From 2a263380091311c9987fbabfb7ccb2f288e58064 Mon Sep 17 00:00:00 2001
From: Dave Henderson <dhenderson@gmail.com>
Date: Thu, 3 Oct 2019 23:20:12 -0400
Subject: Moving to go modules

Signed-off-by: Dave Henderson <dhenderson@gmail.com>
---
 vendor/github.com/Shopify/ejson/.gitignore   |  10 ++
 vendor/github.com/Shopify/ejson/.travis.yml  |  11 ++
 vendor/github.com/Shopify/ejson/CHANGELOG.md |   4 +
 vendor/github.com/Shopify/ejson/Gemfile      |   4 +
 vendor/github.com/Shopify/ejson/Gemfile.lock |  54 ++++++++++
 vendor/github.com/Shopify/ejson/Gopkg.lock   |  47 +++++++++
 vendor/github.com/Shopify/ejson/Gopkg.toml   |  34 +++++++
 vendor/github.com/Shopify/ejson/Makefile     |  87 ++++++++++++++++
 vendor/github.com/Shopify/ejson/README.md    | 145 +++++++++++++++++++++++++++
 vendor/github.com/Shopify/ejson/VERSION      |   1 +
 vendor/github.com/Shopify/ejson/dev.yml      |  16 +++
 11 files changed, 413 insertions(+)
 create mode 100644 vendor/github.com/Shopify/ejson/.gitignore
 create mode 100644 vendor/github.com/Shopify/ejson/.travis.yml
 create mode 100644 vendor/github.com/Shopify/ejson/CHANGELOG.md
 create mode 100644 vendor/github.com/Shopify/ejson/Gemfile
 create mode 100644 vendor/github.com/Shopify/ejson/Gemfile.lock
 create mode 100644 vendor/github.com/Shopify/ejson/Gopkg.lock
 create mode 100644 vendor/github.com/Shopify/ejson/Gopkg.toml
 create mode 100644 vendor/github.com/Shopify/ejson/Makefile
 create mode 100644 vendor/github.com/Shopify/ejson/README.md
 create mode 100644 vendor/github.com/Shopify/ejson/VERSION
 create mode 100644 vendor/github.com/Shopify/ejson/dev.yml

(limited to 'vendor/github.com/Shopify/ejson')

diff --git a/vendor/github.com/Shopify/ejson/.gitignore b/vendor/github.com/Shopify/ejson/.gitignore
new file mode 100644
index 00000000..85436574
--- /dev/null
+++ b/vendor/github.com/Shopify/ejson/.gitignore
@@ -0,0 +1,10 @@
+/ejson
+/tags
+/build/
+/pkg/
+/rubygem/pkg/
+/rubygem/build/
+/rubygem/man/
+/rubygem/LICENSE.txt
+/rubygem/lib/ejson/version.rb
+.bundle
diff --git a/vendor/github.com/Shopify/ejson/.travis.yml b/vendor/github.com/Shopify/ejson/.travis.yml
new file mode 100644
index 00000000..186cd237
--- /dev/null
+++ b/vendor/github.com/Shopify/ejson/.travis.yml
@@ -0,0 +1,11 @@
+language: go
+
+go:
+  - 1.10.x
+  - 1.11.x
+
+script:
+  - go test -race -coverprofile=coverage.txt -covermode=atomic
+  
+after_success:
+  - bash <(curl -s https://codecov.io/bash)
diff --git a/vendor/github.com/Shopify/ejson/CHANGELOG.md b/vendor/github.com/Shopify/ejson/CHANGELOG.md
new file mode 100644
index 00000000..0077bc70
--- /dev/null
+++ b/vendor/github.com/Shopify/ejson/CHANGELOG.md
@@ -0,0 +1,4 @@
+# 1.1.0
+
+* Add `--key-from-stdin` flag, where a private key, assumed to match the file's public key, is read
+  directly from stdin instead of looking up a match in the keydir.
