blackbox/bin/blackbox_postdeploy

#!/usr/bin/env bash

#
# blackbox_postdeploy.sh -- Decrypt all blackbox files.
#

# Usage:
#   blackbox_postdeploy.sh [GROUP]
#       GROUP is optional.  If supplied, the resulting files
#       are chgrp'ed to that group.

# Since this is often run in a security-critical situation, we
# force /usr/bin and /bin to the front of the PATH.
export PATH=/usr/bin:/bin:"$PATH"

set -e
blackbox_home=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
source "${blackbox_home}/_blackbox_common.sh"

if [[ "$1" == "" ]]; then
  FILE_GROUP=""
else
  FILE_GROUP="$1"
fi

change_to_root
prepare_keychain

# Decrypt:
echo '========== Decrypting new/changed files: START'
while IFS= read <&99 -r unencrypted_file; do
  encrypted_file=$(get_encrypted_filename "$unencrypted_file")
  decrypt_file_overwrite "$encrypted_file" "$unencrypted_file"
  chmod g+r "$unencrypted_file"
  if [[ ! -z "$FILE_GROUP" ]]; then
    chgrp "$FILE_GROUP" "$unencrypted_file"
  fi
done 99<"$BB_FILES"
echo '========== Decrypting new/changed files: DONE'
* Initialization for new repos AUTOMATED. * Adding new users AUTOMATED. * Update docs for the new, more simplified installation processes. * Remove dependency on any particular paths, etc. Copy "bin" into a place along your path and everything should "just work". * Add support for Mercurial (not tested). * blackbox_addadmin now adds keys to the keyring for you. * Unified #! lines to "#!/usr/bin/env bash" so it works better on FreeBSD. * BUGFIX: (BugId#1) blackbox_update_all_files.sh expects hg, fails for git. * BUGFIX: (BugId#2) blackbox_postdeploy.sh assumes certain directory layout. * BUGFIX: Temporary files aren't deleted. * NEW FILE: bin/blackbox_initialize: Automates enabling BB for a repo (creates directories, files, and updates .gitignore). * NEW FILE: bin/blackbox_removeadmin: Automates removing an admit. * NEW FILE: tools/confidence_test.sh: A battery of tests to verify operations. * NEW FILE: bin/Makefile: Automate package creation. * NEW FILE: bin/_stack_lib.sh: A library of shell routines from StackExchange. 2014-08-29 20:21:02 +00:00			`#!/usr/bin/env bash`
Initial check in 2014-07-07 20:30:16 -04:00
			`#`
			`# blackbox_postdeploy.sh -- Decrypt all blackbox files.`
			`#`

* blackbox_postdeploy should accept an optional parameter for chgrp. * blackbox_postdeploy should 'cd' to $BASEDIR or the base VCS directory. * Add unit tests to confidence_test.sh to cover chgrp functionality. 2014-09-02 22:10:37 +00:00			`# Usage:`
			`# blackbox_postdeploy.sh [GROUP]`
			`# GROUP is optional. If supplied, the resulting files`
			`# are chgrp'ed to that group.`

Remove ".sh" from file names. Refactor so it does not rely on PWD being the repo basedir. Fix assumptions about HG and GIT use. 2014-08-28 20:47:32 +00:00			`# Since this is often run in a security-critical situation, we`
			`# force /usr/bin and /bin to the front of the PATH.`
			`export PATH=/usr/bin:/bin:"$PATH"`
Initial check in 2014-07-07 20:30:16 -04:00
Add "set -e" to all scripts. 2014-09-08 20:25:38 +00:00			`set -e`
- Fix blackbox commands so that they work when called with absolute paths. - Fix confidence_test.sh so that it's not hardcoded to a specific dev environment path. 2015-01-13 14:42:58 -05:00			`blackbox_home=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )`
Fix many bugs for unquote variables. 2015-02-27 01:01:48 +07:00			`source "${blackbox_home}/_blackbox_common.sh"`
Initial check in 2014-07-07 20:30:16 -04:00
* blackbox_postdeploy should accept an optional parameter for chgrp. * blackbox_postdeploy should 'cd' to $BASEDIR or the base VCS directory. * Add unit tests to confidence_test.sh to cover chgrp functionality. 2014-09-02 22:10:37 +00:00			`if [[ "$1" == "" ]]; then`
			`FILE_GROUP=""`
			`else`
			`FILE_GROUP="$1"`
			`fi`

blackbox_shred_all_files now changes to root dir before running. Moved similar code from blackbox_postdeploy into _blackbox_common.sh as change_to_root function. 2014-11-06 00:28:53 -08:00			`change_to_root`
Initial check in 2014-07-07 20:30:16 -04:00			`prepare_keychain`

			`# Decrypt:`
			`echo '========== Decrypting new/changed files: START'`
Use sh-compatible version of redirection. 2014-11-05 16:47:53 +00:00			`while IFS= read <&99 -r unencrypted_file; do`
Initial check in 2014-07-07 20:30:16 -04:00			`encrypted_file=$(get_encrypted_filename "$unencrypted_file")`
			`decrypt_file_overwrite "$encrypted_file" "$unencrypted_file"`
Uses umask to avoid creating world-readable files. 2014-09-23 23:44:48 -04:00			`chmod g+r "$unencrypted_file"`
* blackbox_postdeploy should accept an optional parameter for chgrp. * blackbox_postdeploy should 'cd' to $BASEDIR or the base VCS directory. * Add unit tests to confidence_test.sh to cover chgrp functionality. 2014-09-02 22:10:37 +00:00			`if [[ ! -z "$FILE_GROUP" ]]; then`
Fix many bugs for unquote variables. 2015-02-27 01:01:48 +07:00			`chgrp "$FILE_GROUP" "$unencrypted_file"`
* blackbox_postdeploy should accept an optional parameter for chgrp. * blackbox_postdeploy should 'cd' to $BASEDIR or the base VCS directory. * Add unit tests to confidence_test.sh to cover chgrp functionality. 2014-09-02 22:10:37 +00:00			`fi`
Use sh-compatible version of redirection. 2014-11-05 16:47:53 +00:00			`done 99<"$BB_FILES"`
Initial check in 2014-07-07 20:30:16 -04:00			`echo '========== Decrypting new/changed files: DONE'`