george/blackbox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
ba503c33a4ddcd2c638cde55489712f2ae2c5272
blackbox/tools/confidence_test.sh

423 lines
12 KiB
Bash
Raw Normal View History

* Initialization for new repos AUTOMATED. * Adding new users AUTOMATED. * Update docs for the new, more simplified installation processes. * Remove dependency on any particular paths, etc. Copy "bin" into a place along your path and everything should "just work". * Add support for Mercurial (not tested). * blackbox_addadmin now adds keys to the keyring for you. * Unified #! lines to "#!/usr/bin/env bash" so it works better on FreeBSD. * BUGFIX: (BugId#1) blackbox_update_all_files.sh expects hg, fails for git. * BUGFIX: (BugId#2) blackbox_postdeploy.sh assumes certain directory layout. * BUGFIX: Temporary files aren't deleted. * NEW FILE: bin/blackbox_initialize: Automates enabling BB for a repo (creates directories, files, and updates .gitignore). * NEW FILE: bin/blackbox_removeadmin: Automates removing an admit. * NEW FILE: tools/confidence_test.sh: A battery of tests to verify operations. * NEW FILE: bin/Makefile: Automate package creation. * NEW FILE: bin/_stack_lib.sh: A library of shell routines from StackExchange.
2014-08-29 20:21:02 +00:00
#!/usr/bin/env bash
- Fix blackbox commands so that they work when called with absolute paths. - Fix confidence_test.sh so that it's not hardcoded to a specific dev environment path.
2015-01-13 14:42:58 -05:00
blackbox_home=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )/../bin
"make confidence" should work on mac (partial implementation)
2015-02-28 07:58:08 -06:00
export PATH="${blackbox_home}:/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin:/opt/local/bin"
* Initialization for new repos AUTOMATED. * Adding new users AUTOMATED. * Update docs for the new, more simplified installation processes. * Remove dependency on any particular paths, etc. Copy "bin" into a place along your path and everything should "just work". * Add support for Mercurial (not tested). * blackbox_addadmin now adds keys to the keyring for you. * Unified #! lines to "#!/usr/bin/env bash" so it works better on FreeBSD. * BUGFIX: (BugId#1) blackbox_update_all_files.sh expects hg, fails for git. * BUGFIX: (BugId#2) blackbox_postdeploy.sh assumes certain directory layout. * BUGFIX: Temporary files aren't deleted. * NEW FILE: bin/blackbox_initialize: Automates enabling BB for a repo (creates directories, files, and updates .gitignore). * NEW FILE: bin/blackbox_removeadmin: Automates removing an admit. * NEW FILE: tools/confidence_test.sh: A battery of tests to verify operations. * NEW FILE: bin/Makefile: Automate package creation. * NEW FILE: bin/_stack_lib.sh: A library of shell routines from StackExchange.
2014-08-29 20:21:02 +00:00
. _stack_lib.sh
set -e
function PHASE() {
BIG CHANGES: * Command no longer need to be run from the base directory of the repo. * blackbox_edit now asks "are you sure?" and is greatly simplified. _blackbox_common.sh: * add_filename_to_cryptlist now accepts paths relative to cwd. * fail_if_not_on_cryptlist now accepts paths relative to cwd. * new function: vcs_relative_path reports a path to the file relative to the REPOBASE. * new function: is_on_cryptlist plus... * Some minor performance enhancesments and cleanups. * confidence_test.sh now tests some commands while not in REPOBASE.
2014-09-09 20:32:48 +00:00
echo '********************'
echo '********************'
echo '*********' """$@"""
echo '********************'
echo '********************'
* Initialization for new repos AUTOMATED. * Adding new users AUTOMATED. * Update docs for the new, more simplified installation processes. * Remove dependency on any particular paths, etc. Copy "bin" into a place along your path and everything should "just work". * Add support for Mercurial (not tested). * blackbox_addadmin now adds keys to the keyring for you. * Unified #! lines to "#!/usr/bin/env bash" so it works better on FreeBSD. * BUGFIX: (BugId#1) blackbox_update_all_files.sh expects hg, fails for git. * BUGFIX: (BugId#2) blackbox_postdeploy.sh assumes certain directory layout. * BUGFIX: Temporary files aren't deleted. * NEW FILE: bin/blackbox_initialize: Automates enabling BB for a repo (creates directories, files, and updates .gitignore). * NEW FILE: bin/blackbox_removeadmin: Automates removing an admit. * NEW FILE: tools/confidence_test.sh: A battery of tests to verify operations. * NEW FILE: bin/Makefile: Automate package creation. * NEW FILE: bin/_stack_lib.sh: A library of shell routines from StackExchange.
2014-08-29 20:21:02 +00:00
}
"make confidence" should work on mac (partial implementation)
2015-02-28 07:58:08 -06:00
function md5sum_file() {
# Portably generate the MD5 hash of file $1.
case $(uname -s) in
Darwin )
md5 -r "$1" | awk '{ print $1 }'
;;
Linux )
md5sum "$1" | awk '{ print $1 }'
;;
CYGWIN* )
md5sum "$1" | awk '{ print $1 }'
;;
* )
echo 'ERROR: Unknown OS. Exiting.'
exit 1
;;
esac
}
* Initialization for new repos AUTOMATED. * Adding new users AUTOMATED. * Update docs for the new, more simplified installation processes. * Remove dependency on any particular paths, etc. Copy "bin" into a place along your path and everything should "just work". * Add support for Mercurial (not tested). * blackbox_addadmin now adds keys to the keyring for you. * Unified #! lines to "#!/usr/bin/env bash" so it works better on FreeBSD. * BUGFIX: (BugId#1) blackbox_update_all_files.sh expects hg, fails for git. * BUGFIX: (BugId#2) blackbox_postdeploy.sh assumes certain directory layout. * BUGFIX: Temporary files aren't deleted. * NEW FILE: bin/blackbox_initialize: Automates enabling BB for a repo (creates directories, files, and updates .gitignore). * NEW FILE: bin/blackbox_removeadmin: Automates removing an admit. * NEW FILE: tools/confidence_test.sh: A battery of tests to verify operations. * NEW FILE: bin/Makefile: Automate package creation. * NEW FILE: bin/_stack_lib.sh: A library of shell routines from StackExchange.