diff --git a/vendor/github.com/Shopify/ejson/Gemfile b/vendor/github.com/Shopify/ejson/Gemfile
new file mode 100644
index 00000000..f860fe50
--- /dev/null
+++ b/vendor/github.com/Shopify/ejson/Gemfile
@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+gem 'fpm'
+gem 'ronn'
diff --git a/vendor/github.com/Shopify/ejson/Gemfile.lock b/vendor/github.com/Shopify/ejson/Gemfile.lock
new file mode 100644
index 00000000..b5556285
--- /dev/null
+++ b/vendor/github.com/Shopify/ejson/Gemfile.lock
@@ -0,0 +1,54 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    arr-pm (0.0.10)
+      cabin (> 0)
+    backports (3.8.0)
+    cabin (0.9.0)
+    childprocess (0.7.1)
+      ffi (~> 1.0, >= 1.0.11)
+    clamp (1.0.1)
+    dotenv (2.2.1)
+    ffi (1.9.18)
+    fpm (1.9.2)
+      arr-pm (~> 0.0.10)
+      backports (>= 2.6.2)
+      cabin (>= 0.6.0)
+      childprocess
+      clamp (~> 1.0.0)
+      ffi
+      json (>= 1.7.7, < 2.0)
+      pleaserun (~> 0.0.29)
+      ruby-xz
+      stud
+    hpricot (0.8.6)
+    insist (1.0.0)
+    io-like (0.3.0)
+    json (1.8.6)
+    mustache (0.99.8)
+    pleaserun (0.0.30)
+      cabin (> 0)
+      clamp
+      dotenv
+      insist
+      mustache (= 0.99.8)
+      stud
+    rdiscount (2.2.0.1)
+    ronn (0.7.3)
+      hpricot (>= 0.8.2)
+      mustache (>= 0.7.0)
+      rdiscount (>= 1.5.8)
+    ruby-xz (0.2.3)
+      ffi (~> 1.9)
+      io-like (~> 0.3)
+    stud (0.0.23)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  fpm
+  ronn
+
+BUNDLED WITH
+   1.16.6
diff --git a/vendor/github.com/Shopify/ejson/Gopkg.lock b/vendor/github.com/Shopify/ejson/Gopkg.lock
new file mode 100644
index 00000000..4ca51259
--- /dev/null
+++ b/vendor/github.com/Shopify/ejson/Gopkg.lock
@@ -0,0 +1,47 @@
+# This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'.
+
+
+[[projects]]
+  name = "github.com/codegangsta/cli"
+  packages = ["."]
+  revision = "9908e96513e5a94de37004098a3974a567f18111"
+
+[[projects]]
+  name = "github.com/dustin/gojson"
+  packages = ["."]
+  revision = "057ac0edc14e44d03df3bb03449e666ff50884c1"
+
+[[projects]]
+  name = "github.com/smartystreets/goconvey"
+  packages = [
+    "convey",
+    "convey/assertions",
+    "convey/assertions/oglematchers",
+    "convey/gotest",
+    "convey/reporting"
+  ]
+  revision = "90f2eae17a8bdcbe3f6f654fc76af7f39e97d7b9"
+
+[[projects]]
+  name = "github.com/urfave/cli"
+  packages = ["."]
+  revision = "cfb38830724cc34fedffe9a2a29fb54fa9169cd1"
+  version = "v1.20.0"
+
+[[projects]]
+  name = "golang.org/x/crypto"
+  packages = [
+    "curve25519",
+    "nacl/box",
+    "nacl/secretbox",
+    "poly1305",
+    "salsa20/salsa"
+  ]
+  revision = "ca7e7f10cb9fd9c1a6ff7f60436c086d73714180"
+
+[solve-meta]
+  analyzer-name = "dep"
+  analyzer-version = 1
+  inputs-digest = "6fc4cc71e752df858dcb46d81802024e8077d9c8d9b51c4c252d1aa00bc3ad49"
+  solver-name = "gps-cdcl"
+  solver-version = 1
diff --git a/vendor/github.com/Shopify/ejson/Gopkg.toml b/vendor/github.com/Shopify/ejson/Gopkg.toml
new file mode 100644
index 00000000..34c2c900
--- /dev/null
+++ b/vendor/github.com/Shopify/ejson/Gopkg.toml
@@ -0,0 +1,34 @@
+# Gopkg.toml example
+#
+# Refer to https://github.com/golang/dep/blob/master/docs/Gopkg.toml.md
+# for detailed Gopkg.toml documentation.
