2014-07-07 20:30:16 -04:00
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# blackbox_postdeploy.sh -- Decrypt all blackbox files.
|
|
|
|
|
#
|
|
|
|
|
|
2014-08-28 20:47:32 +00:00
|
|
|
# Since this is often run in a security-critical situation, we
|
|
|
|
|
# force /usr/bin and /bin to the front of the PATH.
|
|
|
|
|
export PATH=/usr/bin:/bin:"$PATH"
|
2014-07-07 20:30:16 -04:00
|
|
|
|
2014-08-28 20:47:32 +00:00
|
|
|
. _blackbox_common.sh
|
2014-07-07 20:30:16 -04:00
|
|
|
|
2014-08-28 20:47:32 +00:00
|
|
|
# If we aren't in a repo, assume /etc/puppet.
|
|
|
|
|
if [[ "$REPOBASE" = "/dev/null" ]]; then
|
|
|
|
|
REPOBASE=/etc/puppet
|
|
|
|
|
fi
|
2014-07-07 20:30:16 -04:00
|
|
|
|
|
|
|
|
prepare_keychain
|
|
|
|
|
|
|
|
|
|
# Decrypt:
|
|
|
|
|
echo '========== Decrypting new/changed files: START'
|
|
|
|
|
while read unencrypted_file; do
|
|
|
|
|
encrypted_file=$(get_encrypted_filename "$unencrypted_file")
|
|
|
|
|
decrypt_file_overwrite "$encrypted_file" "$unencrypted_file"
|
|
|
|
|
chmod g+r,o-rwx "$unencrypted_file"
|
|
|
|
|
$CHGRP puppet "$unencrypted_file"
|
|
|
|
|
done <"$BB_FILES"
|
|
|
|
|
echo '========== Decrypting new/changed files: DONE'
|