2014-08-29 20:21:02 +00:00
function assert_file_missing() {
if [[ -e "$1" ]]; then
echo "ASSERT FAILED: ${1} should not exist."
exit 1
fi
}
function assert_file_exists() {
if [[ ! -e "$1" ]]; then
echo "ASSERT FAILED: ${1} should exist."
BIG CHANGES: * Command no longer need to be run from the base directory of the repo. * blackbox_edit now asks "are you sure?" and is greatly simplified. _blackbox_common.sh: * add_filename_to_cryptlist now accepts paths relative to cwd. * fail_if_not_on_cryptlist now accepts paths relative to cwd. * new function: vcs_relative_path reports a path to the file relative to the REPOBASE. * new function: is_on_cryptlist plus... * Some minor performance enhancesments and cleanups. * confidence_test.sh now tests some commands while not in REPOBASE.
2014-09-09 20:32:48 +00:00
echo "PWD="$(/bin/pwd -P)
#echo "LS START"
#ls -la
#echo "LS END"
* Initialization for new repos AUTOMATED. * Adding new users AUTOMATED. * Update docs for the new, more simplified installation processes. * Remove dependency on any particular paths, etc. Copy "bin" into a place along your path and everything should "just work". * Add support for Mercurial (not tested). * blackbox_addadmin now adds keys to the keyring for you. * Unified #! lines to "#!/usr/bin/env bash" so it works better on FreeBSD. * BUGFIX: (BugId#1) blackbox_update_all_files.sh expects hg, fails for git. * BUGFIX: (BugId#2) blackbox_postdeploy.sh assumes certain directory layout. * BUGFIX: Temporary files aren't deleted. * NEW FILE: bin/blackbox_initialize: Automates enabling BB for a repo (creates directories, files, and updates .gitignore). * NEW FILE: bin/blackbox_removeadmin: Automates removing an admit. * NEW FILE: tools/confidence_test.sh: A battery of tests to verify operations. * NEW FILE: bin/Makefile: Automate package creation. * NEW FILE: bin/_stack_lib.sh: A library of shell routines from StackExchange.
2014-08-29 20:21:02 +00:00
exit 1
fi
}
function assert_file_md5hash() {
local file="$1"
local wanted="$2"
* blackbox_postdeploy should accept an optional parameter for chgrp. * blackbox_postdeploy should 'cd' to $BASEDIR or the base VCS directory. * Add unit tests to confidence_test.sh to cover chgrp functionality.
2014-09-02 22:10:37 +00:00
assert_file_exists "$file"
"make confidence" should work on mac (partial implementation)
2015-02-28 07:58:08 -06:00
local found=$(md5sum_file "$file")
* blackbox_postdeploy should accept an optional parameter for chgrp. * blackbox_postdeploy should 'cd' to $BASEDIR or the base VCS directory. * Add unit tests to confidence_test.sh to cover chgrp functionality.
2014-09-02 22:10:37 +00:00
if [[ "$wanted" != "$found" ]]; then
echo "ASSERT FAILED: $file hash wanted=$wanted found=$found"
exit 1
fi
}
function assert_file_group() {
local file="$1"
local wanted="$2"
* Initialization for new repos AUTOMATED. * Adding new users AUTOMATED. * Update docs for the new, more simplified installation processes. * Remove dependency on any particular paths, etc. Copy "bin" into a place along your path and everything should "just work". * Add support for Mercurial (not tested). * blackbox_addadmin now adds keys to the keyring for you. * Unified #! lines to "#!/usr/bin/env bash" so it works better on FreeBSD. * BUGFIX: (BugId#1) blackbox_update_all_files.sh expects hg, fails for git. * BUGFIX: (BugId#2) blackbox_postdeploy.sh assumes certain directory layout. * BUGFIX: Temporary files aren't deleted. * NEW FILE: bin/blackbox_initialize: Automates enabling BB for a repo (creates directories, files, and updates .gitignore). * NEW FILE: bin/blackbox_removeadmin: Automates removing an admit. * NEW FILE: tools/confidence_test.sh: A battery of tests to verify operations. * NEW FILE: bin/Makefile: Automate package creation. * NEW FILE: bin/_stack_lib.sh: A library of shell routines from StackExchange.
2014-08-29 20:21:02 +00:00
assert_file_exists "$file"
Make confidence tests compatible with Cygwin.
2014-11-02 08:39:12 -05:00
case $(uname -s) in
CYGWIN* )
echo "ASSERT_FILE_GROUP: Running on Cygwin. Not being tested."
return 0
;;
esac
"make confidence" should work on mac (partial implementation)
2015-02-28 07:58:08 -06:00
local found=$(ls -lg "$file" | awk '{ print $3 }')
* blackbox_postdeploy should accept an optional parameter for chgrp. * blackbox_postdeploy should 'cd' to $BASEDIR or the base VCS directory. * Add unit tests to confidence_test.sh to cover chgrp functionality.
2014-09-02 22:10:37 +00:00
# NB(tlim): We could do this with 'stat' but it would break on BSD-style OSs.
* Initialization for new repos AUTOMATED. * Adding new users AUTOMATED. * Update docs for the new, more simplified installation processes. * Remove dependency on any particular paths, etc. Copy "bin" into a place along your path and everything should "just work". * Add support for Mercurial (not tested). * blackbox_addadmin now adds keys to the keyring for you. * Unified #! lines to "#!/usr/bin/env bash" so it works better on FreeBSD. * BUGFIX: (BugId#1) blackbox_update_all_files.sh expects hg, fails for git. * BUGFIX: (BugId#2) blackbox_postdeploy.sh assumes certain directory layout. * BUGFIX: Temporary files aren't deleted. * NEW FILE: bin/blackbox_initialize: Automates enabling BB for a repo (creates directories, files, and updates .gitignore). * NEW FILE: bin/blackbox_removeadmin: Automates removing an admit. * NEW FILE: tools/confidence_test.sh: A battery of tests to verify operations. * NEW FILE: bin/Makefile: Automate package creation. * NEW FILE: bin/_stack_lib.sh: A library of shell routines from StackExchange.
