From 97b44fde9ceda01b7503a00cd4a0f4d49dc375cf Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 11 Sep 2018 21:58:13 +0200 Subject: [PATCH 1/3] syncthing-device-id: init Source: https://gist.github.com/spectras/b3a6f0093ddb1635b39279e9a539ca21 --- krebs/5pkgs/simple/syncthing-device-id.nix | 36 ++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 krebs/5pkgs/simple/syncthing-device-id.nix diff --git a/krebs/5pkgs/simple/syncthing-device-id.nix b/krebs/5pkgs/simple/syncthing-device-id.nix new file mode 100644 index 000000000..f7d167fdf --- /dev/null +++ b/krebs/5pkgs/simple/syncthing-device-id.nix @@ -0,0 +1,36 @@ +{ writePython2Bin }: + +writePython2Bin "syncthing-device-id" {} /* python */ '' + import base64 + import hashlib + import subprocess + import sys + + B32ALPHABET = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567' + + def luhn_checksum(data, alphabet=B32ALPHABET): + n = len(alphabet) + number = tuple(alphabet.index(i) for i in reversed(data)) + result = (sum(number[::2]) + + sum(sum(divmod(i * 2, n)) for i in number[1::2])) % n + return alphabet[-result] + + def main(incert): + der_data = subprocess.check_output(['openssl', 'x509', '-outform', 'DER'], stdin=incert) + data_hash = hashlib.sha256(der_data) + b32_hash = base64.b32encode(data_hash.digest()).decode('ascii') + + result = b32_hash.upper().rstrip('=') + blocks = [result[pos:pos+13] for pos in range(0, len(result), 13)] + result = '''.join(block + luhn_checksum(block) for block in blocks) + + blocks = [result[pos:pos+7] for pos in range(0, len(result), 7)] + print('-'.join(blocks)) + + if __name__ == '__main__': + import argparse + parser = argparse.ArgumentParser(description='Generate syncthing ID from certificate') + parser.add_argument('incert', type=argparse.FileType('rb'), help='Certificate path') + args = parser.parse_args() + main(**vars(args)) +'' From 4fc5cf354f386d495918aec22df9b482e8676555 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 11 Sep 2018 22:10:50 +0200 Subject: [PATCH 2/3] syncthing-device-id: satisfy flake8 --- krebs/5pkgs/simple/syncthing-device-id.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/krebs/5pkgs/simple/syncthing-device-id.nix b/krebs/5pkgs/simple/syncthing-device-id.nix index f7d167fdf..9fe2b8ffb 100644 --- a/krebs/5pkgs/simple/syncthing-device-id.nix +++ b/krebs/5pkgs/simple/syncthing-device-id.nix @@ -1,6 +1,14 @@ { writePython2Bin }: -writePython2Bin "syncthing-device-id" {} /* python */ '' +writePython2Bin "syncthing-device-id" { + flakeIgnore = [ + "E226" + "E302" + "E305" + "E501" + "F401" + ]; +} /* python */ '' import base64 import hashlib import subprocess From 312eb6e569a3b61325fcf15112500fbf0face65a Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 11 Sep 2018 22:11:20 +0200 Subject: [PATCH 3/3] syncthing-device-id: use openssl --- krebs/5pkgs/simple/syncthing-device-id.nix | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/krebs/5pkgs/simple/syncthing-device-id.nix b/krebs/5pkgs/simple/syncthing-device-id.nix index 9fe2b8ffb..9533800fd 100644 --- a/krebs/5pkgs/simple/syncthing-device-id.nix +++ b/krebs/5pkgs/simple/syncthing-device-id.nix @@ -1,4 +1,4 @@ -{ writePython2Bin }: +{ openssl, writePython2Bin }: writePython2Bin "syncthing-device-id" { flakeIgnore = [ @@ -24,7 +24,12 @@ writePython2Bin "syncthing-device-id" { return alphabet[-result] def main(incert): - der_data = subprocess.check_output(['openssl', 'x509', '-outform', 'DER'], stdin=incert) + der_data = subprocess.check_output([ + '${openssl}/bin/openssl', + 'x509', + '-outform', + 'DER', + ], stdin=incert) data_hash = hashlib.sha256(der_data) b32_hash = base64.b32encode(data_hash.digest()).decode('ascii')