cargo_crev_web_admin
Admin CLI for cargo_crev_web
version: 2022.623.1512 date: 2022-06-23 author: bestia.dev repository: Github
Hashtags: #rustlang #buildtool #developmenttool #web #admin #cli
My projects on Github are more like a tutorial than a finished product: bestia-dev tutorials.
cargo_crev_web_admin CLI
The web app cargo_crev_web on https://web.crev.dev fetches all proof repos it can find and shows the crate reviews online.
Some admin tasks are needed and I don't want them to be accessible on the web.
This will be a CLI app that can be used when logged on the linux terminal over SSH.
So is sure that only an admin, who can log in on to the server, can use this tasks.
Some tasks need the crev passphrase. Put it in the env variable before starting the CLI:
$ export CREV_PASSPHRASE=xxx
Add a space before the command to avoid to be saved in the bash history.
Development
I use cargo-auto for automation tasks in rust language. Install it:
cargo install cargo-autoList user-defined automation tasks in automation_tasks_rs:
cargo autobash auto-completion
This executable is prepared for auto-completion in bash.
Run this command to define auto-completion in bash for the current session:
Or add it to .bashrc file to be executed n every session start.
complete -C "cargo_crev_web_admin completion" cargo_crev_web_adminTo make it permanent add this command to the file ~/.bashrc or some other file that runs commands on bash initialization.
Prepare development environment
In the development environment inside a container I need the cargo-crev binary to run the commands. Fortunately there is a binary release already compiled:
curl -L -s https://github.com/crev-dev/cargo-crev/releases/download/v0.23.3/cargo-crev-v0.23.3-x86_64-unknown-linux-musl.tar.gz --output /tmp/cargo-crev.tar.gz
tar -xzv --no-same-owner --strip-components=1 -C ~/.cargo/bin -f /tmp/cargo-crev.tar.gz cargo-crev-v0.23.3-x86_64-unknown-linux-musl/cargo-crev
rm /tmp/cargo-crev.tar.gz
chmod +x ~/.cargo/bin/cargo-crev
git config --global core.editor "nano"Now I need to import the CrevId from the server (ssh agent already has my ssh identity to connect to the server):
scp luciano_bestia@bestia.dev:/home/luciano_bestia/.local/share/crev/ids/UpOPNplVEwBS2RhF7SS9gSP3bPJlfg-ZEoZ89gEMDwU.yaml .
# Connecting standard input to the file with <
cargo-crev crev id import <UpOPNplVEwBS2RhF7SS9gSP3bPJlfg-ZEoZ89gEMDwU.yaml
cargo-crev crev id current
rm UpOPNplVEwBS2RhF7SS9gSP3bPJlfg-ZEoZ89gEMDwU.yamlI need the ssh keys from the server to connect to the github remote repository.
scp luciano_bestia@bestia.dev:/home/luciano_bestia/.ssh/web_crev_dev_for_github.pub ~/.ssh/
scp luciano_bestia@bestia.dev:/home/luciano_bestia/.ssh/web_crev_dev_for_github ~/.ssh/
# Be careful to not commit any secrets or private keys to github!
chmod 400 ~/.ssh/web_crev_dev_for_github
# Add the ssh key to your running ssh-agent
ssh-add ~/.ssh/web_crev_dev_for_github
# configure the remote repository
cargo-crev crev id set-url https://github.com/web-crev-dev/crev-proofs
# To test add a `dpc` as trusted
cargo-crev crev trust https://github.com/dpc/crev-proofs
# Now check the dir with
cargo-crev crev repo dirI got: ~/.local/share/crev/proofs/github_com_web-crev-dev_crev-proofs-POHSrDcUUmA6qBxSX6zy1w
It looks crev changed the dir from ~/.config/crev to ~/.local/share/crev in some version. Be careful!
On every session I will need to add the ssh key to the running ssh-agent:
ssh-add ~/.ssh/web_crev_dev_for_githubCopy the new crev data from the server for developing and debugging. The web.crev.dev has a special crev-id and should not interfere with other crev-ids on the system.
rm ~/.local/share/crev/proofs/github_com_web-crev-dev_crev-proofs-POHSrDcUUmA6qBxSX6zy1w/UpOPNplVEwBS2RhF7SS9gSP3bPJlfg-ZEoZ89gEMDwU/blocklisted_repos.json
scp luciano_bestia@bestia.dev:/var/www/webapps/cargo_crev_web/blocklisted_repos.json ~/.local/share/crev/proofs/github_com_web-crev-dev_crev-proofs-POHSrDcUUmA6qBxSX6zy1w/UpOPNplVEwBS2RhF7SS9gSP3bPJlfg-ZEoZ89gEMDwU/blocklisted_repos.json
ls -l ~/.local/share/crev/proofs/github_com_web-crev-dev_crev-proofs-POHSrDcUUmA6qBxSX6zy1w/UpOPNplVEwBS2RhF7SS9gSP3bPJlfg-ZEoZ89gEMDwU
rm -r ~/.local/share/crev/proofs/github_com_web-crev-dev_crev-proofs-POHSrDcUUmA6qBxSX6zy1w/UpOPNplVEwBS2RhF7SS9gSP3bPJlfg-ZEoZ89gEMDwU/trust/
scp -r luciano_bestia@bestia.dev:/home/luciano_bestia/.local/share/crev/proofs/github_com_cargo-crev-web_crev-proofs-NfdERRQ6ONoBLjIp0YbFVw/UpOPNplVEwBS2RhF7SS9gSP3bPJlfg-ZEoZ89gEMDwU/trust/ ~/.local/share/crev/proofs/github_com_web-crev-dev_crev-proofs-POHSrDcUUmA6qBxSX6zy1w/UpOPNplVEwBS2RhF7SS9gSP3bPJlfg-ZEoZ89gEMDwU/
ls -l ~/.local/share/crev/proofs/github_com_web-crev-dev_crev-proofs-POHSrDcUUmA6qBxSX6zy1w/UpOPNplVEwBS2RhF7SS9gSP3bPJlfg-ZEoZ89gEMDwU/trust/
# list only the directly trusted repos
cargo-crev crev id query trusted --high-cost 1 --medium-cost 1 --low-cost 1 --depth 1This should list around 80 directly trusted proof-repos that are used on the server.
TODO
Integrity - warnings if a review have incorrect url or ID
cargo-crev reviews and advisory
Please, spread this info !
Open source code needs a community effort to express trustworthiness.
Start with reading the reviews of the crates on web.crev.dev.
Then install the GUI cargo_crev_reviews or the CLI cargo-crev.
Your personal reviews are most important. If you have a boss, he will sooner or later ask you to show him your reviews for all the dependencies you use. With cargo_crev_reviews you have a basic tool to do that.
Write your reviews! Describe the crates you trust and why. Or warn about the crate versions you think are dangerous. Publish and share your opinion with other developers.\
Open-source and free as a beer
My open-source projects are free as a beer (MIT license).
I just love programming.
But I need also to drink. If you find my projects and tutorials helpful, please buy me a beer by donating to my PayPal.
You know the price of a beer in your local bar ;-)
So I can drink a free beer for your health :-)
Na zdravje! Alla salute! Prost! Nazdravlje!
//bestia.dev
//github.com/bestia-dev
//bestiadev.substack.com
//youtube.com/@bestia-dev-tutorials