2014-08-29 20:21:02 +00:00
if [[ "$wanted" != "$found" ]]; then
* blackbox_postdeploy should accept an optional parameter for chgrp. * blackbox_postdeploy should 'cd' to $BASEDIR or the base VCS directory. * Add unit tests to confidence_test.sh to cover chgrp functionality.
2014-09-02 22:10:37 +00:00
echo "ASSERT FAILED: $file chgrp wanted=$wanted found=$found"
* Initialization for new repos AUTOMATED. * Adding new users AUTOMATED. * Update docs for the new, more simplified installation processes. * Remove dependency on any particular paths, etc. Copy "bin" into a place along your path and everything should "just work". * Add support for Mercurial (not tested). * blackbox_addadmin now adds keys to the keyring for you. * Unified #! lines to "#!/usr/bin/env bash" so it works better on FreeBSD. * BUGFIX: (BugId#1) blackbox_update_all_files.sh expects hg, fails for git. * BUGFIX: (BugId#2) blackbox_postdeploy.sh assumes certain directory layout. * BUGFIX: Temporary files aren't deleted. * NEW FILE: bin/blackbox_initialize: Automates enabling BB for a repo (creates directories, files, and updates .gitignore). * NEW FILE: bin/blackbox_removeadmin: Automates removing an admit. * NEW FILE: tools/confidence_test.sh: A battery of tests to verify operations. * NEW FILE: bin/Makefile: Automate package creation. * NEW FILE: bin/_stack_lib.sh: A library of shell routines from StackExchange.
2014-08-29 20:21:02 +00:00
exit 1
fi
}
For git, add plaintext files to .gitignore to prevent accidental additions.
2014-10-14 14:23:34 +00:00
function assert_line_not_exists() {
local target="$1"
local file="$2"
assert_file_exists "$file"
if grep -F -x -s -q >/dev/null "$target" "$file" ; then
echo "ASSERT FAILED: line '$target' should not exist in file $file"
echo ==== file contents: START "$file"
cat "$file"
echo ==== file contents: END "$file"
exit 1
fi
}
function assert_line_exists() {
local target="$1"
local file="$2"
assert_file_exists "$file"
if ! grep -F -x -s -q >/dev/null "$target" "$file" ; then
echo "ASSERT FAILED: line '$target' should not exist in file $file"
echo ==== file contents: START "$file"
cat "$file"
echo ==== file contents: END "$file"
exit 1
fi
}
* Initialization for new repos AUTOMATED. * Adding new users AUTOMATED. * Update docs for the new, more simplified installation processes. * Remove dependency on any particular paths, etc. Copy "bin" into a place along your path and everything should "just work". * Add support for Mercurial (not tested). * blackbox_addadmin now adds keys to the keyring for you. * Unified #! lines to "#!/usr/bin/env bash" so it works better on FreeBSD. * BUGFIX: (BugId#1) blackbox_update_all_files.sh expects hg, fails for git. * BUGFIX: (BugId#2) blackbox_postdeploy.sh assumes certain directory layout. * BUGFIX: Temporary files aren't deleted. * NEW FILE: bin/blackbox_initialize: Automates enabling BB for a repo (creates directories, files, and updates .gitignore). * NEW FILE: bin/blackbox_removeadmin: Automates removing an admit. * NEW FILE: tools/confidence_test.sh: A battery of tests to verify operations. * NEW FILE: bin/Makefile: Automate package creation. * NEW FILE: bin/_stack_lib.sh: A library of shell routines from StackExchange.
2014-08-29 20:21:02 +00:00
make_tempdir test_repository
cd "$test_repository"
make_self_deleting_tempdir fake_alice_home
make_self_deleting_tempdir fake_bob_home
export GNUPGHOME="$fake_alice_home"
eval $(gpg-agent --homedir "$fake_alice_home" --daemon)
GPG_AGENT_INFO_ALICE="$GPG_AGENT_INFO"
export GNUPGHOME="$fake_bob_home"
Issue 50: - Fix forgetting unquotes command substitution in function vcs_relative_path. - Using old test instead of new test in Makefile. - Fix some variables for Bob in "confidence_test.sh".
2015-03-03 09:31:09 +07:00
eval $(gpg-agent --homedir "$fake_bob_home" --daemon)
* Initialization for new repos AUTOMATED. * Adding new users AUTOMATED. * Update docs for the new, more simplified installation processes. * Remove dependency on any particular paths, etc. Copy "bin" into a place along your path and everything should "just work". * Add support for Mercurial (not tested). * blackbox_addadmin now adds keys to the keyring for you. * Unified #! lines to "#!/usr/bin/env bash" so it works better on FreeBSD. * BUGFIX: (BugId#1) blackbox_update_all_files.sh expects hg, fails for git. * BUGFIX: (BugId#2) blackbox_postdeploy.sh assumes certain directory layout. * BUGFIX: Temporary files aren't deleted. * NEW FILE: bin/blackbox_initialize: Automates enabling BB for a repo (creates directories, files, and updates .gitignore). * NEW FILE: bin/blackbox_removeadmin: Automates removing an admit. * NEW FILE: tools/confidence_test.sh: A battery of tests to verify operations. * NEW FILE: bin/Makefile: Automate package creation. * NEW FILE: bin/_stack_lib.sh: A library of shell routines from StackExchange.
2014-08-29 20:21:02 +00:00
GPG_AGENT_INFO_BOB="$GPG_AGENT_INFO"
function become_alice() {
export GNUPGHOME="$fake_alice_home"
export GPG_AGENT_INFO="$GPG_AGENT_INFO_ALICE"
echo BECOMING ALICE: GNUPGHOME=$GNUPGHOME AGENT=$GPG_AGENT_INFO
git config --global user.name "Alice Example"
git config --global user.email alice@example.com
}
function become_bob() {
Issue 50: - Fix forgetting unquotes command substitution in function vcs_relative_path. - Using old test instead of new test in Makefile. - Fix some variables for Bob in "confidence_test.sh".
