| Age | Commit message (Collapse) | Author |
|---|
|
Given the following command
#put!+0644 src/file dst/
If the dst is a directory, it would cause the directory permission
changes to 0644.
This changes fix it by checking if the destination is a directory first.
If we cannot stat the dst, skip the chmod/chown command.
|
|
The "$noparse" option allow copying file without reading and parsing
the input file.
|
|
|
|
The "share" project has been moved to SourceHut with new name
"pakakeh.go".
|
|
This changes require us to replace golang.org/x/crypto with our fork,
since the [ssh.Session.Run] with context is not available yet in
upstream.
Implements: https://todo.sr.ht/~shulhan/awwan/9
|
|
Passing context allow the command Local or Play to be cancelled when
running in asynchronous mode, in this case when awwan run with WUI.
|
|
|
|
If the file to be copied contains sensitive data, putting them in
"/tmp" considered a security risk, even though it will be moved to
destination later.
The issue is when the "#put" command failed, the plain file is left
on "/tmp" directory.
This changes add additional advantage where we did not need to remove
the temporary directory on remote when execution completed, since the
temporary directory should be accessible by user only.
Implements: https://todo.sr.ht/~shulhan/awwan/8
|
|
Previously, the magic line "#put" detect whether the source file is
encrypted or not automatically, so we did not need to put ".vault"
suffix in the source path.
This changes make it to be always explicit.
If we want to copy encrypted file than the source file must be the path
to encrypted file.
Implements: https://todo.sr.ht/~shulhan/awwan/7
|
|
In case we have a script that manage local host and remote server,
calling "play" on "#local" lines only always open the connection to remote
server.
To minimize opening unused connections, let the "#local" command works
on both commands. Its up to user which part of lines that they want
to execute on remote or local.
|
|
Previously, we used to run awwan as CLI so each connection is open and
closed (forcefully).
Since we now use awwan WUI frequently, any command that execute Play
does not close the session immediately once finished.
This cause many connections open in remote server.
This changes close the SSH connections immediately once the Play command
finished.
|
|
Better to fix and follow the reported warnings rather than adding
configuration file to add an exception.
|
|
While at it, replace all call of [log.Printf] with [Request.mlog] so
error both written to stderr and to [Request.Output].
|
|
|
|
Although log print to stderr, this allow user to filter between awwan
output and command output, for example by piping stderr to /dev/null
$ awwan env-get "key" dir/ 2>/dev/null
The output env-get is not poluted by other logs.
|
|
|
|
|
|
Instead of passing stdout and stderr as "io.Writer", pass the Request,
so we can log using the Request mlog.
While at it, return error from sshClient rmdirAll so the caller can log
the error.
|
|
When the script executed, log the script and line number to be executed
with "=== BEGIN", and when its finished, log the end of it with "=== END".
This is to make the log more traceable.
|
|
For each script execution, a file suffixed with ".log" will be created
in the same directory with the same name as script file.
For example, if the script is path is "a/b/c.aww" then the log file
would named "a/b/c.aww.log".
This is to provides history and audit in the future.
|
|
By using "mlog.MultiLogger" every output or error can be written to
stdout/stderr and additional log writer that can collect both of them,
buffered and returned to the caller.
This changes simplify the HttpResponse to use only single output that
combine both stdout and stderr.
|
|
Previously, if the source file to be copied is not exist, awwan will
output only error for the ".vault" file, twice, for example
!!! Copy: <source>.vault: open <source>.vault not exist
Local: Copy: <source>.vault: open <source>.vault not exist
This changes make the first line output to print the original source
file first, the non-ecrypted one, and then followed by encrypted one,
??? loadFileInput "<source>": not exist
Local: Copy "<source>.vault": not exist
|
|
The magic command "#local" define the command to be executed using
shell in local environment.
Its have effect and can only be used in script that executed using
"play".
In script that is executed using "local" it does nothing.
|
|
When script with magic command "#get!" or "#put!" executed using "play"
command, one can changes the owner and/or permission mode by setting
the user/group and permission bits after the magic command, for example,
#get!user:group+0600 src dst
Will changes the owner of dst in local into "user:group" with permission
"0600", while
#put!user:group+0600 src dst
Will changes the owner of dst in remote into "user:group" with permission
"0600".
|
|
In case of Copy, the user that run chmod definitely can change the
permission but may not have privileged to chown.
