george/blackbox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix many bugs for unquote variables.

Browse Source
This commit is contained in:
LE Manh Cuong
2015-02-27 01:01:48 +07:00
parent 971b6bf63a
commit 5428aed2d7
14 changed files with 47 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
bin/_blackbox_common.sh
View File

@@ -10,11 +10,11 @@
# . _blackbox_common.sh # . _blackbox_common.sh
# Where in the VCS repo should the blackbox data be found? # Where in the VCS repo should the blackbox data be found?
: ${BLACKBOXDATA:=keyrings/live} ; # If BLACKBOXDATA not set, set it. : "${BLACKBOXDATA:=keyrings/live}" ; # If BLACKBOXDATA not set, set it.
# If $EDITOR is not set, set it to "vi": # If $EDITOR is not set, set it to "vi":
: ${EDITOR:=vi} ; : "${EDITOR:=vi}" ;
# Outputs a string that is the base directory of this VCS repo. # Outputs a string that is the base directory of this VCS repo.
@@ -27,19 +27,19 @@ function _determine_vcs_base_and_type() {
#find topmost dir with .svn sub-dir #find topmost dir with .svn sub-dir
parent="" parent=""
grandparent="." grandparent="."
mydir=`pwd` mydir=$(pwd)
while [ -d "$grandparent/.svn" ]; do while [ -d "$grandparent/.svn" ]; do
parent=$grandparent parent=$grandparent
grandparent="$parent/.." grandparent="$parent/.."
done done
if [ ! -z "$parent" ]; then if [ ! -z "$parent" ]; then
cd $parent cd "$parent"
echo `pwd` echo "$(pwd)"
else else
exit 1 exit 1
fi fi
cd $mydir cd "$mydir"
VCS_TYPE=svn VCS_TYPE=svn
elif hg root 2>/dev/null ; then elif hg root 2>/dev/null ; then
# NOTE: hg has to be tested last because it always "succeeds". # NOTE: hg has to be tested last because it always "succeeds".
@@ -61,7 +61,7 @@ BB_FILES_FILE="blackbox-files.txt"
BB_FILES="${KEYRINGDIR}/${BB_FILES_FILE}" BB_FILES="${KEYRINGDIR}/${BB_FILES_FILE}"
SECRING="${KEYRINGDIR}/secring.gpg" SECRING="${KEYRINGDIR}/secring.gpg"
PUBRING="${KEYRINGDIR}/pubring.gpg" PUBRING="${KEYRINGDIR}/pubring.gpg"
: ${DECRYPT_UMASK:=0022} ; : "${DECRYPT_UMASK:=0022}" ;
# : ${DECRYPT_UMASK:=o=} ; # : ${DECRYPT_UMASK:=o=} ;
# Return error if not on cryptlist. # Return error if not on cryptlist.
@@ -184,9 +184,9 @@ function decrypt_file() {
echo "========== EXTRACTING $unencrypted" echo "========== EXTRACTING $unencrypted"
old_umask=$(umask) old_umask=$(umask)
umask $DECRYPT_UMASK umask "$DECRYPT_UMASK"
gpg -q --decrypt -o "$unencrypted" "$encrypted" gpg -q --decrypt -o "$unencrypted" "$encrypted"
umask $old_umask umask "$old_umask"
} }
# Decrypt .gpg file, overwriting unencrypted file if it exists. # Decrypt .gpg file, overwriting unencrypted file if it exists.
@@ -206,12 +206,12 @@ function decrypt_file_overwrite() {
fi fi
old_umask=$(umask) old_umask=$(umask)
umask $DECRYPT_UMASK umask "$DECRYPT_UMASK"
gpg --yes -q --decrypt -o "$unencrypted" "$encrypted" gpg --yes -q --decrypt -o "$unencrypted" "$encrypted"
umask $old_umask umask "$old_umask"
new_hash=$(md5sum_file "$unencrypted") new_hash=$(md5sum_file "$unencrypted")
if [[ $old_hash != $new_hash ]]; then if [[ "$old_hash" != "$new_hash" ]]; then
echo "========== EXTRACTED $unencrypted" echo "========== EXTRACTED $unencrypted"
fi fi
} }
@@ -250,8 +250,8 @@ function enumerate_subdirs() {
while read filename; do while read filename; do
dir=$(dirname "$filename") dir=$(dirname "$filename")
while [[ $dir != '.' && $dir != '/' ]]; do while [[ $dir != '.' && $dir != '/' ]]; do
echo $dir echo "$dir"
dir=$(dirname $dir) dir=$(dirname "$dir")
done done
done <"$listfile" | sort -u done <"$listfile" | sort -u
} }

