1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
|
# NAME
Mail::Run::Crypt - Encrypt and mail output from command runs
# VERSION
Version 0.01
# DESCRIPTION
This module runs commands with `IPC::Run3::run3()`, and collects any standard
output and standard error it emits. If there is any standard output or standard
error content, it is signed and/or encrypted with GnuPG, and then mailed to a
specified recipient address (each stream separately).
The idea is to allow you to view the output of automated commands while having
the content encrypted as it passes through to your mailserver, and (optionally)
have some assurance that the content was actually generated by the server
concerned. `cron(8)` scripts are the ideal use case, but this would also work
with `at(1)` or anything else that might non-interactively run jobs for which
output is significant.
You probably want to call this with the `runcrypt(1)` program installed by
this distribution, which provides a means to set the properties for the module
via environment variables or command-line options.
# SYNOPSIS
my $mrc = Mail::Run::Crypt->new(
keyid => 0x1234DEAD,
passphrase => 'able was i ere i saw elba',
mailto => 'you@example.net',
);
$mrc->run(qw(rsync -a /mnt/a/ remote:mnt/b));
# SUBROUTINES/METHODS
## **new(%opts)**
Constructor accepts the following named parameters:
- `sign`
Whether to sign the command output. This defaults to off. A key ID and
passphrase will be required for signing.
- `encrypt`
Whether to encrypt the command output. This defaults to on.
- `keyid`
The GnuPG key ID that should be used to encrypt the messages.
- `passphrase`
The passphrase used to decrypt the key.
- `mailto`
The recipient email address for the content.
- `name`
(Optional) The name of the object. When called from the `runcrypt(1)`
program, this will be the string "runcrypt".
## **run(@command)**
Run the specified arguments as a command with `IPC::Run3::run3()`, and email
any output or error content to the email recipient.
## **bail()**
Return the exit status of the most recently run command, or 127 if no command
has been successfully run.
# DIAGNOSTICS
- mailto required
The required `mailto` property was not passed in the constructor.
- keyid required for signing
Signing was specified, but no `keyid` attribute was passed in the constructor.
- passphrase required for signing
Signing was specified, but no `passphrase` attribute was passed in the constructor.
- command failed: %s
The command did not merely fail, it could not even be started, with the given
error string. This is typically due to problems finding the executable.
# CONFIGURATION AND ENVIRONMENT
You will need to have a functioning GnuPG public key setup for this to work,
including the secret key. You should definitely not use your personal key;
generate one specifically for mail signing and encryption instead.
# DEPENDENCIES
- Perl v5.10.0 or newer
- `Carp`
- `Const::Fast`
- `English`
- `IPC::Run3`
- `Mail::GnuPG`
- `MIME::Entity`
# INCOMPATIBILITIES
This module uses `Mail::GnuPG` and other GPG-specific code, so it won't work
with any other OpenPGP implementations.
# BUGS AND LIMITATIONS
Providing the `passphrase` directly from an environment variable is not great.
The documentation needs to make that clear and offer a less bad alternative,
probably specifying the path to a secure file that it refuses to use unless it
has sufficiently restrictive permissions.
This is very hard to test and the author has not yet figured out how to do
that.
# AUTHOR
Tom Ryder `<tom@sanctum.geek.nz>`
# LICENSE AND COPYRIGHT
Copyright (C) 2017 Tom Ryder
This program is free software; you can redistribute it and/or modify it under
the terms of the Artistic License (2.0). You may obtain a copy of the full
license at:
[http://www.perlfoundation.org/artistic\_license\_2\_0](http://www.perlfoundation.org/artistic_license_2_0)
Any use, modification, and distribution of the Standard or Modified Versions is
governed by this Artistic License. By using, modifying or distributing the
Package, you accept this license. Do not use, modify, or distribute the
Package, if you do not accept this license.
If your Modified Version has been derived from a Modified Version made by
someone other than you, you are nevertheless required to ensure that your
Modified Version complies with the requirements of this license.
This license does not grant you the right to use any trademark, service mark,
tradename, or logo of the Copyright Holder.
This license includes the non-exclusive, worldwide, free-of-charge patent
license to make, have made, use, offer to sell, sell, import and otherwise
transfer the Package with respect to any patent claims licensable by the
Copyright Holder that are necessarily infringed by the Package. If you
institute patent litigation (including a cross-claim or counterclaim) against
any party alleging that the Package constitutes direct or contributory patent
infringement, then this Artistic License to you shall terminate on the date
that such litigation is filed.
Disclaimer of Warranty: THE PACKAGE IS PROVIDED BY THE COPYRIGHT HOLDER AND
CONTRIBUTORS "AS IS' AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES. THE IMPLIED
WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR
NON-INFRINGEMENT ARE DISCLAIMED TO THE EXTENT PERMITTED BY YOUR LOCAL LAW.
UNLESS REQUIRED BY LAW, NO COPYRIGHT HOLDER OR CONTRIBUTOR WILL BE LIABLE FOR
ANY DIRECT, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING IN ANY WAY
OUT OF THE USE OF THE PACKAGE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
DAMAGE.
|
