Skip to content
Browse files

Use spiped to secure data out of heroku

  • Loading branch information...
1 parent cba1323 commit a798481e0066db1fcb79af612a5429f17cf630a4 @halorgium committed
Showing with 208 additions and 0 deletions.
  1. +2 −0 .buildpacks
  2. +6 −0 .env.example
  3. +10 −0 Gemfile
  4. +29 −0 Gemfile.lock
  5. +4 −0 Procfile
  6. +37 −0 README.md
  7. +42 −0 bin/compile
  8. +5 −0 bin/detect
  9. +3 −0 bin/release
  10. +6 −0 client.rb
  11. +42 −0 config.ru
  12. +1 −0 key
  13. +12 −0 server.rb
  14. +5 −0 start-spiped-client
  15. +4 −0 start-spiped-server
View
2 .buildpacks
@@ -0,0 +1,2 @@
+git://github.com/kr/heroku-buildpack-inline
+git://github.com/heroku/heroku-buildpack-ruby
View
6 .env.example
@@ -0,0 +1,6 @@
+SPIPED_CLIENT_SOURCE_SOCKET=/tmp/spiped.sock
+SPIPED_CLIENT_TARGET_SOCKET=127.0.0.1:7001
+SPIPED_SERVER_SOURCE_SOCKET=0.0.0.0:7001
+SPIPED_SERVER_TARGET_SOCKET=127.0.0.1:7002
+ZMQ_BIND_URI=tcp://0.0.0.0:7002
+ZMQ_CONNECT_URI=tcp://127.0.0.1:7002
View
10 Gemfile
@@ -0,0 +1,10 @@
+source "https://rubygems.org"
+
+gem "rack"
+gem "ffi-rzmq"
+gem "puma"
+gem "sinatra"
+
+group :development do
+ gem "foreman"
+end
View
29 Gemfile.lock
@@ -0,0 +1,29 @@
+GEM
+ remote: https://rubygems.org/
+ specs:
+ ffi (1.0.11)
+ ffi-rzmq (0.9.3)
+ ffi
+ foreman (0.47.0)
+ thor (>= 0.13.6)
+ puma (1.4.0)
+ rack (~> 1.2)
+ rack (1.4.1)
+ rack-protection (1.2.0)
+ rack
+ sinatra (1.3.2)
+ rack (~> 1.3, >= 1.3.6)
+ rack-protection (~> 1.2)
+ tilt (~> 1.3, >= 1.3.3)
+ thor (0.15.2)
+ tilt (1.3.3)
+
+PLATFORMS
+ ruby
+
+DEPENDENCIES
+ ffi-rzmq
+ foreman
+ puma
+ rack
+ sinatra
View
4 Procfile
@@ -0,0 +1,4 @@
+web: puma -p $PORT -q -t 0:256
+spipedc: ./start-spiped-client
+spipeds: ./start-spiped-server
+server: ruby server.rb
View
37 README.md
@@ -0,0 +1,37 @@
+# heroku-spiped
+
+## Dependencies
+
+install spiped from http://www.tarsnap.com/spiped.html
+For mac, you need to remove the `-lrt` from the `Makefile`
+
+## You can run this locally
+
+ cp .env.example .env
+ bundle
+ bundle exec foreman start
+
+visit http://localhost:5000/raw to see raw ZMQ
+visit http://localhost:5000/spiped to see spiped ZMQ
+
+## Now run it on heroku
+
+choose a place to run your spiped decrypter/server or tunnel it via SSH/VPN
+
+ scp key ip.of.your.server:/tmp/spiped.key
+ spiped -d -F -s 0.0.0.0:7001 -t 127.0.0.1:7002 -k /tmp/spiped.key
+
+ heroku create --buildpack https://github.com/ddollar/heroku-buildpack-multi --stack cedar spiped-for-me
+
+ heroku config:add \
+ LD_LIBRARY_PATH=sw/usr/lib \
+ PATH=sw/usr/bin:bin:vendor/bundle/ruby/1.9.1/bin:/usr/local/bin:/usr/bin:/bin \
+ SPIPED_CLIENT_SOURCE_SOCKET=/tmp/spiped.sock \
+ SPIPED_CLIENT_TARGET_SOCKET=ip.of.your.server:7001 \
+ ZMQ_CONNECT_URI=tcp://ip.of.your.server:7002
+
+ heroku ps:scale web=1
+
+ heroku logs --tail
+
+Now you can visit http://spiped-for-me.herokuapp.com/spiped
View
42 bin/compile
@@ -0,0 +1,42 @@
+#!/usr/bin/env bash
+# bin/compile <build-dir> <cache-dir>
+
+set -e
+set -o pipefail
+
+function indent() {
+ c='s/^/ /'
+ case $(uname) in
+ Darwin) sed -l "$c";;
+ *) sed -u "$c";;
