Crypto tutorial

[petermax2]

Purpose

Add crypto tutorial, as requested in #1948 .

Please feel free to critisize, add ideas, give feedback, improve, etc. etc.

TODO

• use Shell Recorder syntax in examples

Checklist

• commit messages are fine ("module: short statement" syntax and refer to issues)
• I added unit tests
• I ran all tests locally and everything went fine
• affected documentation is fixed
• I added code comments, logging, and assertions (see doc/CODING.md)
• meta data is updated (e.g. README.md of plugins)
• release notes are updated (doc/news/_preparation_next_release.md)

@markus2330 please review my pull request

[markus2330]

Thank you for the great tutorial!

[markus2330]

suggestions:

• of all containing configuration settings.
• of the configuration keys and values.

[markus2330]

write very shortly what this is.

[markus2330]

typo possesion

[markus2330]

Please explain how to find out.

[markus2330]

That is too fast. It is not clear what the tutorial is about. What is a backend configuration? (maybe avoid the term altogether)

[markus2330]

Why not recommend it in the contract? Then simply pass --with-recommends in the command above.

[markus2330]

Small example: what are base64 strings

[markus2330]

Again: a more concrete example would be more interesting.

[markus2330]

Does it also work if you do everything with cascading keys (without user). (And thus writing to spec)

[markus2330]

Always demonstrate that what you said actually happened (cat the file or grep for the value)

[markus2330]

Much better now! A small remark.

[markus2330]

Also for checking signatures?

[markus2330]

Is it possible to intermix them? Which will be preferred?

[sanssecours]

Thank you for writing the tutorial. The text looks good to me. I only noticed some minor things.

Overall I think it would make sense to use Markdown Shell Recorder syntax in the tutorial. Two benefits of this approach are:

• The reader of the tutorial sees all commands and the expected behavior of the commands.
• The build servers check that the commands work correctly.

If we use this approach, then the tutorial requires a (predetermined) cryptographic key pair. I suggest we add a randomly generated pair of public and private key to the repo. In the tutorial we can then add shell commands to import the keys via gpg at the start and commands to remove the two keys at the end. I do not know how much work that is though, since I do not use gpg that often.

[sanssecours]

I am not sure if this is actually a mistake, but I would add the word “this” here:

…could be mounted like this:

.

[sanssecours]

This command fails if we start with an empty configuration:

The command kdb mount terminated unsuccessfully with the info:
Too many plugins!
The plugin sync can't be positioned at position precommit anymore.
Try to reduce the number of plugins!

Failed because precommit with 7 is larger than 6

Please report the issue at https://issues.libelektra.org/

. I would add something like this:

If the above command fails, please take a look at the 
[ReadMe of the `fcrypt` plugin](https://master.libelektra.org/src/plugins/fcrypt/README.md#known-issues).

.

[sanssecours]

I think it might also make sense to add a shell command that prints the content of test.ini here:

kdb file user/test/password | xargs cat
#> password = 1234

.

[sanssecours]

I think you can remove ”to be used” here:

…fcrypt will forward the key ID to sign the configuration file.

.

[sanssecours]

This line contains 4 trailing spaces (as do lines 86, 130, 134 and 143). Do your really want to add an empty line of code after the command?

[sanssecours]

While not wrong in any shape or form, I think we should prefer active over passive voice whenever possible:

crypto uses GPG for key-handling.

.

[markus2330]

And to not start with a mono spaced word, you could write:

The plugin crypto uses GPG for keys.

[petermax2]

Thank you both for the feedback. I will try to further improve the tutorial.

How hard is it to learn the Shell-Recorder stuff? I've never used it before (but would like to try) 😄

[sanssecours]

How hard is it to learn the Shell-Recorder stuff?

I think using the Markdown Shell Recorder should be relatively easy, if you know a little bit about shell commands. While the (Markdown) Shell Recorder certainly has a lot of problems, using it for simple commands should work just fine. You can add a Markdown Shell Recorder test for the tutorial by adding the line

add_msr_test (tutorial_crypto "${CMAKE_SOURCE_DIR}/doc/tutorials/crypto.md" 
              REQUIRED_PLUGINS crypto fcrypt)

to the file tests/shell/shell_recorder/tutorial_wrapper/CMakeLists.txt. After that just add shell commands and tests for the output/return values using the Markdown Shell Recorder syntax inside crypto.md. For example, after you copy and paste the following code into crypto.md:

```sh
kdb set user/test/password 1234
#> Create a new key user/test/password with string "1234"
kdb get user/test/password
#> 1234
kdb rm user/test/password
```

, the Shell Recorder will test that

• the command kdb set user/test/password 1234 prints the text Create a new key user/test/password with string "1234" to stdout,
• the command kdb get user/test/password prints the text 1234 to stdout, and
• all three commands return the exit code 0

. To execute the test you can use the following command inside the build directory:

ctest --output-on-failure -V -R testshell_markdown_tutorial_crypto

.

[petermax2]

I would like to use the shell recorder but I see two problems here:

1. We need to modify the system configuration in order to mount fcrypt. Shell recorder does not like that at all. Try:

	kdb set /sw/elektra/kdb/#0/current/plugins ""
	sudo kdb set system/sw/elektra/kdb/#0/current/plugins ""
	sudo kdb mount test.ini user/test fcrypt "encrypt/key=DDEBEF9EE2DC931701338212DAF635B17F230E8D" ini
	kdb set user/test/password 1234
	#> Create a new key user/test/password with string "1234"
	kdb file user/test/password | xargs cat
	kdb file user/test/password | xargs rm -f
	sudo kdb umount user/test

2. Having the GPG key available is no problem locally, but it will lead to errors on the build server. Meaning we would have to install the GPG key inside the docker containers and mark them as trusted.

