mig5/enroll
1
0
Fork 0
Code Issues Pull requests Projects Releases 5 Packages Wiki Activity Actions

Compare commits

base: mig5:62ec8e8b1bb7178b8f40574b38b2b6d8c7555780
Branches Tags
mig5:main
mig5:0.1.2
mig5:0.1.1
mig5:0.1.0
mig5:0.0.4
mig5:0.0.2
..
compare: mig5:33b117680074798ae6a6aef60195734589fdf834
Branches Tags
mig5:main
mig5:0.1.2
mig5:0.1.1
mig5:0.1.0
mig5:0.0.4
mig5:0.0.2

No commits in common. "62ec8e8b1bb7178b8f40574b38b2b6d8c7555780" and "33b117680074798ae6a6aef60195734589fdf834" have entirely different histories.
62ec8e8b1b ... 33b1176800

4 changed files with 8 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

6
README.md
View file

@ -259,10 +259,10 @@ On the host (root recommended to harvest as much data as possible):
```bash
enroll harvest --out /tmp/enroll-harvest
```
### Remote harvest over SSH (no enroll install required on the remote host, no need for --out)
### Remote harvest over SSH (no enroll install required on the remote host)
```bash
enroll harvest --remote-host myhost.example.com --remote-user myuser
enroll harvest --remote-host myhost.example.com --remote-user myuser --out /tmp/enroll-harvest
```
### `--dangerous` (captures potentially sensitive files — read the warning above)
@ -274,7 +274,7 @@ enroll harvest --out /tmp/enroll-harvest --dangerous
Remote + dangerous:
```bash
enroll harvest --remote-host myhost.example.com --remote-user myuser --dangerous
enroll harvest --remote-host myhost.example.com --remote-user myuser --out /tmp/enroll-harvest --dangerous
```
### `--sops` (encrypt bundles at rest)

2
enroll/manifest.py
View file

@ -567,7 +567,7 @@ def _tar_dir_to_with_progress(
cols = shutil.get_terminal_size((80, 20)).columns
msg = msg[: cols - 1]
except Exception:
pass # nosec
pass
os.write(2, ("\r" + msg).encode("utf-8", errors="replace"))
with tarfile.open(tar_path, mode="w:gz") as tf:

2
enroll/remote.py
View file

@ -200,7 +200,7 @@ def remote_harvest(
# Stream a tarball back to the local machine (avoid creating a tar file on the remote).
cmd = f"tar -cz -C {rbundle} ."
_stdin, stdout, stderr = ssh.exec_command(cmd) # nosec
_stdin, stdout, stderr = ssh.exec_command(cmd)
with open(local_tgz, "wb") as f:
while True:
chunk = stdout.read(1024 * 128)

6
enroll/sopsutil.py
View file

@ -2,7 +2,7 @@ from __future__ import annotations
import os
import shutil
import subprocess # nosec
import subprocess
import tempfile
from pathlib import Path
from typing import Iterable, List, Optional
@ -62,7 +62,7 @@ def encrypt_file_binary(
],
capture_output=True,
check=False,
) # nosec
)
if res.returncode != 0:
raise SopsError(
"sops encryption failed:\n"
@ -112,7 +112,7 @@ def decrypt_file_binary_to(
],
capture_output=True,
check=False,
) # nosec
)
if res.returncode != 0:
raise SopsError(
"sops decryption failed:\n"