czeildi / ropsec Goto Github PK

View Code? Open in Web Editor NEW

27.0 4.0 4.0 3.53 MB

㊙️ Operations security for R developers

Home Page: https://docs.ropensci.org/ropsec

License: Other

R 4.52% Shell 95.32% Ruby 0.06% Dockerfile 0.10%

unconf18 r r-package rstats unconf

ropsec's Introduction

rOpenSci Unconf 18 Project : ropsec

Personal Workstation Safety Checks and Utilities

What’s Inside The Tin

The following functions are implemented:

sign_commits_with_key()
store_public_key()
summarize_system_checks()
full_on_audit()

Installation

devtools::install_github("ropenscilabs/ropsec")

To have vignettes available locally:

devtools::install_github("ropenscilabs/ropsec", build_vignettes = TRUE)

Usage

library(ropsec)

Sign commits with GPG key

For details see vignette("sign-commits", "ropsec").

key <- sign_commits_with_key("John Doe", "[email protected]")
store_public_key(key)

Lightweight system checks

ropsec::summarize_system_checks()

✔ | OK F W S | Context
✔ |  1       | SSH Configuration - existence
✔ |  2       | SSH Configuration - keys
✔ |  1       | SSH Configuration - key size
✔ |  1       | GPG Existence
✔ |  1       | macOS requires password after sleep or screen saver kicks in [0.1 s]
✖ |  0 1     | Firewall is enabled
# ...

Audit local machine in detail

E.g. what ports are used.

full_audit_results <- full_on_audit()

Collaborators

Bob Rudis @hrbrmstr
Kara Woo @karawoo
Karthik Ram @karthik
Ildi Czeller @czeildi

Please note that the ropsec project is released with a Contributor Code of Conduct. By contributing to this project, you agree to abide by its terms.

ropsec's People

Contributors

Stargazers

Watchers

Forkers

karawoo rpodcast katrinleinweber jamiecranston

ropsec's Issues

gpg: open relevant url when user needs to do sg

use utils::browseURL

follow usethis:::view_url possibly

provide meaningful message if everything is already set for signing commits

In sign_commits_with_key if no option will be changed, communicate with user accordingly.

password for new gpg key should be optional in Rstudio as well

getPass pkg does not allow empty password in Rstudio, only in command line

could be done with an extra Yes/No question whether the user would like to protect the key with password, here explaining pro/con possibly.

Instructions mention non-existent function: gh_store_key

Many thanks for a great package!

Just tried it and I was told:

The next step is uploading the public key to GitHub or alternative (unless it is already uploaded),  which you can do by passing the return value ("B7C36D5D358D44F0") to `gh_store_key`.

Should it point to store_public_key()?

library(ropsec); ls("package:ropsec")
#> [1] "full_on_audit"           "sign_commits_with_key"  
#> [3] "store_public_key"        "summarize_system_checks"

^{Created on 2019-04-13 by the reprex package (v0.2.1)}

document role and usage of gpg key passphrase

what is the role of passphrase? I can commit without ever typing my password again. Why? When it is needed?

inst/tools causes warnings for Windows install - how to handle?

Can't install ropsec due to Invalid crypto engine

Thank you both so much for the great community call today!

Currently, when I try to install ropsec I get the following:

devtools::install_github("ropenscilabs/ropsec")
Downloading GitHub repo ropenscilabs/ropsec@master
✔  checking for file ‘/private/tmp/Rtmpm2tGOo/remotesb07b4306c7d2/ropenscilabs-ropsec-f852733/DESCRIPTION’ ...
─  preparing ‘ropsec’:
✔  checking DESCRIPTION meta-information ...
─  checking for LF line-endings in source and make files and shell scripts
─  checking for empty or unneeded directories
─  building ‘ropsec_0.2.0.9000.tar.gz’
   
* installing *source* package ‘ropsec’ ...
** R
** inst
** byte-compile and prepare package for lazy loading
Error : .onLoad failed in loadNamespace() for 'gpg', details:
  call: NULL
  error: GPGME setting OpenPGP path/home error: Invalid crypto engine
ERROR: lazy loading failed for package ‘ropsec’
* removing ‘/Library/Frameworks/R.framework/Versions/3.5/Resources/library/ropsec’
Error in i.p(...) : 
  (converted from warning) installation of package ‘/tmp/Rtmpm2tGOo/fileb07b28c3bd14/ropsec_0.2.0.9000.tar.gz’ had non-zero exit status
Error in x[[n]] : 
  attempt to select less than one element in integerOneIndex

Now that I've poked around a bit more I think this might be a config issue that goes down to the my gpg setup.

