v10.0.0

.claude/settings.local.json

@@ -0,0 +1,8 @@
+{
+  "permissions": {
+    "allow": [
+      "Bash(node:*)",
+      "Bash(python3:*)"
+    ]
+  }
+}

.env

@@ -0,0 +1 @@
+VERSION=9.0.0

.gitignore

@@ -72,3 +72,4 @@ demo/shield-agent/in
 demo/shield-core/in
 demo/shared
 demo/cached
+/.vscode

.vscode/dryrun.log

@@ -1,3 +1,4 @@
+make.exe --dry-run --always-make --keep-going --print-directory
 'make.exe' is not recognized as an internal or external command,
 operable program or batch file.
 

Dockerfile

@@ -1,33 +1,69 @@
-FROM golang:1.21-bookworm as build
+ARG UBUNTU_RELEASE=noble
+ARG GO_VERSION=1.26.1
+
+FROM ubuntu:${UBUNTU_RELEASE} AS build
+ARG GO_VERSION
+ARG TARGETARCH
+ARG VERSION=local
 
 RUN apt-get update \
- && apt-get install -y bzip2 gzip unzip curl openssh-client
+ && apt-get install -y bzip2 gzip unzip curl git make gcc libc6-dev openssh-client ca-certificates \
+ && curl -sL https://go.dev/dl/go${GO_VERSION}.linux-${TARGETARCH}.tar.gz | tar -C /usr/local -xzf - \
+ && rm -rf /var/lib/apt/lists/*
 
-RUN curl -sLo /bin/jq https://github.com/jqlang/jq/releases/download/jq-1.7.1/jq-linux-amd64 \
- && chmod 0755 /bin/jq
+ENV PATH="/usr/local/go/bin:/go/bin:${PATH}" \
+    GOPATH="/go"
 
-ARG VERSION
 COPY / /go/src/github.com/shieldproject/shield/
 RUN cd /go/src/github.com/shieldproject/shield \
+ && go mod tidy \
+ && go mod vendor \
  && make build BUILD_TYPE="build -ldflags='-X main.Version=$VERSION'"
-RUN mkdir -p /dist/bin /dist/plugins \
+
+RUN mkdir -p /dist/bin /dist/plugins /dist/ui \
  && mv /go/src/github.com/shieldproject/shield/shieldd \
        /go/src/github.com/shieldproject/shield/shield-agent \
        /go/src/github.com/shieldproject/shield/shield-crypt \
        /go/src/github.com/shieldproject/shield/shield-report \
        /go/src/github.com/shieldproject/shield/shield-schema \
        /go/src/github.com/shieldproject/shield/bin/shield-pipe \
-       /dist/bin \
+       /dist/bin/ \
  && for plugin in $(cat /go/src/github.com/shieldproject/shield/plugins); do \
-      cp /go/src/github.com/shieldproject/shield/$plugin /dist/plugins; \
+      cp /go/src/github.com/shieldproject/shield/$plugin /dist/plugins/; \
     done \
  && cp -R /go/src/github.com/shieldproject/shield/web/htdocs /dist/ui
 
-ADD init /dist/init
-RUN chmod 0755 /dist/init/*
+# Build shield CLI
+RUN cd /go/src/github.com/shieldproject/shield \
+ && go build -mod vendor -o /dist/bin/shield ./cmd/shield
+
+# Download Vault
+ARG VAULT_VERSION=1.21.4
+RUN curl -sLo /tmp/vault.zip https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAULT_VERSION}_linux_${TARGETARCH}.zip \
+ && unzip /tmp/vault.zip -d /dist/bin/ \
+ && rm /tmp/vault.zip
+
+FROM ubuntu:${UBUNTU_RELEASE}
 
-FROM ubuntu:jammy
 RUN apt-get update \
- && apt-get install -y bzip2 gzip curl openssh-client \
- && rm -rf /var/lib/apt/lists/*
-COPY --from=build /dist /shield
+ && apt-get install -y curl netcat-openbsd openssh-client \
+ && rm -rf /var/lib/apt/lists/* \
+ && useradd -r -m -s /bin/bash vcap
+
+COPY --from=build /dist/bin/ /shield/bin/
+COPY --from=build /dist/plugins/ /shield/plugins/
+COPY --from=build /dist/ui/ /shield/ui/
+
+# Copy init scripts and config
+COPY init/core /shield/init/core
+COPY init/agent /shield/init/agent
+COPY init/shieldd.conf /shield/config/shieldd.conf
+COPY init/vault.conf /shield/config/vault.conf
+
+RUN chmod 0755 /shield/init/core /shield/init/agent \
+ && mkdir -p /shield/data /shield/vault-data /etc/shield \
+ && chown -R vcap:vcap /shield/data /shield/vault-data
+
+ENV PATH="/shield/bin:${PATH}"
+
+EXPOSE 8080 5444

