blackbox/bin/blackbox_register_new_file

#!/usr/bin/env bash

#
# blackbox_register_new_file -- Enroll new file(s) in the blackbox system.
#
# Takes previously unencrypted file(s) and enrolls them into the blackbox
# system.  Each file will be kept in the repo as an encrypted file.  On deployment
# to systems that need the plaintext (unencrypted) versions, run
# blackbox_postdeploy.sh to decrypt all the files.

set -e
source "${0%/*}/_blackbox_common.sh"

function register_new_file() {
  unencrypted_file=$(get_unencrypted_filename "$1")
  encrypted_file=$(get_encrypted_filename "$1")

  if [[ "$1" == "$encrypted_file" ]]; then
    echo ERROR: Please only register unencrypted files.
    exit 1
  fi

  echo ========== PLAINFILE "$unencrypted_file"
  echo ========== ENCRYPTED "$encrypted_file"

  fail_if_not_exists "$unencrypted_file" "Please specify an existing file."
  fail_if_exists "$encrypted_file" "Will not overwrite."

  prepare_keychain
  encrypt_file "$unencrypted_file" "$encrypted_file"
  add_filename_to_cryptlist "$unencrypted_file"

  # Is the unencrypted file already in HG? (ie. are we correcting a bad situation)
  SECRETSEXPOSED=$(is_in_vcs "${unencrypted_file}")
  echo "========== CREATED: ${encrypted_file}"
  echo "========== UPDATING REPO:"
  shred_file "$unencrypted_file"

  if "$SECRETSEXPOSED" ; then
    vcs_remove "$unencrypted_file"
    vcs_add "$encrypted_file"
  fi

  vcs_ignore "$unencrypted_file"
  echo 'NOTE: "already tracked!" messages are safe to ignore.'
  vcs_add "$BB_FILES" "$encrypted_file"
  vcs_commit "registered in blackbox: ${unencrypted_file}" "$BB_FILES" "$encrypted_file"
}