+#
+# required = ["github.com/user/thing/cmd/thing"]
+# ignored = ["github.com/user/project/pkgX", "bitbucket.org/user/project/pkgA/pkgY"]
+#
+# [[constraint]]
+#   name = "github.com/user/project"
+#   version = "1.0.0"
+#
+# [[constraint]]
+#   name = "github.com/user/project2"
+#   branch = "dev"
+#   source = "github.com/myfork/project2"
+#
+# [[override]]
+#   name = "github.com/x/y"
+#   version = "2.4.0"
+#
+# [prune]
+#   non-go = false
+#   go-tests = true
+#   unused-packages = true
+
+
+[[constraint]]
+  name = "github.com/urfave/cli"
+  version = "1.20.0"
+
+[prune]
+  go-tests = true
+  unused-packages = true
diff --git a/vendor/github.com/Shopify/ejson/Makefile b/vendor/github.com/Shopify/ejson/Makefile
new file mode 100644
index 00000000..90a9ad60
--- /dev/null
+++ b/vendor/github.com/Shopify/ejson/Makefile
@@ -0,0 +1,87 @@
+NAME=ejson
+RUBY_MODULE=EJSON
+PACKAGE=github.com/Shopify/ejson
+VERSION=$(shell cat VERSION)
+GEM=pkg/$(NAME)-$(VERSION).gem
+DEB=pkg/$(NAME)_$(VERSION)_amd64.deb
+
+GOFILES=$(shell find . -type f -name '*.go')
+MANFILES=$(shell find man -name '*.ronn' -exec echo build/{} \; | sed 's/\.ronn/\.gz/')
+
+GODEP_PATH=$(shell pwd)/Godeps/_workspace
+
+BUNDLE_EXEC=bundle exec
+
+.PHONY: default all binaries gem man clean dev_bootstrap
+
+default: all
+all: gem deb
+binaries: build/bin/linux-amd64 build/bin/darwin-amd64
+gem: $(GEM)
+deb: $(DEB)
+man: $(MANFILES)
+
+build/man/%.gz: man/%.ronn
+	mkdir -p "$(@D)"
+	set -euo pipefail ; $(BUNDLE_EXEC) ronn -r --pipe "$<" | gzip > "$@" || (rm -f "$<" ; false)
+
+build/bin/linux-amd64: $(GOFILES) cmd/$(NAME)/version.go
+	GOOS=linux GOARCH=amd64 go build -o "$@" "$(PACKAGE)/cmd/$(NAME)"
+build/bin/darwin-amd64: $(GOFILES) cmd/$(NAME)/version.go
+	GOOS=darwin GOARCH=amd64 go build -o "$@" "$(PACKAGE)/cmd/$(NAME)"
+
+$(GEM): rubygem/$(NAME)-$(VERSION).gem
+	mkdir -p $(@D)
+	mv "$<" "$@"
+	
+rubygem/$(NAME)-$(VERSION).gem: \
+	rubygem/lib/$(NAME)/version.rb \
+	rubygem/build/linux-amd64/ejson \
+	rubygem/LICENSE.txt \
+	rubygem/build/darwin-amd64/ejson \
+	rubygem/man
+	cd rubygem && gem build ejson.gemspec
+
+rubygem/LICENSE.txt: LICENSE.txt
+	cp "$<" "$@"
+
+rubygem/man: man
+	cp -a build/man $@
+
+rubygem/build/darwin-amd64/ejson: build/bin/darwin-amd64
+	mkdir -p $(@D)
+	cp -a "$<" "$@"
+
+rubygem/build/linux-amd64/ejson: build/bin/linux-amd64
+	mkdir -p $(@D)
+	cp -a "$<" "$@"
+
+cmd/$(NAME)/version.go: VERSION
+	echo 'package main\n\nconst VERSION string = "$(VERSION)"' > $@
+
+rubygem/lib/$(NAME)/version.rb: VERSION
+	mkdir -p $(@D)
+	echo 'module $(RUBY_MODULE)\n  VERSION = "$(VERSION)"\nend' > $@
+
+$(DEB): build/bin/linux-amd64 man
+	mkdir -p $(@D)
+	rm -f "$@"
+	$(BUNDLE_EXEC) fpm \
+		-t deb \
+		-s dir \
+		--name="$(NAME)" \
+		--version="$(VERSION)" \
+		--package="$@" \
+		--license=MIT \
+		--category=admin \
+		--no-depends \
+		--no-auto-depends \
+		--architecture=amd64 \
