From fe10053e6340bba220cf9aa7f3dec3b695a20fd9 Mon Sep 17 00:00:00 2001 From: mavenlink Date: Thu, 2 Oct 2014 16:55:48 -0700 Subject: [PATCH 1/4] use srm if available, this is OSX's secure remove utility --- bin/_blackbox_common.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/bin/_blackbox_common.sh b/bin/_blackbox_common.sh index c83af52..044bbcd 100755 --- a/bin/_blackbox_common.sh +++ b/bin/_blackbox_common.sh @@ -202,6 +202,10 @@ function shred_file() { if which shred >/dev/null ; then CMD=shred OPT=-u + elif which srm >/dev/null ; then + #NOTE: srm by default uses 35-pass Gutmann algorithm + CMD=srm + OPT=-f else CMD=rm OPT=-f From cd880e76c27200de92d9346df476910741849f72 Mon Sep 17 00:00:00 2001 From: mavenlink Date: Thu, 2 Oct 2014 17:02:20 -0700 Subject: [PATCH 2/4] add blackbox_shred_all_files that shreds decrypted versions of any encrypted file, this will discard current changes --- bin/blackbox_shred_all_files | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100755 bin/blackbox_shred_all_files diff --git a/bin/blackbox_shred_all_files b/bin/blackbox_shred_all_files new file mode 100755 index 0000000..8324ecf --- /dev/null +++ b/bin/blackbox_shred_all_files @@ -0,0 +1,23 @@ +#!/usr/bin/env bash + +# +# blackbox_shred_all_files -- shred all decrypted versions of encrypted files +# + +set -e +. _blackbox_common.sh + +echo '========== ENCRYPTED FILES THAT WERE UNLOCKED:' +awk <"$BB_FILES" '{ print " " $1 ".gpg" }' + +echo '========== FILES THAT WILL BE SHREDDED:' +need_warning=false +for i in $(<$BB_FILES) ; do + unencrypted_file=$(get_unencrypted_filename "$i") + encrypted_file=$(get_encrypted_filename "$i") + if [[ -f "$unencrypted_file" ]]; then + shred_file "$unencrypted_file" + fi +done + +echo '========== DONE.' From 157dfe6d2ff2a1cf942a02172e005547ba4381b3 Mon Sep 17 00:00:00 2001 From: mavenlink Date: Thu, 2 Oct 2014 17:03:49 -0700 Subject: [PATCH 3/4] cleanup some mis-named things and remove dead var --- bin/blackbox_shred_all_files | 1 - bin/blackbox_update_all_files | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/bin/blackbox_shred_all_files b/bin/blackbox_shred_all_files index 8324ecf..15fdfc4 100755 --- a/bin/blackbox_shred_all_files +++ b/bin/blackbox_shred_all_files @@ -11,7 +11,6 @@ echo '========== ENCRYPTED FILES THAT WERE UNLOCKED:' awk <"$BB_FILES" '{ print " " $1 ".gpg" }' echo '========== FILES THAT WILL BE SHREDDED:' -need_warning=false for i in $(<$BB_FILES) ; do unencrypted_file=$(get_unencrypted_filename "$i") encrypted_file=$(get_encrypted_filename "$i") diff --git a/bin/blackbox_update_all_files b/bin/blackbox_update_all_files index 4e7644d..d611744 100755 --- a/bin/blackbox_update_all_files +++ b/bin/blackbox_update_all_files @@ -1,7 +1,7 @@ #!/usr/bin/env bash # -# blackbox_edit_end.sh -- Re-encrypt file after edits. +# blackbox_update_all_files -- Re-encrypt file after edits. # set -e From ead6e9672122c6599c2d34c459eac54d8b78b3d5 Mon Sep 17 00:00:00 2001 From: "tlimoncelli@stackexchange.com" Date: Fri, 3 Oct 2014 16:25:13 +0000 Subject: [PATCH 4/4] Use -- to prevent potential issues with funny file names --- bin/_blackbox_common.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bin/_blackbox_common.sh b/bin/_blackbox_common.sh index 044bbcd..ccd5741 100755 --- a/bin/_blackbox_common.sh +++ b/bin/_blackbox_common.sh @@ -211,7 +211,7 @@ function shred_file() { OPT=-f fi - $CMD $OPT "$name" + $CMD $OPT -- "$name" } function md5sum_file() { @@ -328,7 +328,7 @@ function vcs_remove() { } # Mercurial function vcs_remove_hg() { - hg rm -A """$@""" + hg rm -A -- """$@""" } # Git function vcs_remove_git() {