I can install gpg, but get when I try to load the library:

library(gpg)
#> Error: package or namespace load failed for ‘gpg’:
#>  .onLoad failed in loadNamespace() for 'gpg', details:
#>   call: NULL
#>   error: GPGME setting OpenPGP path/home error: Invalid crypto engine

From the terminal:
$ gpg --version
gpg (GnuPG/MacGPG2) 2.2.10
libgcrypt 1.8.3

My gpgme is 1.13.0, which homebrew says is up to date.
gpgme 1.13.0 is already installed and up-to-date

Thanks again.

testthat tests should always run in non-interactive mode and not print to console if successful

now devtools::test is successful but testthat::test_file("tests/testthat/test-gpg-store.R") fails

Test for macOS requiring password after sleep or screen saver kicks in fails erroneously

Describe the bug

The test for macOS requiring password after sleep or screen saver kicks in fails yet it is actually enabled on my system.

To Reproduce
When running ropsec::summarize_system_checks(), the test for macOS requiring password after sleep or screen saver kicks in fails:

ropsec::summarize_system_checks()
#> Registered S3 method overwritten by 'openssl':
#>   method      from
#>   print.bytes Rcpp
#> ✔ |  OK F W S | Context
#> 
⠏ |   0       | SSH Configuration - existence
✔ |   1       | SSH Configuration - existence
#> 
⠏ |   0       | SSH Configuration - keys
✔ |   2       | SSH Configuration - keys
#> 
⠏ |   0       | SSH Configuration - key size
✔ |   1       | SSH Configuration - key size
#> 
⠏ |   0       | GPG Existence
✔ |   1       | GPG Existence
#> 
⠏ |   0       | macOS requires password after sleep or screen saver kicks in
✖ |   0 1 1   | macOS requires password after sleep or screen saver kicks in
#> ─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
#> macos-simple-test.R:32: warning: macOS requires password after sleep or screen saver kicks in
#> running command 'defaults read com.apple.screensaver askForPassword' had status 1
#> 
#> macos-simple-test.R:33: failure: macOS requires password after sleep or screen saver kicks in
#> x == 1 isn't true.
#> ─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
#> 
⠏ |   0       | Firewall is enabled
✔ |   1       | Firewall is enabled
#> 
⠏ |   0       | Gatekeeper is enabled
✔ |   1       | Gatekeeper is enabled
#> 
⠏ |   0       | ~/.Rprofile permissions are sane (if ~/.Rprofile exists)
✖ |   0 1     | ~/.Rprofile permissions are sane (if ~/.Rprofile exists)
#> ─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
#> macos-simple-test.R:52: failure: ~/.Rprofile permissions are sane
#> ==... isn't true.
#> ─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
#> 
⠏ |   0       | ~/.Renviron permissions are sane (if ~/.Renviron exists)
✖ |   0 1     | ~/.Renviron permissions are sane (if ~/.Renviron exists)
#> ─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
#> macos-simple-test.R:59: failure: ~/.Renviron permissions are sane
#> ==... isn't true.
#> ─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
#> 
#> ══ Results ══════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════
#> Duration: 0.3 s
#> 
#> OK:       7
#> Failed:   3
#> Warnings: 1
#> Skipped:  0

^{Created on 2019-05-08 by the reprex package (v0.2.1)}

yet it is actually enabled on my system:

Expected behavior

I expect the test to pass

Screenshots
If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

sessionInfo()
#> R version 3.6.0 (2019-04-26)
#> Platform: x86_64-apple-darwin15.6.0 (64-bit)
#> Running under: macOS Mojave 10.14.3
#> 
#> Matrix products: default
#> BLAS:   /Library/Frameworks/R.framework/Versions/3.6/Resources/lib/libRblas.0.dylib
#> LAPACK: /Library/Frameworks/R.framework/Versions/3.6/Resources/lib/libRlapack.dylib
#> 
#> locale:
#> [1] en_GB.UTF-8/en_GB.UTF-8/en_GB.UTF-8/C/en_GB.UTF-8/en_GB.UTF-8
#> 
#> attached base packages:
#> [1] stats     graphics  grDevices utils     datasets  methods   base     
#> 
#> loaded via a namespace (and not attached):
#>  [1] compiler_3.6.0  magrittr_1.5    tools_3.6.0     htmltools_0.3.6
#>  [5] yaml_2.2.0      Rcpp_1.0.1      stringi_1.4.3   rmarkdown_1.12 
#>  [9] highr_0.8       knitr_1.22      stringr_1.4.0   xfun_0.6       
#> [13] digest_0.6.18   evaluate_0.13

^{Created on 2019-05-08 by the reprex package (v0.2.1)}

Transfer to personal account?