2015-03-03 09:31:09 +07:00
export GNUPGHOME="$fake_bob_home"
export GPG_AGENT_INFO="$GPG_AGENT_INFO_BOB"
* Initialization for new repos AUTOMATED. * Adding new users AUTOMATED. * Update docs for the new, more simplified installation processes. * Remove dependency on any particular paths, etc. Copy "bin" into a place along your path and everything should "just work". * Add support for Mercurial (not tested). * blackbox_addadmin now adds keys to the keyring for you. * Unified #! lines to "#!/usr/bin/env bash" so it works better on FreeBSD. * BUGFIX: (BugId#1) blackbox_update_all_files.sh expects hg, fails for git. * BUGFIX: (BugId#2) blackbox_postdeploy.sh assumes certain directory layout. * BUGFIX: Temporary files aren't deleted. * NEW FILE: bin/blackbox_initialize: Automates enabling BB for a repo (creates directories, files, and updates .gitignore). * NEW FILE: bin/blackbox_removeadmin: Automates removing an admit. * NEW FILE: tools/confidence_test.sh: A battery of tests to verify operations. * NEW FILE: bin/Makefile: Automate package creation. * NEW FILE: bin/_stack_lib.sh: A library of shell routines from StackExchange.
2014-08-29 20:21:02 +00:00
git config --global user.name "Bob Example"
git config --global user.email bob@example.com
}
PHASE 'Alice creates a repo. She creates secret.txt.'
become_alice
git init
echo 'this is my secret' >secret.txt
PHASE 'Alice wants to be part of the secret system.'
PHASE 'She creates a GPG key...'
make_self_deleting_tempfile gpgconfig
cat >"$gpgconfig" <<EOF
%echo Generating a basic OpenPGP key
Make confidence tests compatible with Cygwin.
2014-11-02 08:39:12 -05:00
Key-Type: RSA
Subkey-Type: RSA
* Initialization for new repos AUTOMATED. * Adding new users AUTOMATED. * Update docs for the new, more simplified installation processes. * Remove dependency on any particular paths, etc. Copy "bin" into a place along your path and everything should "just work". * Add support for Mercurial (not tested). * blackbox_addadmin now adds keys to the keyring for you. * Unified #! lines to "#!/usr/bin/env bash" so it works better on FreeBSD. * BUGFIX: (BugId#1) blackbox_update_all_files.sh expects hg, fails for git. * BUGFIX: (BugId#2) blackbox_postdeploy.sh assumes certain directory layout. * BUGFIX: Temporary files aren't deleted. * NEW FILE: bin/blackbox_initialize: Automates enabling BB for a repo (creates directories, files, and updates .gitignore). * NEW FILE: bin/blackbox_removeadmin: Automates removing an admit. * NEW FILE: tools/confidence_test.sh: A battery of tests to verify operations. * NEW FILE: bin/Makefile: Automate package creation. * NEW FILE: bin/_stack_lib.sh: A library of shell routines from StackExchange.
2014-08-29 20:21:02 +00:00
Name-Real: Alice Example
* Test use-case where secrets had previously been exposed. * BUG: blackbox_postdeploy should not "chgrp" files.
2014-09-01 18:59:57 +00:00
Name-Comment: my password is the lowercase letter a
* Initialization for new repos AUTOMATED. * Adding new users AUTOMATED. * Update docs for the new, more simplified installation processes. * Remove dependency on any particular paths, etc. Copy "bin" into a place along your path and everything should "just work". * Add support for Mercurial (not tested). * blackbox_addadmin now adds keys to the keyring for you. * Unified #! lines to "#!/usr/bin/env bash" so it works better on FreeBSD. * BUGFIX: (BugId#1) blackbox_update_all_files.sh expects hg, fails for git. * BUGFIX: (BugId#2) blackbox_postdeploy.sh assumes certain directory layout. * BUGFIX: Temporary files aren't deleted. * NEW FILE: bin/blackbox_initialize: Automates enabling BB for a repo (creates directories, files, and updates .gitignore). * NEW FILE: bin/blackbox_removeadmin: Automates removing an admit. * NEW FILE: tools/confidence_test.sh: A battery of tests to verify operations. * NEW FILE: bin/Makefile: Automate package creation. * NEW FILE: bin/_stack_lib.sh: A library of shell routines from StackExchange.
2014-08-29 20:21:02 +00:00
Name-Email: alice@example.com
Expire-Date: 0
Passphrase: a
# Do a commit here, so that we can later print "done" :-)
%commit
%echo done
EOF
gpg --no-permission-warning --batch --gen-key "$gpgconfig"
#gpg --delete-key bob@example.com || true
#gpg --delete-key alice@example.com || true
PHASE 'Initializes BB...'
blackbox_initialize yes
git commit -m'INITIALIZE BLACKBOX' keyrings .gitignore
PHASE 'and adds herself as an admin.'
blackbox_addadmin alice@example.com
git commit -m'NEW ADMIN: alice@example.com' keyrings/live/pubring.gpg keyrings/live/trustdb.gpg keyrings/live/blackbox-admins.txt
PHASE 'Bob arrives.'
become_bob
PHASE 'Bob creates a gpg key.'
cat >"$gpgconfig" <<EOF
%echo Generating a basic OpenPGP key
Make confidence tests compatible with Cygwin.
2014-11-02 08:39:12 -05:00
Key-Type: RSA
Subkey-Type: RSA
* Initialization for new repos AUTOMATED. * Adding new users AUTOMATED. * Update docs for the new, more simplified installation processes. * Remove dependency on any particular paths, etc. Copy "bin" into a place along your path and everything should "just work". * Add support for Mercurial (not tested). * blackbox_addadmin now adds keys to the keyring for you. * Unified #! lines to "#!/usr/bin/env bash" so it works better on FreeBSD. * BUGFIX: (BugId#1) blackbox_update_all_files.sh expects hg, fails for git. * BUGFIX: (BugId#2) blackbox_postdeploy.sh assumes certain directory layout. * BUGFIX: Temporary files aren't deleted. * NEW FILE: bin/blackbox_initialize: Automates enabling BB for a repo (creates directories, files, and updates .gitignore). * NEW FILE: bin/blackbox_removeadmin: Automates removing an admit. * NEW FILE: tools/confidence_test.sh: A battery of tests to verify operations. * NEW FILE: bin/Makefile: Automate package creation. * NEW FILE: bin/_stack_lib.sh: A library of shell routines from StackExchange.
