Bash prompt +RUN { echo && echo "PS1='\[\e]0;\u \w\a\]\[\033[01;32m\]\u\[\033[00m\] \[\033[01;34m\]\w\[\033[00m\] \\\$ '" ; } >> .bashrc + +### C/C++ ### +RUN curl -fsSL https://apt.llvm.org/llvm-snapshot.gpg.key | apt-key add - \ + && apt-add-repository -yu "deb http://apt.llvm.org/cosmic/ llvm-toolchain-cosmic-6.0 main" \ + && apt-get install -yq \ + clang-format-6.0 \ + clang-tools-6.0 \ + cmake \ + && ln -s /usr/bin/clangd-6.0 /usr/bin/clangd \ + && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* + +### Java & Maven ### +RUN add-apt-repository -yu ppa:webupd8team/java \ + && echo oracle-java8-installer shared/accepted-oracle-license-v1-1 select true | debconf-set-selections \ + && apt-get install -yq \ + gradle \ + oracle-java8-installer \ + && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* + +ARG MAVEN_VERSION=3.5.4 +ENV MAVEN_HOME=/usr/share/maven +ENV PATH=$MAVEN_HOME/bin:$PATH +RUN mkdir -p $MAVEN_HOME \ + && curl -fsSL https://apache.osuosl.org/maven/maven-3/$MAVEN_VERSION/binaries/apache-maven-$MAVEN_VERSION-bin.tar.gz \ + | tar -xzvC $MAVEN_HOME --strip-components=1 + +### PHP ### +RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -yq \ + composer \ + php \ + php-all-dev \ + php-ctype \ + php-curl \ + php-date \ + php-gd \ + php-gettext \ + php-intl \ + php-json \ + php-mbstring \ + php-mysql \ + php-net-ftp \ + php-pgsql \ + php-sqlite3 \ + php-tokenizer \ + php-xml \ + php-zip \ + && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* +# PHP language server is installed by theia-php-extension + +### Yarn ### +RUN curl -fsSL https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - \ + && apt-add-repository -yu "deb https://dl.yarnpkg.com/debian/ stable main" \ + && apt-get install --no-install-recommends -yq yarn=1.12.3-1 \ + && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* + +### sm user (2) ### +USER sm +# use sudo so that user does not get sudo usage info on (the first) login +RUN sudo echo "Running 'sudo' for sm: success" + +### Go ### +ENV GO_VERSION=1.11.2 \ + GOPATH=$HOME/go-packages \ + GOROOT=$HOME/go +ENV PATH=$GOROOT/bin:$GOPATH/bin:$PATH +RUN curl -fsSL https://storage.googleapis.com/golang/go$GO_VERSION.linux-amd64.tar.gz | tar -xzv \ + && go get -u -v \ + github.com/acroca/go-symbols \ + github.com/cweill/gotests/... \ + github.com/davidrjenni/reftools/cmd/fillstruct \ + github.com/fatih/gomodifytags \ + github.com/haya14busa/goplay/cmd/goplay \ + github.com/josharian/impl \ + github.com/nsf/gocode \ + github.com/ramya-rao-a/go-outline \ + github.com/rogpeppe/godef \ + github.com/uudashr/gopkgs/cmd/gopkgs \ + github.com/zmb3/gogetdoc \ + golang.org/x/lint/golint \ + golang.org/x/tools/cmd/godoc \ + golang.org/x/tools/cmd/gorename \ + golang.org/x/tools/cmd/guru \ + sourcegraph.com/sqs/goreturns +# user Go packages +ENV GOPATH=/workspace:$GOPATH \ + PATH=/workspace/bin:$PATH + +### Node.js ### +ARG NODE_VERSION=8.14.0 +ENV PATH=/home/sm/.nvm/versions/node/v8.14.0/bin:$PATH +RUN curl -fsSL https://raw.githubusercontent.com/creationix/nvm/v0.33.11/install.sh | bash \ + && bash -c ". .nvm/nvm.sh \ + && npm config set python /usr/bin/python --global \ + && npm config set python /usr/bin/python \ + && npm install -g typescript" + +### Python ### +ENV PATH=$HOME/.pyenv/bin:$HOME/.pyenv/shims:$PATH +RUN curl -fsSL https://github.com/pyenv/pyenv-installer/raw/master/bin/pyenv-installer | bash \ + && { echo; \ + echo 'eval "$(pyenv init -)"'; \ + echo 'eval "$(pyenv virtualenv-init -)"'; } >> .bashrc \ + && pyenv install 3.6.6 \ + && pyenv