diff options
| -rw-r--r-- | awwan.go | 12 | ||||
| -rw-r--r-- | crypto_context.go | 3 | ||||
| -rw-r--r-- | session.go | 33 | ||||
| -rw-r--r-- | testdata/local/local_encrypted.data | 2 | ||||
| -rw-r--r-- | testdata/local/put.data | 4 |
5 files changed, 36 insertions, 18 deletions
@@ -431,3 +431,15 @@ func lookupBaseDir(baseDir string) (dir string, err error) { } return dir, nil } + +// relativePath return the relative path based on baseDir. +// It will return path without baseDir prefix on success, or unchanged path +// if no baseDir. +func relativePath(baseDir, path string) (relpath string) { + var err error + relpath, err = filepath.Rel(baseDir, path) + if err != nil { + relpath = path + } + return relpath +} diff --git a/crypto_context.go b/crypto_context.go index 1f662c0..c919f9e 100644 --- a/crypto_context.go +++ b/crypto_context.go @@ -109,7 +109,8 @@ func (cryptoc *cryptoContext) loadPrivateKey() (err error) { return err } - fmt.Printf("--- Loading private key file %q (enter to skip passphrase) ...\n", fileKey) + fmt.Printf("--- Loading private key file %q (enter to skip passphrase) ...\n", + relativePath(cryptoc.baseDir, fileKey)) pkey, err = libcrypto.LoadPrivateKeyInteractive(cryptoc.termrw, fileKey) if err != nil { @@ -468,7 +468,7 @@ func (ses *Session) generateFileInput(in string) (out string, isVault bool, err contentInput, isVault, err = ses.loadFileInput(in) if err != nil { - return ``, false, fmt.Errorf(`%s: %w`, logp, err) + return ``, false, err } var contentOut []byte @@ -558,8 +558,6 @@ func (ses *Session) initSSHClient(req *Request, sshSection *config.Section) (err // loadEnvFromPaths load environment file from each directory in paths. func (ses *Session) loadEnvFromPaths() (err error) { var ( - logp = "loadEnvFromPaths" - path string awwanEnv string ) @@ -570,7 +568,7 @@ func (ses *Session) loadEnvFromPaths() (err error) { err = ses.loadFileEnv(awwanEnv, false) if err != nil { - return fmt.Errorf(`%s: %w`, logp, err) + return err } // Load encrypted ".awwan.env.vault". @@ -579,38 +577,42 @@ func (ses *Session) loadEnvFromPaths() (err error) { err = ses.loadFileEnv(awwanEnv, true) if err != nil { if errors.Is(err, errPrivateKeyMissing) { - log.Printf(`%s: %s: %s`, logp, awwanEnv, err) + log.Println(err) continue } - return fmt.Errorf(`%s: %w`, logp, err) + return err } } return nil } func (ses *Session) loadFileEnv(awwanEnv string, isVault bool) (err error) { - var content []byte + var ( + relPath = relativePath(ses.BaseDir, awwanEnv) + + content []byte + ) content, err = os.ReadFile(awwanEnv) if err != nil { if os.IsNotExist(err) { return nil } - return fmt.Errorf(`%s: %w`, awwanEnv, err) + return fmt.Errorf(`%s: %w`, relPath, err) } - fmt.Printf("--- loading %q ...\n", awwanEnv) + fmt.Printf("--- Loading %q ...\n", relativePath(ses.BaseDir, awwanEnv)) if isVault { content, err = ses.cryptoc.decrypt(content) if err != nil { - return err + return fmt.Errorf(`%s: %w`, relPath, err) } } err = ses.loadRawEnv(content) if err != nil { - return err + return fmt.Errorf(`%s: %w`, relPath, err) } return nil @@ -623,24 +625,27 @@ func (ses *Session) loadFileEnv(awwanEnv string, isVault bool) (err error) { // On success, it will return the content of file and true if the file is // from encrypted file .vault. func (ses *Session) loadFileInput(path string) (content []byte, isVault bool, err error) { + var relPath = relativePath(ses.BaseDir, path) + content, err = os.ReadFile(path) if err == nil { return content, false, nil } if !errors.Is(err, fs.ErrNotExist) { - return nil, false, err + return nil, false, fmt.Errorf(`%s: %s`, relPath, err) } path = path + defEncryptExt + relPath += defEncryptExt content, err = os.ReadFile(path) if err != nil { - return nil, false, err + return nil, false, fmt.Errorf(`%s: %s`, relPath, err) } content, err = ses.cryptoc.decrypt(content) if err != nil { - return nil, false, err + return nil, false, fmt.Errorf(`%s: %s`, relPath, err) } return content, true, nil diff --git a/testdata/local/local_encrypted.data b/testdata/local/local_encrypted.data index d4e27b0..5355762 100644 --- a/testdata/local/local_encrypted.data +++ b/testdata/local/local_encrypted.data @@ -7,7 +7,7 @@ this_is_a_secret Local: NewScript: ParseScript: template: local_encrypted.aww:3:7: executing "local_encrypted.aww" at <.Val>: error calling Val: "secret::pass" is empty <<< echo_encrypted_invalid_pass -Local: NewSession: loadEnvFromPaths: LoadPrivateKeyInteractive: x509: decryption password incorrect +Local: NewSession: .awwan.env.vault: LoadPrivateKeyInteractive: x509: decryption password incorrect <<< sub_echo_encrypted diff --git a/testdata/local/put.data b/testdata/local/put.data index 2018f7a..b44cbdd 100644 --- a/testdata/local/put.data +++ b/testdata/local/put.data @@ -10,7 +10,7 @@ The host name is encrypt. The secret password is this_is_a_secret. <<< encrypted_empty_passphrase.stderr -!!! Copy: generateFileInput: private key is missing or not loaded +!!! Copy: encrypted.txt.vault: private key is missing or not loaded <<< encrypted_invalid_passphrase -Local: NewSession: loadEnvFromPaths: LoadPrivateKeyInteractive: x509: decryption password incorrect +Local: NewSession: .awwan.env.vault: LoadPrivateKeyInteractive: x509: decryption password incorrect |