Makefile

@@ -28,10 +28,10 @@ api-tests: shieldd shield-schema shield-crypt shield-agent shield-report
 
 # Running Tests for race conditions
 race:
-	ginkgo -race *
+	go run github.com/onsi/ginkgo/v2/ginkgo run -race ./...
 
 # Building Shield
-shield: shieldd shield-agent shield-schema shield-crypt shield-report
+shield: shieldd shield-cli shield-agent shield-schema shield-crypt shield-report
 
 shield-crypt:
 	go $(BUILD_TYPE) -mod vendor ./cmd/shield-crypt
@@ -44,24 +44,37 @@ shield-schema:
 shield-report:
 	go $(BUILD_TYPE) -mod vendor ./cmd/shield-report
 
-shield: cmd/shield/help.go
-	go $(BUILD_TYPE) -mod vendor ./cmd/shield
-help.all: cmd/shield/main.go
-	grep case $< | grep '{''{{' | cut -d\" -f 2 | sort | xargs -n1 -I@ ./shield @ -h > $@
+shield-cli:
+	go $(BUILD_TYPE) -mod vendor -ldflags "$(LDFLAGS)" ./cmd/shield
 
 # Building Plugins
+JOBS ?= $(shell nproc 2>/dev/null || sysctl -n hw.ncpu 2>/dev/null || echo 1)
+
 plugin: plugins
 plugins:
-	go $(BUILD_TYPE) -mod vendor ./plugin/dummy
+	@echo "Building dummy plugin..."
+	@go $(BUILD_TYPE) -mod vendor ./plugin/dummy || go $(BUILD_TYPE) ./plugin/dummy
 	@for plugin in $$(cat plugins); do \
-		echo building plugin $$plugin...; \
-		go $(BUILD_TYPE) -mod vendor ./plugin/$$plugin; \
+		echo "building plugin $$plugin..."; \
+		if ! go $(BUILD_TYPE) -mod vendor ./plugin/$$plugin; then \
+			GOFLAGS=-mod=mod go $(BUILD_TYPE) ./plugin/$$plugin; \
+		fi; \
 	done
 
 
 demo: clean shield plugins
-	./demo/build
-	(cd demo && docker-compose up)
+	@if [ -x ./demo/build ]; then \
+		./demo/build; \
+	else \
+		echo "(warning) ./demo/build not found; skipping demo build"; \
+	fi
+	(cd docker/demo && docker compose up)
+
+# Local build stack (core/agent/demo/webdav from local source build)
+demo-local:
+	docker compose -f docker-compose.local.yml up --build
+
+dev-local: demo-local
 
 docs: docs/dev/API.md
 	./bin/mkdocs --version latest --docroot /docs --output tmp/docs --style basic
@@ -76,16 +89,18 @@ clean:
 	rm -f $$(cat plugins) dummy
 
 
-# Assemble the CLI help with some assistance from our friend, Perl
-HELP := $(shell ls -1 cmd/shield/help/*)
-cmd/shield/help.go: $(HELP) cmd/shield/help.pl
-	./cmd/shield/help.pl $(HELP) > $@
 
 fixmes: fixme
 fixme:
 	@grep -rn FIXME * | grep -v vendor/ | grep -v README.md | grep --color FIXME || echo "No FIXMES!  YAY!"
 
-dev:
+# Quick local development mode (UI + API) using docker-compose
+# Usage: make dev
+#   then open http://localhost:9009
+dev: demo
+
+# Keep legacy testdev flow for deeper local test sandbox
+dev-test:
 	./bin/testdev
 
 # Deferred: Naming plugins individually, e.g. make plugin dummy

agent/agent.go

@@ -10,7 +10,7 @@ import (
 	"strings"
 	"syscall"
 
-	"github.com/jhunt/go-log"
+	"github.com/shieldproject/shield/internal/log"
 	"golang.org/x/crypto/ssh"
 )
 

agent/agent_suite_test.go

@@ -4,11 +4,10 @@ import (
 	"bufio"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"os"
 	"testing"
 
-	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 	"golang.org/x/crypto/ssh"
 )
@@ -100,7 +99,7 @@ func (c *Client) Run(out chan string, command string) error {
 }
 
 func ConfigureSSHClient(privateKeyPath string) (*ssh.ClientConfig, error) {
-	raw, err := ioutil.ReadFile(privateKeyPath)
+	raw, err := os.ReadFile(privateKeyPath)
 	if err != nil {
 		return nil, err
 	}

agent/agent_test.go

@@ -5,7 +5,7 @@ import (
 	"os"
 	"strings"
 