2014-08-29 20:21:02 +00:00
Name-Real: Bob Example
* Test use-case where secrets had previously been exposed. * BUG: blackbox_postdeploy should not "chgrp" files.
2014-09-01 18:59:57 +00:00
Name-Comment: my password is the lowercase letter b
* Initialization for new repos AUTOMATED. * Adding new users AUTOMATED. * Update docs for the new, more simplified installation processes. * Remove dependency on any particular paths, etc. Copy "bin" into a place along your path and everything should "just work". * Add support for Mercurial (not tested). * blackbox_addadmin now adds keys to the keyring for you. * Unified #! lines to "#!/usr/bin/env bash" so it works better on FreeBSD. * BUGFIX: (BugId#1) blackbox_update_all_files.sh expects hg, fails for git. * BUGFIX: (BugId#2) blackbox_postdeploy.sh assumes certain directory layout. * BUGFIX: Temporary files aren't deleted. * NEW FILE: bin/blackbox_initialize: Automates enabling BB for a repo (creates directories, files, and updates .gitignore). * NEW FILE: bin/blackbox_removeadmin: Automates removing an admit. * NEW FILE: tools/confidence_test.sh: A battery of tests to verify operations. * NEW FILE: bin/Makefile: Automate package creation. * NEW FILE: bin/_stack_lib.sh: A library of shell routines from StackExchange.
2014-08-29 20:21:02 +00:00
Name-Email: bob@example.com
Expire-Date: 0
Passphrase: b
# Do a commit here, so that we can later print "done" :-)
%commit
%echo done
EOF
gpg --no-permission-warning --batch --gen-key "$gpgconfig"
echo '========== Bob enrolls himself too.'
blackbox_addadmin bob@example.com
git commit -m'NEW ADMIN: alice@example.com' keyrings/live/pubring.gpg keyrings/live/trustdb.gpg keyrings/live/blackbox-admins.txt
PHASE 'Alice does the second part to enroll bob.'
become_alice
PHASE 'She enrolls bob.'
gpg --import keyrings/live/pubring.gpg
# TODO(tlim) That --import can be eliminated... maybe?
PHASE 'She enrolls secrets.txt.'
blackbox_register_new_file secret.txt
assert_file_missing secret.txt
assert_file_exists secret.txt.gpg
BACKWARDS INCOMPATIBLE CHANGES: * Using $BASEDIR to pass the location of the repo hasn't worked for a while. It has been removed. Simply cd into the vcs repo before running a command. BUG FIXES: * .gitignore was being created in subdirectories instead of VCS root. MINOR CHANGES * _blackbox_common.sh: Replace change_to_root with change_to_vcs_root * confidence_test.sh: Added more assertions and tests.
2015-03-10 21:16:27 +00:00
assert_line_exists 'secret.txt' .gitignore
* Initialization for new repos AUTOMATED. * Adding new users AUTOMATED. * Update docs for the new, more simplified installation processes. * Remove dependency on any particular paths, etc. Copy "bin" into a place along your path and everything should "just work". * Add support for Mercurial (not tested). * blackbox_addadmin now adds keys to the keyring for you. * Unified #! lines to "#!/usr/bin/env bash" so it works better on FreeBSD. * BUGFIX: (BugId#1) blackbox_update_all_files.sh expects hg, fails for git. * BUGFIX: (BugId#2) blackbox_postdeploy.sh assumes certain directory layout. * BUGFIX: Temporary files aren't deleted. * NEW FILE: bin/blackbox_initialize: Automates enabling BB for a repo (creates directories, files, and updates .gitignore). * NEW FILE: bin/blackbox_removeadmin: Automates removing an admit. * NEW FILE: tools/confidence_test.sh: A battery of tests to verify operations. * NEW FILE: bin/Makefile: Automate package creation. * NEW FILE: bin/_stack_lib.sh: A library of shell routines from StackExchange.
2014-08-29 20:21:02 +00:00
PHASE 'She decrypts secrets.txt.'
blackbox_edit_start secret.txt
assert_file_exists secret.txt
assert_file_exists secret.txt.gpg
assert_file_md5hash secret.txt "69923af35054e09cff786424e7b287aa"
PHASE 'She edits secrets.txt.'
echo 'this is MY NEW SECRET' >secret.txt
blackbox_edit_end secret.txt
assert_file_missing secret.txt
assert_file_exists secret.txt.gpg
PHASE 'Bob appears.'
become_bob
PHASE 'Bob makes sure he has all new keys.'
gpg --import keyrings/live/pubring.gpg
* blackbox_postdeploy should accept an optional parameter for chgrp. * blackbox_postdeploy should 'cd' to $BASEDIR or the base VCS directory. * Add unit tests to confidence_test.sh to cover chgrp functionality.
2014-09-02 22:10:37 +00:00
# Pick a GID to use:
BUG: "make confidence" should work on Mac OS X
2015-02-28 08:18:26 -06:00
# This users's default group:
DEFAULT_GID_NAME=$(id -gn)
# Pick a group that is not the default group:
* blackbox_postdeploy should accept an optional parameter for chgrp. * blackbox_postdeploy should 'cd' to $BASEDIR or the base VCS directory. * Add unit tests to confidence_test.sh to cover chgrp functionality.
2014-09-02 22:10:37 +00:00
TEST_GID_NUM=$(id -G | fmt -1 | tail -n +2 | grep -xv $(id -u) | head -n 1)
BUG: "make confidence" should work on Mac OS X
2015-02-28 08:18:26 -06:00
TEST_GID_NAME=$(python -c 'import grp; print grp.getgrgid('"$TEST_GID_NUM"').gr_name')
echo DEFAULT_GID_NAME=$DEFAULT_GID_NAME
* blackbox_postdeploy should accept an optional parameter for chgrp. * blackbox_postdeploy should 'cd' to $BASEDIR or the base VCS directory. * Add unit tests to confidence_test.sh to cover chgrp functionality.