2
bin/_stack_lib.sh
View File

@@ -79,7 +79,7 @@ function make_tempdir() {
case $(uname -s) in case $(uname -s) in
Darwin ) Darwin )
: ${TMPDIR:=/tmp} ; : "${TMPDIR:=/tmp}" ;
name=$(mktemp -d -t _stacklib_ ) name=$(mktemp -d -t _stacklib_ )
;; ;;
Linux ) Linux )

23
bin/blackbox_addadmin
View File

@@ -16,17 +16,7 @@ source ${blackbox_home}/_stack_lib.sh
fail_if_not_in_repo fail_if_not_in_repo
KEYNAME="$1" KEYNAME="$1"
: ${KEYNAME:?ERROR: First argument must be a keyname (email address)} ; : "${KEYNAME:?ERROR: First argument must be a keyname (email address)}" ;
# The second argument, if present, is the directory to find the GPG keys to be imported.
if [[ "$2" == "" ]]; then
GPGEXPORTOPTIONS=""
else
GPGEXPORTOPTIONS=--homedir="${2}"
fi
# TODO(tlim): This could probably be done with GNUPGHOME
# but that affects all commands; we just want it to affect the key export.
# Add the email address to the BB_ADMINS file. Remove any duplicates. # Add the email address to the BB_ADMINS file. Remove any duplicates.
# The file must exist for sort to act as we expect. # The file must exist for sort to act as we expect.
@@ -38,7 +28,16 @@ sort -fdu -o "$BB_ADMINS" <(echo "$1") "$BB_ADMINS"
# Extract it: # Extract it:
make_self_deleting_tempfile pubkeyfile make_self_deleting_tempfile pubkeyfile
gpg $GPGEXPORTOPTIONS --export -a "$KEYNAME" >"$pubkeyfile"
# The second argument, if present, is the directory to find the GPG keys to be imported.
if [[ -z $2 ]]; then
gpg --export -a "$KEYNAME" >"$pubkeyfile"
else
# TODO(tlim): This could probably be done with GNUPGHOME
# but that affects all commands; we just want it to affect the key export.
gpg --homedir="$2" --export -a "$KEYNAME" >"$pubkeyfile"
fi
if [[ $(wc -l < "$pubkeyfile") = 0 ]]; then if [[ $(wc -l < "$pubkeyfile") = 0 ]]; then
fail_out "GPG key '$KEYNAME' not found. Please create it with: gpg --gen-key" fail_out "GPG key '$KEYNAME' not found. Please create it with: gpg --gen-key"
exit 1 exit 1

2
bin/blackbox_cat
View File

@@ -5,7 +5,7 @@
# #
set -e set -e
blackbox_home=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd ) blackbox_home=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
source ${blackbox_home}/_blackbox_common.sh source "${blackbox_home}/_blackbox_common.sh"
for param in """$@""" ; do for param in """$@""" ; do
shreddable=0 shreddable=0