@czeildi 👋 according to our recently created package curation policy this repo should now be transferred to either one of your personal accounts, or the ropensci-archive organization.

If you don't answer within one month, I'll transfer the repository to ropensci-archive, after which you could still email me to transfer the repo to a personal account.

Thank you!

required R version? currently at least r 3.5 is needed, but DESCRIPTION states otherwise

utils::askYesNo is used in sign_commits_with_key. this could be quite easily avoided w utils::menu

decide minimal R version required
show it in DESCRIPTION
replace functions only present in higher R versions
test w minimum R version

askpass pkg as alternative of getPass for safe password entry?

https://github.com/jeroen/askpass vs https://github.com/wrathematics/getPass

research pro and con
use askpass if considered better

update vignette and docs

docs should follow the changes made in the codebase

**** out provided password

or at least clearly communicate that use should be careful

use https://github.com/wrathematics/getPass

automatically deploy pkgdown website

https://pkgdown.r-lib.org/

avoid warnings during install on Windows due to topics links in documentation to gpg

Similar to r-lib/usethis@7991f89

In gpg-store, gpg::gpg_list_keys() and gpg::gpg_export() are topics rather than direct links as they are documented as part of a group in gpg

Working with Tor

I'm wondering whether utilities to work with Tor would be within the scope of this project.

For example, I was thinking about use_tor() with would set up httr (or other web request packages) to work through Tor.

Other functions might be possible, I'm mainly trying to figure out if that's something you would be interested in before thinking about it more. I'm interested in working on this and already have some knowledge about Tor.

use central ropensci pkgdown website instead of custom one

#50 (comment)

if the above is regularly updated and considered ready,

refer to this in links and
delete custom deployment related files (travis.yml)
and gh-pages branch

gpg related functionality on Windows?

what is the current state?
is there anything missing? is it reasonable to make it work?

test and document gpg signing: globally vs per repo

After short trial it seems to be that some part needs to be set per project although it should work if globally set.

In new repo I cannot sign by default but if I run sign_commits_with_key but than do nothing w the key I can sign.

understand the reason for this and provide documentation. Totally could be the case that sg is off on my machine only.

check deployment of pkgdown website

it does not seem up to date. why is that? fix.

add `gitlab_store_key` similar to `gh_store_key`

Call gitlab API to programmatically store public key on gitlab

https://docs.gitlab.com/ee/api/users.html#add-a-gpg-key

add travis build

document gpg flow with screencast / gif

gpg: using same key with different email addresses?

should this be the recommended way vs using 2 different keys?
modify sign commits with key
document

Failed tests related to macOS in a Linux computer

Describe the bug
macOs test are run in a linux computer

To Reproduce
Steps to reproduce the behavior:

In a Linux machine run: ropsec::summarize_system_checks()

Expected behavior
I wouldn't expect to be tested on macOS on a Linux computer..

Screenshots

✔ |  OK F W S | Context
✔ |   1       | SSH Configuration - existence
✔ |   2       | SSH Configuration - keys
✔ |   1       | SSH Configuration - key size
✔ |   1       | GPG Existence
⠏ |   0       | macOS requires password after sleep or screen saver kicks insh: 1: sw_vers: not found
✖ |   0 1     | macOS requires password after sleep or screen saver kicks in
────────────────────────────────────────────────────────────────────────────────
macos-simple-test.R:28: error: macOS requires password after sleep or screen saver kicks in
error in running command
1: ropsec:::get_macos_version() at /home/lrevilla/R_libraries/ropsec/tests/simple/macos-simple-test.R:28
2: system("sw_vers -productVersion", intern = TRUE)
────────────────────────────────────────────────────────────────────────────────
⠏ |   0       | Firewall is enabledsh: 1: /usr/libexec/ApplicationFirewall/socketfilterfw: not found
✖ |   0 1     | Firewall is enabled
────────────────────────────────────────────────────────────────────────────────
macos-simple-test.R:39: error: firewall is on
error in running command
1: system("/usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate", intern = TRUE) at /home/lrevilla/R_libraries/ropsec/tests/simple/macos-simple-test.R:39
────────────────────────────────────────────────────────────────────────────────
⠏ |   0       | Gatekeeper is enabledsh: 1: spctl: not found
✖ |   0 1     | Gatekeeper is enabled
────────────────────────────────────────────────────────────────────────────────
macos-simple-test.R:45: error: gatekeeer is on
error in running command
1: system("spctl --status", intern = TRUE) at /home/lrevilla/R_libraries/ropsec/tests/simple/macos-simple-test.R:45
────────────────────────────────────────────────────────────────────────────────
✖ |   0 1     | ~/.Rprofile permissions are sane (if ~/.Rprofile exists)
────────────────────────────────────────────────────────────────────────────────
macos-simple-test.R:52: failure: ~/.Rprofile permissions are sane
==... isn't true.
────────────────────────────────────────────────────────────────────────────────
✖ |   0 1     | ~/.Renviron permissions are sane (if ~/.Renviron exists)
────────────────────────────────────────────────────────────────────────────────
macos-simple-test.R:59: failure: ~/.Renviron permissions are sane
==... isn't true.
────────────────────────────────────────────────────────────────────────────────