By setting the permission first, we minimize error during "#get:" or
"#put:".
|
|
In remote environment, using magic command "#get:" or "#put:" with owner
and mode like "#get:$OWNER+$MODE" or "#put:$OWNER+MODE" will changes
the file owner to $USER or $GROUP and/or permission to $MODE.
The file owner will not works if user does not have permission.
|
|
In local environment, using magic command "#get!" or "#put!" with owner
and mode set, like "#get:$USER:$GROUP+$MODE" or "#put:$USER:$GROUP+MODE",
will changes the file owner to $USER or $GROUP and/or permission to $MODE.
|
|
In local environment, using magic command "#get" or "#put" with mode
like "#get:$USER:$GROUP+$MODE" or "#put:$USER:$GROUP+MODE" will changes
the file owner to $USER or $GROUP and/or permission to $MODE.
The file owner does not works if user does not have permission to changes
the owner.
|
|
Previously, when refactoring ExecLocal in bf9c8226b4d to support sudo
with -S option, we generate the raw command by concatenating Statement
args field.
This model does not works if the raw command contains double quote that
needs to be executed as is.
This changes fix this issue by adding "-S" option to raw command.
|
|
Instead of adding the "-S" option before ExecLocal is called, we
automatically added inside the ExecLocal, so the caller does not need
to check or add the "-S" option.
This makes all local statements ("#require", default, "#get!", "#put!")
that is sudo works without any modification like we do previously in
SudoCopy.
While at it, we detach ExecLocal from Session, since the "*Session"
receiver is never used inside their body.
|
|
|
|
Instead of breaking the statement when its failed to execute, return
the error to the caller, Local.
|
|
This fix missing magic command not printed in stdout.
|
|
This changes minimize code duplication when parsing magic command
between "#put:" and "#put!" using single function parseStatementGetPut.
In the returned Statement, we changes where to store the source argument
into args[0] instead of in cmd for better readability and minimize
confusion in Copy/SudoCopy.
|
|
This is to prevent a source file that contains ";" cause the next string
executed as command instead of file.
|
|
This changes minimize code duplication when parsing magic command
between "#get:" and "#get!" using single function parseStatementGetPut.
In the returned Statement, we changes where to store the source argument
into args[0] instead of in cmd for better readability and minimize
confusion in Copy/SudoCopy.
While at it, we add unit test for "#get:".
Unit test for "#get!" is not possible right now, because it will prompt
for password.
|
|
This is to minimize log length in stdout and stderr, which make it
more readable.
|
|
This is to prevent copying or executing command with value that are
not defined or typo which make the result empty and may result in
undefined behaviour.
For example if we have "app_dir = /data/app" and command in the script
that remove that directory recursively,
sudo rm -r {{.Val "::app_dir}}/bin
will result removing "/bin" entirely.
|
|
|
|
Each time the new session is created in local or remote, it will
create new temporary directory.
Previously, the name of temporary directory is random 16 characters
and numbers.
To distinguish this directory with others, we add prefix "awwan." to
the name.
|
|
The sshClient struct wrap the raw SSH connection and SFTP connection,
and provide methods get, put, sudoGet, sudoPut, mkdir, and rmdirAll.
|
|
Since loadEnvFromPaths always called after NewSession, and it is part
of session initialization, we can move the call inside the NewSession
to minimize duplicate code.
|
|
The cryptoContext contains the default hash, loaded privateKey, dummy
terminal, base directory, and default label; all of those fields are
required for encryption and decryption.
The cryptoContext have three methods: encrypt, decrypt, and
loadPrivateKey.
By moving to separate struct the cryptoContext instance can be shared
with Session.
|
|
When issuing "#put:" or "#put!" command in the script, if the input
file is not exist it will check for the encrypted file, the one with
".vault" extension.
If it exists, the encrypted file will be used as input for copy operation.
|
|
|
|
Upon executing "local" or "play" comman, awwan now read the encrypted
environment file .awwan.env.vault.
The encrypted environment file is generated using "awwan encrypt" command.
|
|
The latest ascii.Random use "cryto/rand", so there is no need to call
rand.Seed.
|
|
The latest update on share module contains refactoring on lib/ssh.
|
|
|
|
This changes replace share package lib/io with lib/os, since the former
has been deprecated.
|