global 3.6.6 \ + && pip install virtualenv pipenv python-language-server[all]==0.19.0 \ + && rm -rf /tmp/* + +### Ruby ### +ENV RUBY_VERSION=2.6.0 +RUN curl -sSL https://rvm.io/mpapis.asc | gpg --import - \ + && curl -sSL https://rvm.io/pkuczynski.asc | gpg --import - \ + && curl -fsSL https://get.rvm.io | bash -s stable \ + && bash -lc " \ + rvm requirements \ + && rvm install $RUBY_VERSION \ + && rvm use $RUBY_VERSION --default \ + && rvm rubygems current \ + && gem install bundler --no-document" + +### Rust ### +RUN curl -fsSL https://sh.rustup.rs | sh -s -- -y \ + && .cargo/bin/rustup update \ + && .cargo/bin/rustup component add rls-preview rust-analysis rust-src \ + && .cargo/bin/rustup completions bash | sudo tee /etc/bash_completion.d/rustup.bash-completion > /dev/null + +### checks ### +# no root-owned files in the home directory +RUN notOwnedFile=$(find . -not "(" -user sm -and -group sm ")" -print -quit) \ + && { [ -z "$notOwnedFile" ] \ + || { echo "Error: not all files/dirs in $HOME are owned by 'sm' user & group"; exit 1; } } diff --git a/packages/backup/backup.go b/packages/backup/backup.go new file mode 100644 index 00000000..e69de29b diff --git a/packages/backup/backup.rb b/packages/backup/backup.rb new file mode 100644 index 00000000..e69de29b diff --git a/packages/vm/test.rb b/packages/vm/test.rb new file mode 100644 index 00000000..600da41c --- /dev/null +++ b/packages/vm/test.rb @@ -0,0 +1,25 @@ +require 'optparse' +require 'colorize' + +image = `docker images -q abdcodedoc 2> /dev/null` +wel = "Welcome to".green +smvm = "secman vm".cyan + +options = {} +OptionParser.new do |opts| + opts.banner = "secman vm (virtual machine) with #{"docker".blue}" + + opts.on("-l", "--login", "login to your vm") do |l| + puts "#{wel} #{smvm}" + + if image == "" + system("docker pull abdcodedoc/secman:latest") + system("docker run -t -i --privileged abdcodedoc/secman") + else + system("docker run -t -i --privileged abdcodedoc/secman") + end + end + opts.on("-q", "--quit", "quit from secman vm") do |q| + system("exit") + end +end.parse! diff --git a/packages/vm/vm.go b/packages/vm/vm.go new file mode 100644 index 00000000..e69de29b diff --git a/packages/vm/vm.rb b/packages/vm/vm.rb new file mode 100644 index 00000000..43b7fe29 --- /dev/null +++ b/packages/vm/vm.rb @@ -0,0 +1,13 @@ +require 'colorize' + +image = `docker images -q abdcodedoc 2> /dev/null` +wel = "Welcome to secman vm".green + +if image == "" + puts wel + system("docker pull abdcodedoc/secman:latest") + system("docker run -t -i --privileged abdcodedoc/secman") +else + puts wel + system("docker run -t -i --privileged abdcodedoc/secman") +end diff --git a/tools/tool-brew.yml b/tools/tool-brew.yml new file mode 100644 index 00000000..8d9b1904 --- /dev/null +++ b/tools/tool-brew.yml @@ -0,0 +1,9 @@ +- desc: it should run + command: [brew, --version] + assert: + - status == 0 + - stdout.indexOf("Homebrew") != -1 +- desc: it should pass the selftest + command: [brew, doctor] + assert: + - stderr.indexOf("error") == -1 diff --git a/tools/tool-docker.yml b/tools/tool-docker.yml new file mode 100644 index 00000000..fdb7c24d --- /dev/null +++ b/tools/tool-docker.yml @@ -0,0 +1,13 @@ +- desc: docker should be installed + command: [which, docker] + assert: + - status == 0 + - stdout.indexOf("/usr/bin/docker") != -1 +- desc: containerd should be installed + command: [containerd, config, dump] + assert: + - status == 0 +- desc: dive should be installed + command: [dive, version] + assert: + - status == 0 \ No newline at end of file