4
bin/blackbox_edit
View File

@@ -5,7 +5,7 @@
# #
set -e set -e
blackbox_home=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd ) blackbox_home=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
source ${blackbox_home}/_blackbox_common.sh source "${blackbox_home}/_blackbox_common.sh"
for param in """$@""" ; do for param in """$@""" ; do
unencrypted_file=$(get_unencrypted_filename "$param") unencrypted_file=$(get_unencrypted_filename "$param")
@@ -22,6 +22,6 @@ for param in """$@""" ; do
esac esac
fi fi
blackbox_edit_start "$param" blackbox_edit_start "$param"
$EDITOR $(get_unencrypted_filename $param) "$EDITOR" "$(get_unencrypted_filename "$param")"
blackbox_edit_end "$param" blackbox_edit_end "$param"
done done

2
bin/blackbox_edit_end
View File

@@ -6,7 +6,7 @@
set -e set -e
blackbox_home=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd ) blackbox_home=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
source ${blackbox_home}/_blackbox_common.sh source "${blackbox_home}/_blackbox_common.sh"
unencrypted_file=$(get_unencrypted_filename "$1") unencrypted_file=$(get_unencrypted_filename "$1")
encrypted_file=$(get_encrypted_filename "$1") encrypted_file=$(get_encrypted_filename "$1")

2
bin/blackbox_edit_start
View File

@@ -6,7 +6,7 @@
set -e set -e
blackbox_home=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd ) blackbox_home=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
source ${blackbox_home}/_blackbox_common.sh source "${blackbox_home}/_blackbox_common.sh"
for param in """$@""" ; do for param in """$@""" ; do
unencrypted_file=$(get_unencrypted_filename "$param") unencrypted_file=$(get_unencrypted_filename "$param")

2
bin/blackbox_initialize
View File

@@ -10,7 +10,7 @@
set -e set -e
blackbox_home=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd ) blackbox_home=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
source ${blackbox_home}/_blackbox_common.sh source "${blackbox_home}/_blackbox_common.sh"
_determine_vcs_base_and_type # Sets VCS_TYPE _determine_vcs_base_and_type # Sets VCS_TYPE

2
bin/blackbox_list_files
View File

@@ -5,5 +5,5 @@
# #
set -e set -e
blackbox_home=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd ) blackbox_home=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
source ${blackbox_home}/_blackbox_common.sh source "${blackbox_home}/_blackbox_common.sh"
cat "$BB_FILES" cat "$BB_FILES"

4
bin/blackbox_postdeploy
View File

@@ -15,7 +15,7 @@ export PATH=/usr/bin:/bin:"$PATH"
set -e set -e
blackbox_home=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd ) blackbox_home=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
source ${blackbox_home}/_blackbox_common.sh source "${blackbox_home}/_blackbox_common.sh"
if [[ "$1" == "" ]]; then if [[ "$1" == "" ]]; then
FILE_GROUP="" FILE_GROUP=""
@@ -33,7 +33,7 @@ while IFS= read <&99 -r unencrypted_file; do
decrypt_file_overwrite "$encrypted_file" "$unencrypted_file" decrypt_file_overwrite "$encrypted_file" "$unencrypted_file"
chmod g+r "$unencrypted_file" chmod g+r "$unencrypted_file"
if [[ ! -z "$FILE_GROUP" ]]; then if [[ ! -z "$FILE_GROUP" ]]; then
chgrp $FILE_GROUP "$unencrypted_file" chgrp "$FILE_GROUP" "$unencrypted_file"
fi fi
done 99<"$BB_FILES" done 99<"$BB_FILES"
echo '========== Decrypting new/changed files: DONE' echo '========== Decrypting new/changed files: DONE'