-	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 
 	. "github.com/shieldproject/shield/agent"

agent/command.go

@@ -5,14 +5,13 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
-	"log/syslog"
 	"os"
 	"os/exec"
 	"regexp"
 	"strings"
 	"sync"
 
-	"github.com/jhunt/go-log"
+	"github.com/shieldproject/shield/internal/log"
 	"golang.org/x/crypto/ssh"
 )
 
@@ -178,7 +177,7 @@ func (agent *Agent) Execute(c *Command, out chan string) error {
 	cmd.Env = appendEndpointVariables(cmd.Env, "SHIELD_TARGET_PARAM_", c.TargetEndpoint)
 	cmd.Env = appendEndpointVariables(cmd.Env, "SHIELD_STORE_PARAM_", c.StoreEndpoint)
 
-	if log.LogLevel() == syslog.LOG_DEBUG {
+	if log.IsDebug() {
 		cmd.Env = append(cmd.Env, "DEBUG=true")
 	}
 

agent/config.go

@@ -11,9 +11,9 @@ import (
 	"strings"
 
 	env "github.com/jhunt/go-envirotron"
-	"github.com/jhunt/go-log"
+	"github.com/shieldproject/shield/internal/log"
 	"golang.org/x/crypto/ssh"
-	"gopkg.in/yaml.v2"
+	"github.com/goccy/go-yaml"
 )
 
 type Config struct {

agent/ping.go

@@ -8,7 +8,7 @@ import (
 	"net/http"
 	"time"
 
-	"github.com/jhunt/go-log"
+	"github.com/shieldproject/shield/internal/log"
 )
 
 func (agent *Agent) Ping() {

client/v2/shield/agents.go

@@ -3,8 +3,7 @@ package shield
 import (
 	"fmt"
 
-	qs "github.com/jhunt/go-querytron"
-	"github.com/pborman/uuid"
+"github.com/pborman/uuid"
 )
 
 type Agent struct {
@@ -30,7 +29,7 @@ type AgentFilter struct {
 }
 
 func (c *Client) ListAgents(filter *AgentFilter) ([]*Agent, error) {
-	u := qs.Generate(filter).Encode()
+	u := generateQueryString(filter).Encode()
 	var out struct {
 		Agents   []*Agent            `json:"agents"`
 		Problems map[string][]string `json:"problems"`

client/v2/shield/archives.go

@@ -3,8 +3,7 @@ package shield
 import (
 	"fmt"
 
-	qs "github.com/jhunt/go-querytron"
-	"github.com/pborman/uuid"
+"github.com/pborman/uuid"
 )
 
 type Archive struct {
@@ -39,7 +38,7 @@ func fixupArchiveRequest(p *Archive) {
 }
 
 func (c *Client) ListArchives(parent *Tenant, filter *ArchiveFilter) ([]*Archive, error) {
-	u := qs.Generate(filter).Encode()
+	u := generateQueryString(filter).Encode()
 	var out []*Archive
 	if err := c.get(fmt.Sprintf("/v2/tenants/%s/archives?%s", parent.UUID, u), &out); err != nil {
 		return nil, err

client/v2/shield/fixups.go

@@ -2,8 +2,6 @@ package shield
 
 import (
 	"fmt"
-
-	qs "github.com/jhunt/go-querytron"
 )
 
 type Fixup struct {
@@ -18,7 +16,7 @@ type FixupFilter struct {
 }
 
 func (c *Client) ListFixups(filter *FixupFilter) ([]*Fixup, error) {
-	u := qs.Generate(filter).Encode()
+	u := generateQueryString(filter).Encode()
 	var out []*Fixup
 	return out, c.get(fmt.Sprintf("/v2/fixups?%s", u), &out)
 }

client/v2/shield/jobs.go

@@ -3,8 +3,7 @@ package shield
 import (
 	"fmt"
 
-	qs "github.com/jhunt/go-querytron"
-	"github.com/pborman/uuid"
+"github.com/pborman/uuid"
 )
 
 type Job struct {
@@ -62,7 +61,7 @@ func fixupJobResponse(p *Job) {
 }
 
 func (c *Client) ListJobs(parent *Tenant, filter *JobFilter) ([]*Job, error) {
-	u := qs.Generate(filter).Encode()
+	u := generateQueryString(filter).Encode()
 	var out []*Job
 	if err := c.get(fmt.Sprintf("/v2/tenants/%s/jobs?%s", parent.UUID, u), &out); err != nil {
 		return nil, err