Hello community, here is the log from the commit of package rubygem-sshkit for openSUSE:Factory checked in at 2018-07-18 22:53:12 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/rubygem-sshkit (Old) and /work/SRC/openSUSE:Factory/.rubygem-sshkit.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-sshkit" Wed Jul 18 22:53:12 2018 rev:23 rq:621786 version:1.17.0 Changes: -------- --- /work/SRC/openSUSE:Factory/rubygem-sshkit/rubygem-sshkit.changes 2018-03-06 10:46:08.486769153 +0100 +++ /work/SRC/openSUSE:Factory/.rubygem-sshkit.new/rubygem-sshkit.changes 2018-07-18 22:53:13.387103522 +0200 @@ -1,0 +2,20 @@ +Sun Jul 8 02:18:04 UTC 2018 - factory-a...@kulow.org + +- updated to version 1.17.0 + see installed CHANGELOG.md + + ## [1.17.0][] (2018-07-07) + + * [#430](https://github.com/capistrano/sshkit/pull/430): [Feature] Command Argument STDOUT/capistrano.log Hiding - [@NorseGaud](https://github.com/NorseGaud) + +------------------------------------------------------------------- +Mon May 21 01:17:13 UTC 2018 - factory-a...@kulow.org + +- updated to version 1.16.1 + see installed CHANGELOG.md + + ## [1.16.1][] (2018-05-20) + + * [#425](https://github.com/capistrano/sshkit/pull/425): Command#group incorrectly escapes double quotes, resulting in a a syntax error when specifying the group execution using `as`. This issue manifested when user command quotes changed from double quotes to single quotes. This fix removes the double quote escaping - [@pblesi](https://github.com/pblesi). + +------------------------------------------------------------------- Old: ---- sshkit-1.16.0.gem New: ---- sshkit-1.17.0.gem ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rubygem-sshkit.spec ++++++ --- /var/tmp/diff_new_pack.9Ituew/_old 2018-07-18 22:53:15.435096731 +0200 +++ /var/tmp/diff_new_pack.9Ituew/_new 2018-07-18 22:53:15.443096705 +0200 @@ -24,7 +24,7 @@ # Name: rubygem-sshkit -Version: 1.16.0 +Version: 1.17.0 Release: 0 %define mod_name sshkit %define mod_full_name %{mod_name}-%{version} ++++++ sshkit-1.16.0.gem -> sshkit-1.17.0.gem ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/.travis.yml new/.travis.yml --- old/.travis.yml 2018-02-04 02:40:20.000000000 +0100 +++ new/.travis.yml 2018-07-08 03:07:35.000000000 +0200 @@ -1,12 +1,14 @@ language: ruby rvm: - - 2.3.3 - - 2.2.4 - - 2.1.8 - - 2.0.0 + - 2.5 + - 2.4 + - 2.3 + - 2.2 + - 2.1 + - 2.0 matrix: include: - # Run Danger only once, on 2.3.3 - - rvm: 2.3.3 + # Run Danger only once, on 2.5 + - rvm: 2.5 script: bundle exec danger script: bundle exec rake test:units lint diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md --- old/CHANGELOG.md 2018-02-04 02:40:20.000000000 +0100 +++ new/CHANGELOG.md 2018-07-08 03:07:35.000000000 +0200 @@ -7,6 +7,14 @@ * Your contribution here! +## [1.17.0][] (2018-07-07) + + * [#430](https://github.com/capistrano/sshkit/pull/430): [Feature] Command Argument STDOUT/capistrano.log Hiding - [@NorseGaud](https://github.com/NorseGaud) + +## [1.16.1][] (2018-05-20) + + * [#425](https://github.com/capistrano/sshkit/pull/425): Command#group incorrectly escapes double quotes, resulting in a a syntax error when specifying the group execution using `as`. This issue manifested when user command quotes changed from double quotes to single quotes. This fix removes the double quote escaping - [@pblesi](https://github.com/pblesi). + ## [1.16.0][] (2018-02-03) * [#417](https://github.com/capistrano/sshkit/pull/417): Cache