2014-09-02 22:10:37 +00:00
echo TEST_GID_NUM=$TEST_GID_NUM
echo TEST_GID_NAME=$TEST_GID_NAME
PHASE 'Bob postdeploys... default.'
* Initialization for new repos AUTOMATED. * Adding new users AUTOMATED. * Update docs for the new, more simplified installation processes. * Remove dependency on any particular paths, etc. Copy "bin" into a place along your path and everything should "just work". * Add support for Mercurial (not tested). * blackbox_addadmin now adds keys to the keyring for you. * Unified #! lines to "#!/usr/bin/env bash" so it works better on FreeBSD. * BUGFIX: (BugId#1) blackbox_update_all_files.sh expects hg, fails for git. * BUGFIX: (BugId#2) blackbox_postdeploy.sh assumes certain directory layout. * BUGFIX: Temporary files aren't deleted. * NEW FILE: bin/blackbox_initialize: Automates enabling BB for a repo (creates directories, files, and updates .gitignore). * NEW FILE: bin/blackbox_removeadmin: Automates removing an admit. * NEW FILE: tools/confidence_test.sh: A battery of tests to verify operations. * NEW FILE: bin/Makefile: Automate package creation. * NEW FILE: bin/_stack_lib.sh: A library of shell routines from StackExchange.
2014-08-29 20:21:02 +00:00
blackbox_postdeploy
assert_file_exists secret.txt
assert_file_exists secret.txt.gpg
assert_file_md5hash secret.txt "08a3fa763a05c018a38e9924363b97e7"
* blackbox_postdeploy should accept an optional parameter for chgrp. * blackbox_postdeploy should 'cd' to $BASEDIR or the base VCS directory. * Add unit tests to confidence_test.sh to cover chgrp functionality.
2014-09-02 22:10:37 +00:00
assert_file_group secret.txt "$DEFAULT_GID_NAME"
PHASE 'Bob postdeploys... with a GID.'
blackbox_postdeploy $TEST_GID_NUM
assert_file_exists secret.txt
assert_file_exists secret.txt.gpg
assert_file_md5hash secret.txt "08a3fa763a05c018a38e9924363b97e7"
assert_file_group secret.txt "$TEST_GID_NAME"
* Initialization for new repos AUTOMATED. * Adding new users AUTOMATED. * Update docs for the new, more simplified installation processes. * Remove dependency on any particular paths, etc. Copy "bin" into a place along your path and everything should "just work". * Add support for Mercurial (not tested). * blackbox_addadmin now adds keys to the keyring for you. * Unified #! lines to "#!/usr/bin/env bash" so it works better on FreeBSD. * BUGFIX: (BugId#1) blackbox_update_all_files.sh expects hg, fails for git. * BUGFIX: (BugId#2) blackbox_postdeploy.sh assumes certain directory layout. * BUGFIX: Temporary files aren't deleted. * NEW FILE: bin/blackbox_initialize: Automates enabling BB for a repo (creates directories, files, and updates .gitignore). * NEW FILE: bin/blackbox_removeadmin: Automates removing an admit. * NEW FILE: tools/confidence_test.sh: A battery of tests to verify operations. * NEW FILE: bin/Makefile: Automate package creation. * NEW FILE: bin/_stack_lib.sh: A library of shell routines from StackExchange.
2014-08-29 20:21:02 +00:00
PHASE 'Bob cleans up the secret.'
rm secret.txt
PHASE 'Bob removes alice.'
blackbox_removeadmin alice@example.com
For git, add plaintext files to .gitignore to prevent accidental additions.
2014-10-14 14:23:34 +00:00
assert_line_not_exists 'alice@example.com' keyrings/live/blackbox-admins.txt
* Initialization for new repos AUTOMATED. * Adding new users AUTOMATED. * Update docs for the new, more simplified installation processes. * Remove dependency on any particular paths, etc. Copy "bin" into a place along your path and everything should "just work". * Add support for Mercurial (not tested). * blackbox_addadmin now adds keys to the keyring for you. * Unified #! lines to "#!/usr/bin/env bash" so it works better on FreeBSD. * BUGFIX: (BugId#1) blackbox_update_all_files.sh expects hg, fails for git. * BUGFIX: (BugId#2) blackbox_postdeploy.sh assumes certain directory layout. * BUGFIX: Temporary files aren't deleted. * NEW FILE: bin/blackbox_initialize: Automates enabling BB for a repo (creates directories, files, and updates .gitignore). * NEW FILE: bin/blackbox_removeadmin: Automates removing an admit. * NEW FILE: tools/confidence_test.sh: A battery of tests to verify operations. * NEW FILE: bin/Makefile: Automate package creation. * NEW FILE: bin/_stack_lib.sh: A library of shell routines from StackExchange.
2014-08-29 20:21:02 +00:00
PHASE 'Bob reencrypts files so alice can not access them.'
blackbox_update_all_files
PHASE 'Bob decrypts secrets.txt.'
blackbox_edit_start secret.txt
assert_file_exists secret.txt
assert_file_exists secret.txt.gpg
assert_file_md5hash secret.txt "08a3fa763a05c018a38e9924363b97e7"
PHASE 'Bob edits secrets.txt.'
echo 'BOB BOB BOB BOB' >secret.txt
blackbox_edit_end secret.txt
assert_file_missing secret.txt
assert_file_exists secret.txt.gpg
PHASE 'Bob decrypts secrets.txt VERSION 3.'
blackbox_edit_start secret.txt
assert_file_exists secret.txt
assert_file_exists secret.txt.gpg
assert_file_md5hash secret.txt "beb0b0fd5701afb6f891de372abd35ed"
* Test use-case where secrets had previously been exposed. * BUG: blackbox_postdeploy should not "chgrp" files.