+		--maintainer="Shopify <admins@shopify.com>" \
+		--description="utility for managing a collection of secrets in source control. Secrets are encrypted using public key, elliptic curve cryptography." \
+		--url="https://github.com/Shopify/ejson" \
+		./build/man/=/usr/share/man/ \
+		./$<=/usr/bin/$(NAME)
+
+clean:
+	rm -rf build pkg rubygem/{LICENSE.txt,lib/ejson/version.rb,build,*.gem}
diff --git a/vendor/github.com/Shopify/ejson/README.md b/vendor/github.com/Shopify/ejson/README.md
new file mode 100644
index 00000000..b1d714b1
--- /dev/null
+++ b/vendor/github.com/Shopify/ejson/README.md
@@ -0,0 +1,145 @@
+# ejson
+
+`ejson` is a utility for managing a collection of secrets in source control. The
+secrets are encrypted using [public
+key](http://en.wikipedia.org/wiki/Public-key_cryptography), [elliptic
+curve](http://en.wikipedia.org/wiki/Elliptic_curve_cryptography) cryptography
+([NaCl](http://nacl.cr.yp.to/) [Box](http://nacl.cr.yp.to/box.html):
+[Curve25519](http://en.wikipedia.org/wiki/Curve25519) +
+[Salsa20](http://en.wikipedia.org/wiki/Salsa20) +
+[Poly1305-AES](http://en.wikipedia.org/wiki/Poly1305-AES)). Secrets are
+collected in a JSON file, in which all the string values are encrypted. Public
+keys are embedded in the file, and the decrypter looks up the corresponding
+private key from its local filesystem.
+
+![demo](http://burkelibbey.s3.amazonaws.com/ejson-demo.gif)
+
+The main benefits provided by `ejson` are:
+
+* Secrets can be safely stored in a git repo.
+* Changes to secrets are auditable on a line-by-line basis with `git blame`.
+* Anyone with git commit access has access to write new secrets.
+* Decryption access can easily be locked down to production servers only.
+* Secrets change synchronously with application source (as opposed to secrets
+  provisioned by Configuration Management).
+* Simple, well-tested, easily-auditable source.
+
+See [the manpages](https://shopify.github.io/ejson) for more technical documentation.
+
+See [ejson2env](https://github.com/Shopify/ejson2env) for a useful tool to help with exporting
+a portion of secrets as environment variables for environments/tools that require this pattern.
+
+## Installation
+
+You can download the `.deb` package from [Github Releases](https://github.com/Shopify/ejson/releases).
+
+On development machines (64-bit linux or OS X), the recommended installation
+method is via rubygems:
+
+```
+gem install ejson
+```
+
+## Workflow
+
+### 1: Create the Keydir
+
+By default, EJSON looks for keys in `/opt/ejson/keys`. You can change this by
+setting `EJSON_KEYDIR` or passing the `-keydir` option.
+
+```
+$ mkdir -p /opt/ejson/keys
+```
+
+### 2: Generate a keypair
+
+When called with `-w`, `ejson keygen` will write the keypair into the `keydir`
+and print the public key. Without `-w`, it will print both keys to stdout. This
+is useful if you have to distribute the key to multiple servers via
+configuration management, etc.