[ingwinlu]

sry I accidentally stopped your jenkinsfile build job

[ingwinlu]

jenkins build jenkinsfile please

[petermax2]

sry I accidentally stopped your jenkinsfile build job

no problem

[sanssecours]

1. We need to modify the system configuration in order to mount fcrypt. Shell recorder does not like that at all. Try:…

I think we should try to not use rm in Shell Recorder tests whenever possible, especially if we use rm … | xarg, which does not handle spaces in filenames properly, unless we escape them beforehand.

Since Elektra already removes empty configuration files we can use kdb rm instead of rm. The code below shows a slightly modified version of your Markdown Shell Recorder test that works (at least on my machine):

kdb set /sw/elektra/kdb/#0/current/plugins ""
sudo kdb set system/sw/elektra/kdb/#0/current/plugins ""
sudo kdb mount test.ini user/test fcrypt "encrypt/key=14E8E68A868B858E6DE53044630BDC935E2CC0C7" ini
kdb set user/test/password 1234
#> Create a new key user/test/password with string "1234"

# Cleanup
kdb rm user/test/password
kdb rm /sw/elektra/kdb/#0/current/plugins
sudo kdb rm system/sw/elektra/kdb/#0/current/plugins
sudo kdb umount user/test

. Please note that for the test to also work on your computer, you have to replace the key fingerprint above with the fingerprint of one of your keys.

Another problem I noticed was that the tutorial contains indented code blocks. The Markdown Shell Recorder does not handle such code blocks properly! You need to move the block and the code to the left. For an example, please take a look at src/plugins/base64/README.md.

2. Having the GPG key available is no problem locally, but it will lead to errors on the build server. Meaning we would have to install the GPG key inside the docker containers and mark them as trusted.

Unfortunately my knowledge of GPG and especially Docker is quite limited. Maybe some of the other Elektra developers knows how to handle this situation properly.

[ingwinlu]

Unfortunately my knowledge of GPG and especially Docker is quite limited. Maybe some of the other Elektra developers knows how to handle this situation properly.

since the 'private' key does not have to be really private it is trivial to add it to the container.

[markus2330]

Btw. if the docu of the shell recorder has problems it would be great to get fixes there, too.

[petermax2]

Is doc/docker/Dockerfile the correct location for installing the GPG test-key of the crypto plugin?

[ingwinlu]

No it isn't.

Do you really need to bake it into the docker file? Can you not run gpg --import path-to-key-in-repo somewhere in the tutorial?

[markus2330]

No, they were broken since a long time but nobody fixed or disabled them. I disabled them now.

#1963 and #1964 will reintroduce them (as Jenkinsfile).

@petermax2 There are open issues about fcrypt/crypto described in #1973

[markus2330]

I am afraid that the build server is not able to successfully run the tutorial with shell recorder, curl was not available. I installed curl on some of the machines but I am not sure if I got all.

Maybe using wget is more easily available. We already use it in the link checker. (the curlget plugin only uses libcurl but does not need the tool curl)

But why not directly include the private key in the repo and avoid fetching remote content at all?

[markus2330]

Travis fails too but for a different reason: password = 1234
=== FAILED stdout does not match expected pattern password = 1234

https://travis-ci.org/ElektraInitiative/libelektra/jobs/377887442

[markus2330]

jenkins build all please

[markus2330]

Btw. if all of the failing jobs are problems of the build servers (and not bugs in the tutorial), we can include the tutorial without executing shell recorder for this release. But please have a look what the build servers say.

[markus2330]

Thank you! Looks much more robust now!

[markus2330]

jenkins build all please

[petermax2]

Thank you! Looks much more robust now!

I hope the relative path works for all build environments.

[sanssecours]

I think the correct path should be src/plugins/crypto/test_key.asc. The Shell Recorder uses the root of the repo as working directory.

[petermax2]

jenkins build all please

[markus2330]

I documented the shell recorder a bit more in #1980, I hope it is useful. Please review the docu.

@ingwinlu is there something wrong with the Jenkinsfile build job? In GitHub it says it fails but when clicking on "Details" it looks like it did not finish?

[petermax2]

jenkins build all please

[petermax2]

@markus2330 it seems like neither gpg nor gpg2 is available in elektra-ini-mergerequest.

gpg2 --import src/plugins/crypto/test_key.asc || gpg --import src/plugins/crypto/test_key.asc

returned with exit code 2.

EDIT: Exit code 2 means that the key file can not be found. Maybe the MSR does not work equally among all builds?

[sanssecours]

Maybe the MSR does not work equally among all builds?

I do not think that is the problem. I can reproduce the failure locally, if I use ini as default storage:

cmake ..
        -DKDB_DB_FILE='default.ini' \
	-DKDB_DB_INIT='elektra.ini' \
	-DKDB_DEFAULT_STORAGE=ini

. Everything works fine if I use dump as default storage instead.

Edit: Corrected value for KDB_DEFAULT_STORAGE

[petermax2]

@sanssecours thank you for your help! we should definetly investigate this issue further, but not within the scope of this PR.

Does everyone agree?

[sanssecours]

I think this line is quite dangerous. This command just overwrote my local GPG configuration.

[petermax2]

@sanssecours I agree. It's fine on the build server but nothing one should execute locally. I will disable the MSR check until the existing issues are resolved.

[ingwinlu]

hmm the msr test for crypto should probably set HOME to a tmpdir so no overwrite of config can happen on dev machines

[petermax2]

I opened #1981 for further investigation.

[markus2330]

Thank you for creating the tutorial! Please feel free to create a new PR if you managed to successfully run it with the shell recorder.