key generation for connections becomes slow when `known_hosts` is a valid `net/ssh` options and `known_hosts` file is big. This changes the cache key generation and fixes performance issue - [@ElvinEfendi](https://github.com/ElvinEfendi). @@ -738,7 +746,9 @@ First release. -[Unreleased]: https://github.com/capistrano/sshkit/compare/v1.16.0...HEAD +[Unreleased]: https://github.com/capistrano/sshkit/compare/v1.17.0...HEAD +[1.17.0]: https://github.com/capistrano/sshkit/compare/v1.16.1...v1.17.0 +[1.16.1]: https://github.com/capistrano/sshkit/compare/v1.16.0...v1.16.1 [1.16.0]: https://github.com/capistrano/sshkit/compare/v1.15.1...v1.16.0 [1.15.1]: https://github.com/capistrano/sshkit/compare/v1.15.0...v1.15.1 [1.15.0]: https://github.com/capistrano/sshkit/compare/v1.14.0...v1.15.0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/EXAMPLES.md new/EXAMPLES.md --- old/EXAMPLES.md 2018-02-04 02:40:20.000000000 +0100 +++ new/EXAMPLES.md 2018-07-08 03:07:35.000000000 +0200 @@ -32,6 +32,10 @@ ## Run a command with specific environmental variables ```ruby +# Please see the documentation for caveats related to commands that do not use +# the command map [such as simple strings]. +# +# https://github.com/capistrano/sshkit#the-command-map on hosts do |host| with rack_env: :test do puts capture("env | grep RACK_ENV") diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Gemfile new/Gemfile --- old/Gemfile 2018-02-04 02:40:20.000000000 +0100 +++ new/Gemfile 2018-07-08 03:07:35.000000000 +0200 @@ -18,8 +18,3 @@ if Gem::Requirement.new('< 2.1').satisfied_by?(Gem::Version.new(RUBY_VERSION)) gem 'public_suffix', '< 3' end - -# rbnacl-libsodium > 1.0.15.1 requires Ruby 2.2.6+ -if Gem::Requirement.new('< 2.2.6').satisfied_by?(Gem::Version.new(RUBY_VERSION)) - gem 'rbnacl-libsodium', '<= 1.0.15.1' -end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/README.md new/README.md --- old/README.md 2018-02-04 02:40:20.000000000 +0100 +++ new/README.md 2018-07-08 03:07:35.000000000 +0200 @@ -5,7 +5,6 @@ [![Gem Version](https://badge.fury.io/rb/sshkit.svg)](https://rubygems.org/gems/sshkit) [![Build Status](https://travis-ci.org/capistrano/sshkit.svg?branch=master)](https://travis-ci.org/capistrano/sshkit) -[![Dependency Status](https://gemnasium.com/capistrano/sshkit.svg)](https://gemnasium.com/capistrano/sshkit) ## How might it work? @@ -444,6 +443,32 @@ SSHKit.config.output = SSHKit::Formatter::SimpleText.new(File.open('log/deploy.log', 'wb')) ``` +#### Output & Log Redaction + +If necessary, redact() can be used on a section of your execute arguments to hide it from both STDOUT and the capistrano.log. It supports the majority of data types. + +```ruby +# Example from capistrano-postgresql gem +execute(:psql, fetch(:pg_system_db), '-c', %Q{"CREATE USER \\"#{fetch(:pg_username)}\\" PASSWORD}, redact("'#{fetch(:pg_password)}'"), %Q{;"}) +``` +Once wrapped, sshkit logging will replace the actual pg_password with a [REDACTED] value: + +``` +# STDOUT +00:00 postgresql:create_database_user + 01 sudo -i -u postgres psql -d postgres -c "CREATE USER \"db_admin_user\" PASSWORD [REDACTED] ;" + 01 CREATE ROLE + ✔ 01 user@localhost 0.099s + +# capistrano.log +INFO [59dbd2ba] Running /usr/bin/env sudo -i -u postgres psql -d postgres -c "CREATE USER \"db_admin_user\" PASSWORD [REDACTED] ;" as user@localhost +DEBUG [59dbd2ba] Command: ( export