+
+```
+$ ejson keygen
+Public Key:
+63ccf05a9492e68e12eeb1c705888aebdcc0080af7e594fc402beb24cce9d14f
+Private Key:
+75b80b4a693156eb435f4ed2fe397e583f461f09fd99ec2bd1bdef0a56cf6e64
+```
+
+```
+$ ./ejson keygen -w
+53393332c6c7c474af603c078f5696c8fe16677a09a711bba299a6c1c1676a59
+$ cat /opt/ejson/keys/5339*
+888a4291bef9135729357b8c70e5a62b0bbe104a679d829cdbe56d46a4481aaf
+```
+
+### 3: Create an `ejson` file
+
+The format is described in more detail [later on](#format). For now, create a
+file that looks something like this. Fill in the `<key>` with whatever you got
+back in step 2.
+
+Create this file as `test.ejson`:
+
+```json
+{
+  "_public_key": "<key>",
+  "database_password": "1234password"
+}
+```
+
+### 4: Encrypt the file
+
+Running `ejson encrypt test.ejson` will encrypt any new plaintext keys in the
+file, and leave any existing encrypted keys untouched:
+
+```json
+{
+  "_public_key": "63ccf05a9492e68e12eeb1c705888aebdcc0080af7e594fc402beb24cce9d14f",
+  "database_password": "EJ[1:WGj2t4znULHT1IRveMEdvvNXqZzNBNMsJ5iZVy6Dvxs=:kA6ekF8ViYR5ZLeSmMXWsdLfWr7wn9qS:fcHQtdt6nqcNOXa97/M278RX6w==]"
+}
+```
+
+Try adding another plaintext secret to the file and run `ejson encrypt
+test.ejson` again. The `database_password` field will not be changed, but the
+new secret will be encrypted.
+
+### 5: Decrypt the file
+
+To decrypt the file, you must have a file present in the `keydir` whose name is
+the 64-byte hex-encoded public key exactly as embedded in the `ejson` document.
+The contents of that file must be the similarly-encoded private key. If you used
+`ejson keygen -w`, you've already got this covered.
+
+Unlike `ejson encrypt`, which overwrites the specified files, `ejson decrypt`
+only takes one file parameter, and prints the output to `stdout`:
+
+```
+$ ejson decrypt foo.ejson
+{
+  "_public_key": "63ccf05a9492e68e12eeb1c705888aebdcc0080af7e594fc402beb24cce9d14f",
+  "database_password": "1234password"
+}
+```
+
+## Format
+
+The `ejson` document format is simple, but there are a few points to be aware
+of:
+
+1. It's just JSON.
+2. There *must* be a key at the top level named `_public_key`, whose value is a
+   32-byte hex-encoded (i.e. 64 ASCII byte) public key as generated by `ejson
+   keygen`.
+3. Any string literal that isn't an object key will be encrypted by default (ie.
+   in `{"a": "b"}`, `"b"` will be encrypted, but `"a"` will not.
+4. Numbers, booleans, and nulls aren't encrypted.
+5. If a key begins with an underscore, its corresponding value will not be
+   encrypted. This is used to prevent the `_public_key` field from being
+   encrypted, and is useful for implementing metadata schemes.
+6. Underscores do not propagate downward. For example, in `{"_a": {"b": "c"}}`,
+   `"c"` will be encrypted.
+
+## See also
+
+* If you use Capistrano for deployment you can use [capistrano-ejson](https://github.com/Shopify/capistrano-ejson) to automatically decrypt the secrets on deploy.
diff --git a/vendor/github.com/Shopify/ejson/VERSION b/vendor/github.com/Shopify/ejson/VERSION
new file mode 100644
index 00000000..6085e946
--- /dev/null
+++ b/vendor/github.com/Shopify/ejson/VERSION
@@ -0,0 +1 @@
+1.2.1
diff --git a/vendor/github.com/Shopify/ejson/dev.yml b/vendor/github.com/Shopify/ejson/dev.yml
new file mode 100644
index 00000000..ca552fc6
--- /dev/null
+++ b/vendor/github.com/Shopify/ejson/dev.yml
@@ -0,0 +1,16 @@
+name: ejson
+
+up:
+  - homebrew:
+      - glide
+  - ruby: 2.3.3
+  - go: 1.8.3
+  - bundler
+  - custom:
+      name: Install vendored dependencies
+      met?: test -e vendor
+      meet: glide install
+
+commands:
+  build: make
+  test: go test $(glide nv)
-- 
cgit v1.2.3