+ esac
+}
+
+BUILD_DIR=$1
+CACHE_DIR=$2
+
+export UBUNTU_URL=http://us.archive.ubuntu.com/ubuntu/pool
+
+install () {
+ DEB_URL=$1
+ DIR=$(mktemp -d)
+ curl -f $DEB_URL > $DIR/deb
+ dpkg-deb -x $DIR/deb $BUILD_DIR/sw
+}
+
+mkdir $BUILD_DIR/sw
+
+install $UBUNTU_URL/main/l/lsof/lsof_4.81.dfsg.1-1build1_amd64.deb
+install http://ppa.launchpad.net/chris-lea/libpgm/ubuntu/pool/main/libp/libpgm/libpgm-5.1-0_5.1.116-1chl1~lucid1_amd64.deb
+install http://ppa.launchpad.net/chris-lea/zeromq/ubuntu/pool/main/z/zeromq/libzmq1_2.1.11-1chl1~lucid1_amd64.deb
+install http://ppa.launchpad.net/chris-lea/zeromq/ubuntu/pool/main/z/zeromq/libzmq-dev_2.1.11-1chl1~lucid1_amd64.deb
+
+export LDFLAGS="-L$BUILD_DIR/sw/lib -L$BUILD_DIR/sw/usr/lib"
+export CPPFLAGS="-I$BUILD_DIR/sw/usr/include"
+export PATH="$GEM_HOME/bin:$BUILD_DIR/sw/bin:$BUILD_DIR/sw/usr/bin:$PATH"
+
+SPIPED_DIR=$(mktemp -d)
+curl http://www.tarsnap.com/spiped/spiped-1.1.0.tgz |tar zxf - -C $SPIPED_DIR
+cd $SPIPED_DIR/spiped-1.1.0
+make
+cp spiped $BUILD_DIR/sw/usr/bin/
View
5 bin/detect
@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+# bin/detect <build-dir>
+set -e
+
+echo spiped
View
3 bin/release
@@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+
+echo "--- {}"
View
6 client.rb
@@ -0,0 +1,6 @@
+require 'ffi-rzmq'
+
+p context = ZMQ::Context.new
+p socket = context.socket(ZMQ::PUSH)
+p socket.connect(ENV.fetch("ZMQ_CONNECT_URI"))
+p socket.send_strings(["hello", *ARGV])
View
42 config.ru
@@ -0,0 +1,42 @@
+Thread.abort_on_exception = true
+
+require 'sinatra/base'
+
+class App < Sinatra::Base
+ before do
+ content_type :text
+ end
+
+ get '/' do
+ "Hello world"
+ end
+
+ get '/lsof' do
+ `lsof -nP`
+ end
+
+ get '/raw' do
+ p system("ruby client.rb raw")
+ "via raw"
+ end
+
+ get '/spiped' do
+ p system("env ZMQ_CONNECT_URI=ipc://#{ENV.fetch("SPIPED_CLIENT_SOURCE_SOCKET")} ruby client.rb spiped")
+ "via spiped"
+ end
+
+ get '/thread' do
+ "thread: #{$thread.inspect}"
+ end
+end
+
+$thread = Thread.new do
+ pid = Process.spawn("./start-spiped-client >&2")
+ $stderr.puts "spiped started on pid #{pid.inspect}"
+ p system("lsof -nPp #{pid} >&2")
+ _, status = Process.wait2(pid)
+ $stderr.puts "spiped exited with #{status.inspect}"
+ exit(1)
+end
+
+run App
View
1 key
@@ -0,0 +1 @@
+Z��Hb�8�H��@�ʕe����c���\�#��
View
12 server.rb
@@ -0,0 +1,12 @@
+#!/usr/bin/env ruby
+
+require 'ffi-rzmq'
+
+p context = ZMQ::Context.new
+p socket = context.socket(ZMQ::PULL)
+p socket.bind(ENV.fetch("ZMQ_BIND_URI"))
+loop do
+ s = []
+ p socket.recv_strings(s)
+ puts "strings: #{s.inspect}"
+end
View
5 start-spiped-client
@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+
+set -x
+rm -f $SPIPED_CLIENT_SOURCE_SOCKET
+spiped -e -F -s $SPIPED_CLIENT_SOURCE_SOCKET -t $SPIPED_CLIENT_TARGET_SOCKET -k key
View
4 start-spiped-server
@@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+
+set -x
+spiped -d -F -s $SPIPED_SERVER_SOURCE_SOCKET -t $SPIPED_SERVER_TARGET_SOCKET -k key

0 comments on commit a798481

Please sign in to comment.
Something went wrong with that request. Please try again.