PATH="$HOME/.gem/ruby/2.5.0/bin:$PATH" ; /usr/bin/env sudo -i -u postgres psql -d postgres -c "CREATE USER \"db_admin_user\" PASSWORD [REDACTED] ;" ) +DEBUG [529b623c] CREATE ROLE + +``` + +Yet, the created database user will have the value from `fetch(:pg_password)`. + #### Output Colors By default, SSHKit will color the output using ANSI color escape sequences Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/sshkit/backends/abstract.rb new/lib/sshkit/backends/abstract.rb --- old/lib/sshkit/backends/abstract.rb 2018-02-04 02:40:20.000000000 +0100 +++ new/lib/sshkit/backends/abstract.rb 2018-07-08 03:07:35.000000000 +0200 @@ -42,6 +42,10 @@ @group = nil end + def redact(arg) # Used in execute_command to hide redact() args a user passes in + arg.to_s.extend(Redaction) # to_s due to our inability to extend Integer, etc + end + def make(commands=[]) execute :make, commands end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/sshkit/backends/local.rb new/lib/sshkit/backends/local.rb --- old/lib/sshkit/backends/local.rb 2018-02-04 02:40:20.000000000 +0100 +++ new/lib/sshkit/backends/local.rb 2018-07-08 03:07:35.000000000 +0200 @@ -39,10 +39,8 @@ private def execute_command(cmd) - output.log_command_start(cmd) - + output.log_command_start(cmd.with_redaction) cmd.started = Time.now - Open3.popen3(cmd.to_command) do |stdin, stdout, stderr, wait_thr| stdout_thread = Thread.new do while (line = stdout.gets) do @@ -50,19 +48,15 @@ output.log_command_data(cmd, :stdout, line) end end - stderr_thread = Thread.new do while (line = stderr.gets) do cmd.on_stderr(stdin, line) output.log_command_data(cmd, :stderr, line) end end - stdout_thread.join stderr_thread.join - cmd.exit_status = wait_thr.value.to_i - output.log_command_exit(cmd) end end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/sshkit/backends/netssh.rb new/lib/sshkit/backends/netssh.rb --- old/lib/sshkit/backends/netssh.rb 2018-02-04 02:40:20.000000000 +0100 +++ new/lib/sshkit/backends/netssh.rb 2018-07-08 03:07:35.000000000 +0200 @@ -123,7 +123,7 @@ end def execute_command(cmd) - output.log_command_start(cmd) + output.log_command_start(cmd.with_redaction) cmd.started = true exit_status = nil with_ssh do |ssh| diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/sshkit/backends/printer.rb new/lib/sshkit/backends/printer.rb --- old/lib/sshkit/backends/printer.rb 2018-02-04 02:40:20.000000000 +0100 +++ new/lib/sshkit/backends/printer.rb 2018-07-08 03:07:35.000000000 +0200 @@ -5,7 +5,7 @@ class Printer < Abstract def execute_command(cmd) - output.log_command_start(cmd) + output.log_command_start(cmd.with_redaction) end alias :upload! :execute diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/sshkit/command.rb new/lib/sshkit/command.rb --- old/lib/sshkit/command.rb 2018-02-04 02:40:20.000000000 +0100 +++ new/lib/sshkit/command.rb 2018-07-08 03:07:35.000000000 +0200 @@ -182,7 +182,7 @@ def group(&_block) return yield unless options[:group] - "sg #{options[:group]} -c \\\"%s\\\"" % %Q{#{yield}} + %Q(sg #{options[:group]} -c "#{yield}") # We could also use the so-called heredoc format perhaps: #"newgrp #{options[:group]} <<EOC \\\"%s\\\" EOC" % %Q{#{yield}} end @@ -204,6 +204,13 @@ end end + def with_redaction + new_args = args.map{|arg| arg.is_a?