2014-09-01 18:59:57 +00:00
PHASE 'Bob exposes a secret in the repo.'
echo 'this is my exposed secret' >mistake.txt
git add mistake.txt
git commit -m'Oops I am committing a secret to the repo.' mistake.txt
PHASE 'Bob corrects it by registering it.'
blackbox_register_new_file mistake.txt
assert_file_missing mistake.txt
assert_file_exists mistake.txt.gpg
# NOTE: It is still in the history. That should be corrected someday.
BACKWARDS INCOMPATIBLE CHANGES: * Using $BASEDIR to pass the location of the repo hasn't worked for a while. It has been removed. Simply cd into the vcs repo before running a command. BUG FIXES: * .gitignore was being created in subdirectories instead of VCS root. MINOR CHANGES * _blackbox_common.sh: Replace change_to_root with change_to_vcs_root * confidence_test.sh: Added more assertions and tests.
2015-03-10 21:16:27 +00:00
assert_line_exists 'mistake.txt' .gitignore
* Test use-case where secrets had previously been exposed. * BUG: blackbox_postdeploy should not "chgrp" files.
2014-09-01 18:59:57 +00:00
BIG CHANGES: * Command no longer need to be run from the base directory of the repo. * blackbox_edit now asks "are you sure?" and is greatly simplified. _blackbox_common.sh: * add_filename_to_cryptlist now accepts paths relative to cwd. * fail_if_not_on_cryptlist now accepts paths relative to cwd. * new function: vcs_relative_path reports a path to the file relative to the REPOBASE. * new function: is_on_cryptlist plus... * Some minor performance enhancesments and cleanups. * confidence_test.sh now tests some commands while not in REPOBASE.
2014-09-09 20:32:48 +00:00
PHASE 'Bob enrolls my/path/to/relsecrets.txt.'
mkdir my my/path my/path/to
echo 'New secret' > my/path/to/relsecrets.txt
cd my/path/to
blackbox_register_new_file relsecrets.txt
assert_file_missing relsecrets.txt
assert_file_exists relsecrets.txt.gpg
BACKWARDS INCOMPATIBLE CHANGES: * Using $BASEDIR to pass the location of the repo hasn't worked for a while. It has been removed. Simply cd into the vcs repo before running a command. BUG FIXES: * .gitignore was being created in subdirectories instead of VCS root. MINOR CHANGES * _blackbox_common.sh: Replace change_to_root with change_to_vcs_root * confidence_test.sh: Added more assertions and tests.
2015-03-10 21:16:27 +00:00
assert_file_missing .gitignore
assert_file_exists ../../../.gitignore
assert_line_exists 'my/path/to/relsecrets.txt' ../../../.gitignore
BIG CHANGES: * Command no longer need to be run from the base directory of the repo. * blackbox_edit now asks "are you sure?" and is greatly simplified. _blackbox_common.sh: * add_filename_to_cryptlist now accepts paths relative to cwd. * fail_if_not_on_cryptlist now accepts paths relative to cwd. * new function: vcs_relative_path reports a path to the file relative to the REPOBASE. * new function: is_on_cryptlist plus... * Some minor performance enhancesments and cleanups. * confidence_test.sh now tests some commands while not in REPOBASE.
2014-09-09 20:32:48 +00:00
PHASE 'Bob decrypts relsecrets.txt.'
cd ..
blackbox_edit_start to/relsecrets.txt
assert_file_exists to/relsecrets.txt
assert_file_exists to/relsecrets.txt.gpg
assert_file_md5hash to/relsecrets.txt "c47f9c3c8ce03d895b883ac22384cb67"
cd ../..
For git, add plaintext files to .gitignore to prevent accidental additions.
2014-10-14 14:23:34 +00:00
PHASE 'Bob enrolls !important!.txt'
echo A very important file >'!important!.txt'
blackbox_register_new_file '!important!.txt'
assert_file_missing '!important!.txt'
assert_file_exists '!important!.txt'.gpg
assert_line_exists '\!important!.txt' .gitignore
PHASE 'Bob enrolls #andpounds.txt'
echo A very commented file >'#andpounds.txt'
blackbox_register_new_file '#andpounds.txt'
assert_file_missing '#andpounds.txt'
assert_file_exists '#andpounds.txt'.gpg
assert_line_exists '\#andpounds.txt' .gitignore
Better handle filenames with * and ? in them.
2014-10-14 14:43:03 +00:00
PHASE 'Bob enrolls stars*bars?.txt'
tools/confidence_test.sh: Test that locked out user can't decrypt.
2015-03-19 15:02:05 -07:00
echo A very wild and questioned file >'stars*bars?.txt'
Better handle filenames with * and ? in them.
2014-10-14 14:43:03 +00:00
blackbox_register_new_file 'stars*bars?.txt'
assert_file_missing 'stars*bars?.txt'
assert_file_exists 'stars*bars?.txt'.gpg
assert_line_exists 'stars\*bars\?.txt' .gitignore
tools/confidence_test.sh: Test that locked out user can't decrypt.
2015-03-19 15:02:05 -07:00
PHASE 'Bob enrolls space space.txt'
echo A very spacey file >'space space.txt'
blackbox_register_new_file 'space space.txt'
assert_file_missing 'space space.txt'
assert_file_exists 'space space.txt'.gpg
assert_line_exists 'space space.txt' .gitignore
PHASE 'Bob checks out stars*bars?.txt.'
blackbox_edit_start 'stars*bars?.txt'
assert_file_exists 'stars*bars?.txt'
assert_file_exists 'stars*bars?.txt'
assert_file_md5hash 'stars*bars?.txt' "448e018faade28cede2bf6f33c3c2dfb"
PHASE 'Bob checks out space space.txt.'
blackbox_edit_start 'space space.txt'
assert_file_exists 'space space.txt'
assert_file_exists 'space space.txt'
assert_file_md5hash 'space space.txt' "de1d4e4a07046f81af5d3c0194b78742"
PHASE 'Bob shreds all exposed files.'