for target in "$@"; do
  register_new_file "$target"
done

echo "========== UPDATING VCS: DONE"
echo "Local repo updated.  Please push when ready."
echo "    $(which_vcs) push"
* Initialization for new repos AUTOMATED. * Adding new users AUTOMATED. * Update docs for the new, more simplified installation processes. * Remove dependency on any particular paths, etc. Copy "bin" into a place along your path and everything should "just work". * Add support for Mercurial (not tested). * blackbox_addadmin now adds keys to the keyring for you. * Unified #! lines to "#!/usr/bin/env bash" so it works better on FreeBSD. * BUGFIX: (BugId#1) blackbox_update_all_files.sh expects hg, fails for git. * BUGFIX: (BugId#2) blackbox_postdeploy.sh assumes certain directory layout. * BUGFIX: Temporary files aren't deleted. * NEW FILE: bin/blackbox_initialize: Automates enabling BB for a repo (creates directories, files, and updates .gitignore). * NEW FILE: bin/blackbox_removeadmin: Automates removing an admit. * NEW FILE: tools/confidence_test.sh: A battery of tests to verify operations. * NEW FILE: bin/Makefile: Automate package creation. * NEW FILE: bin/_stack_lib.sh: A library of shell routines from StackExchange. 2014-08-29 20:21:02 +00:00			`#!/usr/bin/env bash`
Initial check in 2014-07-07 20:30:16 -04:00
			`#`
blackbox_register_new_file: Accept multiple files on the command line. 2015-06-20 15:54:08 +00:00			`# blackbox_register_new_file -- Enroll new file(s) in the blackbox system.`
Initial check in 2014-07-07 20:30:16 -04:00			`#`
blackbox_register_new_file: Accept multiple files on the command line. 2015-06-20 15:54:08 +00:00			`# Takes previously unencrypted file(s) and enrolls them into the blackbox`
			`# system. Each file will be kept in the repo as an encrypted file. On deployment`
Remove ".sh" from file names. Refactor so it does not rely on PWD being the repo basedir. Fix assumptions about HG and GIT use. 2014-08-28 20:47:32 +00:00			`# to systems that need the plaintext (unencrypted) versions, run`
			`# blackbox_postdeploy.sh to decrypt all the files.`
Initial check in 2014-07-07 20:30:16 -04:00
Add "set -e" to all scripts. 2014-09-08 20:25:38 +00:00			`set -e`
Always setting BLACKBOX_HOME This makes the beginning of all files the same and a little simpler. `${0%/*}` turns "/home/user/repository/bin/blackbox_edit" into "/home/user/repository/bin", exactly like basename but without eating a process. Because other scripts needed `$blackbox_home` I made this into a standardard variable that's always available. This also loads _stack_lib.sh always because _blackbox_common.sh requires it. 2015-06-16 13:21:51 -05:00			`source "${0%/*}/_blackbox_common.sh"`
Initial check in 2014-07-07 20:30:16 -04:00
blackbox_register_new_file: Accept multiple files on the command line. 2015-06-20 15:54:08 +00:00			`function register_new_file() {`
			`unencrypted_file=$(get_unencrypted_filename "$1")`
			`encrypted_file=$(get_encrypted_filename "$1")`
Initial check in 2014-07-07 20:30:16 -04:00
blackbox_register_new_file: Accept multiple files on the command line. 2015-06-20 15:54:08 +00:00			`if [[ "$1" == "$encrypted_file" ]]; then`
			`echo ERROR: Please only register unencrypted files.`
			`exit 1`
			`fi`
Initial check in 2014-07-07 20:30:16 -04:00
blackbox_register_new_file: Accept multiple files on the command line. 2015-06-20 15:54:08 +00:00			`echo ========== PLAINFILE "$unencrypted_file"`
			`echo ========== ENCRYPTED "$encrypted_file"`
Initial check in 2014-07-07 20:30:16 -04:00
blackbox_register_new_file: Accept multiple files on the command line. 2015-06-20 15:54:08 +00:00			`fail_if_not_exists "$unencrypted_file" "Please specify an existing file."`
			`fail_if_exists "$encrypted_file" "Will not overwrite."`
Initial check in 2014-07-07 20:30:16 -04:00
blackbox_register_new_file: Accept multiple files on the command line. 2015-06-20 15:54:08 +00:00			`prepare_keychain`
			`encrypt_file "$unencrypted_file" "$encrypted_file"`
			`add_filename_to_cryptlist "$unencrypted_file"`
Initial check in 2014-07-07 20:30:16 -04:00
blackbox_register_new_file: Accept multiple files on the command line. 2015-06-20 15:54:08 +00:00			`# Is the unencrypted file already in HG? (ie. are we correcting a bad situation)`
			`SECRETSEXPOSED=$(is_in_vcs "${unencrypted_file}")`
			`echo "========== CREATED: ${encrypted_file}"`
			`echo "========== UPDATING REPO:"`
			`shred_file "$unencrypted_file"`
Big doc update plus refined tools to work better outside of StackExchange. 2014-08-13 15:16:35 -04:00
blackbox_register_new_file: Accept multiple files on the command line. 2015-06-20 15:54:08 +00:00			`if "$SECRETSEXPOSED" ; then`
			`vcs_remove "$unencrypted_file"`
			`vcs_add "$encrypted_file"`
			`fi`

			`vcs_ignore "$unencrypted_file"`
			`echo 'NOTE: "already tracked!" messages are safe to ignore.'`
			`vcs_add "$BB_FILES" "$encrypted_file"`
			`vcs_commit "registered in blackbox: ${unencrypted_file}" "$BB_FILES" "$encrypted_file"`
			`}`

			`for target in "$@"; do`
			`register_new_file "$target"`
			`done`
Update .gitignore when registering new files To reduce the risk of accidentally adding plaintext secrets, ignore registered plaintext files. 2014-10-13 21:31:58 +02:00
Remove ".sh" from file names. Refactor so it does not rely on PWD being the repo basedir. Fix assumptions about HG and GIT use. 2014-08-28 20:47:32 +00:00			`echo "========== UPDATING VCS: DONE"`
Initial check in 2014-07-07 20:30:16 -04:00			`echo "Local repo updated. Please push when ready."`
Adding file deregister tool + extrapolating code This solves some TODOs by moving shared code out into `_blackbox_common.sh`. New VCS commands were added, `vcs_ignore` and `vcs_notice` (the opposite of ignore). Made some utility functions * `remove_filename_from_cryptlist` - The opposite of `add_file_to_cryptlist` * `remove_line` - Removes a single line from a text file 2015-06-12 13:23:45 -05:00			`echo " $(which_vcs) push"`