git.delta.rocks / jrsonnet / refs/commits / f17a60a8e9d4

difftreelog

feat bytes generator helper

Yaroslav Bolyukin2024-07-06parent: #bd8e3e5.patch.diff
in: trunk

1 file changed

modifiedcmds/generator-helper/src/main.rsdiffbeforeafterboth
14use fleet_shared::SecretData;14use fleet_shared::SecretData;
15use rand::{15use rand::{
16	distributions::{Alphanumeric, DistString, Distribution, Uniform},16	distributions::{Alphanumeric, DistString, Distribution, Uniform},
17	thread_rng,17	thread_rng, RngCore,
18};18};
1919
20fn write_output_file(out: &str) -> Result<File> {20fn write_output_file(out: &str) -> Result<File> {
178		#[arg(long, short = 'e', value_enum, default_value_t)]178		#[arg(long, short = 'e', value_enum, default_value_t)]
179		encoding: OutputEncoding,179		encoding: OutputEncoding,
180	},180	},
181	Bytes {
182		#[arg(long, short = 'o')]
183		output: String,
184		#[arg(long, short = 'c')]
185		count: usize,
186		/// Ensure there is no NULs in bytestring.
187		#[arg(long)]
188		no_nuls: bool,
189		#[arg(long, short = 'e', value_enum, default_value_t)]
190		encoding: OutputEncoding,
191	},
181}192}
182193
183#[derive(Parser)]194#[derive(Parser)]
208	///219	///
209	/// Note that this command is only intended to be used in fleet secret generator,220	/// Note that this command is only intended to be used in fleet secret generator,
210	/// otherwise you should ensure noone is able to read generated files, they don't have any mode set by default.221	/// otherwise you should ensure noone is able to read generated files, they don't have any mode set by default.
222	///
223	/// Fleet also doesn't zeroize memory/assumes good OsRng/makes other assumptions, which makes it only suitable to
224	/// be used in nix sandbox.
211	#[command(subcommand)]225	#[command(subcommand)]
212	Generate(Generate),226	Generate(Generate),
213}227}
288					};302					};
289					write_private(&recipients, &output, out.as_bytes(), encoding)?;303					write_private(&recipients, &output, out.as_bytes(), encoding)?;
290				}304				}
305				Generate::Bytes {
306					output,
307					count,
308					no_nuls,
309					encoding,
310				} => {
311					ensure!(
312						count >= 6,
313						"misconfiguration? bytestring is shorter than 6 chars"
314					);
315					let recipients = load_identities()?;
316					let mut bytes = vec![0u8; count];
317					if no_nuls {
318						let rand = Uniform::new_inclusive(0x1u8, 0xffu8).sample_iter(&mut rng);
319						for (byte, rand) in bytes.iter_mut().zip(rand) {
320							*byte = rand;
321						}
322					} else {
323						rng.fill_bytes(&mut bytes);
324					};
325					write_private(&recipients, &output, bytes.as_slice(), encoding)?;
326				}
291			}327			}
292		}328		}
293		Opts::Decode { input } => {329		Opts::Decode { input } => {