blackbox/bin/blackbox_update_all_files

#!/usr/bin/env bash

#
# blackbox_update_all_files -- Decrypt then re-encrypt all files. Useful after keys are changed.
#

set -e
source "${0%/*}/_blackbox_common.sh"

gpg_agent_notice
disclose_admins
prepare_keychain

echo '========== ENCRYPTED FILES TO BE RE-ENCRYPTED:'
while IFS= read <&99 -r unencrypted_file; do
    echo "    $unencrypted_file.gpg"
done 99<"$BB_FILES"

echo '========== FILES IN THE WAY:'
need_warning=false
while IFS= read <&99 -r unencrypted_file; do
  unencrypted_file=$(get_unencrypted_filename "$unencrypted_file")
  encrypted_file=$(get_encrypted_filename "$unencrypted_file")
  if [[ -f "$unencrypted_file" ]]; then
    need_warning=true
    echo "    $unencrypted_file"
  fi
done 99<"$BB_FILES"
if "$need_warning" ; then
  echo
  echo 'WARNING: This will overwrite any unencrypted files laying about.'
  read -r -p 'Press CTRL-C now to stop. ENTER to continue: '
else
  echo 'All OK.'
fi

echo '========== RE-ENCRYPTING FILES:'
while IFS= read <&99 -r unencrypted_file; do
  unencrypted_file=$(get_unencrypted_filename "$unencrypted_file")
  encrypted_file=$(get_encrypted_filename "$unencrypted_file")
  echo ========== PROCESSING '"'$unencrypted_file'"'
  fail_if_not_on_cryptlist "$unencrypted_file"
  decrypt_file_overwrite "$encrypted_file" "$unencrypted_file"
  encrypt_file "$unencrypted_file" "$encrypted_file"
  shred_file "$unencrypted_file"
done 99<"$BB_FILES"

fail_if_keychain_has_secrets

echo '========== COMMITING TO VCS:'
while IFS= read <&99 -r unencrypted_file; do
    vcs_add "$unencrypted_file.gpg"
done 99<"$BB_FILES"
vcs_commit 'Re-encrypted keys'

echo '========== DONE.'
echo 'Likely next step:'
echo "    $VCS_TYPE push"
Big doc update plus refined tools to work better outside of StackExchange. 2014-08-13 15:16:35 -04:00			`#!/usr/bin/env bash`
Initial check in 2014-07-07 20:30:16 -04:00
			`#`
blackbox_update_all_files: Clarify comment. 2015-02-16 11:09:28 -05:00			`# blackbox_update_all_files -- Decrypt then re-encrypt all files. Useful after keys are changed.`
Initial check in 2014-07-07 20:30:16 -04:00			`#`

Add "set -e" to all scripts. 2014-09-08 20:25:38 +00:00			`set -e`
Always setting BLACKBOX_HOME This makes the beginning of all files the same and a little simpler. `${0%/*}` turns "/home/user/repository/bin/blackbox_edit" into "/home/user/repository/bin", exactly like basename but without eating a process. Because other scripts needed `$blackbox_home` I made this into a standardard variable that's always available. This also loads _stack_lib.sh always because _blackbox_common.sh requires it. 2015-06-16 13:21:51 -05:00			`source "${0%/*}/_blackbox_common.sh"`
Initial check in 2014-07-07 20:30:16 -04:00
Don't complain about GPG_AGENT_INFO if using newer gpg-agent (#189) 2017-04-26 14:34:20 +02:00			`gpg_agent_notice`
Initial check in 2014-07-07 20:30:16 -04:00			`disclose_admins`
blackbox: Removed the manual gpg --import step from README, added prepare_keychain to blackbox_update_all_files 2014-09-25 15:35:45 -05:00			`prepare_keychain`
Initial check in 2014-07-07 20:30:16 -04:00
			`echo '========== ENCRYPTED FILES TO BE RE-ENCRYPTED:'`
[fix] Support filenames with space for 'blackbox_update_all_files' 2015-03-19 10:37:55 +01:00			`while IFS= read <&99 -r unencrypted_file; do`
			`echo " $unencrypted_file.gpg"`
			`done 99<"$BB_FILES"`
Initial check in 2014-07-07 20:30:16 -04:00
			`echo '========== FILES IN THE WAY:'`
			`need_warning=false`
[fix] Support filenames with space for 'blackbox_update_all_files' 2015-03-19 10:37:55 +01:00			`while IFS= read <&99 -r unencrypted_file; do`
			`unencrypted_file=$(get_unencrypted_filename "$unencrypted_file")`
			`encrypted_file=$(get_encrypted_filename "$unencrypted_file")`
Initial check in 2014-07-07 20:30:16 -04:00			`if [[ -f "$unencrypted_file" ]]; then`
			`need_warning=true`
			`echo " $unencrypted_file"`
			`fi`
[fix] Support filenames with space for 'blackbox_update_all_files' 2015-03-19 10:37:55 +01:00			`done 99<"$BB_FILES"`
Fix many bugs for unquote variables. 2015-02-27 01:01:48 +07:00			`if "$need_warning" ; then`
Initial check in 2014-07-07 20:30:16 -04:00			`echo`
			`echo 'WARNING: This will overwrite any unencrypted files laying about.'`
Be more secure in the use of "read" 2014-11-05 16:48:10 +00:00			`read -r -p 'Press CTRL-C now to stop. ENTER to continue: '`
Initial check in 2014-07-07 20:30:16 -04:00			`else`
			`echo 'All OK.'`
			`fi`

			`echo '========== RE-ENCRYPTING FILES:'`
[fix] Support filenames with space for 'blackbox_update_all_files' 2015-03-19 10:37:55 +01:00			`while IFS= read <&99 -r unencrypted_file; do`
			`unencrypted_file=$(get_unencrypted_filename "$unencrypted_file")`
			`encrypted_file=$(get_encrypted_filename "$unencrypted_file")`
			`echo ========== PROCESSING '"'$unencrypted_file'"'`
Initial check in 2014-07-07 20:30:16 -04:00			`fail_if_not_on_cryptlist "$unencrypted_file"`
			`decrypt_file_overwrite "$encrypted_file" "$unencrypted_file"`
			`encrypt_file "$unencrypted_file" "$encrypted_file"`
			`shred_file "$unencrypted_file"`
[fix] Support filenames with space for 'blackbox_update_all_files' 2015-03-19 10:37:55 +01:00			`done 99<"$BB_FILES"`
Initial check in 2014-07-07 20:30:16 -04:00
			`fail_if_keychain_has_secrets`

Corrected informational message 2014-08-29 20:28:08 +00:00			`echo '========== COMMITING TO VCS:'`
[fix] Support filenames with space for 'blackbox_update_all_files' 2015-03-19 10:37:55 +01:00			`while IFS= read <&99 -r unencrypted_file; do`
			`vcs_add "$unencrypted_file.gpg"`
			`done 99<"$BB_FILES"`
			`vcs_commit 'Re-encrypted keys'`

Initial check in 2014-07-07 20:30:16 -04:00			`echo '========== DONE.'`
			`echo 'Likely next step:'`
Removing the multiple calls to determine VCS type This removed the subshell from _determine_vcs_base_and_type so it can set environment variables. Because this always runs at the beginning of the scripts, there's no need to do checking if REPOBASE is unset or if VCS_TYPE is not yet determined, thus I simplified one function and eliminated which_vcs. Conflicts: bin/blackbox_deregister_file I found this easier to just cherry pick since there was a merge and the merge was reverted. 2015-06-16 14:02:54 -05:00			`echo " $VCS_TYPE push"`