(Redaction) ? '[REDACTED]' : arg } + redacted_cmd = dup + redacted_cmd.instance_variable_set(:@args, new_args) + redacted_cmd + end + def to_s if should_map? [SSHKit.config.command_map[command.to_sym], *Array(args)].join(' ') diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/sshkit/version.rb new/lib/sshkit/version.rb --- old/lib/sshkit/version.rb 2018-02-04 02:40:20.000000000 +0100 +++ new/lib/sshkit/version.rb 2018-07-08 03:07:35.000000000 +0200 @@ -1,3 +1,3 @@ module SSHKit - VERSION = "1.16.0".freeze + VERSION = "1.17.0".freeze end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/sshkit.rb new/lib/sshkit.rb --- old/lib/sshkit.rb 2018-02-04 02:40:20.000000000 +0100 +++ new/lib/sshkit.rb 2018-07-08 03:07:35.000000000 +0200 @@ -21,6 +21,9 @@ end + # Used for redaction of a certain argument + module Redaction end + end require_relative 'sshkit/all' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/metadata new/metadata --- old/metadata 2018-02-04 02:40:20.000000000 +0100 +++ new/metadata 2018-07-08 03:07:35.000000000 +0200 @@ -1,7 +1,7 @@ --- !ruby/object:Gem::Specification name: sshkit version: !ruby/object:Gem::Version - version: 1.16.0 + version: 1.17.0 platform: ruby authors: - Lee Hambley @@ -9,7 +9,7 @@ autorequire: bindir: bin cert_chain: [] -date: 2018-02-04 00:00:00.000000000 Z +date: 2018-07-08 00:00:00.000000000 Z dependencies: - !ruby/object:Gem::Dependency name: net-ssh @@ -152,33 +152,25 @@ - !ruby/object:Gem::Version version: '0' - !ruby/object:Gem::Dependency - name: rbnacl - requirement: !ruby/object:Gem::Requirement - requirements: - - - "~>" - - !ruby/object:Gem::Version - version: '3.4' - type: :development - prerelease: false - version_requirements: !ruby/object:Gem::Requirement - requirements: - - - "~>" - - !ruby/object:Gem::Version - version: '3.4' -- !ruby/object:Gem::Dependency - name: rbnacl-libsodium + name: ed25519 requirement: !ruby/object:Gem::Requirement requirements: - - ">=" - !ruby/object:Gem::Version - version: '0' + version: '1.2' + - - "<" + - !ruby/object:Gem::Version + version: '2.0' type: :development prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - ">=" - !ruby/object:Gem::Version - version: '0' + version: '1.2' + - - "<" + - !ruby/object:Gem::Version + version: '2.0' description: A comprehensive toolkit for remotely running commands in a structured manner on groups of servers. email: @@ -293,7 +285,7 @@ version: '0' requirements: [] rubyforge_project: -rubygems_version: 2.7.4 +rubygems_version: 2.7.7 signing_key: specification_version: 4 summary: SSHKit makes it easy to write structured, testable SSH commands in Ruby diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sshkit.gemspec new/sshkit.gemspec --- old/sshkit.gemspec 2018-02-04 02:40:20.000000000 +0100 +++ new/sshkit.gemspec 2018-07-08 03:07:35.000000000 +0200 @@ -29,6 +29,5 @@ gem.add_development_dependency('mocha') gem.add_development_dependency('bcrypt_pbkdf') - gem.add_development_dependency('rbnacl', '~> 3.4') - gem.add_development_dependency('rbnacl-libsodium') + gem.add_development_dependency('ed25519', '>= 1.2', '< 2.0') end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/test/functional/backends/test_netssh.rb new/test/functional/backends/test_netssh.rb --- old/test/functional/backends/test_netssh.rb 2018-02-04 02:40:20.000000000 +0100 +++ new/test/functional/backends/test_netssh.rb 2018-07-08 03:07:35.000000000 +0200 @@ -42,6 +42,50 @@ ], command_lines end + def test_redaction + # Be sure redaction in the logs is showing [REDACTED] + Netssh.new(a_host) do + execute :echo, 'password:', redact('PASSWORD') + execute :echo, 'password:', redact(10000) + execute :echo, 'password:', redact(['test1','test2']) + execute :echo, 'password:', redact({:test => 'test_value'}) + end.run + command_lines = @output.lines.select { |line| line.start_with?