══ Results ═════════════════════════════════════════════════════════════════════
Duration: 0.3 s

OK:       5
Failed:   5
Warnings: 0
Skipped:  0

Desktop (please complete the following information):

OS: Ubuntu 16.04
R 3.5.3

vignette on gpg

install, prerequisites
one key for every project
multiple keys

gpg: handle conflict of local git config with global git config if commit should be set globally

this is technically a bug, but should not happen if you only use this package and/or know what you do, only if you tamper with your local corresponding git config

fix appveyor build error

https://ci.appveyor.com/project/czeildi/ropsec-w5fnj/builds/25732312

at first try I could not reproduce this on a Windows machine locally.

gpg signing to different remotes with different users

I use both gitlab and github with different email and would like to sign my commits at both places. Should I have different keys? How to use those? Add support and documentation for this.

gpg: copy to clipboard when user needs to paste sg

use https://github.com/mdlincoln/clipr ?

Tests for GPG signing functions

Write tests for functions added in #1. Need to figure out a good way to mock the global git config, .Renviron etc. to test different possible user configurations.

store_public_key function not working?

Following on from #36 I tried running this:

ropsec::store_public_key("B7C36D5D358D4XXX", service = "gh")
#> Error in Sys.getenv(ifelse(service == "gh", "GITHUB_PAT", "GITLAB_PAT"), : wrong type for argument

Not sure what this error message means or how to proceed. Thanks!

investigate `gh_store_key`

I could not get it to work - is this local or global issue? bug in code or API change?

fix travis build

system dependencies of gpg and sys are missing:

libgpgme11-dev
libapparmor-dev

gpg sign: ask for confirmation

before modifying local or global git config, ask the user for confirmation and provide as much information as possible

I believe this is ok as users will call this function rarely, on the other hand accidentally set git config may cause headaches

add appveyor build

revive pkgdown docs site following github migration from ropenscilabs

Pkgdown documentation served w https from docs.ropensci.org gives browser warning

The site for the pkgdown documentation at for example https://docs.ropensci.org/ropsec/ has a certificate that doesn't have a Subject Alt Name for docs.ropensci.org, which may be what causes warnings to display in common web browsers.

This issue seem to affect all package documentation at https://docs.ropensci.org. The content gets served when using http, but not when using https/SSL/TLS, for example:

http://docs.ropensci.org/ropsec/ (works)
https://docs.ropensci.org/ropsec/ (gives a warning)

Maybe this can be useful for troubleshooting:

https://docs.github.com/en/github/working-with-github-pages/troubleshooting-custom-domains-and-github-pages

set up automated appveyor build

now it only builds on-demand

More informative output when tests fail in summarize_system_checks

Is your feature request related to a problem? Please describe.

When running:

