mig5/enroll
1
0
Fork 0
Code Issues Pull requests Projects Releases 5 Packages Wiki Activity Actions

Compare commits

base: mig5:33b117680074798ae6a6aef60195734589fdf834
Branches Tags
mig5:main
mig5:0.1.2
mig5:0.1.1
mig5:0.1.0
mig5:0.0.4
mig5:0.0.2
...
compare: mig5:62ec8e8b1bb7178b8f40574b38b2b6d8c7555780
Branches Tags
mig5:main
mig5:0.1.2
mig5:0.1.1
mig5:0.1.0
mig5:0.0.4
mig5:0.0.2

2 commits
33b1176800 ... 62ec8e8b1b

Author SHA1 Message Date
Miguel Jacq
62ec8e8b1b
Silence bandit paranoia on certain lines
Some checks failed
CI / test (push) Successful in 5m24s
Details
Lint / test (push) Failing after 29s
Details
Trivy / test (push) Successful in 20s
Details
2025-12-17 19:05:07 +11:00
Miguel Jacq
9ebd8ff990
remove --out from harvest examples with remote mode, in README 2025-12-17 19:03:31 +11:00
4 changed files with 8 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

6
README.md
View file

@ -259,10 +259,10 @@ On the host (root recommended to harvest as much data as possible):
```bash ```bash
enroll harvest --out /tmp/enroll-harvest enroll harvest --out /tmp/enroll-harvest
``` ```
### Remote harvest over SSH (no enroll install required on the remote host) ### Remote harvest over SSH (no enroll install required on the remote host, no need for --out)
```bash ```bash
enroll harvest --remote-host myhost.example.com --remote-user myuser --out /tmp/enroll-harvest enroll harvest --remote-host myhost.example.com --remote-user myuser
``` ```
### `--dangerous` (captures potentially sensitive files — read the warning above) ### `--dangerous` (captures potentially sensitive files — read the warning above)
@ -274,7 +274,7 @@ enroll harvest --out /tmp/enroll-harvest --dangerous
Remote + dangerous: Remote + dangerous:
```bash ```bash
enroll harvest --remote-host myhost.example.com --remote-user myuser --out /tmp/enroll-harvest --dangerous enroll harvest --remote-host myhost.example.com --remote-user myuser --dangerous
``` ```
### `--sops` (encrypt bundles at rest) ### `--sops` (encrypt bundles at rest)

2
enroll/manifest.py
View file

@ -567,7 +567,7 @@ def _tar_dir_to_with_progress(
cols = shutil.get_terminal_size((80, 20)).columns cols = shutil.get_terminal_size((80, 20)).columns
msg = msg[: cols - 1] msg = msg[: cols - 1]
except Exception: except Exception:
pass pass # nosec
os.write(2, ("\r" + msg).encode("utf-8", errors="replace")) os.write(2, ("\r" + msg).encode("utf-8", errors="replace"))
with tarfile.open(tar_path, mode="w:gz") as tf: with tarfile.open(tar_path, mode="w:gz") as tf:

2
enroll/remote.py
View file

@ -200,7 +200,7 @@ def remote_harvest(
# Stream a tarball back to the local machine (avoid creating a tar file on the remote). # Stream a tarball back to the local machine (avoid creating a tar file on the remote).
cmd = f"tar -cz -C {rbundle} ." cmd = f"tar -cz -C {rbundle} ."
_stdin, stdout, stderr = ssh.exec_command(cmd) _stdin, stdout, stderr = ssh.exec_command(cmd) # nosec
with open(local_tgz, "wb") as f: with open(local_tgz, "wb") as f:
while True: while True:
chunk = stdout.read(1024 * 128) chunk = stdout.read(1024 * 128)

6
enroll/sopsutil.py
View file

@ -2,7 +2,7 @@ from __future__ import annotations
import os import os
import shutil import shutil
import subprocess import subprocess # nosec
import tempfile import tempfile
from pathlib import Path from pathlib import Path
from typing import Iterable, List, Optional from typing import Iterable, List, Optional
@ -62,7 +62,7 @@ def encrypt_file_binary(
], ],
capture_output=True, capture_output=True,
check=False, check=False,
) ) # nosec
if res.returncode != 0: if res.returncode != 0:
raise SopsError( raise SopsError(
"sops encryption failed:\n" "sops encryption failed:\n"
@ -112,7 +112,7 @@ def decrypt_file_binary_to(
], ],
capture_output=True, capture_output=True,
check=False, check=False,
) ) # nosec
if res.returncode != 0: if res.returncode != 0:
raise SopsError( raise SopsError(
"sops decryption failed:\n" "sops decryption failed:\n"