8
bin/blackbox_register_new_file
View File

@@ -12,13 +12,13 @@
set -e set -e
blackbox_home=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd ) blackbox_home=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
source ${blackbox_home}/_blackbox_common.sh source "${blackbox_home}/_blackbox_common.sh"
_determine_vcs_base_and_type _determine_vcs_base_and_type
unencrypted_file=$(get_unencrypted_filename "$1") unencrypted_file=$(get_unencrypted_filename "$1")
encrypted_file=$(get_encrypted_filename "$1") encrypted_file=$(get_encrypted_filename "$1")
if [[ $1 == $encrypted_file ]]; then if [[ "$1" == "$encrypted_file" ]]; then
echo ERROR: Please only register unencrypted files. echo ERROR: Please only register unencrypted files.
exit 1 exit 1
fi fi
@@ -34,13 +34,13 @@ encrypt_file "$unencrypted_file" "$encrypted_file"
add_filename_to_cryptlist "$unencrypted_file" add_filename_to_cryptlist "$unencrypted_file"
# Is the unencrypted file already in HG? (ie. are we correcting a bad situation) # Is the unencrypted file already in HG? (ie. are we correcting a bad situation)
SECRETSEXPOSED=$(is_in_vcs ${unencrypted_file}) SECRETSEXPOSED=$(is_in_vcs "${unencrypted_file}")
echo "========== CREATED: ${encrypted_file}" echo "========== CREATED: ${encrypted_file}"
echo "========== UPDATING REPO:" echo "========== UPDATING REPO:"
shred_file "$unencrypted_file" shred_file "$unencrypted_file"
VCSCMD=$(which_vcs) VCSCMD=$(which_vcs)
if $SECRETSEXPOSED ; then if "$SECRETSEXPOSED" ; then
vcs_remove "$unencrypted_file" vcs_remove "$unencrypted_file"
vcs_add "$encrypted_file" vcs_add "$encrypted_file"
COMMIT_FILES="$BB_FILES $encrypted_file $unencrypted_file" COMMIT_FILES="$BB_FILES $encrypted_file $unencrypted_file"

6
bin/blackbox_removeadmin
View File

@@ -11,13 +11,13 @@
set -e set -e
blackbox_home=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd ) blackbox_home=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
source ${blackbox_home}/_blackbox_common.sh source "${blackbox_home}/_blackbox_common.sh"
source ${blackbox_home}/_stack_lib.sh source "${blackbox_home}/_stack_lib.sh"
fail_if_not_in_repo fail_if_not_in_repo
KEYNAME="$1" KEYNAME="$1"
: ${KEYNAME:?ERROR: First argument must be a keyname (email address)} ; : "${KEYNAME:?ERROR: First argument must be a keyname (email address)}" ;
# Remove the email address from the BB_ADMINS file. # Remove the email address from the BB_ADMINS file.
make_self_deleting_tempfile bbtemp make_self_deleting_tempfile bbtemp

2
bin/blackbox_shred_all_files
View File

@@ -17,7 +17,7 @@
set -e set -e
blackbox_home=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd ) blackbox_home=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
source ${blackbox_home}/_blackbox_common.sh source "${blackbox_home}/_blackbox_common.sh"
change_to_root change_to_root

4
bin/blackbox_update_all_files
View File

@@ -6,7 +6,7 @@
set -e set -e
blackbox_home=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd ) blackbox_home=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
source ${blackbox_home}/_blackbox_common.sh source "${blackbox_home}/_blackbox_common.sh"
if [[ -z $GPG_AGENT_INFO ]]; then if [[ -z $GPG_AGENT_INFO ]]; then
echo 'WARNING: You probably want to run gpg-agent as' echo 'WARNING: You probably want to run gpg-agent as'
@@ -31,7 +31,7 @@ for i in $(<"$BB_FILES") ; do
echo " $unencrypted_file" echo " $unencrypted_file"
fi fi
done done
if $need_warning ; then if "$need_warning" ; then
echo echo
echo 'WARNING: This will overwrite any unencrypted files laying about.' echo 'WARNING: This will overwrite any unencrypted files laying about.'
read -r -p 'Press CTRL-C now to stop. ENTER to continue: ' read -r -p 'Press CTRL-C now to stop. ENTER to continue: '