Admin CLI for cargo_crev_web
version: 2022.623.1512 date: 2022-06-23 author: bestia.dev repository: Github
Hashtags: #rustlang #buildtool #developmenttool #web #admin #cli
My projects on Github are more like a tutorial than a finished product: bestia-dev tutorials.
The web app cargo_crev_web on https://web.crev.dev fetches all proof repos it can find and shows the crate reviews online.
Some admin tasks are needed and I don't want them to be accessible on the web.
This will be a CLI app that can be used when logged on the linux terminal over SSH.
So is sure that only an admin, who can log in on to the server, can use this tasks.
Some tasks need the crev passphrase. Put it in the env variable before starting the CLI:
$ export CREV_PASSPHRASE=xxx
Add a space before the command to avoid to be saved in the bash history.
I use cargo-auto for automation tasks in rust language. Install it:
cargo install cargo-auto
List user-defined automation tasks in
This executable is prepared for auto-completion in bash.
Run this command to define auto-completion in bash for the current session:
Or add it to
.bashrc file to be executed n every session start.
complete -C "cargo_crev_web_admin completion" cargo_crev_web_admin
To make it permanent add this command to the file
~/.bashrc or some other file that runs commands on bash initialization.
Prepare development environment
In the development environment inside a container I need the
cargo-crev binary to run the commands. Fortunately there is a binary release already compiled:
curl -L -s https://github.com/crev-dev/cargo-crev/releases/download/v0.23.3/cargo-crev-v0.23.3-x86_64-unknown-linux-musl.tar.gz --output /tmp/cargo-crev.tar.gz tar -xzv --no-same-owner --strip-components=1 -C ~/.cargo/bin -f /tmp/cargo-crev.tar.gz cargo-crev-v0.23.3-x86_64-unknown-linux-musl/cargo-crev rm /tmp/cargo-crev.tar.gz chmod +x ~/.cargo/bin/cargo-crev git config --global core.editor "nano"
Now I need to import the
CrevId from the server (ssh agent already has my ssh identity to connect to the server):
scp firstname.lastname@example.org:/home/luciano_bestia/.local/share/crev/ids/UpOPNplVEwBS2RhF7SS9gSP3bPJlfg-ZEoZ89gEMDwU.yaml . # Connecting standard input to the file with < cargo-crev crev id import <UpOPNplVEwBS2RhF7SS9gSP3bPJlfg-ZEoZ89gEMDwU.yaml cargo-crev crev id current rm UpOPNplVEwBS2RhF7SS9gSP3bPJlfg-ZEoZ89gEMDwU.yaml
I need the ssh keys from the server to connect to the github remote repository.
scp email@example.com:/home/luciano_bestia/.ssh/web_crev_dev_for_github.pub ~/.ssh/ scp firstname.lastname@example.org:/home/luciano_bestia/.ssh/web_crev_dev_for_github ~/.ssh/ # Be careful to not commit any secrets or private keys to github! chmod 400 ~/.ssh/web_crev_dev_for_github # Add the ssh key to your running ssh-agent ssh-add ~/.ssh/web_crev_dev_for_github # configure the remote repository cargo-crev crev id set-url https://github.com/web-crev-dev/crev-proofs # To test add a `dpc` as trusted cargo-crev crev trust https://github.com/dpc/crev-proofs # Now check the dir with cargo-crev crev repo dir
It looks crev changed the dir from ~/.config/crev to ~/.local/share/crev in some version. Be careful!
On every session I will need to add the ssh key to the running ssh-agent:
Copy the new crev data from the server for developing and debugging. The web.crev.dev has a special crev-id and should not interfere with other crev-ids on the system.
rm ~/.local/share/crev/proofs/github_com_web-crev-dev_crev-proofs-POHSrDcUUmA6qBxSX6zy1w/UpOPNplVEwBS2RhF7SS9gSP3bPJlfg-ZEoZ89gEMDwU/blocklisted_repos.json scp email@example.com:/var/www/webapps/cargo_crev_web/blocklisted_repos.json ~/.local/share/crev/proofs/github_com_web-crev-dev_crev-proofs-POHSrDcUUmA6qBxSX6zy1w/UpOPNplVEwBS2RhF7SS9gSP3bPJlfg-ZEoZ89gEMDwU/blocklisted_repos.json ls -l ~/.local/share/crev/proofs/github_com_web-crev-dev_crev-proofs-POHSrDcUUmA6qBxSX6zy1w/UpOPNplVEwBS2RhF7SS9gSP3bPJlfg-ZEoZ89gEMDwU rm -r ~/.local/share/crev/proofs/github_com_web-crev-dev_crev-proofs-POHSrDcUUmA6qBxSX6zy1w/UpOPNplVEwBS2RhF7SS9gSP3bPJlfg-ZEoZ89gEMDwU/trust/ scp -r firstname.lastname@example.org:/home/luciano_bestia/.local/share/crev/proofs/github_com_cargo-crev-web_crev-proofs-NfdERRQ6ONoBLjIp0YbFVw/UpOPNplVEwBS2RhF7SS9gSP3bPJlfg-ZEoZ89gEMDwU/trust/ ~/.local/share/crev/proofs/github_com_web-crev-dev_crev-proofs-POHSrDcUUmA6qBxSX6zy1w/UpOPNplVEwBS2RhF7SS9gSP3bPJlfg-ZEoZ89gEMDwU/ ls -l ~/.local/share/crev/proofs/github_com_web-crev-dev_crev-proofs-POHSrDcUUmA6qBxSX6zy1w/UpOPNplVEwBS2RhF7SS9gSP3bPJlfg-ZEoZ89gEMDwU/trust/ # list only the directly trusted repos cargo-crev crev id query trusted --high-cost 1 --medium-cost 1 --low-cost 1 --depth 1
This should list around 80 directly trusted proof-repos that are used on the server.
Integrity - warnings if a review have incorrect url or ID
cargo-crev reviews and advisory
Please, spread this info !
Open source code needs a community effort to express trustworthiness.
Start with reading the reviews of the crates on web.crev.dev.
Then install the GUI cargo_crev_reviews or the CLI cargo-crev.
Your personal reviews are most important. If you have a boss, he will sooner or later ask you to show him your reviews for all the dependencies you use. With cargo_crev_reviews you have a basic tool to do that.
Write your reviews! Describe the crates you trust and why. Or warn about the crate versions you think are dangerous. Publish and share your opinion with other developers.\
Open-source and free as a beer
My open-source projects are free as a beer (MIT license).
I just love programming.
But I need also to drink. If you find my projects and tutorials helpful, please buy me a beer by donating to my PayPal.
You know the price of a beer in your local bar ;-)
So I can drink a free beer for your health :-)
Na zdravje! Alla salute! Prost! Nazdravlje!