('Command:') } + assert_equal [ + "Command: /usr/bin/env echo password: [REDACTED]\n", + "Command: /usr/bin/env echo password: [REDACTED]\n", + "Command: /usr/bin/env echo password: [REDACTED]\n", + "Command: /usr/bin/env echo password: [REDACTED]\n" + ], command_lines + # Be sure the actual command executed without *REDACTED* + Netssh.new(a_host) do + file_name = 'test.file' + execute :touch, redact("'#{file_name}'") # Test and be sure single quotes are included in actual command; expected /usr/bin/env touch 'test.file' + execute :ls, 'test.file' + end.run + ls_lines = @output.lines.select { |line| line.start_with?("\ttest.file") } + assert_equal [ + "\ttest.file\n" + ], ls_lines + # Cleanup + Netssh.new(a_host) do + execute :rm, ' -f test.file' + end.run + end + + def test_group_netssh + Netssh.new(a_host) do + as user: :root, group: :admin do + execute :touch, 'restart.txt' + end + end.run + command_lines = @output.lines.select { |line| line.start_with?('Command:') } + assert_equal [ + "Command: if ! sudo -u root whoami > /dev/null; then echo \"You cannot switch to user 'root' using sudo, please check the sudoers file\" 1>&2; false; fi\n", + "Command: sudo -u root -- sh -c 'sg admin -c \"/usr/bin/env touch restart.txt\"'\n" + ], command_lines + end + def test_capture captured_command_result = nil Netssh.new(a_host) do |_host| @@ -52,16 +96,21 @@ end def test_ssh_option_merge - a_host.ssh_options = { paranoid: true } + verify_host_opt = if Net::SSH::Version::MAJOR >= 5 + { verify_host_key: :always } + else + { paranoid: true } + end + a_host.ssh_options = verify_host_opt host_ssh_options = {} SSHKit::Backend::Netssh.config.ssh_options = { forward_agent: false } Netssh.new(a_host) do |host| capture(:uname) host_ssh_options = host.ssh_options end.run - assert_equal [:forward_agent, :paranoid, :known_hosts, :logger, :password_prompt].sort, host_ssh_options.keys.sort + assert_equal [:forward_agent, *verify_host_opt.keys, :known_hosts, :logger, :password_prompt].sort, host_ssh_options.keys.sort assert_equal false, host_ssh_options[:forward_agent] - assert_equal true, host_ssh_options[:paranoid] + assert_equal verify_host_opt.values.first, host_ssh_options[verify_host_opt.keys.first] assert_instance_of SSHKit::Backend::Netssh::KnownHosts, host_ssh_options[:known_hosts] end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/test/unit/test_command.rb new/test/unit/test_command.rb --- old/test/unit/test_command.rb 2018-02-04 02:40:20.000000000 +0100 +++ new/test/unit/test_command.rb 2018-07-08 03:07:35.000000000 +0200 @@ -102,12 +102,12 @@ def test_working_as_a_given_group c = Command.new(:whoami, group: :devvers) - assert_equal "sg devvers -c \\\"/usr/bin/env whoami\\\"", c.to_command + assert_equal 'sg devvers -c "/usr/bin/env whoami"', c.to_command end def test_working_as_a_given_user_and_group c = Command.new(:whoami, user: :anotheruser, group: :devvers) - assert_equal "sudo -u anotheruser -- sh -c 'sg devvers -c \\\"/usr/bin/env whoami\\\"'", c.to_command + assert_equal %Q(sudo -u anotheruser -- sh -c 'sg devvers -c "/usr/bin/env whoami"'), c.to_command end def test_umask