ropsec::summarize_system_checks()
#> Registered S3 method overwritten by 'openssl':
#>   method      from
#>   print.bytes Rcpp
#> ✔ |  OK F W S | Context
#> 
⠏ |   0       | SSH Configuration - existence
✔ |   1       | SSH Configuration - existence
#> 
⠏ |   0       | SSH Configuration - keys
✔ |   2       | SSH Configuration - keys
#> 
⠏ |   0       | SSH Configuration - key size
✔ |   1       | SSH Configuration - key size
#> 
⠏ |   0       | GPG Existence
✔ |   1       | GPG Existence
#> 
⠏ |   0       | macOS requires password after sleep or screen saver kicks in
✖ |   0 1 1   | macOS requires password after sleep or screen saver kicks in
#> ─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
#> macos-simple-test.R:32: warning: macOS requires password after sleep or screen saver kicks in
#> running command 'defaults read com.apple.screensaver askForPassword' had status 1
#> 
#> macos-simple-test.R:33: failure: macOS requires password after sleep or screen saver kicks in
#> x == 1 isn't true.
#> ─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
#> 
⠏ |   0       | Firewall is enabled
✔ |   1       | Firewall is enabled
#> 
⠏ |   0       | Gatekeeper is enabled
✔ |   1       | Gatekeeper is enabled
#> 
⠏ |   0       | ~/.Rprofile permissions are sane (if ~/.Rprofile exists)
✖ |   0 1     | ~/.Rprofile permissions are sane (if ~/.Rprofile exists)
#> ─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
#> macos-simple-test.R:52: failure: ~/.Rprofile permissions are sane
#> ==... isn't true.
#> ─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
#> 
⠏ |   0       | ~/.Renviron permissions are sane (if ~/.Renviron exists)
✖ |   0 1     | ~/.Renviron permissions are sane (if ~/.Renviron exists)
#> ─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
#> macos-simple-test.R:59: failure: ~/.Renviron permissions are sane
#> ==... isn't true.
#> ─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
#> 
#> ══ Results ══════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════
#> Duration: 0.3 s
#> 
#> OK:       7
#> Failed:   3
#> Warnings: 1
#> Skipped:  0

^{Created on 2019-05-08 by the reprex package (v0.2.1)}

both .Renviron and .Rprofile checks fail. However, the output of the test and documentation doesn't have much information on what the test failure means and what to do about it, at least for someone like me who is not very knowledgable on this stuff. By looking at the source code for the check I figured out it's something to do with file write permissions? But still not sure what the best approach to solve it is and why.

Describe the solution you'd like
A more informative message during test failure and potentially more detail in the function documentation on what to do to resolve identified issues. Importantly, it's a great opportunity to educate folks like me about the why of all this too.

Session info

sessionInfo()
#> R version 3.6.0 (2019-04-26)
#> Platform: x86_64-apple-darwin15.6.0 (64-bit)
#> Running under: macOS Mojave 10.14.3
#> 
#> Matrix products: default
#> BLAS:   /Library/Frameworks/R.framework/Versions/3.6/Resources/lib/libRblas.0.dylib
#> LAPACK: /Library/Frameworks/R.framework/Versions/3.6/Resources/lib/libRlapack.dylib
#> 
#> locale:
#> [1] en_GB.UTF-8/en_GB.UTF-8/en_GB.UTF-8/C/en_GB.UTF-8/en_GB.UTF-8
#> 
#> attached base packages:
#> [1] stats     graphics  grDevices utils     datasets  methods   base     
#> 
#> loaded via a namespace (and not attached):
#>  [1] compiler_3.6.0  magrittr_1.5    tools_3.6.0     htmltools_0.3.6
#>  [5] yaml_2.2.0      Rcpp_1.0.1      stringi_1.4.3   rmarkdown_1.12 
#>  [9] highr_0.8       knitr_1.22      stringr_1.4.0   xfun_0.6       
#> [13] digest_0.6.18   evaluate_0.13

^{Created on 2019-05-08 by the reprex package (v0.2.1)}

macos-simple-test.R:45: error: gatekeeer is on
'spctl' not found
1: system("spctl --status", intern = TRUE) at C:/.../R/win-library/3.6/ropsec/tests/simple/macos-simple-test.R:45

which is no surprise. Same sessionInfo() as in defender/#20.

Describe the solution you'd like

This test should be skipped on Windows systems.

Describe alternatives you've considered

wrap macos-simple-test.R in os_type or a new is_macos
add tests for whatever is Windows Gatekeeper-equivalent

Additional context

gpg: test on different linux distributions

is gpg already installed? which version?
is pinentry already installed?
do you need to edit gpg-agent.conf?
do you need to define GPG_TTY environment variable?

Note: I started testing on laptop and tidyverse docker image. In rstudio within Docker image I could not make it work (yet).

remove unnecessary dependencies

especially look into stringi

czeildi / ropsec Goto Github PK

ropsec's Introduction

rOpenSci Unconf 18 Project : ropsec

What’s Inside The Tin

Installation

Usage

Sign commits with GPG key

Lightweight system checks

Audit local machine in detail

Collaborators

ropsec's People

Contributors

Stargazers

Watchers

Forkers

ropsec's Issues

Session info

Recommend Projects

Recommend Topics

Recommend Org