assert_file_exists 'my/path/to/relsecrets.txt'
assert_file_exists 'secret.txt'
blackbox_shred_all_files
assert_file_missing '!important!.txt'
assert_file_missing '#andpounds.txt'
assert_file_missing 'mistake.txt'
assert_file_missing 'my/path/to/relsecrets.txt'
assert_file_missing 'secret.txt'
assert_file_missing 'space space.txt'
assert_file_missing 'stars*bars?.txt'
assert_file_exists '!important!.txt.gpg'
assert_file_exists '#andpounds.txt.gpg'
assert_file_exists 'mistake.txt.gpg'
assert_file_exists 'my/path/to/relsecrets.txt.gpg'
assert_file_exists 'secret.txt.gpg'
assert_file_exists 'space space.txt.gpg'
assert_file_exists 'stars*bars?.txt.gpg'
PHASE 'Bob updates all files.'
blackbox_update_all_files
assert_file_missing '!important!.txt'
assert_file_missing '#andpounds.txt'
assert_file_missing 'mistake.txt'
assert_file_missing 'my/path/to/relsecrets.txt'
assert_file_missing 'secret.txt'
assert_file_missing 'space space.txt'
assert_file_missing 'stars*bars?.txt'
assert_file_exists '!important!.txt.gpg'
assert_file_exists '#andpounds.txt.gpg'
assert_file_exists 'mistake.txt.gpg'
assert_file_exists 'my/path/to/relsecrets.txt.gpg'
assert_file_exists 'secret.txt.gpg'
assert_file_exists 'space space.txt.gpg'
assert_file_exists 'stars*bars?.txt.gpg'
PHASE 'Alice returns. She should be locked out'
become_alice
PHASE 'Alice tries to decrypt secret.txt. Is blocked.'
if blackbox_edit_start secret.txt ; then
echo 'ERROR: Alice was able to decrypt secret.txt! She should have been blocked.'
exit 1
else
echo 'NOTE: Alice was not able to decrypt secret.txt as expected.'
fi
Register new file now work with space in filename.
2015-03-06 11:33:39 +07:00
tools/confidence_test.sh: Test that locked out user can't decrypt.
2015-03-19 15:02:05 -07:00
# TODO: Create a new directory. "git clone" the repo into it.
* Initialization for new repos AUTOMATED. * Adding new users AUTOMATED. * Update docs for the new, more simplified installation processes. * Remove dependency on any particular paths, etc. Copy "bin" into a place along your path and everything should "just work". * Add support for Mercurial (not tested). * blackbox_addadmin now adds keys to the keyring for you. * Unified #! lines to "#!/usr/bin/env bash" so it works better on FreeBSD. * BUGFIX: (BugId#1) blackbox_update_all_files.sh expects hg, fails for git. * BUGFIX: (BugId#2) blackbox_postdeploy.sh assumes certain directory layout. * BUGFIX: Temporary files aren't deleted. * NEW FILE: bin/blackbox_initialize: Automates enabling BB for a repo (creates directories, files, and updates .gitignore). * NEW FILE: bin/blackbox_removeadmin: Automates removing an admit. * NEW FILE: tools/confidence_test.sh: A battery of tests to verify operations. * NEW FILE: bin/Makefile: Automate package creation. * NEW FILE: bin/_stack_lib.sh: A library of shell routines from StackExchange.
2014-08-29 20:21:02 +00:00
#
# ASSERTIONS
#
if [[ -e $HOME/.gnupg ]]; then
echo "ASSERT FAILED: $HOME/.gnupg should not exist."
exit 1
fi
For git, add plaintext files to .gitignore to prevent accidental additions.
2014-10-14 14:23:34 +00:00
find .git?* * -type f -ls
* Initialization for new repos AUTOMATED. * Adding new users AUTOMATED. * Update docs for the new, more simplified installation processes. * Remove dependency on any particular paths, etc. Copy "bin" into a place along your path and everything should "just work". * Add support for Mercurial (not tested). * blackbox_addadmin now adds keys to the keyring for you. * Unified #! lines to "#!/usr/bin/env bash" so it works better on FreeBSD. * BUGFIX: (BugId#1) blackbox_update_all_files.sh expects hg, fails for git. * BUGFIX: (BugId#2) blackbox_postdeploy.sh assumes certain directory layout. * BUGFIX: Temporary files aren't deleted. * NEW FILE: bin/blackbox_initialize: Automates enabling BB for a repo (creates directories, files, and updates .gitignore). * NEW FILE: bin/blackbox_removeadmin: Automates removing an admit. * NEW FILE: tools/confidence_test.sh: A battery of tests to verify operations. * NEW FILE: bin/Makefile: Automate package creation. * NEW FILE: bin/_stack_lib.sh: A library of shell routines from StackExchange.
2014-08-29 20:21:02 +00:00
echo cd "$test_repository"
BACKWARDS INCOMPATIBLE CHANGES: * Using $BASEDIR to pass the location of the repo hasn't worked for a while. It has been removed. Simply cd into the vcs repo before running a command. BUG FIXES: * .gitignore was being created in subdirectories instead of VCS root. MINOR CHANGES * _blackbox_common.sh: Replace change_to_root with change_to_vcs_root * confidence_test.sh: Added more assertions and tests.
2015-03-10 21:16:27 +00:00
echo rm -rf "$test_repository"
* Initialization for new repos AUTOMATED. * Adding new users AUTOMATED. * Update docs for the new, more simplified installation processes. * Remove dependency on any particular paths, etc. Copy "bin" into a place along your path and everything should "just work". * Add support for Mercurial (not tested). * blackbox_addadmin now adds keys to the keyring for you. * Unified #! lines to "#!/usr/bin/env bash" so it works better on FreeBSD. * BUGFIX: (BugId#1) blackbox_update_all_files.sh expects hg, fails for git. * BUGFIX: (BugId#2) blackbox_postdeploy.sh assumes certain directory layout. * BUGFIX: Temporary files aren't deleted. * NEW FILE: bin/blackbox_initialize: Automates enabling BB for a repo (creates directories, files, and updates .gitignore). * NEW FILE: bin/blackbox_removeadmin: Automates removing an admit. * NEW FILE: tools/confidence_test.sh: A battery of tests to verify operations. * NEW FILE: bin/Makefile: Automate package creation. * NEW FILE: bin/_stack_lib.sh: A library of shell routines from StackExchange.
2014-08-29 20:21:02 +00:00
echo DONE.
Reference in New Issue Copy Permalink