diff --git a/README.md b/README.md index 2901ba4..5e009b4 100644 --- a/README.md +++ b/README.md @@ -118,6 +118,7 @@ It has been tested to work with many operating systems. * `hg` -- Mercurial * `svn` -- SubVersion (Thanks, Ben Drasin!) * `p4` -- Perforce + * none -- The files can be decrypted outside of a repo if the keyrings directory is intact * Operating system * CentOS / RedHat * MacOS X @@ -616,6 +617,21 @@ rm -rf /tmp/NEWMASTER Also shred any other temporary files you may have made. +Using Blackbox without a repo +=========================== +If the files are copied out of a repo they can still be decrypted +and edited. Obviously edits, changes to keys, and such will be lost +if they are made outside the repo. Also note that commands are most +likely to only work if run from the base directory (i.e. the parent to +the keyrings directory). + +The following commands have been tested outside a repo: + + * `blackbox_postdeploy` + * `blackbox_edit_start` + * `blackbox_edit_end` + + Help out: Submit bugs, pull requests and ideas: ============ diff --git a/bin/_blackbox_common.sh b/bin/_blackbox_common.sh index 420af23..106b53e 100755 --- a/bin/_blackbox_common.sh +++ b/bin/_blackbox_common.sh @@ -45,7 +45,9 @@ function _determine_vcs_base_and_type() { # NOTE: hg has to be tested last because it always "succeeds". VCS_TYPE=hg else - echo /dev/null + # We aren't in a repo at all. Assume the cwd is the root + # of the tree. + echo . VCS_TYPE=unknown fi export VCS_TYPE @@ -360,6 +362,10 @@ function is_in_p4() { echo false fi } +# No repo +function is_in_unknown() { + echo true +} # Add a file to the repo (but don't commit it). @@ -382,6 +388,10 @@ function vcs_add_svn() { function vcs_add_p4() { p4 add """$@""" } +# No repo +function vcs_add_unknown() { + : +} # Commit a file to the repo @@ -404,6 +414,10 @@ function vcs_commit_svn() { function vcs_commit_p4() { p4 submit -d """$@""" } +# No repo +function vcs_commit_unknown() { + : +} # Remove file from repo, even if it was deleted locally already. @@ -424,6 +438,10 @@ function vcs_remove_svn() { svn delete """$@""" } # Perforce -function vcs_remove_svn() { +function vcs_remove_p4() { p4 delete """$@""" } +# No repo +function vcs_remove_unknown() { + : +} diff --git a/tools/confidence_test.sh b/tools/confidence_test.sh index 55d7fab..f928f04 100755 --- a/tools/confidence_test.sh +++ b/tools/confidence_test.sh @@ -229,6 +229,50 @@ assert_file_missing secret.txt assert_file_exists secret.txt.gpg +PHASE 'Alice copies files to a non-repo directory. (NO REPO)' + +# Copy the repo entirely: +make_self_deleting_tempdir fake_alice_filedir +tar cf - . | ( cd "$fake_alice_filedir" && tar xpvf - ) +# Remove the .git directory +rm -rf "$fake_alice_filedir/.git" +( +cd "$fake_alice_filedir" +assert_file_missing '.git' +assert_file_exists 'secret.txt.gpg' +assert_file_missing 'secret.txt' +blackbox_postdeploy +assert_file_missing '.git' +assert_file_exists 'secret.txt.gpg' +assert_file_exists 'secret.txt' +assert_file_md5hash secret.txt "08a3fa763a05c018a38e9924363b97e7" + +PHASE 'Alice shreds these non-repo files. (NO REPO)' +blackbox_shred_all_files +assert_file_missing '.git' +assert_file_exists 'secret.txt.gpg' +assert_file_missing 'secret.txt' + +PHASE 'Alice decrypts secrets.txt (NO REPO).' +blackbox_edit_start secret.txt +assert_file_exists secret.txt +assert_file_exists secret.txt.gpg +assert_file_md5hash secret.txt "08a3fa763a05c018a38e9924363b97e7" + +PHASE 'Alice edits secrets.txt. (NO REPO EDIT)' +echo 'NOREPO EDIT' >secret.txt +assert_file_md5hash secret.txt "d3e6bbdfc76fae7fd0a921f3408db1d1" +blackbox_edit_end secret.txt +assert_file_missing secret.txt +assert_file_exists secret.txt.gpg + +PHASE 'Alice decrypts secrets.txt (NO REPO EDIT).' +blackbox_edit_start secret.txt +assert_file_exists secret.txt +assert_file_exists secret.txt.gpg +assert_file_md5hash secret.txt "d3e6bbdfc76fae7fd0a921f3408db1d1" +) + PHASE 'Bob appears.' become_bob